diff --git a/python/ql/src/Security/CWE-022/PathInjection.ql b/python/ql/src/Security/CWE-022/PathInjection.ql
index 0d54ffc7ff1..1b1eb33a507 100644
--- a/python/ql/src/Security/CWE-022/PathInjection.ql
+++ b/python/ql/src/Security/CWE-022/PathInjection.ql
@@ -26,8 +26,6 @@ import semmle.python.web.HttpRequest
 import semmle.python.security.injection.Path
 
 
-
-from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
-where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
-
-select sink, srcnode, sinknode, "This path depends on $@.", src, "a user-provided value"
+from TaintedPathSource src, TaintedPathSink sink
+where src.flowsTo(sink)
+select sink.getSink(), src, sink, "This path depends on $@.", src.getSource(), "a user-provided value"
\ No newline at end of file
diff --git a/python/ql/src/Security/CWE-078/CommandInjection.ql b/python/ql/src/Security/CWE-078/CommandInjection.ql
index 260f1a8c244..639aab3725f 100755
--- a/python/ql/src/Security/CWE-078/CommandInjection.ql
+++ b/python/ql/src/Security/CWE-078/CommandInjection.ql
@@ -23,7 +23,6 @@ import semmle.python.web.HttpRequest
 /* Sinks */
 import semmle.python.security.injection.Command
 
-from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
-where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
-
-select sink, srcnode, sinknode, "This command depends on $@.", src, "a user-provided value"
+from TaintedPathSource src, TaintedPathSink sink
+where src.flowsTo(sink)
+select sink.getSink(), src, sink, "This command depends on $@.", src.getSource(), "a user-provided value"
diff --git a/python/ql/src/Security/CWE-079/ReflectedXss.ql b/python/ql/src/Security/CWE-079/ReflectedXss.ql
index 28a59b71d41..3a77e0559f6 100644
--- a/python/ql/src/Security/CWE-079/ReflectedXss.ql
+++ b/python/ql/src/Security/CWE-079/ReflectedXss.ql
@@ -25,9 +25,6 @@ import semmle.python.web.HttpResponse
 /* Flow */
 import semmle.python.security.strings.Untrusted
 
-from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
-where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
-
-select sink, srcnode, sinknode, "Cross-site scripting vulnerability due to $@.",
-       src, "user-provided value"
-
+from TaintedPathSource src, TaintedPathSink sink
+where src.flowsTo(sink)
+select sink.getSink(), src, sink, "Cross-site scripting vulnerability due to $@.", src.getSource(), "user-provided value"
diff --git a/python/ql/src/Security/CWE-089/SqlInjection.ql b/python/ql/src/Security/CWE-089/SqlInjection.ql
index 9189417ad47..35274729418 100755
--- a/python/ql/src/Security/CWE-089/SqlInjection.ql
+++ b/python/ql/src/Security/CWE-089/SqlInjection.ql
@@ -23,7 +23,6 @@ import semmle.python.web.django.Db
 import semmle.python.web.django.Model
 
 
-from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
-where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
-
-select sink, srcnode, sinknode, "This SQL query depends on $@.", src, "a user-provided value"
+from TaintedPathSource src, TaintedPathSink sink
+where src.flowsTo(sink)
+select sink.getSink(), src, sink, "This SQL query depends on $@.", src.getSource(), "a user-provided value"
diff --git a/python/ql/src/Security/CWE-094/CodeInjection.ql b/python/ql/src/Security/CWE-094/CodeInjection.ql
index e0d5acaba3e..2d511a5dae4 100644
--- a/python/ql/src/Security/CWE-094/CodeInjection.ql
+++ b/python/ql/src/Security/CWE-094/CodeInjection.ql
@@ -24,7 +24,6 @@ import semmle.python.web.HttpRequest
 import semmle.python.security.injection.Exec
 
 
-from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
-where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
-
-select sink, srcnode, sinknode, "$@ flows to here and is interpreted as code.", src, "User-provided value"
+from TaintedPathSource src, TaintedPathSink sink
+where src.flowsTo(sink)
+select sink.getSink(), src, sink, "$@ flows to here and is interpreted as code.", src.getSource(), "User-provided value"
diff --git a/python/ql/src/Security/CWE-209/StackTraceExposure.ql b/python/ql/src/Security/CWE-209/StackTraceExposure.ql
index c22a744b7b6..4a1452655ed 100644
--- a/python/ql/src/Security/CWE-209/StackTraceExposure.ql
+++ b/python/ql/src/Security/CWE-209/StackTraceExposure.ql
@@ -18,6 +18,6 @@ import semmle.python.security.Paths
 import semmle.python.security.Exceptions
 import semmle.python.web.HttpResponse
 
-from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
-where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
-select sink, srcnode, sinknode, "$@ may be exposed to an external user", src, "Error information"
+from TaintedPathSource src, TaintedPathSink sink
+where src.flowsTo(sink)
+select sink.getSink(), src, sink, "$@ may be exposed to an external user", src.getSource(), "Error information"
diff --git a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql
index 32ce6fa8361..fa48c63db9d 100644
--- a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql
+++ b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql
@@ -25,7 +25,6 @@ import semmle.python.security.injection.Marshal
 import semmle.python.security.injection.Yaml
 
 
-from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
-where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
-
-select sink, srcnode, sinknode, "Deserializing of $@.", src, "untrusted input"
+from TaintedPathSource src, TaintedPathSink sink
+where src.flowsTo(sink)
+select sink.getSink(), src, sink, "Deserializing of $@.", src.getSource(), "untrusted input"
diff --git a/python/ql/src/Security/CWE-601/UrlRedirect.ql b/python/ql/src/Security/CWE-601/UrlRedirect.ql
index 9ff1723aab1..4734c540bc3 100644
--- a/python/ql/src/Security/CWE-601/UrlRedirect.ql
+++ b/python/ql/src/Security/CWE-601/UrlRedirect.ql
@@ -28,8 +28,7 @@ class UntrustedPrefixStringKind extends UntrustedStringKind {
 
 }
 
-from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
-where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
-
-select sink, srcnode, sinknode, "Untrusted URL redirection due to $@.", src, "a user-provided value"
+from TaintedPathSource src, TaintedPathSink sink
+where src.flowsTo(sink)
+select sink.getSink(), src, sink, "Untrusted URL redirection due to $@.", src.getSource(), "a user-provided value"
 
diff --git a/python/ql/src/semmle/python/security/Exceptions.qll b/python/ql/src/semmle/python/security/Exceptions.qll
index a321c9df839..d0ecee350d5 100644
--- a/python/ql/src/semmle/python/security/Exceptions.qll
+++ b/python/ql/src/semmle/python/security/Exceptions.qll
@@ -24,6 +24,11 @@ class ExceptionInfo extends StringKind {
     ExceptionInfo() {
         this = "exception.info"
     }
+
+    override string repr() {
+        result = "exception info"
+    }
+
 }
 
 
@@ -36,6 +41,10 @@ class ExceptionKind extends TaintKind {
         this = "exception.kind"
     }
 
+    override string repr() {
+        result = "exception"
+    }
+
     override TaintKind getTaintOfAttribute(string name) {
         name = "args" and result instanceof ExceptionInfoSequence
         or
diff --git a/python/ql/src/semmle/python/security/TaintTracking.qll b/python/ql/src/semmle/python/security/TaintTracking.qll
index d8dd0ea143f..928806d7f82 100755
--- a/python/ql/src/semmle/python/security/TaintTracking.qll
+++ b/python/ql/src/semmle/python/security/TaintTracking.qll
@@ -148,6 +148,8 @@ abstract class TaintKind extends string {
         none()
     }
 
+    string repr() { result = this }
+
 }
 
 /** Taint kinds representing collections of other taint kind.
@@ -208,6 +210,10 @@ class SequenceKind extends CollectionKind {
         name = "pop" and result = this.getItem()
     }
 
+    override string repr() {
+        result = "sequence of " + itemKind
+    }
+
 }
 
 /* Helper for getTaintForStep() */
@@ -281,6 +287,10 @@ class DictKind extends CollectionKind {
         name = "itervalues" and result.(SequenceKind).getItem() = valueKind
     }
 
+    override string repr() {
+        result = "dict of " + valueKind
+    }
+
 }
 
 
@@ -603,7 +613,9 @@ private predicate user_tainted_def(TaintedDefinition def, TaintFlowImplementatio
  */
 class TaintedNode extends TTaintedNode {
 
-    string toString() { result = this.getTrackedValue().toString() + " at " + this.getLocation() }
+    string toString() { result = this.getTrackedValue().repr() }
+
+    string debug() { result = this.getTrackedValue().toString() + " at " + this.getNode().getLocation() }
 
     TaintedNode getASuccessor() {
         exists(TaintFlowImplementation::TrackedValue tokind, CallContext tocontext, ControlFlowNode tonode |
@@ -675,25 +687,33 @@ class TaintedNode extends TTaintedNode {
 
 }
 
-class TaintedNodeSource extends TaintedNode {
+class TaintedPathSource extends TaintedNode {
 
-    TaintedNodeSource() {
+    TaintedPathSource() {
         this.getNode().(TaintSource).isSourceOf(this.getTaintKind(), this.getContext())
     }
 
     /** Holds if taint can flow from this source to sink `sink` */
-    final predicate flowsTo(TaintedNodeSink sink) {
+    final predicate flowsTo(TaintedPathSink sink) {
         this.getASuccessor*() = sink
     }
 
+    TaintSource getSource() {
+        result = this.getNode()
+    }
+
 }
 
-class TaintedNodeSink extends TaintedNode {
+class TaintedPathSink extends TaintedNode {
 
-    TaintedNodeSink() {
+    TaintedPathSink() {
         this.getNode().(TaintSink).sinks(this.getTaintKind())
     }
 
+    TaintSink getSink() {
+        result = this.getNode()
+    }
+
 }
 
 /** This module contains the implementation of taint-flow.
@@ -739,12 +759,18 @@ library module TaintFlowImplementation {
 
         abstract string toString();
 
+        abstract string repr();
+
         abstract TrackedValue toKind(TaintKind kind);
 
     }
 
     class TrackedTaint extends TrackedValue, TTrackedTaint {
 
+        override string repr() {
+            result = this.getKind().repr()
+        }
+
         override string toString() {
             result = "Taint " + this.getKind()
         }
@@ -761,6 +787,13 @@ library module TaintFlowImplementation {
 
     class TrackedAttribute extends TrackedValue, TTrackedAttribute {
 
+        override string repr() {
+            exists(string name, TaintKind kind |
+                this = TTrackedAttribute(name, kind) and
+                result = "." + name + "=" + kind.repr()
+            )
+        }
+
         override string toString() {
             exists(string name, TaintKind kind |
                 this = TTrackedAttribute(name, kind) and
diff --git a/python/ql/src/semmle/python/security/injection/Command.qll b/python/ql/src/semmle/python/security/injection/Command.qll
index 11ff52a053a..7bfdb987bfb 100644
--- a/python/ql/src/semmle/python/security/injection/Command.qll
+++ b/python/ql/src/semmle/python/security/injection/Command.qll
@@ -36,6 +36,9 @@ class FirstElementKind extends TaintKind {
         this = "sequence[" + any(ExternalStringKind key) + "][0]"
     }
 
+    override string repr() {
+        result = "first item in sequence of " + this.getItem().repr()
+    }
 
     /** Gets the taint kind for item in this sequence. */
     ExternalStringKind getItem() {
diff --git a/python/ql/src/semmle/python/security/injection/Path.qll b/python/ql/src/semmle/python/security/injection/Path.qll
index bd318c7f1e6..cee8c12fc16 100644
--- a/python/ql/src/semmle/python/security/injection/Path.qll
+++ b/python/ql/src/semmle/python/security/injection/Path.qll
@@ -36,6 +36,10 @@ class NormalizedPath extends TaintKind {
         this = "normalized.path.injection"
     }
 
+    override string repr() {
+        result = "normalized path"
+    }
+
 }
 
 private predicate abspath_call(CallNode call, ControlFlowNode arg) {
diff --git a/python/ql/test/query-tests/Security/CWE-022/PathInjection.expected b/python/ql/test/query-tests/Security/CWE-022/PathInjection.expected
index 73eb7a46fe0..861c4d09ad1 100644
--- a/python/ql/test/query-tests/Security/CWE-022/PathInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-022/PathInjection.expected
@@ -1,34 +1,34 @@
 edges
-| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | ../lib/os/path.py:5:12:5:12 | Taint externally controlled string at ../lib/os/path.py:5 |
-| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | ../lib/os/path.py:5:12:5:12 | Taint externally controlled string at ../lib/os/path.py:5 |
-| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | ../lib/os/path.py:5:12:5:12 | Taint externally controlled string at ../lib/os/path.py:5 |
-| path_injection.py:9:12:9:23 | Taint {externally controlled string} at path_injection.py:9 | path_injection.py:9:12:9:39 | Taint externally controlled string at path_injection.py:9 |
-| path_injection.py:9:12:9:39 | Taint externally controlled string at path_injection.py:9 | path_injection.py:10:40:10:43 | Taint externally controlled string at path_injection.py:10 |
-| path_injection.py:10:40:10:43 | Taint externally controlled string at path_injection.py:10 | path_injection.py:10:14:10:44 | Taint externally controlled string at path_injection.py:10 |
-| path_injection.py:15:12:15:23 | Taint {externally controlled string} at path_injection.py:15 | path_injection.py:15:12:15:39 | Taint externally controlled string at path_injection.py:15 |
-| path_injection.py:15:12:15:39 | Taint externally controlled string at path_injection.py:15 | path_injection.py:16:56:16:59 | Taint externally controlled string at path_injection.py:16 |
-| path_injection.py:16:13:16:61 | Taint normalized.path.injection at path_injection.py:16 | path_injection.py:17:14:17:18 | Taint normalized.path.injection at path_injection.py:17 |
-| path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 | ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 |
-| path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 | path_injection.py:16:13:16:61 | Taint normalized.path.injection at path_injection.py:16 |
-| path_injection.py:16:56:16:59 | Taint externally controlled string at path_injection.py:16 | path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 |
-| path_injection.py:24:12:24:23 | Taint {externally controlled string} at path_injection.py:24 | path_injection.py:24:12:24:39 | Taint externally controlled string at path_injection.py:24 |
-| path_injection.py:24:12:24:39 | Taint externally controlled string at path_injection.py:24 | path_injection.py:25:56:25:59 | Taint externally controlled string at path_injection.py:25 |
-| path_injection.py:25:13:25:61 | Taint normalized.path.injection at path_injection.py:25 | path_injection.py:26:8:26:12 | Taint normalized.path.injection at path_injection.py:26 |
-| path_injection.py:25:13:25:61 | Taint normalized.path.injection at path_injection.py:25 | path_injection.py:28:14:28:18 | Taint normalized.path.injection at path_injection.py:28 |
-| path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 | ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 |
-| path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 | path_injection.py:25:13:25:61 | Taint normalized.path.injection at path_injection.py:25 |
-| path_injection.py:25:56:25:59 | Taint externally controlled string at path_injection.py:25 | path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 |
-| path_injection.py:33:12:33:23 | Taint {externally controlled string} at path_injection.py:33 | path_injection.py:33:12:33:39 | Taint externally controlled string at path_injection.py:33 |
-| path_injection.py:33:12:33:39 | Taint externally controlled string at path_injection.py:33 | path_injection.py:34:56:34:59 | Taint externally controlled string at path_injection.py:34 |
-| path_injection.py:34:13:34:61 | Taint normalized.path.injection at path_injection.py:34 | path_injection.py:35:8:35:12 | Taint normalized.path.injection at path_injection.py:35 |
-| path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 | ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 |
-| path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 | path_injection.py:34:13:34:61 | Taint normalized.path.injection at path_injection.py:34 |
-| path_injection.py:34:56:34:59 | Taint externally controlled string at path_injection.py:34 | path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 |
+| ../lib/os/path.py:4:14:4:14 | externally controlled string | ../lib/os/path.py:5:12:5:12 | externally controlled string |
+| ../lib/os/path.py:4:14:4:14 | externally controlled string | ../lib/os/path.py:5:12:5:12 | externally controlled string |
+| ../lib/os/path.py:4:14:4:14 | externally controlled string | ../lib/os/path.py:5:12:5:12 | externally controlled string |
+| path_injection.py:9:12:9:23 | dict of externally controlled string | path_injection.py:9:12:9:39 | externally controlled string |
+| path_injection.py:9:12:9:39 | externally controlled string | path_injection.py:10:40:10:43 | externally controlled string |
+| path_injection.py:10:40:10:43 | externally controlled string | path_injection.py:10:14:10:44 | externally controlled string |
+| path_injection.py:15:12:15:23 | dict of externally controlled string | path_injection.py:15:12:15:39 | externally controlled string |
+| path_injection.py:15:12:15:39 | externally controlled string | path_injection.py:16:56:16:59 | externally controlled string |
+| path_injection.py:16:13:16:61 | normalized path | path_injection.py:17:14:17:18 | normalized path |
+| path_injection.py:16:30:16:60 | externally controlled string | ../lib/os/path.py:4:14:4:14 | externally controlled string |
+| path_injection.py:16:30:16:60 | externally controlled string | path_injection.py:16:13:16:61 | normalized path |
+| path_injection.py:16:56:16:59 | externally controlled string | path_injection.py:16:30:16:60 | externally controlled string |
+| path_injection.py:24:12:24:23 | dict of externally controlled string | path_injection.py:24:12:24:39 | externally controlled string |
+| path_injection.py:24:12:24:39 | externally controlled string | path_injection.py:25:56:25:59 | externally controlled string |
+| path_injection.py:25:13:25:61 | normalized path | path_injection.py:26:8:26:12 | normalized path |
+| path_injection.py:25:13:25:61 | normalized path | path_injection.py:28:14:28:18 | normalized path |
+| path_injection.py:25:30:25:60 | externally controlled string | ../lib/os/path.py:4:14:4:14 | externally controlled string |
+| path_injection.py:25:30:25:60 | externally controlled string | path_injection.py:25:13:25:61 | normalized path |
+| path_injection.py:25:56:25:59 | externally controlled string | path_injection.py:25:30:25:60 | externally controlled string |
+| path_injection.py:33:12:33:23 | dict of externally controlled string | path_injection.py:33:12:33:39 | externally controlled string |
+| path_injection.py:33:12:33:39 | externally controlled string | path_injection.py:34:56:34:59 | externally controlled string |
+| path_injection.py:34:13:34:61 | normalized path | path_injection.py:35:8:35:12 | normalized path |
+| path_injection.py:34:30:34:60 | externally controlled string | ../lib/os/path.py:4:14:4:14 | externally controlled string |
+| path_injection.py:34:30:34:60 | externally controlled string | path_injection.py:34:13:34:61 | normalized path |
+| path_injection.py:34:56:34:59 | externally controlled string | path_injection.py:34:30:34:60 | externally controlled string |
 parents
-| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 |
-| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 |
-| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 |
+| ../lib/os/path.py:4:14:4:14 | externally controlled string | path_injection.py:16:30:16:60 | externally controlled string |
+| ../lib/os/path.py:4:14:4:14 | externally controlled string | path_injection.py:25:30:25:60 | externally controlled string |
+| ../lib/os/path.py:4:14:4:14 | externally controlled string | path_injection.py:34:30:34:60 | externally controlled string |
 #select
-| path_injection.py:10:14:10:44 | argument to open() | path_injection.py:9:12:9:23 | Taint {externally controlled string} at path_injection.py:9 | path_injection.py:10:14:10:44 | Taint externally controlled string at path_injection.py:10 | This path depends on $@. | path_injection.py:9:12:9:23 | flask.request.args | a user-provided value |
-| path_injection.py:17:14:17:18 | argument to open() | path_injection.py:15:12:15:23 | Taint {externally controlled string} at path_injection.py:15 | path_injection.py:17:14:17:18 | Taint normalized.path.injection at path_injection.py:17 | This path depends on $@. | path_injection.py:15:12:15:23 | flask.request.args | a user-provided value |
-| path_injection.py:28:14:28:18 | argument to open() | path_injection.py:24:12:24:23 | Taint {externally controlled string} at path_injection.py:24 | path_injection.py:28:14:28:18 | Taint normalized.path.injection at path_injection.py:28 | This path depends on $@. | path_injection.py:24:12:24:23 | flask.request.args | a user-provided value |
+| path_injection.py:10:14:10:44 | argument to open() | path_injection.py:9:12:9:23 | dict of externally controlled string | path_injection.py:10:14:10:44 | externally controlled string | This path depends on $@. | path_injection.py:9:12:9:23 | flask.request.args | a user-provided value |
+| path_injection.py:17:14:17:18 | argument to open() | path_injection.py:15:12:15:23 | dict of externally controlled string | path_injection.py:17:14:17:18 | normalized path | This path depends on $@. | path_injection.py:15:12:15:23 | flask.request.args | a user-provided value |
+| path_injection.py:28:14:28:18 | argument to open() | path_injection.py:24:12:24:23 | dict of externally controlled string | path_injection.py:28:14:28:18 | normalized path | This path depends on $@. | path_injection.py:24:12:24:23 | flask.request.args | a user-provided value |
diff --git a/python/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/python/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
index 09953ec851e..8bdfeac0002 100644
--- a/python/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
@@ -1,19 +1,18 @@
 edges
-| command_injection.py:10:13:10:24 | Taint {externally controlled string} at command_injection.py:10 | command_injection.py:10:13:10:41 | Taint externally controlled string at command_injection.py:10 |
-| command_injection.py:10:13:10:41 | Taint externally controlled string at command_injection.py:10 | command_injection.py:12:23:12:27 | Taint externally controlled string at command_injection.py:12 |
-| command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 | ../lib/os/__init__.py:1:12:1:14 | Taint externally controlled string at ../lib/os/__init__.py:1 |
-| command_injection.py:12:23:12:27 | Taint externally controlled string at command_injection.py:12 | command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 |
-| command_injection.py:17:13:17:24 | Taint {externally controlled string} at command_injection.py:17 | command_injection.py:17:13:17:41 | Taint externally controlled string at command_injection.py:17 |
-| command_injection.py:17:13:17:41 | Taint externally controlled string at command_injection.py:17 | command_injection.py:19:29:19:33 | Taint externally controlled string at command_injection.py:19 |
-| command_injection.py:19:29:19:33 | Taint externally controlled string at command_injection.py:19 | command_injection.py:19:22:19:34 | Taint [externally controlled string] at command_injection.py:19 |
-| command_injection.py:24:11:24:22 | Taint {externally controlled string} at command_injection.py:24 | command_injection.py:24:11:24:37 | Taint externally controlled string at command_injection.py:24 |
-| command_injection.py:24:11:24:37 | Taint externally controlled string at command_injection.py:24 | command_injection.py:25:23:25:25 | Taint externally controlled string at command_injection.py:25 |
-| command_injection.py:25:23:25:25 | Taint externally controlled string at command_injection.py:25 | command_injection.py:25:22:25:36 | Taint [externally controlled string] at command_injection.py:25 |
-| command_injection.py:25:23:25:25 | Taint externally controlled string at command_injection.py:25 | command_injection.py:25:22:25:36 | Taint sequence[externally controlled string][0] at command_injection.py:25 |
+| command_injection.py:10:13:10:24 | dict of externally controlled string | command_injection.py:10:13:10:41 | externally controlled string |
+| command_injection.py:10:13:10:41 | externally controlled string | command_injection.py:12:23:12:27 | externally controlled string |
+| command_injection.py:12:15:12:27 | externally controlled string | ../lib/os/__init__.py:1:12:1:14 | externally controlled string |
+| command_injection.py:12:23:12:27 | externally controlled string | command_injection.py:12:15:12:27 | externally controlled string |
+| command_injection.py:17:13:17:24 | dict of externally controlled string | command_injection.py:17:13:17:41 | externally controlled string |
+| command_injection.py:17:13:17:41 | externally controlled string | command_injection.py:19:29:19:33 | externally controlled string |
+| command_injection.py:19:29:19:33 | externally controlled string | command_injection.py:19:22:19:34 | sequence of externally controlled string |
+| command_injection.py:24:11:24:22 | dict of externally controlled string | command_injection.py:24:11:24:37 | externally controlled string |
+| command_injection.py:24:11:24:37 | externally controlled string | command_injection.py:25:23:25:25 | externally controlled string |
+| command_injection.py:25:23:25:25 | externally controlled string | command_injection.py:25:22:25:36 | first item in sequence of externally controlled string |
+| command_injection.py:25:23:25:25 | externally controlled string | command_injection.py:25:22:25:36 | sequence of externally controlled string |
 parents
-| ../lib/os/__init__.py:1:12:1:14 | Taint externally controlled string at ../lib/os/__init__.py:1 | command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 |
+| ../lib/os/__init__.py:1:12:1:14 | externally controlled string | command_injection.py:12:15:12:27 | externally controlled string |
 #select
-| command_injection.py:12:15:12:27 | shell command | command_injection.py:10:13:10:24 | Taint {externally controlled string} at command_injection.py:10 | command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 | This command depends on $@. | command_injection.py:10:13:10:24 | flask.request.args | a user-provided value |
-| command_injection.py:19:22:19:34 | shell command | command_injection.py:17:13:17:24 | Taint {externally controlled string} at command_injection.py:17 | command_injection.py:19:22:19:34 | Taint [externally controlled string] at command_injection.py:19 | This command depends on $@. | command_injection.py:17:13:17:24 | flask.request.args | a user-provided value |
-| command_injection.py:25:22:25:36 | OS command first argument | command_injection.py:24:11:24:22 | Taint {externally controlled string} at command_injection.py:24 | command_injection.py:25:22:25:36 | Taint [externally controlled string] at command_injection.py:25 | This command depends on $@. | command_injection.py:24:11:24:22 | flask.request.args | a user-provided value |
-| command_injection.py:25:22:25:36 | OS command first argument | command_injection.py:24:11:24:22 | Taint {externally controlled string} at command_injection.py:24 | command_injection.py:25:22:25:36 | Taint sequence[externally controlled string][0] at command_injection.py:25 | This command depends on $@. | command_injection.py:24:11:24:22 | flask.request.args | a user-provided value |
+| command_injection.py:12:15:12:27 | shell command | command_injection.py:10:13:10:24 | dict of externally controlled string | command_injection.py:12:15:12:27 | externally controlled string | This command depends on $@. | command_injection.py:10:13:10:24 | flask.request.args | a user-provided value |
+| command_injection.py:19:22:19:34 | shell command | command_injection.py:17:13:17:24 | dict of externally controlled string | command_injection.py:19:22:19:34 | sequence of externally controlled string | This command depends on $@. | command_injection.py:17:13:17:24 | flask.request.args | a user-provided value |
+| command_injection.py:25:22:25:36 | OS command first argument | command_injection.py:24:11:24:22 | dict of externally controlled string | command_injection.py:25:22:25:36 | first item in sequence of externally controlled string | This command depends on $@. | command_injection.py:24:11:24:22 | flask.request.args | a user-provided value |
diff --git a/python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
index 1f1e49293fe..f53b054990a 100644
--- a/python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
+++ b/python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
@@ -1,13 +1,13 @@
 edges
-| ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 | ../lib/flask/__init__.py:15:19:15:20 | Taint externally controlled string at ../lib/flask/__init__.py:15 |
-| ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 | ../lib/flask/__init__.py:16:25:16:26 | Taint externally controlled string at ../lib/flask/__init__.py:16 |
-| reflected_xss.py:7:18:7:29 | Taint {externally controlled string} at reflected_xss.py:7 | reflected_xss.py:7:18:7:45 | Taint externally controlled string at reflected_xss.py:7 |
-| reflected_xss.py:7:18:7:45 | Taint externally controlled string at reflected_xss.py:7 | reflected_xss.py:8:44:8:53 | Taint externally controlled string at reflected_xss.py:8 |
-| reflected_xss.py:8:26:8:53 | Taint externally controlled string at reflected_xss.py:8 | ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 |
-| reflected_xss.py:8:44:8:53 | Taint externally controlled string at reflected_xss.py:8 | reflected_xss.py:8:26:8:53 | Taint externally controlled string at reflected_xss.py:8 |
-| reflected_xss.py:12:18:12:29 | Taint {externally controlled string} at reflected_xss.py:12 | reflected_xss.py:12:18:12:45 | Taint externally controlled string at reflected_xss.py:12 |
-| reflected_xss.py:12:18:12:45 | Taint externally controlled string at reflected_xss.py:12 | reflected_xss.py:13:51:13:60 | Taint externally controlled string at reflected_xss.py:13 |
+| ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | ../lib/flask/__init__.py:15:19:15:20 | externally controlled string |
+| ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string |
+| reflected_xss.py:7:18:7:29 | dict of externally controlled string | reflected_xss.py:7:18:7:45 | externally controlled string |
+| reflected_xss.py:7:18:7:45 | externally controlled string | reflected_xss.py:8:44:8:53 | externally controlled string |
+| reflected_xss.py:8:26:8:53 | externally controlled string | ../lib/flask/__init__.py:14:19:14:20 | externally controlled string |
+| reflected_xss.py:8:44:8:53 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
+| reflected_xss.py:12:18:12:29 | dict of externally controlled string | reflected_xss.py:12:18:12:45 | externally controlled string |
+| reflected_xss.py:12:18:12:45 | externally controlled string | reflected_xss.py:13:51:13:60 | externally controlled string |
 parents
-| ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 | reflected_xss.py:8:26:8:53 | Taint externally controlled string at reflected_xss.py:8 |
+| ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
 #select
-| ../lib/flask/__init__.py:16:25:16:26 | flask.response.argument | reflected_xss.py:7:18:7:29 | Taint {externally controlled string} at reflected_xss.py:7 | ../lib/flask/__init__.py:16:25:16:26 | Taint externally controlled string at ../lib/flask/__init__.py:16 | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | flask.request.args | user-provided value |
+| ../lib/flask/__init__.py:16:25:16:26 | flask.response.argument | reflected_xss.py:7:18:7:29 | dict of externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | flask.request.args | user-provided value |
diff --git a/python/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/python/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
index 33d87c296d6..1555b7cd779 100644
--- a/python/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
@@ -1,25 +1,25 @@
 edges
-| sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:11:8:11:14 | Taint django.request.HttpRequest at sql_injection.py:11 |
-| sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:12:16:12:22 | Taint django.request.HttpRequest at sql_injection.py:12 |
-| sql_injection.py:12:16:12:22 | Taint django.request.HttpRequest at sql_injection.py:12 | sql_injection.py:12:16:12:27 | Taint django.http.request.QueryDict at sql_injection.py:12 |
-| sql_injection.py:12:16:12:27 | Taint django.http.request.QueryDict at sql_injection.py:12 | sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 |
-| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:16:62:16:65 | Taint externally controlled string at sql_injection.py:16 |
-| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:19:63:19:66 | Taint externally controlled string at sql_injection.py:19 |
-| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:22:88:22:91 | Taint externally controlled string at sql_injection.py:22 |
-| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:23:76:23:79 | Taint externally controlled string at sql_injection.py:23 |
-| sql_injection.py:12:16:12:39 | Taint externally controlled string at sql_injection.py:12 | sql_injection.py:24:78:24:81 | Taint externally controlled string at sql_injection.py:24 |
-| sql_injection.py:13:16:13:34 | Taint django.db.connection.cursor at sql_injection.py:13 | sql_injection.py:15:9:15:12 | Taint django.db.connection.cursor at sql_injection.py:15 |
-| sql_injection.py:13:16:13:34 | Taint django.db.connection.cursor at sql_injection.py:13 | sql_injection.py:18:9:18:12 | Taint django.db.connection.cursor at sql_injection.py:18 |
-| sql_injection.py:19:63:19:66 | Taint externally controlled string at sql_injection.py:19 | sql_injection.py:19:13:19:66 | Taint externally controlled string at sql_injection.py:19 |
-| sql_injection.py:22:9:22:20 | Taint django.db.models.Model.objects at sql_injection.py:22 | sql_injection.py:22:9:22:93 | Taint django.db.models.Model.objects at sql_injection.py:22 |
-| sql_injection.py:22:88:22:91 | Taint externally controlled string at sql_injection.py:22 | sql_injection.py:22:38:22:91 | Taint externally controlled string at sql_injection.py:22 |
-| sql_injection.py:23:9:23:20 | Taint django.db.models.Model.objects at sql_injection.py:23 | sql_injection.py:23:9:23:80 | Taint django.db.models.Model.objects at sql_injection.py:23 |
-| sql_injection.py:23:76:23:79 | Taint externally controlled string at sql_injection.py:23 | sql_injection.py:23:26:23:79 | Taint externally controlled string at sql_injection.py:23 |
-| sql_injection.py:24:9:24:20 | Taint django.db.models.Model.objects at sql_injection.py:24 | sql_injection.py:24:9:24:82 | Taint django.db.models.Model.objects at sql_injection.py:24 |
-| sql_injection.py:24:78:24:81 | Taint externally controlled string at sql_injection.py:24 | sql_injection.py:24:28:24:81 | Taint externally controlled string at sql_injection.py:24 |
+| sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:11:8:11:14 | django.request.HttpRequest |
+| sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:12:16:12:22 | django.request.HttpRequest |
+| sql_injection.py:12:16:12:22 | django.request.HttpRequest | sql_injection.py:12:16:12:27 | django.http.request.QueryDict |
+| sql_injection.py:12:16:12:27 | django.http.request.QueryDict | sql_injection.py:12:16:12:39 | externally controlled string |
+| sql_injection.py:12:16:12:39 | externally controlled string | sql_injection.py:16:62:16:65 | externally controlled string |
+| sql_injection.py:12:16:12:39 | externally controlled string | sql_injection.py:19:63:19:66 | externally controlled string |
+| sql_injection.py:12:16:12:39 | externally controlled string | sql_injection.py:22:88:22:91 | externally controlled string |
+| sql_injection.py:12:16:12:39 | externally controlled string | sql_injection.py:23:76:23:79 | externally controlled string |
+| sql_injection.py:12:16:12:39 | externally controlled string | sql_injection.py:24:78:24:81 | externally controlled string |
+| sql_injection.py:13:16:13:34 | django.db.connection.cursor | sql_injection.py:15:9:15:12 | django.db.connection.cursor |
+| sql_injection.py:13:16:13:34 | django.db.connection.cursor | sql_injection.py:18:9:18:12 | django.db.connection.cursor |
+| sql_injection.py:19:63:19:66 | externally controlled string | sql_injection.py:19:13:19:66 | externally controlled string |
+| sql_injection.py:22:9:22:20 | django.db.models.Model.objects | sql_injection.py:22:9:22:93 | django.db.models.Model.objects |
+| sql_injection.py:22:88:22:91 | externally controlled string | sql_injection.py:22:38:22:91 | externally controlled string |
+| sql_injection.py:23:9:23:20 | django.db.models.Model.objects | sql_injection.py:23:9:23:80 | django.db.models.Model.objects |
+| sql_injection.py:23:76:23:79 | externally controlled string | sql_injection.py:23:26:23:79 | externally controlled string |
+| sql_injection.py:24:9:24:20 | django.db.models.Model.objects | sql_injection.py:24:9:24:82 | django.db.models.Model.objects |
+| sql_injection.py:24:78:24:81 | externally controlled string | sql_injection.py:24:28:24:81 | externally controlled string |
 parents
 #select
-| sql_injection.py:19:13:19:66 | db.connection.execute | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:19:13:19:66 | Taint externally controlled string at sql_injection.py:19 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
-| sql_injection.py:22:38:22:91 | django.db.models.expressions.RawSQL(sink,...) | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:22:38:22:91 | Taint externally controlled string at sql_injection.py:22 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
-| sql_injection.py:23:26:23:79 | django.models.QuerySet.raw(sink,...) | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:23:26:23:79 | Taint externally controlled string at sql_injection.py:23 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
-| sql_injection.py:24:28:24:81 | django.models.QuerySet.extra(sink,...) | sql_injection.py:9:15:9:21 | Taint django.request.HttpRequest at sql_injection.py:9 | sql_injection.py:24:28:24:81 | Taint externally controlled string at sql_injection.py:24 | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
+| sql_injection.py:19:13:19:66 | db.connection.execute | sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:19:13:19:66 | externally controlled string | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
+| sql_injection.py:22:38:22:91 | django.db.models.expressions.RawSQL(sink,...) | sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:22:38:22:91 | externally controlled string | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
+| sql_injection.py:23:26:23:79 | django.models.QuerySet.raw(sink,...) | sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:23:26:23:79 | externally controlled string | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
+| sql_injection.py:24:28:24:81 | django.models.QuerySet.extra(sink,...) | sql_injection.py:9:15:9:21 | django.request.HttpRequest | sql_injection.py:24:28:24:81 | externally controlled string | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
diff --git a/python/ql/test/query-tests/Security/CWE-094/CodeInjection.expected b/python/ql/test/query-tests/Security/CWE-094/CodeInjection.expected
index 48980e5b6a9..8c621808c14 100644
--- a/python/ql/test/query-tests/Security/CWE-094/CodeInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-094/CodeInjection.expected
@@ -1,12 +1,12 @@
 edges
-| code_injection.py:4:20:4:26 | Taint django.request.HttpRequest at code_injection.py:4 | code_injection.py:5:8:5:14 | Taint django.request.HttpRequest at code_injection.py:5 |
-| code_injection.py:4:20:4:26 | Taint django.request.HttpRequest at code_injection.py:4 | code_injection.py:6:22:6:28 | Taint django.request.HttpRequest at code_injection.py:6 |
-| code_injection.py:6:22:6:28 | Taint django.request.HttpRequest at code_injection.py:6 | code_injection.py:6:22:6:33 | Taint django.http.request.QueryDict at code_injection.py:6 |
-| code_injection.py:6:22:6:33 | Taint django.http.request.QueryDict at code_injection.py:6 | code_injection.py:6:22:6:55 | Taint externally controlled string at code_injection.py:6 |
-| code_injection.py:6:22:6:55 | Taint externally controlled string at code_injection.py:6 | code_injection.py:7:34:7:43 | Taint externally controlled string at code_injection.py:7 |
-| code_injection.py:7:34:7:43 | Taint externally controlled string at code_injection.py:7 | ../lib/base64.py:1:18:1:18 | Taint externally controlled string at ../lib/base64.py:1 |
-| code_injection.py:7:34:7:43 | Taint externally controlled string at code_injection.py:7 | code_injection.py:7:14:7:44 | Taint externally controlled string at code_injection.py:7 |
+| code_injection.py:4:20:4:26 | django.request.HttpRequest | code_injection.py:5:8:5:14 | django.request.HttpRequest |
+| code_injection.py:4:20:4:26 | django.request.HttpRequest | code_injection.py:6:22:6:28 | django.request.HttpRequest |
+| code_injection.py:6:22:6:28 | django.request.HttpRequest | code_injection.py:6:22:6:33 | django.http.request.QueryDict |
+| code_injection.py:6:22:6:33 | django.http.request.QueryDict | code_injection.py:6:22:6:55 | externally controlled string |
+| code_injection.py:6:22:6:55 | externally controlled string | code_injection.py:7:34:7:43 | externally controlled string |
+| code_injection.py:7:34:7:43 | externally controlled string | ../lib/base64.py:1:18:1:18 | externally controlled string |
+| code_injection.py:7:34:7:43 | externally controlled string | code_injection.py:7:14:7:44 | externally controlled string |
 parents
-| ../lib/base64.py:1:18:1:18 | Taint externally controlled string at ../lib/base64.py:1 | code_injection.py:7:34:7:43 | Taint externally controlled string at code_injection.py:7 |
+| ../lib/base64.py:1:18:1:18 | externally controlled string | code_injection.py:7:34:7:43 | externally controlled string |
 #select
-| code_injection.py:7:14:7:44 | exec or eval | code_injection.py:4:20:4:26 | Taint django.request.HttpRequest at code_injection.py:4 | code_injection.py:7:14:7:44 | Taint externally controlled string at code_injection.py:7 | $@ flows to here and is interpreted as code. | code_injection.py:4:20:4:26 | Django request source | User-provided value |
+| code_injection.py:7:14:7:44 | exec or eval | code_injection.py:4:20:4:26 | django.request.HttpRequest | code_injection.py:7:14:7:44 | externally controlled string | $@ flows to here and is interpreted as code. | code_injection.py:4:20:4:26 | Django request source | User-provided value |
diff --git a/python/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/python/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
index c5d0f64988e..8a4074a332c 100644
--- a/python/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
+++ b/python/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
@@ -1,11 +1,11 @@
 edges
-| test.py:33:15:33:36 | Taint exception.info at test.py:33 | test.py:34:29:34:31 | Taint exception.info at test.py:34 |
-| test.py:34:29:34:31 | Taint exception.info at test.py:34 | test.py:36:18:36:20 | Taint exception.info at test.py:36 |
-| test.py:36:18:36:20 | Taint exception.info at test.py:36 | test.py:37:25:37:27 | Taint exception.info at test.py:37 |
-| test.py:37:12:37:27 | Taint exception.info at test.py:37 | test.py:34:16:34:32 | Taint exception.info at test.py:34 |
-| test.py:37:25:37:27 | Taint exception.info at test.py:37 | test.py:37:12:37:27 | Taint exception.info at test.py:37 |
+| test.py:33:15:33:36 | exception info | test.py:34:29:34:31 | exception info |
+| test.py:34:29:34:31 | exception info | test.py:36:18:36:20 | exception info |
+| test.py:36:18:36:20 | exception info | test.py:37:25:37:27 | exception info |
+| test.py:37:12:37:27 | exception info | test.py:34:16:34:32 | exception info |
+| test.py:37:25:37:27 | exception info | test.py:37:12:37:27 | exception info |
 parents
-| test.py:36:18:36:20 | Taint exception.info at test.py:36 | test.py:34:29:34:31 | Taint exception.info at test.py:34 |
+| test.py:36:18:36:20 | exception info | test.py:34:29:34:31 | exception info |
 #select
-| test.py:16:16:16:37 | flask.routed.response | test.py:16:16:16:37 | Taint exception.info at test.py:16 | test.py:16:16:16:37 | Taint exception.info at test.py:16 | $@ may be exposed to an external user | test.py:16:16:16:37 | exception.info.source | Error information |
-| test.py:34:16:34:32 | flask.routed.response | test.py:33:15:33:36 | Taint exception.info at test.py:33 | test.py:34:16:34:32 | Taint exception.info at test.py:34 | $@ may be exposed to an external user | test.py:33:15:33:36 | exception.info.source | Error information |
+| test.py:16:16:16:37 | flask.routed.response | test.py:16:16:16:37 | exception info | test.py:16:16:16:37 | exception info | $@ may be exposed to an external user | test.py:16:16:16:37 | exception.info.source | Error information |
+| test.py:34:16:34:32 | flask.routed.response | test.py:33:15:33:36 | exception info | test.py:34:16:34:32 | exception info | $@ may be exposed to an external user | test.py:33:15:33:36 | exception.info.source | Error information |
diff --git a/python/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected b/python/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected
index 522188d9152..79dee42edb4 100644
--- a/python/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected
+++ b/python/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected
@@ -1,12 +1,12 @@
 edges
-| test.py:11:15:11:26 | Taint {externally controlled string} at test.py:11 | test.py:11:15:11:41 | Taint externally controlled string at test.py:11 |
-| test.py:11:15:11:41 | Taint externally controlled string at test.py:11 | test.py:12:18:12:24 | Taint externally controlled string at test.py:12 |
-| test.py:11:15:11:41 | Taint externally controlled string at test.py:11 | test.py:13:15:13:21 | Taint externally controlled string at test.py:13 |
-| test.py:11:15:11:41 | Taint externally controlled string at test.py:11 | test.py:14:19:14:25 | Taint externally controlled string at test.py:14 |
-| test.py:13:15:13:21 | Taint externally controlled string at test.py:13 | ../lib/yaml.py:1:10:1:10 | Taint externally controlled string at ../lib/yaml.py:1 |
+| test.py:11:15:11:26 | dict of externally controlled string | test.py:11:15:11:41 | externally controlled string |
+| test.py:11:15:11:41 | externally controlled string | test.py:12:18:12:24 | externally controlled string |
+| test.py:11:15:11:41 | externally controlled string | test.py:13:15:13:21 | externally controlled string |
+| test.py:11:15:11:41 | externally controlled string | test.py:14:19:14:25 | externally controlled string |
+| test.py:13:15:13:21 | externally controlled string | ../lib/yaml.py:1:10:1:10 | externally controlled string |
 parents
-| ../lib/yaml.py:1:10:1:10 | Taint externally controlled string at ../lib/yaml.py:1 | test.py:13:15:13:21 | Taint externally controlled string at test.py:13 |
+| ../lib/yaml.py:1:10:1:10 | externally controlled string | test.py:13:15:13:21 | externally controlled string |
 #select
-| test.py:12:18:12:24 | unpickling untrusted data | test.py:11:15:11:26 | Taint {externally controlled string} at test.py:11 | test.py:12:18:12:24 | Taint externally controlled string at test.py:12 | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
-| test.py:13:15:13:21 | yaml.load vulnerability | test.py:11:15:11:26 | Taint {externally controlled string} at test.py:11 | test.py:13:15:13:21 | Taint externally controlled string at test.py:13 | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
-| test.py:14:19:14:25 | unmarshaling vulnerability | test.py:11:15:11:26 | Taint {externally controlled string} at test.py:11 | test.py:14:19:14:25 | Taint externally controlled string at test.py:14 | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
+| test.py:12:18:12:24 | unpickling untrusted data | test.py:11:15:11:26 | dict of externally controlled string | test.py:12:18:12:24 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
+| test.py:13:15:13:21 | yaml.load vulnerability | test.py:11:15:11:26 | dict of externally controlled string | test.py:13:15:13:21 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
+| test.py:14:19:14:25 | unmarshaling vulnerability | test.py:11:15:11:26 | dict of externally controlled string | test.py:14:19:14:25 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
diff --git a/python/ql/test/query-tests/Security/CWE-601/UrlRedirect.expected b/python/ql/test/query-tests/Security/CWE-601/UrlRedirect.expected
index c4c0df06c12..5de71ec5ee5 100644
--- a/python/ql/test/query-tests/Security/CWE-601/UrlRedirect.expected
+++ b/python/ql/test/query-tests/Security/CWE-601/UrlRedirect.expected
@@ -1,10 +1,10 @@
 edges
-| test.py:7:22:7:33 | Taint {externally controlled string} at test.py:7 | test.py:7:22:7:51 | Taint externally controlled string at test.py:7 |
-| test.py:7:22:7:51 | Taint externally controlled string at test.py:7 | test.py:8:21:8:26 | Taint externally controlled string at test.py:8 |
-| test.py:8:21:8:26 | Taint externally controlled string at test.py:8 | ../lib/flask/__init__.py:11:14:11:21 | Taint externally controlled string at ../lib/flask/__init__.py:11 |
-| test.py:15:17:15:28 | Taint {externally controlled string} at test.py:15 | test.py:15:17:15:42 | Taint externally controlled string at test.py:15 |
-| test.py:15:17:15:42 | Taint externally controlled string at test.py:15 | test.py:17:13:17:21 | Taint externally controlled string at test.py:17 |
+| test.py:7:22:7:33 | dict of externally controlled string | test.py:7:22:7:51 | externally controlled string |
+| test.py:7:22:7:51 | externally controlled string | test.py:8:21:8:26 | externally controlled string |
+| test.py:8:21:8:26 | externally controlled string | ../lib/flask/__init__.py:11:14:11:21 | externally controlled string |
+| test.py:15:17:15:28 | dict of externally controlled string | test.py:15:17:15:42 | externally controlled string |
+| test.py:15:17:15:42 | externally controlled string | test.py:17:13:17:21 | externally controlled string |
 parents
-| ../lib/flask/__init__.py:11:14:11:21 | Taint externally controlled string at ../lib/flask/__init__.py:11 | test.py:8:21:8:26 | Taint externally controlled string at test.py:8 |
+| ../lib/flask/__init__.py:11:14:11:21 | externally controlled string | test.py:8:21:8:26 | externally controlled string |
 #select
-| test.py:8:21:8:26 | flask.redirect | test.py:7:22:7:33 | Taint {externally controlled string} at test.py:7 | test.py:8:21:8:26 | Taint externally controlled string at test.py:8 | Untrusted URL redirection due to $@. | test.py:7:22:7:33 | flask.request.args | a user-provided value |
+| test.py:8:21:8:26 | flask.redirect | test.py:7:22:7:33 | dict of externally controlled string | test.py:8:21:8:26 | externally controlled string | Untrusted URL redirection due to $@. | test.py:7:22:7:33 | flask.request.args | a user-provided value |