C#: Adjust qltest expected output.

csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected

@@ -173,6 +173,204 @@ edges
 | G.cs:52:14:52:21 | access to field boxfield [Box1, Elem] | G.cs:52:14:52:26 | access to field Box1 [Elem] |
 | G.cs:52:14:52:21 | this access [boxfield, Box1, ... (3)] | G.cs:52:14:52:21 | access to field boxfield [Box1, Elem] |
 | G.cs:52:14:52:26 | access to field Box1 [Elem] | G.cs:52:14:52:31 | access to field Elem |
+nodes
+| A.cs:5:17:5:23 | object creation of type C | semmle.label | object creation of type C |
+| A.cs:6:17:6:25 | call to method Make [c] | semmle.label | call to method Make [c] |
+| A.cs:6:24:6:24 | access to local variable c | semmle.label | access to local variable c |
+| A.cs:7:14:7:14 | access to local variable b [c] | semmle.label | access to local variable b [c] |
+| A.cs:7:14:7:16 | access to field c | semmle.label | access to field c |
+| A.cs:13:9:13:9 | [post] access to local variable b [c] | semmle.label | [post] access to local variable b [c] |
+| A.cs:13:15:13:22 | object creation of type C1 | semmle.label | object creation of type C1 |
+| A.cs:14:14:14:14 | access to local variable b [c] | semmle.label | access to local variable b [c] |
+| A.cs:14:14:14:20 | call to method Get | semmle.label | call to method Get |
+| A.cs:15:14:15:35 | call to method Get | semmle.label | call to method Get |
+| A.cs:15:15:15:28 | object creation of type B [c] | semmle.label | object creation of type B [c] |
+| A.cs:15:21:15:27 | object creation of type C | semmle.label | object creation of type C |
+| A.cs:22:14:22:33 | call to method SetOnB [c] | semmle.label | call to method SetOnB [c] |
+| A.cs:22:25:22:32 | object creation of type C2 | semmle.label | object creation of type C2 |
+| A.cs:24:14:24:15 | access to local variable b2 [c] | semmle.label | access to local variable b2 [c] |
+| A.cs:24:14:24:17 | access to field c | semmle.label | access to field c |
+| A.cs:31:14:31:37 | call to method SetOnBWrap [c] | semmle.label | call to method SetOnBWrap [c] |
+| A.cs:31:29:31:36 | object creation of type C2 | semmle.label | object creation of type C2 |
+| A.cs:33:14:33:15 | access to local variable b2 [c] | semmle.label | access to local variable b2 [c] |
+| A.cs:33:14:33:17 | access to field c | semmle.label | access to field c |
+| A.cs:55:17:55:23 | object creation of type A | semmle.label | object creation of type A |
+| A.cs:57:9:57:10 | [post] access to local variable c1 [a] | semmle.label | [post] access to local variable c1 [a] |
+| A.cs:57:16:57:16 | access to local variable a | semmle.label | access to local variable a |
+| A.cs:58:12:58:13 | access to local variable c1 [a] | semmle.label | access to local variable c1 [a] |
+| A.cs:60:22:60:22 | c [a] | semmle.label | c [a] |
+| A.cs:64:18:64:26 | access to field a | semmle.label | access to field a |
+| A.cs:64:19:64:23 | (...) ... [a] | semmle.label | (...) ... [a] |
+| A.cs:69:18:69:22 | (...) ... [a] | semmle.label | (...) ... [a] |
+| A.cs:77:18:77:27 | access to field a | semmle.label | access to field a |
+| A.cs:77:19:77:24 | (...) ... [a] | semmle.label | (...) ... [a] |
+| A.cs:83:9:83:9 | [post] access to parameter b [c] | semmle.label | [post] access to parameter b [c] |
+| A.cs:83:15:83:21 | object creation of type C | semmle.label | object creation of type C |
+| A.cs:88:12:88:12 | [post] access to local variable b [c] | semmle.label | [post] access to local variable b [c] |
+| A.cs:89:14:89:14 | access to local variable b [c] | semmle.label | access to local variable b [c] |
+| A.cs:89:14:89:16 | access to field c | semmle.label | access to field c |
+| A.cs:97:13:97:13 | [post] access to parameter b [c] | semmle.label | [post] access to parameter b [c] |
+| A.cs:97:19:97:25 | object creation of type C | semmle.label | object creation of type C |
+| A.cs:98:13:98:16 | [post] this access [b, c] | semmle.label | [post] this access [b, c] |
+| A.cs:98:13:98:16 | [post] this access [b] | semmle.label | [post] this access [b] |
+| A.cs:98:22:98:36 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| A.cs:98:22:98:36 | ... ? ... : ... [c] | semmle.label | ... ? ... : ... [c] |
+| A.cs:98:30:98:36 | object creation of type B | semmle.label | object creation of type B |
+| A.cs:104:17:104:23 | object creation of type B | semmle.label | object creation of type B |
+| A.cs:105:17:105:29 | object creation of type D [b, c] | semmle.label | object creation of type D [b, c] |
+| A.cs:105:17:105:29 | object creation of type D [b] | semmle.label | object creation of type D [b] |
+| A.cs:105:23:105:23 | [post] access to local variable b [c] | semmle.label | [post] access to local variable b [c] |
+| A.cs:105:23:105:23 | access to local variable b | semmle.label | access to local variable b |
+| A.cs:106:14:106:14 | access to local variable d [b] | semmle.label | access to local variable d [b] |
+| A.cs:106:14:106:16 | access to field b | semmle.label | access to field b |
+| A.cs:107:14:107:14 | access to local variable d [b, c] | semmle.label | access to local variable d [b, c] |
+| A.cs:107:14:107:16 | access to field b [c] | semmle.label | access to field b [c] |
+| A.cs:107:14:107:18 | access to field c | semmle.label | access to field c |
+| A.cs:108:14:108:14 | access to local variable b [c] | semmle.label | access to local variable b [c] |
+| A.cs:108:14:108:16 | access to field c | semmle.label | access to field c |
+| A.cs:113:17:113:23 | object creation of type B | semmle.label | object creation of type B |
+| A.cs:114:18:114:54 | object creation of type MyList [head] | semmle.label | object creation of type MyList [head] |
+| A.cs:114:29:114:29 | access to local variable b | semmle.label | access to local variable b |
+| A.cs:115:18:115:37 | object creation of type MyList [next, head] | semmle.label | object creation of type MyList [next, head] |
+| A.cs:115:35:115:36 | access to local variable l1 [head] | semmle.label | access to local variable l1 [head] |
+| A.cs:116:18:116:37 | object creation of type MyList [next, next, ... (3)] | semmle.label | object creation of type MyList [next, next, ... (3)] |
+| A.cs:116:35:116:36 | access to local variable l2 [next, head] | semmle.label | access to local variable l2 [next, head] |
+| A.cs:119:14:119:15 | access to local variable l3 [next, next, ... (3)] | semmle.label | access to local variable l3 [next, next, ... (3)] |
+| A.cs:119:14:119:20 | access to field next [next, head] | semmle.label | access to field next [next, head] |
+| A.cs:119:14:119:25 | access to field next [head] | semmle.label | access to field next [head] |
+| A.cs:119:14:119:30 | access to field head | semmle.label | access to field head |
+| A.cs:121:41:121:41 | access to local variable l [next, head] | semmle.label | access to local variable l [next, head] |
+| A.cs:121:41:121:41 | access to local variable l [next, next, ... (3)] | semmle.label | access to local variable l [next, next, ... (3)] |
+| A.cs:121:41:121:46 | access to field next [head] | semmle.label | access to field next [head] |
+| A.cs:121:41:121:46 | access to field next [next, head] | semmle.label | access to field next [next, head] |
+| A.cs:123:18:123:18 | access to local variable l [head] | semmle.label | access to local variable l [head] |
+| A.cs:123:18:123:23 | access to field head | semmle.label | access to field head |
+| B.cs:5:17:5:26 | object creation of type Elem | semmle.label | object creation of type Elem |
+| B.cs:6:18:6:34 | object creation of type Box1 [elem1] | semmle.label | object creation of type Box1 [elem1] |
+| B.cs:6:27:6:27 | access to local variable e | semmle.label | access to local variable e |
+| B.cs:7:18:7:29 | object creation of type Box2 [box1, elem1] | semmle.label | object creation of type Box2 [box1, elem1] |
+| B.cs:7:27:7:28 | access to local variable b1 [elem1] | semmle.label | access to local variable b1 [elem1] |
+| B.cs:8:14:8:15 | access to local variable b2 [box1, elem1] | semmle.label | access to local variable b2 [box1, elem1] |
+| B.cs:8:14:8:20 | access to field box1 [elem1] | semmle.label | access to field box1 [elem1] |
+| B.cs:8:14:8:26 | access to field elem1 | semmle.label | access to field elem1 |
+| B.cs:14:17:14:26 | object creation of type Elem | semmle.label | object creation of type Elem |
+| B.cs:15:18:15:34 | object creation of type Box1 [elem2] | semmle.label | object creation of type Box1 [elem2] |
+| B.cs:15:33:15:33 | access to local variable e | semmle.label | access to local variable e |
+| B.cs:16:18:16:29 | object creation of type Box2 [box1, elem2] | semmle.label | object creation of type Box2 [box1, elem2] |
+| B.cs:16:27:16:28 | access to local variable b1 [elem2] | semmle.label | access to local variable b1 [elem2] |
+| B.cs:18:14:18:15 | access to local variable b2 [box1, elem2] | semmle.label | access to local variable b2 [box1, elem2] |
+| B.cs:18:14:18:20 | access to field box1 [elem2] | semmle.label | access to field box1 [elem2] |
+| B.cs:18:14:18:26 | access to field elem2 | semmle.label | access to field elem2 |
+| C.cs:3:18:3:19 | [post] this access [s1] | semmle.label | [post] this access [s1] |
+| C.cs:3:23:3:32 | object creation of type Elem | semmle.label | object creation of type Elem |
+| C.cs:4:27:4:28 | [post] this access [s2] | semmle.label | [post] this access [s2] |
+| C.cs:4:32:4:41 | object creation of type Elem | semmle.label | object creation of type Elem |
+| C.cs:6:30:6:39 | object creation of type Elem | semmle.label | object creation of type Elem |
+| C.cs:7:18:7:19 | [post] this access [s5] | semmle.label | [post] this access [s5] |
+| C.cs:7:37:7:46 | object creation of type Elem | semmle.label | object creation of type Elem |
+| C.cs:8:30:8:39 | object creation of type Elem | semmle.label | object creation of type Elem |
+| C.cs:12:15:12:21 | object creation of type C [s1] | semmle.label | object creation of type C [s1] |
+| C.cs:12:15:12:21 | object creation of type C [s2] | semmle.label | object creation of type C [s2] |
+| C.cs:12:15:12:21 | object creation of type C [s3] | semmle.label | object creation of type C [s3] |
+| C.cs:12:15:12:21 | object creation of type C [s5] | semmle.label | object creation of type C [s5] |
+| C.cs:13:9:13:9 | access to local variable c [s1] | semmle.label | access to local variable c [s1] |
+| C.cs:13:9:13:9 | access to local variable c [s2] | semmle.label | access to local variable c [s2] |
+| C.cs:13:9:13:9 | access to local variable c [s3] | semmle.label | access to local variable c [s3] |
+| C.cs:13:9:13:9 | access to local variable c [s5] | semmle.label | access to local variable c [s5] |
+| C.cs:18:9:18:12 | [post] this access [s3] | semmle.label | [post] this access [s3] |
+| C.cs:18:19:18:28 | object creation of type Elem | semmle.label | object creation of type Elem |
+| C.cs:21:17:21:18 | this [s1] | semmle.label | this [s1] |
+| C.cs:21:17:21:18 | this [s2] | semmle.label | this [s2] |
+| C.cs:21:17:21:18 | this [s3] | semmle.label | this [s3] |
+| C.cs:21:17:21:18 | this [s5] | semmle.label | this [s5] |
+| C.cs:23:14:23:15 | access to field s1 | semmle.label | access to field s1 |
+| C.cs:23:14:23:15 | this access [s1] | semmle.label | this access [s1] |
+| C.cs:24:14:24:15 | access to field s2 | semmle.label | access to field s2 |
+| C.cs:24:14:24:15 | this access [s2] | semmle.label | this access [s2] |
+| C.cs:25:14:25:15 | access to field s3 | semmle.label | access to field s3 |
+| C.cs:25:14:25:15 | this access [s3] | semmle.label | this access [s3] |
+| C.cs:26:14:26:15 | access to field s4 | semmle.label | access to field s4 |
+| C.cs:27:14:27:15 | access to property s5 | semmle.label | access to property s5 |
+| C.cs:27:14:27:15 | this access [s5] | semmle.label | this access [s5] |
+| C.cs:28:14:28:15 | access to property s6 | semmle.label | access to property s6 |
+| D.cs:29:17:29:28 | object creation of type Object | semmle.label | object creation of type Object |
+| D.cs:31:17:31:37 | call to method Create [AutoProp] | semmle.label | call to method Create [AutoProp] |
+| D.cs:31:24:31:24 | access to local variable o | semmle.label | access to local variable o |
+| D.cs:32:14:32:14 | access to local variable d [AutoProp] | semmle.label | access to local variable d [AutoProp] |
+| D.cs:32:14:32:23 | access to property AutoProp | semmle.label | access to property AutoProp |
+| D.cs:37:13:37:33 | call to method Create [trivialPropField] | semmle.label | call to method Create [trivialPropField] |
+| D.cs:37:26:37:26 | access to local variable o | semmle.label | access to local variable o |
+| D.cs:39:14:39:14 | access to local variable d [trivialPropField] | semmle.label | access to local variable d [trivialPropField] |
+| D.cs:39:14:39:26 | access to property TrivialProp | semmle.label | access to property TrivialProp |
+| D.cs:40:14:40:14 | access to local variable d [trivialPropField] | semmle.label | access to local variable d [trivialPropField] |
+| D.cs:40:14:40:31 | access to field trivialPropField | semmle.label | access to field trivialPropField |
+| D.cs:41:14:41:14 | access to local variable d [trivialPropField] | semmle.label | access to local variable d [trivialPropField] |
+| D.cs:41:14:41:26 | access to property ComplexProp | semmle.label | access to property ComplexProp |
+| D.cs:43:13:43:33 | call to method Create [trivialPropField] | semmle.label | call to method Create [trivialPropField] |
+| D.cs:43:32:43:32 | access to local variable o | semmle.label | access to local variable o |
+| D.cs:45:14:45:14 | access to local variable d [trivialPropField] | semmle.label | access to local variable d [trivialPropField] |
+| D.cs:45:14:45:26 | access to property TrivialProp | semmle.label | access to property TrivialProp |
+| D.cs:46:14:46:14 | access to local variable d [trivialPropField] | semmle.label | access to local variable d [trivialPropField] |
+| D.cs:46:14:46:31 | access to field trivialPropField | semmle.label | access to field trivialPropField |
+| D.cs:47:14:47:14 | access to local variable d [trivialPropField] | semmle.label | access to local variable d [trivialPropField] |
+| D.cs:47:14:47:26 | access to property ComplexProp | semmle.label | access to property ComplexProp |
+| E.cs:22:17:22:28 | object creation of type Object | semmle.label | object creation of type Object |
+| E.cs:23:17:23:26 | call to method CreateS [Field] | semmle.label | call to method CreateS [Field] |
+| E.cs:23:25:23:25 | access to local variable o | semmle.label | access to local variable o |
+| E.cs:24:14:24:14 | access to local variable s [Field] | semmle.label | access to local variable s [Field] |
+| E.cs:24:14:24:20 | access to field Field | semmle.label | access to field Field |
+| F.cs:10:17:10:28 | object creation of type Object | semmle.label | object creation of type Object |
+| F.cs:11:17:11:31 | call to method Create [Field1] | semmle.label | call to method Create [Field1] |
+| F.cs:11:24:11:24 | access to local variable o | semmle.label | access to local variable o |
+| F.cs:12:14:12:14 | access to local variable f [Field1] | semmle.label | access to local variable f [Field1] |
+| F.cs:12:14:12:21 | access to field Field1 | semmle.label | access to field Field1 |
+| F.cs:15:13:15:27 | call to method Create [Field2] | semmle.label | call to method Create [Field2] |
+| F.cs:15:26:15:26 | access to local variable o | semmle.label | access to local variable o |
+| F.cs:17:14:17:14 | access to local variable f [Field2] | semmle.label | access to local variable f [Field2] |
+| F.cs:17:14:17:21 | access to field Field2 | semmle.label | access to field Field2 |
+| F.cs:19:13:19:34 | object creation of type F [Field1] | semmle.label | object creation of type F [Field1] |
+| F.cs:19:32:19:32 | access to local variable o | semmle.label | access to local variable o |
+| F.cs:20:14:20:14 | access to local variable f [Field1] | semmle.label | access to local variable f [Field1] |
+| F.cs:20:14:20:21 | access to field Field1 | semmle.label | access to field Field1 |
+| F.cs:23:13:23:34 | object creation of type F [Field2] | semmle.label | object creation of type F [Field2] |
+| F.cs:23:32:23:32 | access to local variable o | semmle.label | access to local variable o |
+| F.cs:25:14:25:14 | access to local variable f [Field2] | semmle.label | access to local variable f [Field2] |
+| F.cs:25:14:25:21 | access to field Field2 | semmle.label | access to field Field2 |
+| G.cs:7:18:7:27 | object creation of type Elem | semmle.label | object creation of type Elem |
+| G.cs:9:9:9:9 | [post] access to local variable b [Box1, Elem] | semmle.label | [post] access to local variable b [Box1, Elem] |
+| G.cs:9:9:9:14 | [post] access to field Box1 [Elem] | semmle.label | [post] access to field Box1 [Elem] |
+| G.cs:9:23:9:23 | access to local variable e | semmle.label | access to local variable e |
+| G.cs:10:18:10:18 | access to local variable b [Box1, Elem] | semmle.label | access to local variable b [Box1, Elem] |
+| G.cs:15:18:15:27 | object creation of type Elem | semmle.label | object creation of type Elem |
+| G.cs:17:9:17:9 | [post] access to local variable b [Box1, Elem] | semmle.label | [post] access to local variable b [Box1, Elem] |
+| G.cs:17:9:17:14 | [post] access to field Box1 [Elem] | semmle.label | [post] access to field Box1 [Elem] |
+| G.cs:17:24:17:24 | access to local variable e | semmle.label | access to local variable e |
+| G.cs:18:18:18:18 | access to local variable b [Box1, Elem] | semmle.label | access to local variable b [Box1, Elem] |
+| G.cs:23:18:23:27 | object creation of type Elem | semmle.label | object creation of type Elem |
+| G.cs:25:9:25:9 | [post] access to local variable b [Box1, Elem] | semmle.label | [post] access to local variable b [Box1, Elem] |
+| G.cs:25:9:25:19 | [post] call to method GetBox1 [Elem] | semmle.label | [post] call to method GetBox1 [Elem] |
+| G.cs:25:28:25:28 | access to local variable e | semmle.label | access to local variable e |
+| G.cs:26:18:26:18 | access to local variable b [Box1, Elem] | semmle.label | access to local variable b [Box1, Elem] |
+| G.cs:31:18:31:27 | object creation of type Elem | semmle.label | object creation of type Elem |
+| G.cs:33:9:33:9 | [post] access to local variable b [Box1, Elem] | semmle.label | [post] access to local variable b [Box1, Elem] |
+| G.cs:33:9:33:19 | [post] call to method GetBox1 [Elem] | semmle.label | [post] call to method GetBox1 [Elem] |
+| G.cs:33:29:33:29 | access to local variable e | semmle.label | access to local variable e |
+| G.cs:34:18:34:18 | access to local variable b [Box1, Elem] | semmle.label | access to local variable b [Box1, Elem] |
+| G.cs:37:38:37:39 | b2 [Box1, Elem] | semmle.label | b2 [Box1, Elem] |
+| G.cs:39:14:39:15 | access to parameter b2 [Box1, Elem] | semmle.label | access to parameter b2 [Box1, Elem] |
+| G.cs:39:14:39:25 | call to method GetBox1 [Elem] | semmle.label | call to method GetBox1 [Elem] |
+| G.cs:39:14:39:35 | call to method GetElem | semmle.label | call to method GetElem |
+| G.cs:44:18:44:27 | object creation of type Elem | semmle.label | object creation of type Elem |
+| G.cs:46:9:46:16 | [post] access to field boxfield [Box1, Elem] | semmle.label | [post] access to field boxfield [Box1, Elem] |
+| G.cs:46:9:46:16 | [post] this access [boxfield, Box1, ... (3)] | semmle.label | [post] this access [boxfield, Box1, ... (3)] |
+| G.cs:46:9:46:21 | [post] access to field Box1 [Elem] | semmle.label | [post] access to field Box1 [Elem] |
+| G.cs:46:30:46:30 | access to local variable e | semmle.label | access to local variable e |
+| G.cs:47:9:47:13 | this access [boxfield, Box1, ... (3)] | semmle.label | this access [boxfield, Box1, ... (3)] |
+| G.cs:50:18:50:20 | this [boxfield, Box1, ... (3)] | semmle.label | this [boxfield, Box1, ... (3)] |
+| G.cs:52:14:52:21 | access to field boxfield [Box1, Elem] | semmle.label | access to field boxfield [Box1, Elem] |
+| G.cs:52:14:52:21 | this access [boxfield, Box1, ... (3)] | semmle.label | this access [boxfield, Box1, ... (3)] |
+| G.cs:52:14:52:26 | access to field Box1 [Elem] | semmle.label | access to field Box1 [Elem] |
+| G.cs:52:14:52:31 | access to field Elem | semmle.label | access to field Elem |
 #select
 | A.cs:7:14:7:16 | access to field c | A.cs:5:17:5:23 | object creation of type C | A.cs:7:14:7:16 | access to field c | $@ | A.cs:5:17:5:23 | object creation of type C | object creation of type C |
 | A.cs:14:14:14:20 | call to method Get | A.cs:13:15:13:22 | object creation of type C1 | A.cs:14:14:14:20 | call to method Get | $@ | A.cs:13:15:13:22 | object creation of type C1 | object creation of type C1 |

csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected

@@ -192,6 +192,159 @@ edges
 | Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element | Splitting.cs:34:19:34:19 | access to local variable x |
 | Splitting.cs:31:19:31:25 | [b (line 24): false] access to parameter tainted | Splitting.cs:31:17:31:26 | [b (line 24): false] dynamic access to element |
 | Splitting.cs:31:19:31:25 | [b (line 24): true] access to parameter tainted | Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element |
+nodes
+| Capture.cs:7:20:7:26 | tainted | semmle.label | tainted |
+| Capture.cs:9:9:13:9 | SSA capture def(tainted) | semmle.label | SSA capture def(tainted) |
+| Capture.cs:12:19:12:24 | access to local variable sink27 | semmle.label | access to local variable sink27 |
+| Capture.cs:14:9:14:20 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:18:13:22:13 | SSA capture def(tainted) | semmle.label | SSA capture def(tainted) |
+| Capture.cs:21:23:21:28 | access to local variable sink28 | semmle.label | access to local variable sink28 |
+| Capture.cs:25:9:25:20 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:27:43:32:9 | SSA capture def(tainted) | semmle.label | SSA capture def(tainted) |
+| Capture.cs:30:19:30:24 | access to local variable sink29 | semmle.label | access to local variable sink29 |
+| Capture.cs:33:9:33:40 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:57:13:57:35 | SSA def(sink30) | semmle.label | SSA def(sink30) |
+| Capture.cs:57:22:57:35 | "taint source" | semmle.label | "taint source" |
+| Capture.cs:59:9:59:21 | SSA call def(sink30) | semmle.label | SSA call def(sink30) |
+| Capture.cs:60:15:60:20 | access to local variable sink30 | semmle.label | access to local variable sink30 |
+| Capture.cs:67:17:67:39 | SSA def(sink31) | semmle.label | SSA def(sink31) |
+| Capture.cs:67:26:67:39 | "taint source" | semmle.label | "taint source" |
+| Capture.cs:71:9:71:21 | SSA call def(sink31) | semmle.label | SSA call def(sink31) |
+| Capture.cs:72:15:72:20 | access to local variable sink31 | semmle.label | access to local variable sink31 |
+| Capture.cs:77:13:77:35 | SSA def(sink32) | semmle.label | SSA def(sink32) |
+| Capture.cs:77:22:77:35 | "taint source" | semmle.label | "taint source" |
+| Capture.cs:80:9:80:41 | SSA call def(sink32) | semmle.label | SSA call def(sink32) |
+| Capture.cs:81:15:81:20 | access to local variable sink32 | semmle.label | access to local variable sink32 |
+| Capture.cs:101:25:101:31 | tainted | semmle.label | tainted |
+| Capture.cs:108:9:108:25 | SSA call def(sink33) | semmle.label | SSA call def(sink33) |
+| Capture.cs:108:9:108:25 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:109:15:109:20 | access to local variable sink33 | semmle.label | access to local variable sink33 |
+| Capture.cs:120:9:120:25 | SSA call def(sink34) | semmle.label | SSA call def(sink34) |
+| Capture.cs:120:9:120:25 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:121:15:121:20 | access to local variable sink34 | semmle.label | access to local variable sink34 |
+| Capture.cs:129:9:129:45 | SSA call def(sink35) | semmle.label | SSA call def(sink35) |
+| Capture.cs:129:9:129:45 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:130:15:130:20 | access to local variable sink35 | semmle.label | access to local variable sink35 |
+| Capture.cs:136:22:136:38 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:136:22:136:38 | call to local function CaptureThrough4 | semmle.label | call to local function CaptureThrough4 |
+| Capture.cs:137:15:137:20 | access to local variable sink36 | semmle.label | access to local variable sink36 |
+| Capture.cs:144:9:144:32 | SSA call def(sink37) | semmle.label | SSA call def(sink37) |
+| Capture.cs:144:25:144:31 | access to parameter tainted | semmle.label | access to parameter tainted |
+| Capture.cs:145:15:145:20 | access to local variable sink37 | semmle.label | access to local variable sink37 |
+| Capture.cs:170:22:170:32 | call to local function Id | semmle.label | call to local function Id |
+| Capture.cs:170:25:170:31 | access to parameter tainted | semmle.label | access to parameter tainted |
+| Capture.cs:171:15:171:20 | access to local variable sink38 | semmle.label | access to local variable sink38 |
+| GlobalDataFlow.cs:17:27:17:40 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:18:15:18:29 | access to field SinkField0 | semmle.label | access to field SinkField0 |
+| GlobalDataFlow.cs:26:15:26:32 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:26:15:26:32 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:35:13:35:30 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:37:35:37:52 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:44:30:44:39 | sinkParam2 | semmle.label | sinkParam2 |
+| GlobalDataFlow.cs:44:50:44:59 | access to parameter sinkParam2 | semmle.label | access to parameter sinkParam2 |
+| GlobalDataFlow.cs:45:13:45:30 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:52:20:52:37 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:53:15:53:15 | x | semmle.label | x |
+| GlobalDataFlow.cs:53:24:53:24 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:53:28:53:45 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:54:44:54:61 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:55:28:55:45 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:56:37:56:37 | x | semmle.label | x |
+| GlobalDataFlow.cs:56:46:56:46 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:57:35:57:52 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:60:38:60:50 | access to parameter nonSinkParam0 | semmle.label | access to parameter nonSinkParam0 |
+| GlobalDataFlow.cs:61:61:61:73 | access to parameter nonSinkParam0 | semmle.label | access to parameter nonSinkParam0 |
+| GlobalDataFlow.cs:64:22:64:39 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:70:21:70:46 | call to method Return | semmle.label | call to method Return |
+| GlobalDataFlow.cs:70:28:70:45 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:71:15:71:19 | access to local variable sink0 | semmle.label | access to local variable sink0 |
+| GlobalDataFlow.cs:72:21:72:101 | (...) ... | semmle.label | (...) ... |
+| GlobalDataFlow.cs:72:29:72:101 | call to method Invoke | semmle.label | call to method Invoke |
+| GlobalDataFlow.cs:72:94:72:98 | access to local variable sink0 | semmle.label | access to local variable sink0 |
+| GlobalDataFlow.cs:73:15:73:19 | access to local variable sink1 | semmle.label | access to local variable sink1 |
+| GlobalDataFlow.cs:75:19:75:23 | access to local variable sink1 | semmle.label | access to local variable sink1 |
+| GlobalDataFlow.cs:75:30:75:34 | SSA def(sink2) | semmle.label | SSA def(sink2) |
+| GlobalDataFlow.cs:76:15:76:19 | access to local variable sink2 | semmle.label | access to local variable sink2 |
+| GlobalDataFlow.cs:78:19:78:23 | access to local variable sink2 | semmle.label | access to local variable sink2 |
+| GlobalDataFlow.cs:78:30:78:34 | SSA def(sink3) | semmle.label | SSA def(sink3) |
+| GlobalDataFlow.cs:79:15:79:19 | access to local variable sink3 | semmle.label | access to local variable sink3 |
+| GlobalDataFlow.cs:135:21:135:34 | delegate call | semmle.label | delegate call |
+| GlobalDataFlow.cs:135:29:135:33 | access to local variable sink3 | semmle.label | access to local variable sink3 |
+| GlobalDataFlow.cs:136:15:136:19 | access to local variable sink4 | semmle.label | access to local variable sink4 |
+| GlobalDataFlow.cs:143:21:143:44 | call to method ApplyFunc | semmle.label | call to method ApplyFunc |
+| GlobalDataFlow.cs:143:39:143:43 | access to local variable sink4 | semmle.label | access to local variable sink4 |
+| GlobalDataFlow.cs:144:15:144:19 | access to local variable sink5 | semmle.label | access to local variable sink5 |
+| GlobalDataFlow.cs:153:21:153:25 | call to method Out | semmle.label | call to method Out |
+| GlobalDataFlow.cs:154:15:154:19 | access to local variable sink6 | semmle.label | access to local variable sink6 |
+| GlobalDataFlow.cs:156:20:156:24 | SSA def(sink7) | semmle.label | SSA def(sink7) |
+| GlobalDataFlow.cs:157:15:157:19 | access to local variable sink7 | semmle.label | access to local variable sink7 |
+| GlobalDataFlow.cs:159:20:159:24 | SSA def(sink8) | semmle.label | SSA def(sink8) |
+| GlobalDataFlow.cs:160:15:160:19 | access to local variable sink8 | semmle.label | access to local variable sink8 |
+| GlobalDataFlow.cs:163:22:163:43 | call to method TaintedParam | semmle.label | call to method TaintedParam |
+| GlobalDataFlow.cs:164:15:164:20 | access to local variable sink23 | semmle.label | access to local variable sink23 |
+| GlobalDataFlow.cs:179:35:179:48 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:180:21:180:26 | delegate call | semmle.label | delegate call |
+| GlobalDataFlow.cs:181:15:181:19 | access to local variable sink9 | semmle.label | access to local variable sink9 |
+| GlobalDataFlow.cs:189:39:189:41 | [output] delegate creation of type Func<String> | semmle.label | [output] delegate creation of type Func<String> |
+| GlobalDataFlow.cs:190:15:190:20 | access to local variable sink10 | semmle.label | access to local variable sink10 |
+| GlobalDataFlow.cs:197:22:197:32 | access to property OutProperty | semmle.label | access to property OutProperty |
+| GlobalDataFlow.cs:198:15:198:20 | access to local variable sink19 | semmle.label | access to local variable sink19 |
+| GlobalDataFlow.cs:234:26:234:35 | sinkParam0 | semmle.label | sinkParam0 |
+| GlobalDataFlow.cs:236:16:236:25 | access to parameter sinkParam0 | semmle.label | access to parameter sinkParam0 |
+| GlobalDataFlow.cs:237:15:237:24 | access to parameter sinkParam0 | semmle.label | access to parameter sinkParam0 |
+| GlobalDataFlow.cs:240:26:240:35 | sinkParam1 | semmle.label | sinkParam1 |
+| GlobalDataFlow.cs:242:15:242:24 | access to parameter sinkParam1 | semmle.label | access to parameter sinkParam1 |
+| GlobalDataFlow.cs:245:26:245:35 | sinkParam3 | semmle.label | sinkParam3 |
+| GlobalDataFlow.cs:247:15:247:24 | access to parameter sinkParam3 | semmle.label | access to parameter sinkParam3 |
+| GlobalDataFlow.cs:250:26:250:35 | sinkParam4 | semmle.label | sinkParam4 |
+| GlobalDataFlow.cs:252:15:252:24 | access to parameter sinkParam4 | semmle.label | access to parameter sinkParam4 |
+| GlobalDataFlow.cs:255:26:255:35 | sinkParam5 | semmle.label | sinkParam5 |
+| GlobalDataFlow.cs:257:15:257:24 | access to parameter sinkParam5 | semmle.label | access to parameter sinkParam5 |
+| GlobalDataFlow.cs:260:26:260:35 | sinkParam6 | semmle.label | sinkParam6 |
+| GlobalDataFlow.cs:262:15:262:24 | access to parameter sinkParam6 | semmle.label | access to parameter sinkParam6 |
+| GlobalDataFlow.cs:265:26:265:35 | sinkParam7 | semmle.label | sinkParam7 |
+| GlobalDataFlow.cs:267:15:267:24 | access to parameter sinkParam7 | semmle.label | access to parameter sinkParam7 |
+| GlobalDataFlow.cs:318:16:318:29 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:323:9:323:26 | SSA def(x) | semmle.label | SSA def(x) |
+| GlobalDataFlow.cs:323:13:323:26 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:328:9:328:26 | SSA def(x) | semmle.label | SSA def(x) |
+| GlobalDataFlow.cs:328:13:328:26 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:359:41:359:41 | x | semmle.label | x |
+| GlobalDataFlow.cs:359:41:359:41 | x | semmle.label | x |
+| GlobalDataFlow.cs:361:11:361:11 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:361:11:361:11 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:373:52:373:52 | x | semmle.label | x |
+| GlobalDataFlow.cs:373:52:373:52 | x | semmle.label | x |
+| GlobalDataFlow.cs:373:52:373:52 | x | semmle.label | x |
+| GlobalDataFlow.cs:375:11:375:11 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:375:11:375:11 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:375:11:375:11 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:378:39:378:45 | tainted | semmle.label | tainted |
+| GlobalDataFlow.cs:381:15:381:20 | access to local variable sink11 | semmle.label | access to local variable sink11 |
+| GlobalDataFlow.cs:382:16:382:21 | access to local variable sink11 | semmle.label | access to local variable sink11 |
+| GlobalDataFlow.cs:404:9:404:11 | value | semmle.label | value |
+| GlobalDataFlow.cs:404:41:404:46 | access to local variable sink20 | semmle.label | access to local variable sink20 |
+| GlobalDataFlow.cs:415:22:415:35 | "taint source" | semmle.label | "taint source" |
+| Splitting.cs:3:28:3:34 | tainted | semmle.label | tainted |
+| Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return | semmle.label | [b (line 3): false] call to method Return |
+| Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return | semmle.label | [b (line 3): true] call to method Return |
+| Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted | semmle.label | [b (line 3): false] access to parameter tainted |
+| Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted | semmle.label | [b (line 3): true] access to parameter tainted |
+| Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | semmle.label | [b (line 3): false] access to local variable x |
+| Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | semmle.label | [b (line 3): true] access to local variable x |
+| Splitting.cs:11:19:11:19 | access to local variable x | semmle.label | access to local variable x |
+| Splitting.cs:21:9:21:11 | value | semmle.label | value |
+| Splitting.cs:21:28:21:32 | access to parameter value | semmle.label | access to parameter value |
+| Splitting.cs:24:28:24:34 | tainted | semmle.label | tainted |
+| Splitting.cs:30:17:30:23 | [b (line 24): false] access to parameter tainted | semmle.label | [b (line 24): false] access to parameter tainted |
+| Splitting.cs:30:17:30:23 | [b (line 24): true] access to parameter tainted | semmle.label | [b (line 24): true] access to parameter tainted |
+| Splitting.cs:31:17:31:26 | [b (line 24): false] dynamic access to element | semmle.label | [b (line 24): false] dynamic access to element |
+| Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element | semmle.label | [b (line 24): true] dynamic access to element |
+| Splitting.cs:31:19:31:25 | [b (line 24): false] access to parameter tainted | semmle.label | [b (line 24): false] access to parameter tainted |
+| Splitting.cs:31:19:31:25 | [b (line 24): true] access to parameter tainted | semmle.label | [b (line 24): true] access to parameter tainted |
+| Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x | semmle.label | [b (line 24): false] access to local variable x |
+| Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x | semmle.label | [b (line 24): true] access to local variable x |
+| Splitting.cs:34:19:34:19 | access to local variable x | semmle.label | access to local variable x |
 #select
 | Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x | Splitting.cs:24:28:24:34 | tainted | Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x | [b (line 24): false] access to local variable x |
 | Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x | Splitting.cs:24:28:24:34 | tainted | Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x | [b (line 24): true] access to local variable x |

csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected

@@ -239,6 +239,205 @@ edges
 | Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element | Splitting.cs:34:19:34:19 | access to local variable x |
 | Splitting.cs:31:19:31:25 | [b (line 24): false] access to parameter tainted | Splitting.cs:31:17:31:26 | [b (line 24): false] dynamic access to element |
 | Splitting.cs:31:19:31:25 | [b (line 24): true] access to parameter tainted | Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element |
+nodes
+| Capture.cs:7:20:7:26 | tainted | semmle.label | tainted |
+| Capture.cs:9:9:13:9 | SSA capture def(tainted) | semmle.label | SSA capture def(tainted) |
+| Capture.cs:12:19:12:24 | access to local variable sink27 | semmle.label | access to local variable sink27 |
+| Capture.cs:14:9:14:20 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:18:13:22:13 | SSA capture def(tainted) | semmle.label | SSA capture def(tainted) |
+| Capture.cs:21:23:21:28 | access to local variable sink28 | semmle.label | access to local variable sink28 |
+| Capture.cs:25:9:25:20 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:27:43:32:9 | SSA capture def(tainted) | semmle.label | SSA capture def(tainted) |
+| Capture.cs:30:19:30:24 | access to local variable sink29 | semmle.label | access to local variable sink29 |
+| Capture.cs:33:9:33:40 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:57:13:57:35 | SSA def(sink30) | semmle.label | SSA def(sink30) |
+| Capture.cs:57:22:57:35 | "taint source" | semmle.label | "taint source" |
+| Capture.cs:59:9:59:21 | SSA call def(sink30) | semmle.label | SSA call def(sink30) |
+| Capture.cs:60:15:60:20 | access to local variable sink30 | semmle.label | access to local variable sink30 |
+| Capture.cs:67:17:67:39 | SSA def(sink31) | semmle.label | SSA def(sink31) |
+| Capture.cs:67:26:67:39 | "taint source" | semmle.label | "taint source" |
+| Capture.cs:71:9:71:21 | SSA call def(sink31) | semmle.label | SSA call def(sink31) |
+| Capture.cs:72:15:72:20 | access to local variable sink31 | semmle.label | access to local variable sink31 |
+| Capture.cs:77:13:77:35 | SSA def(sink32) | semmle.label | SSA def(sink32) |
+| Capture.cs:77:22:77:35 | "taint source" | semmle.label | "taint source" |
+| Capture.cs:80:9:80:41 | SSA call def(sink32) | semmle.label | SSA call def(sink32) |
+| Capture.cs:81:15:81:20 | access to local variable sink32 | semmle.label | access to local variable sink32 |
+| Capture.cs:101:25:101:31 | tainted | semmle.label | tainted |
+| Capture.cs:108:9:108:25 | SSA call def(sink33) | semmle.label | SSA call def(sink33) |
+| Capture.cs:108:9:108:25 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:109:15:109:20 | access to local variable sink33 | semmle.label | access to local variable sink33 |
+| Capture.cs:120:9:120:25 | SSA call def(sink34) | semmle.label | SSA call def(sink34) |
+| Capture.cs:120:9:120:25 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:121:15:121:20 | access to local variable sink34 | semmle.label | access to local variable sink34 |
+| Capture.cs:129:9:129:45 | SSA call def(sink35) | semmle.label | SSA call def(sink35) |
+| Capture.cs:129:9:129:45 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:130:15:130:20 | access to local variable sink35 | semmle.label | access to local variable sink35 |
+| Capture.cs:136:22:136:38 | [implicit argument] tainted | semmle.label | [implicit argument] tainted |
+| Capture.cs:136:22:136:38 | call to local function CaptureThrough4 | semmle.label | call to local function CaptureThrough4 |
+| Capture.cs:137:15:137:20 | access to local variable sink36 | semmle.label | access to local variable sink36 |
+| Capture.cs:144:9:144:32 | SSA call def(sink37) | semmle.label | SSA call def(sink37) |
+| Capture.cs:144:25:144:31 | access to parameter tainted | semmle.label | access to parameter tainted |
+| Capture.cs:145:15:145:20 | access to local variable sink37 | semmle.label | access to local variable sink37 |
+| Capture.cs:170:22:170:32 | call to local function Id | semmle.label | call to local function Id |
+| Capture.cs:170:25:170:31 | access to parameter tainted | semmle.label | access to parameter tainted |
+| Capture.cs:171:15:171:20 | access to local variable sink38 | semmle.label | access to local variable sink38 |
+| GlobalDataFlow.cs:17:27:17:40 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:18:15:18:29 | access to field SinkField0 | semmle.label | access to field SinkField0 |
+| GlobalDataFlow.cs:26:15:26:32 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:26:15:26:32 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:35:13:35:30 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:37:35:37:52 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:44:30:44:39 | sinkParam2 | semmle.label | sinkParam2 |
+| GlobalDataFlow.cs:44:50:44:59 | access to parameter sinkParam2 | semmle.label | access to parameter sinkParam2 |
+| GlobalDataFlow.cs:45:13:45:30 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:52:20:52:37 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:53:15:53:15 | x | semmle.label | x |
+| GlobalDataFlow.cs:53:24:53:24 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:53:28:53:45 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:54:44:54:61 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:55:28:55:45 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:56:37:56:37 | x | semmle.label | x |
+| GlobalDataFlow.cs:56:46:56:46 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:57:35:57:52 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:60:38:60:50 | access to parameter nonSinkParam0 | semmle.label | access to parameter nonSinkParam0 |
+| GlobalDataFlow.cs:61:61:61:73 | access to parameter nonSinkParam0 | semmle.label | access to parameter nonSinkParam0 |
+| GlobalDataFlow.cs:64:22:64:39 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:70:21:70:46 | call to method Return | semmle.label | call to method Return |
+| GlobalDataFlow.cs:70:28:70:45 | access to property SinkProperty0 | semmle.label | access to property SinkProperty0 |
+| GlobalDataFlow.cs:71:15:71:19 | access to local variable sink0 | semmle.label | access to local variable sink0 |
+| GlobalDataFlow.cs:72:21:72:101 | (...) ... | semmle.label | (...) ... |
+| GlobalDataFlow.cs:72:29:72:101 | call to method Invoke | semmle.label | call to method Invoke |
+| GlobalDataFlow.cs:72:94:72:98 | access to local variable sink0 | semmle.label | access to local variable sink0 |
+| GlobalDataFlow.cs:73:15:73:19 | access to local variable sink1 | semmle.label | access to local variable sink1 |
+| GlobalDataFlow.cs:75:19:75:23 | access to local variable sink1 | semmle.label | access to local variable sink1 |
+| GlobalDataFlow.cs:75:30:75:34 | SSA def(sink2) | semmle.label | SSA def(sink2) |
+| GlobalDataFlow.cs:76:15:76:19 | access to local variable sink2 | semmle.label | access to local variable sink2 |
+| GlobalDataFlow.cs:78:19:78:23 | access to local variable sink2 | semmle.label | access to local variable sink2 |
+| GlobalDataFlow.cs:78:30:78:34 | SSA def(sink3) | semmle.label | SSA def(sink3) |
+| GlobalDataFlow.cs:79:15:79:19 | access to local variable sink3 | semmle.label | access to local variable sink3 |
+| GlobalDataFlow.cs:80:22:80:85 | call to method SelectEven | semmle.label | call to method SelectEven |
+| GlobalDataFlow.cs:80:23:80:65 | (...) ... | semmle.label | (...) ... |
+| GlobalDataFlow.cs:81:15:81:20 | access to local variable sink13 | semmle.label | access to local variable sink13 |
+| GlobalDataFlow.cs:82:23:82:74 | (...) ... | semmle.label | (...) ... |
+| GlobalDataFlow.cs:82:84:82:94 | [output] delegate creation of type Func<String,String> | semmle.label | [output] delegate creation of type Func<String,String> |
+| GlobalDataFlow.cs:83:15:83:20 | access to local variable sink14 | semmle.label | access to local variable sink14 |
+| GlobalDataFlow.cs:84:23:84:74 | (...) ... | semmle.label | (...) ... |
+| GlobalDataFlow.cs:84:125:84:135 | [output] (...) => ... | semmle.label | [output] (...) => ... |
+| GlobalDataFlow.cs:85:15:85:20 | access to local variable sink15 | semmle.label | access to local variable sink15 |
+| GlobalDataFlow.cs:86:70:86:121 | (...) ... | semmle.label | (...) ... |
+| GlobalDataFlow.cs:86:125:86:135 | [output] (...) => ... | semmle.label | [output] (...) => ... |
+| GlobalDataFlow.cs:87:15:87:20 | access to local variable sink16 | semmle.label | access to local variable sink16 |
+| GlobalDataFlow.cs:88:22:88:27 | access to local variable sink14 | semmle.label | access to local variable sink14 |
+| GlobalDataFlow.cs:88:43:88:61 | [output] (...) => ... | semmle.label | [output] (...) => ... |
+| GlobalDataFlow.cs:88:64:88:69 | [output] (...) => ... | semmle.label | [output] (...) => ... |
+| GlobalDataFlow.cs:89:15:89:20 | access to local variable sink17 | semmle.label | access to local variable sink17 |
+| GlobalDataFlow.cs:90:75:90:88 | call to method First | semmle.label | call to method First |
+| GlobalDataFlow.cs:90:91:90:109 | [output] (...) => ... | semmle.label | [output] (...) => ... |
+| GlobalDataFlow.cs:90:112:90:117 | [output] (...) => ... | semmle.label | [output] (...) => ... |
+| GlobalDataFlow.cs:91:15:91:20 | access to local variable sink18 | semmle.label | access to local variable sink18 |
+| GlobalDataFlow.cs:94:15:94:20 | access to local variable sink21 | semmle.label | access to local variable sink21 |
+| GlobalDataFlow.cs:97:15:97:20 | access to local variable sink22 | semmle.label | access to local variable sink22 |
+| GlobalDataFlow.cs:135:21:135:34 | delegate call | semmle.label | delegate call |
+| GlobalDataFlow.cs:135:29:135:33 | access to local variable sink3 | semmle.label | access to local variable sink3 |
+| GlobalDataFlow.cs:136:15:136:19 | access to local variable sink4 | semmle.label | access to local variable sink4 |
+| GlobalDataFlow.cs:143:21:143:44 | call to method ApplyFunc | semmle.label | call to method ApplyFunc |
+| GlobalDataFlow.cs:143:39:143:43 | access to local variable sink4 | semmle.label | access to local variable sink4 |
+| GlobalDataFlow.cs:144:15:144:19 | access to local variable sink5 | semmle.label | access to local variable sink5 |
+| GlobalDataFlow.cs:153:21:153:25 | call to method Out | semmle.label | call to method Out |
+| GlobalDataFlow.cs:154:15:154:19 | access to local variable sink6 | semmle.label | access to local variable sink6 |
+| GlobalDataFlow.cs:156:20:156:24 | SSA def(sink7) | semmle.label | SSA def(sink7) |
+| GlobalDataFlow.cs:157:15:157:19 | access to local variable sink7 | semmle.label | access to local variable sink7 |
+| GlobalDataFlow.cs:159:20:159:24 | SSA def(sink8) | semmle.label | SSA def(sink8) |
+| GlobalDataFlow.cs:160:15:160:19 | access to local variable sink8 | semmle.label | access to local variable sink8 |
+| GlobalDataFlow.cs:161:22:161:31 | call to method OutYield | semmle.label | call to method OutYield |
+| GlobalDataFlow.cs:162:15:162:20 | access to local variable sink12 | semmle.label | access to local variable sink12 |
+| GlobalDataFlow.cs:163:22:163:43 | call to method TaintedParam | semmle.label | call to method TaintedParam |
+| GlobalDataFlow.cs:164:15:164:20 | access to local variable sink23 | semmle.label | access to local variable sink23 |
+| GlobalDataFlow.cs:179:35:179:48 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:180:21:180:26 | delegate call | semmle.label | delegate call |
+| GlobalDataFlow.cs:181:15:181:19 | access to local variable sink9 | semmle.label | access to local variable sink9 |
+| GlobalDataFlow.cs:189:39:189:41 | [output] delegate creation of type Func<String> | semmle.label | [output] delegate creation of type Func<String> |
+| GlobalDataFlow.cs:190:15:190:20 | access to local variable sink10 | semmle.label | access to local variable sink10 |
+| GlobalDataFlow.cs:197:22:197:32 | access to property OutProperty | semmle.label | access to property OutProperty |
+| GlobalDataFlow.cs:198:15:198:20 | access to local variable sink19 | semmle.label | access to local variable sink19 |
+| GlobalDataFlow.cs:205:39:205:45 | tainted | semmle.label | tainted |
+| GlobalDataFlow.cs:208:35:208:45 | sinkParam10 | semmle.label | sinkParam10 |
+| GlobalDataFlow.cs:208:58:208:68 | access to parameter sinkParam10 | semmle.label | access to parameter sinkParam10 |
+| GlobalDataFlow.cs:209:71:209:71 | x | semmle.label | x |
+| GlobalDataFlow.cs:209:89:209:89 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:210:22:210:28 | access to parameter tainted | semmle.label | access to parameter tainted |
+| GlobalDataFlow.cs:210:37:210:38 | [output] access to local variable f1 | semmle.label | [output] access to local variable f1 |
+| GlobalDataFlow.cs:211:15:211:20 | access to local variable sink24 | semmle.label | access to local variable sink24 |
+| GlobalDataFlow.cs:212:22:212:28 | access to parameter tainted | semmle.label | access to parameter tainted |
+| GlobalDataFlow.cs:212:37:212:38 | [output] access to local variable f2 | semmle.label | [output] access to local variable f2 |
+| GlobalDataFlow.cs:213:15:213:20 | access to local variable sink25 | semmle.label | access to local variable sink25 |
+| GlobalDataFlow.cs:214:22:214:28 | access to parameter tainted | semmle.label | access to parameter tainted |
+| GlobalDataFlow.cs:214:37:214:48 | [output] delegate creation of type Func<String,String> | semmle.label | [output] delegate creation of type Func<String,String> |
+| GlobalDataFlow.cs:215:15:215:20 | access to local variable sink26 | semmle.label | access to local variable sink26 |
+| GlobalDataFlow.cs:234:26:234:35 | sinkParam0 | semmle.label | sinkParam0 |
+| GlobalDataFlow.cs:236:16:236:25 | access to parameter sinkParam0 | semmle.label | access to parameter sinkParam0 |
+| GlobalDataFlow.cs:237:15:237:24 | access to parameter sinkParam0 | semmle.label | access to parameter sinkParam0 |
+| GlobalDataFlow.cs:240:26:240:35 | sinkParam1 | semmle.label | sinkParam1 |
+| GlobalDataFlow.cs:242:15:242:24 | access to parameter sinkParam1 | semmle.label | access to parameter sinkParam1 |
+| GlobalDataFlow.cs:245:26:245:35 | sinkParam3 | semmle.label | sinkParam3 |
+| GlobalDataFlow.cs:247:15:247:24 | access to parameter sinkParam3 | semmle.label | access to parameter sinkParam3 |
+| GlobalDataFlow.cs:250:26:250:35 | sinkParam4 | semmle.label | sinkParam4 |
+| GlobalDataFlow.cs:252:15:252:24 | access to parameter sinkParam4 | semmle.label | access to parameter sinkParam4 |
+| GlobalDataFlow.cs:255:26:255:35 | sinkParam5 | semmle.label | sinkParam5 |
+| GlobalDataFlow.cs:257:15:257:24 | access to parameter sinkParam5 | semmle.label | access to parameter sinkParam5 |
+| GlobalDataFlow.cs:260:26:260:35 | sinkParam6 | semmle.label | sinkParam6 |
+| GlobalDataFlow.cs:262:15:262:24 | access to parameter sinkParam6 | semmle.label | access to parameter sinkParam6 |
+| GlobalDataFlow.cs:265:26:265:35 | sinkParam7 | semmle.label | sinkParam7 |
+| GlobalDataFlow.cs:267:15:267:24 | access to parameter sinkParam7 | semmle.label | access to parameter sinkParam7 |
+| GlobalDataFlow.cs:292:31:292:40 | sinkParam8 | semmle.label | sinkParam8 |
+| GlobalDataFlow.cs:294:15:294:24 | access to parameter sinkParam8 | semmle.label | access to parameter sinkParam8 |
+| GlobalDataFlow.cs:298:32:298:41 | sinkParam9 | semmle.label | sinkParam9 |
+| GlobalDataFlow.cs:300:15:300:24 | access to parameter sinkParam9 | semmle.label | access to parameter sinkParam9 |
+| GlobalDataFlow.cs:304:32:304:42 | sinkParam11 | semmle.label | sinkParam11 |
+| GlobalDataFlow.cs:306:15:306:25 | access to parameter sinkParam11 | semmle.label | access to parameter sinkParam11 |
+| GlobalDataFlow.cs:318:16:318:29 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:323:9:323:26 | SSA def(x) | semmle.label | SSA def(x) |
+| GlobalDataFlow.cs:323:13:323:26 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:328:9:328:26 | SSA def(x) | semmle.label | SSA def(x) |
+| GlobalDataFlow.cs:328:13:328:26 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:334:22:334:35 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:334:22:334:35 | "taint source" | semmle.label | "taint source" |
+| GlobalDataFlow.cs:359:41:359:41 | x | semmle.label | x |
+| GlobalDataFlow.cs:359:41:359:41 | x | semmle.label | x |
+| GlobalDataFlow.cs:361:11:361:11 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:361:11:361:11 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:373:52:373:52 | x | semmle.label | x |
+| GlobalDataFlow.cs:373:52:373:52 | x | semmle.label | x |
+| GlobalDataFlow.cs:373:52:373:52 | x | semmle.label | x |
+| GlobalDataFlow.cs:375:11:375:11 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:375:11:375:11 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:375:11:375:11 | access to parameter x | semmle.label | access to parameter x |
+| GlobalDataFlow.cs:378:39:378:45 | tainted | semmle.label | tainted |
+| GlobalDataFlow.cs:381:15:381:20 | access to local variable sink11 | semmle.label | access to local variable sink11 |
+| GlobalDataFlow.cs:382:16:382:21 | access to local variable sink11 | semmle.label | access to local variable sink11 |
+| GlobalDataFlow.cs:404:9:404:11 | value | semmle.label | value |
+| GlobalDataFlow.cs:404:41:404:46 | access to local variable sink20 | semmle.label | access to local variable sink20 |
+| GlobalDataFlow.cs:415:22:415:35 | "taint source" | semmle.label | "taint source" |
+| Splitting.cs:3:28:3:34 | tainted | semmle.label | tainted |
+| Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return | semmle.label | [b (line 3): false] call to method Return |
+| Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return | semmle.label | [b (line 3): true] call to method Return |
+| Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted | semmle.label | [b (line 3): false] access to parameter tainted |
+| Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted | semmle.label | [b (line 3): true] access to parameter tainted |
+| Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | semmle.label | [b (line 3): false] access to local variable x |
+| Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | semmle.label | [b (line 3): true] access to local variable x |
+| Splitting.cs:11:19:11:19 | access to local variable x | semmle.label | access to local variable x |
+| Splitting.cs:21:9:21:11 | value | semmle.label | value |
+| Splitting.cs:21:28:21:32 | access to parameter value | semmle.label | access to parameter value |
+| Splitting.cs:24:28:24:34 | tainted | semmle.label | tainted |
+| Splitting.cs:30:17:30:23 | [b (line 24): false] access to parameter tainted | semmle.label | [b (line 24): false] access to parameter tainted |
+| Splitting.cs:30:17:30:23 | [b (line 24): true] access to parameter tainted | semmle.label | [b (line 24): true] access to parameter tainted |
+| Splitting.cs:31:17:31:26 | [b (line 24): false] dynamic access to element | semmle.label | [b (line 24): false] dynamic access to element |
+| Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element | semmle.label | [b (line 24): true] dynamic access to element |
+| Splitting.cs:31:19:31:25 | [b (line 24): false] access to parameter tainted | semmle.label | [b (line 24): false] access to parameter tainted |
+| Splitting.cs:31:19:31:25 | [b (line 24): true] access to parameter tainted | semmle.label | [b (line 24): true] access to parameter tainted |
+| Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x | semmle.label | [b (line 24): false] access to local variable x |
+| Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x | semmle.label | [b (line 24): true] access to local variable x |
+| Splitting.cs:34:19:34:19 | access to local variable x | semmle.label | access to local variable x |
 #select
 | Capture.cs:12:19:12:24 | access to local variable sink27 | Capture.cs:7:20:7:26 | tainted | Capture.cs:12:19:12:24 | access to local variable sink27 | access to local variable sink27 |
 | Capture.cs:21:23:21:28 | access to local variable sink28 | Capture.cs:7:20:7:26 | tainted | Capture.cs:21:23:21:28 | access to local variable sink28 | access to local variable sink28 |

csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/UnsafeYearConstruction.expected

@@ -3,6 +3,14 @@ edges
 | Program.cs:15:27:15:38 | ... + ... | Program.cs:17:37:17:43 | access to local variable endYear |
 | Program.cs:23:31:23:34 | year | Program.cs:26:39:26:42 | access to parameter year |
 | Program.cs:33:18:33:29 | ... - ... | Program.cs:23:31:23:34 | year |
+nodes
+| Program.cs:13:39:13:50 | ... - ... | semmle.label | ... - ... |
+| Program.cs:13:39:13:50 | ... - ... | semmle.label | ... - ... |
+| Program.cs:15:27:15:38 | ... + ... | semmle.label | ... + ... |
+| Program.cs:17:37:17:43 | access to local variable endYear | semmle.label | access to local variable endYear |
+| Program.cs:23:31:23:34 | year | semmle.label | year |
+| Program.cs:26:39:26:42 | access to parameter year | semmle.label | access to parameter year |
+| Program.cs:33:18:33:29 | ... - ... | semmle.label | ... - ... |
 #select
 | Program.cs:13:39:13:50 | ... - ... | Program.cs:13:39:13:50 | ... - ... | Program.cs:13:39:13:50 | ... - ... | This $@ based on a 'System.DateTime.Year' property is used in a construction of a new 'System.DateTime' object, flowing to the 'year' argument. | Program.cs:13:39:13:50 | ... - ... | arithmetic operation |
 | Program.cs:17:37:17:43 | access to local variable endYear | Program.cs:15:27:15:38 | ... + ... | Program.cs:17:37:17:43 | access to local variable endYear | This $@ based on a 'System.DateTime.Year' property is used in a construction of a new 'System.DateTime' object, flowing to the 'year' argument. | Program.cs:15:27:15:38 | ... + ... | arithmetic operation |

csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected

@@ -6,6 +6,15 @@ edges
 | TaintedPath.cs:12:23:12:45 | access to property QueryString | TaintedPath.cs:38:25:38:31 | access to local variable badPath |
 | TaintedPath.cs:12:23:12:45 | access to property QueryString | TaintedPath.cs:40:49:40:55 | access to local variable badPath |
 | TaintedPath.cs:12:23:12:45 | access to property QueryString | TaintedPath.cs:53:26:53:29 | access to local variable path |
+nodes
+| TaintedPath.cs:12:23:12:45 | access to property QueryString | semmle.label | access to property QueryString |
+| TaintedPath.cs:14:50:14:53 | access to local variable path | semmle.label | access to local variable path |
+| TaintedPath.cs:19:51:19:54 | access to local variable path | semmle.label | access to local variable path |
+| TaintedPath.cs:27:30:27:33 | access to local variable path | semmle.label | access to local variable path |
+| TaintedPath.cs:33:30:33:33 | access to local variable path | semmle.label | access to local variable path |
+| TaintedPath.cs:38:25:38:31 | access to local variable badPath | semmle.label | access to local variable badPath |
+| TaintedPath.cs:40:49:40:55 | access to local variable badPath | semmle.label | access to local variable badPath |
+| TaintedPath.cs:53:26:53:29 | access to local variable path | semmle.label | access to local variable path |
 #select
 | TaintedPath.cs:14:50:14:53 | access to local variable path | TaintedPath.cs:12:23:12:45 | access to property QueryString | TaintedPath.cs:14:50:14:53 | access to local variable path | $@ flows to here and is used in a path. | TaintedPath.cs:12:23:12:45 | access to property QueryString | User-provided value |
 | TaintedPath.cs:19:51:19:54 | access to local variable path | TaintedPath.cs:12:23:12:45 | access to property QueryString | TaintedPath.cs:19:51:19:54 | access to local variable path | $@ flows to here and is used in a path. | TaintedPath.cs:12:23:12:45 | access to property QueryString | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected

@@ -8,6 +8,20 @@ edges
 | ZipSlip.cs:62:72:62:85 | access to property FullName | ZipSlip.cs:83:57:83:68 | access to local variable destFilePath |
 | ZipSlip.cs:62:72:62:85 | access to property FullName | ZipSlip.cs:91:58:91:69 | access to local variable destFilePath |
 | ZipSlipBad.cs:9:59:9:72 | access to property FullName | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName |
+nodes
+| ZipSlip.cs:16:52:16:65 | access to property FullName | semmle.label | access to property FullName |
+| ZipSlip.cs:19:31:19:44 | access to property FullName | semmle.label | access to property FullName |
+| ZipSlip.cs:24:41:24:52 | access to local variable destFileName | semmle.label | access to local variable destFileName |
+| ZipSlip.cs:32:41:32:52 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:36:45:36:56 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:40:41:40:52 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:62:72:62:85 | access to property FullName | semmle.label | access to property FullName |
+| ZipSlip.cs:69:74:69:85 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:76:71:76:82 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:83:57:83:68 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:91:58:91:69 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlipBad.cs:9:59:9:72 | access to property FullName | semmle.label | access to property FullName |
+| ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | semmle.label | access to local variable destFileName |
 #select
 | ZipSlip.cs:24:41:24:52 | access to local variable destFileName | ZipSlip.cs:19:31:19:44 | access to property FullName | ZipSlip.cs:24:41:24:52 | access to local variable destFileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlip.cs:19:31:19:44 | access to property FullName | item path |
 | ZipSlip.cs:32:41:32:52 | access to local variable destFilePath | ZipSlip.cs:16:52:16:65 | access to property FullName | ZipSlip.cs:32:41:32:52 | access to local variable destFilePath | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlip.cs:16:52:16:65 | access to property FullName | item path |

csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected

@@ -6,6 +6,15 @@ edges
 | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | CommandInjection.cs:32:39:32:47 | access to local variable userInput |
 | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | CommandInjection.cs:33:40:33:48 | access to local variable userInput |
 | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | CommandInjection.cs:34:47:34:55 | access to local variable userInput |
+nodes
+| CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | semmle.label | access to field categoryTextBox |
+| CommandInjection.cs:26:27:26:47 | ... + ... | semmle.label | ... + ... |
+| CommandInjection.cs:26:50:26:66 | ... + ... | semmle.label | ... + ... |
+| CommandInjection.cs:28:63:28:71 | access to local variable userInput | semmle.label | access to local variable userInput |
+| CommandInjection.cs:28:74:28:82 | access to local variable userInput | semmle.label | access to local variable userInput |
+| CommandInjection.cs:32:39:32:47 | access to local variable userInput | semmle.label | access to local variable userInput |
+| CommandInjection.cs:33:40:33:48 | access to local variable userInput | semmle.label | access to local variable userInput |
+| CommandInjection.cs:34:47:34:55 | access to local variable userInput | semmle.label | access to local variable userInput |
 #select
 | CommandInjection.cs:26:27:26:47 | ... + ... | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | CommandInjection.cs:26:27:26:47 | ... + ... | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value |
 | CommandInjection.cs:26:50:26:66 | ... + ... | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | CommandInjection.cs:26:50:26:66 | ... + ... | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-078/StoredCommandInjection.expected

@@ -1,4 +1,7 @@
 edges
 | StoredCommandInjection.cs:24:54:24:80 | call to method GetString | StoredCommandInjection.cs:24:46:24:80 | ... + ... |
+nodes
+| StoredCommandInjection.cs:24:46:24:80 | ... + ... | semmle.label | ... + ... |
+| StoredCommandInjection.cs:24:54:24:80 | call to method GetString | semmle.label | call to method GetString |
 #select
 | StoredCommandInjection.cs:24:46:24:80 | ... + ... | StoredCommandInjection.cs:24:54:24:80 | call to method GetString | StoredCommandInjection.cs:24:46:24:80 | ... + ... | $@ flows to here and is used in a command. | StoredCommandInjection.cs:24:54:24:80 | call to method GetString | Stored user-provided value |

csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected

@@ -1,4 +1,7 @@
 edges
 | StoredXSS.cs:24:60:24:86 | call to method GetString | StoredXSS.cs:24:44:24:86 | ... + ... |
+nodes
+| StoredXSS.cs:24:44:24:86 | ... + ... | semmle.label | ... + ... |
+| StoredXSS.cs:24:60:24:86 | call to method GetString | semmle.label | call to method GetString |
 #select
 | StoredXSS.cs:24:44:24:86 | ... + ... | StoredXSS.cs:24:60:24:86 | call to method GetString | StoredXSS.cs:24:44:24:86 | ... + ... | $@ flows to here and is written to HTML or JavaScript. | StoredXSS.cs:24:60:24:86 | call to method GetString | Stored user-provided value |

csharp/ql/test/query-tests/Security Features/CWE-089/SecondOrderSqlInjection.expected

@@ -1,4 +1,7 @@
 edges
 | SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString | SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... |
+nodes
+| SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... | semmle.label | ... + ... |
+| SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString | semmle.label | call to method GetString |
 #select
 | SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... | SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString | SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... | $@ flows to here and is used in an SQL query. | SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString | Stored user-provided value |

csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected

@@ -3,6 +3,14 @@ edges
 | SqlInjection.cs:73:33:73:47 | access to field categoryTextBox | SqlInjection.cs:74:56:74:61 | access to local variable query1 |
 | SqlInjection.cs:73:33:73:47 | access to field categoryTextBox | SqlInjection.cs:75:55:75:60 | access to local variable query1 |
 | SqlInjection.cs:87:21:87:29 | access to property Text | SqlInjection.cs:88:50:88:55 | access to local variable query1 |
+nodes
+| SqlInjection.cs:38:21:38:35 | access to field categoryTextBox | semmle.label | access to field categoryTextBox |
+| SqlInjection.cs:39:50:39:55 | access to local variable query1 | semmle.label | access to local variable query1 |
+| SqlInjection.cs:73:33:73:47 | access to field categoryTextBox | semmle.label | access to field categoryTextBox |
+| SqlInjection.cs:74:56:74:61 | access to local variable query1 | semmle.label | access to local variable query1 |
+| SqlInjection.cs:75:55:75:60 | access to local variable query1 | semmle.label | access to local variable query1 |
+| SqlInjection.cs:87:21:87:29 | access to property Text | semmle.label | access to property Text |
+| SqlInjection.cs:88:50:88:55 | access to local variable query1 | semmle.label | access to local variable query1 |
 #select
 | SqlInjection.cs:39:50:39:55 | access to local variable query1 | SqlInjection.cs:38:21:38:35 | access to field categoryTextBox | SqlInjection.cs:39:50:39:55 | access to local variable query1 | Query might include code from $@. | SqlInjection.cs:38:21:38:35 | access to field categoryTextBox | this ASP.NET user input |
 | SqlInjection.cs:74:56:74:61 | access to local variable query1 | SqlInjection.cs:73:33:73:47 | access to field categoryTextBox | SqlInjection.cs:74:56:74:61 | access to local variable query1 | Query might include code from $@. | SqlInjection.cs:73:33:73:47 | access to field categoryTextBox | this ASP.NET user input |

csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected

@@ -5,6 +5,14 @@ edges
 | LDAPInjection.cs:13:27:13:49 | access to property QueryString | LDAPInjection.cs:26:53:26:77 | ... + ... |
 | LDAPInjection.cs:13:27:13:49 | access to property QueryString | LDAPInjection.cs:29:48:29:70 | ... + ... |
 | LDAPInjection.cs:13:27:13:49 | access to property QueryString | LDAPInjection.cs:31:20:31:42 | ... + ... |
+nodes
+| LDAPInjection.cs:13:27:13:49 | access to property QueryString | semmle.label | access to property QueryString |
+| LDAPInjection.cs:16:54:16:78 | ... + ... | semmle.label | ... + ... |
+| LDAPInjection.cs:18:21:18:45 | ... + ... | semmle.label | ... + ... |
+| LDAPInjection.cs:25:21:25:45 | ... + ... | semmle.label | ... + ... |
+| LDAPInjection.cs:26:53:26:77 | ... + ... | semmle.label | ... + ... |
+| LDAPInjection.cs:29:48:29:70 | ... + ... | semmle.label | ... + ... |
+| LDAPInjection.cs:31:20:31:42 | ... + ... | semmle.label | ... + ... |
 #select
 | LDAPInjection.cs:16:54:16:78 | ... + ... | LDAPInjection.cs:13:27:13:49 | access to property QueryString | LDAPInjection.cs:16:54:16:78 | ... + ... | $@ flows to here and is used in an LDAP query. | LDAPInjection.cs:13:27:13:49 | access to property QueryString | User-provided value |
 | LDAPInjection.cs:18:21:18:45 | ... + ... | LDAPInjection.cs:13:27:13:49 | access to property QueryString | LDAPInjection.cs:18:21:18:45 | ... + ... | $@ flows to here and is used in an LDAP query. | LDAPInjection.cs:13:27:13:49 | access to property QueryString | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-090/StoredLDAPInjection.expected

@@ -1,4 +1,7 @@
 edges
 | StoredLDAPInjection.cs:24:83:24:109 | call to method GetString | StoredLDAPInjection.cs:24:66:24:109 | ... + ... |
+nodes
+| StoredLDAPInjection.cs:24:66:24:109 | ... + ... | semmle.label | ... + ... |
+| StoredLDAPInjection.cs:24:83:24:109 | call to method GetString | semmle.label | call to method GetString |
 #select
 | StoredLDAPInjection.cs:24:66:24:109 | ... + ... | StoredLDAPInjection.cs:24:83:24:109 | call to method GetString | StoredLDAPInjection.cs:24:66:24:109 | ... + ... | $@ flows to here and is used in an LDAP query. | StoredLDAPInjection.cs:24:83:24:109 | call to method GetString | Stored user-provided value |

csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected

@@ -2,6 +2,12 @@ edges
 | CodeInjection.cs:25:23:25:45 | access to property QueryString | CodeInjection.cs:31:64:31:67 | access to local variable code |
 | CodeInjection.cs:25:23:25:45 | access to property QueryString | CodeInjection.cs:42:36:42:39 | access to local variable code |
 | CodeInjection.cs:58:36:58:44 | access to property Text | CodeInjection.cs:58:36:58:44 | access to property Text |
+nodes
+| CodeInjection.cs:25:23:25:45 | access to property QueryString | semmle.label | access to property QueryString |
+| CodeInjection.cs:31:64:31:67 | access to local variable code | semmle.label | access to local variable code |
+| CodeInjection.cs:42:36:42:39 | access to local variable code | semmle.label | access to local variable code |
+| CodeInjection.cs:58:36:58:44 | access to property Text | semmle.label | access to property Text |
+| CodeInjection.cs:58:36:58:44 | access to property Text | semmle.label | access to property Text |
 #select
 | CodeInjection.cs:31:64:31:67 | access to local variable code | CodeInjection.cs:25:23:25:45 | access to property QueryString | CodeInjection.cs:31:64:31:67 | access to local variable code | $@ flows to here and is compiled as code. | CodeInjection.cs:25:23:25:45 | access to property QueryString | User-provided value |
 | CodeInjection.cs:42:36:42:39 | access to local variable code | CodeInjection.cs:25:23:25:45 | access to property QueryString | CodeInjection.cs:42:36:42:39 | access to local variable code | $@ flows to here and is compiled as code. | CodeInjection.cs:25:23:25:45 | access to property QueryString | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected

@@ -1,6 +1,10 @@
 edges
 | ResourceInjection.cs:10:27:10:49 | access to property QueryString | ResourceInjection.cs:13:57:13:72 | access to local variable connectionString |
 | ResourceInjection.cs:10:27:10:49 | access to property QueryString | ResourceInjection.cs:15:42:15:57 | access to local variable connectionString |
+nodes
+| ResourceInjection.cs:10:27:10:49 | access to property QueryString | semmle.label | access to property QueryString |
+| ResourceInjection.cs:13:57:13:72 | access to local variable connectionString | semmle.label | access to local variable connectionString |
+| ResourceInjection.cs:15:42:15:57 | access to local variable connectionString | semmle.label | access to local variable connectionString |
 #select
 | ResourceInjection.cs:13:57:13:72 | access to local variable connectionString | ResourceInjection.cs:10:27:10:49 | access to property QueryString | ResourceInjection.cs:13:57:13:72 | access to local variable connectionString | $@ flows to here and is used in a resource descriptor. | ResourceInjection.cs:10:27:10:49 | access to property QueryString | User-provided value |
 | ResourceInjection.cs:15:42:15:57 | access to local variable connectionString | ResourceInjection.cs:10:27:10:49 | access to property QueryString | ResourceInjection.cs:15:42:15:57 | access to local variable connectionString | $@ flows to here and is used in a resource descriptor. | ResourceInjection.cs:10:27:10:49 | access to property QueryString | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected

@@ -4,6 +4,13 @@ edges
 | MissingXMLValidation.cs:14:34:14:56 | access to property QueryString | MissingXMLValidation.cs:29:26:29:58 | object creation of type StringReader |
 | MissingXMLValidation.cs:14:34:14:56 | access to property QueryString | MissingXMLValidation.cs:37:26:37:58 | object creation of type StringReader |
 | MissingXMLValidation.cs:14:34:14:56 | access to property QueryString | MissingXMLValidation.cs:47:26:47:58 | object creation of type StringReader |
+nodes
+| MissingXMLValidation.cs:14:34:14:56 | access to property QueryString | semmle.label | access to property QueryString |
+| MissingXMLValidation.cs:18:26:18:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
+| MissingXMLValidation.cs:23:26:23:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
+| MissingXMLValidation.cs:29:26:29:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
+| MissingXMLValidation.cs:37:26:37:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
+| MissingXMLValidation.cs:47:26:47:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
 #select
 | MissingXMLValidation.cs:18:26:18:58 | object creation of type StringReader | MissingXMLValidation.cs:14:34:14:56 | access to property QueryString | MissingXMLValidation.cs:18:26:18:58 | object creation of type StringReader | $@ flows to here and is processed as XML without validation because there is no 'XmlReaderSettings' instance specifying schema validation. | MissingXMLValidation.cs:14:34:14:56 | access to property QueryString | User-provided value |
 | MissingXMLValidation.cs:23:26:23:58 | object creation of type StringReader | MissingXMLValidation.cs:14:34:14:56 | access to property QueryString | MissingXMLValidation.cs:23:26:23:58 | object creation of type StringReader | $@ flows to here and is processed as XML without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:14:34:14:56 | access to property QueryString | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected

@@ -1,6 +1,10 @@
 edges
 | LogForging.cs:19:27:19:49 | access to property QueryString | LogForging.cs:22:21:22:43 | ... + ... |
 | LogForging.cs:19:27:19:49 | access to property QueryString | LogForging.cs:28:50:28:72 | ... + ... |
+nodes
+| LogForging.cs:19:27:19:49 | access to property QueryString | semmle.label | access to property QueryString |
+| LogForging.cs:22:21:22:43 | ... + ... | semmle.label | ... + ... |
+| LogForging.cs:28:50:28:72 | ... + ... | semmle.label | ... + ... |
 #select
 | LogForging.cs:22:21:22:43 | ... + ... | LogForging.cs:19:27:19:49 | access to property QueryString | LogForging.cs:22:21:22:43 | ... + ... | $@ flows to log entry. | LogForging.cs:19:27:19:49 | access to property QueryString | User-provided value |
 | LogForging.cs:28:50:28:72 | ... + ... | LogForging.cs:19:27:19:49 | access to property QueryString | LogForging.cs:28:50:28:72 | ... + ... | $@ flows to log entry. | LogForging.cs:19:27:19:49 | access to property QueryString | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected

@@ -3,6 +3,14 @@ edges
 | UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString | UncontrolledFormatString.cs:17:46:17:49 | access to local variable path |
 | UncontrolledFormatString.cs:31:23:31:31 | access to property Text | UncontrolledFormatString.cs:31:23:31:31 | access to property Text |
 | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format |
+nodes
+| UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString | semmle.label | access to property QueryString |
+| UncontrolledFormatString.cs:14:23:14:26 | access to local variable path | semmle.label | access to local variable path |
+| UncontrolledFormatString.cs:17:46:17:49 | access to local variable path | semmle.label | access to local variable path |
+| UncontrolledFormatString.cs:31:23:31:31 | access to property Text | semmle.label | access to property Text |
+| UncontrolledFormatString.cs:31:23:31:31 | access to property Text | semmle.label | access to property Text |
+| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString | semmle.label | access to property QueryString |
+| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | semmle.label | access to local variable format |
 #select
 | UncontrolledFormatString.cs:14:23:14:26 | access to local variable path | UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString | UncontrolledFormatString.cs:14:23:14:26 | access to local variable path | $@ flows to here and is used as a format string. | UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString | access to property QueryString |
 | UncontrolledFormatString.cs:17:46:17:49 | access to local variable path | UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString | UncontrolledFormatString.cs:17:46:17:49 | access to local variable path | $@ flows to here and is used as a format string. | UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString | access to property QueryString |

csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected

@@ -8,6 +8,22 @@ edges
 | ExposureInTransmittedData.cs:32:17:32:36 | call to method GetField | ExposureInTransmittedData.cs:33:56:33:56 | access to local variable p |
 | ExposureInTransmittedData.cs:32:17:32:36 | call to method GetField | ExposureInTransmittedData.cs:34:24:34:52 | ... + ... |
 | ExposureInTransmittedData.cs:32:17:32:36 | call to method GetField | ExposureInTransmittedData.cs:35:27:35:27 | access to local variable p |
+nodes
+| ExposureInTransmittedData.cs:16:32:16:39 | access to local variable password | semmle.label | access to local variable password |
+| ExposureInTransmittedData.cs:16:32:16:39 | access to local variable password | semmle.label | access to local variable password |
+| ExposureInTransmittedData.cs:20:32:20:44 | call to method ToString | semmle.label | call to method ToString |
+| ExposureInTransmittedData.cs:20:32:20:44 | call to method ToString | semmle.label | call to method ToString |
+| ExposureInTransmittedData.cs:24:32:24:41 | access to property Message | semmle.label | access to property Message |
+| ExposureInTransmittedData.cs:24:32:24:41 | access to property Message | semmle.label | access to property Message |
+| ExposureInTransmittedData.cs:25:32:25:44 | call to method ToString | semmle.label | call to method ToString |
+| ExposureInTransmittedData.cs:25:32:25:44 | call to method ToString | semmle.label | call to method ToString |
+| ExposureInTransmittedData.cs:26:32:26:38 | access to property Data | semmle.label | access to property Data |
+| ExposureInTransmittedData.cs:26:32:26:50 | access to indexer | semmle.label | access to indexer |
+| ExposureInTransmittedData.cs:32:17:32:36 | call to method GetField | semmle.label | call to method GetField |
+| ExposureInTransmittedData.cs:33:53:33:53 | access to local variable p | semmle.label | access to local variable p |
+| ExposureInTransmittedData.cs:33:56:33:56 | access to local variable p | semmle.label | access to local variable p |
+| ExposureInTransmittedData.cs:34:24:34:52 | ... + ... | semmle.label | ... + ... |
+| ExposureInTransmittedData.cs:35:27:35:27 | access to local variable p | semmle.label | access to local variable p |
 #select
 | ExposureInTransmittedData.cs:16:32:16:39 | access to local variable password | ExposureInTransmittedData.cs:16:32:16:39 | access to local variable password | ExposureInTransmittedData.cs:16:32:16:39 | access to local variable password | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:16:32:16:39 | access to local variable password | access to local variable password |
 | ExposureInTransmittedData.cs:20:32:20:44 | call to method ToString | ExposureInTransmittedData.cs:20:32:20:44 | call to method ToString | ExposureInTransmittedData.cs:20:32:20:44 | call to method ToString | Sensitive information from $@ flows to here, and is transmitted to the user. | ExposureInTransmittedData.cs:20:32:20:44 | call to method ToString | call to method ToString |

csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected

@@ -5,6 +5,16 @@ edges
 | ExceptionInformationExposure.cs:20:32:20:33 | access to local variable ex | ExceptionInformationExposure.cs:20:32:20:33 | access to local variable ex |
 | ExceptionInformationExposure.cs:22:32:22:44 | access to property StackTrace | ExceptionInformationExposure.cs:22:32:22:44 | access to property StackTrace |
 | ExceptionInformationExposure.cs:41:28:41:55 | call to method ToString | ExceptionInformationExposure.cs:41:28:41:55 | call to method ToString |
+nodes
+| ExceptionInformationExposure.cs:18:32:18:33 | access to local variable ex | semmle.label | access to local variable ex |
+| ExceptionInformationExposure.cs:18:32:18:44 | call to method ToString | semmle.label | call to method ToString |
+| ExceptionInformationExposure.cs:18:32:18:44 | call to method ToString | semmle.label | call to method ToString |
+| ExceptionInformationExposure.cs:20:32:20:33 | access to local variable ex | semmle.label | access to local variable ex |
+| ExceptionInformationExposure.cs:20:32:20:33 | access to local variable ex | semmle.label | access to local variable ex |
+| ExceptionInformationExposure.cs:22:32:22:44 | access to property StackTrace | semmle.label | access to property StackTrace |
+| ExceptionInformationExposure.cs:22:32:22:44 | access to property StackTrace | semmle.label | access to property StackTrace |
+| ExceptionInformationExposure.cs:41:28:41:55 | call to method ToString | semmle.label | call to method ToString |
+| ExceptionInformationExposure.cs:41:28:41:55 | call to method ToString | semmle.label | call to method ToString |
 #select
 | ExceptionInformationExposure.cs:18:32:18:44 | call to method ToString | ExceptionInformationExposure.cs:18:32:18:44 | call to method ToString | ExceptionInformationExposure.cs:18:32:18:44 | call to method ToString | Exception information from $@ flows to here, and is exposed to the user. | ExceptionInformationExposure.cs:18:32:18:44 | call to method ToString | call to method ToString |
 | ExceptionInformationExposure.cs:20:32:20:33 | access to local variable ex | ExceptionInformationExposure.cs:18:32:18:33 | access to local variable ex | ExceptionInformationExposure.cs:20:32:20:33 | access to local variable ex | Exception information from $@ flows to here, and is exposed to the user. | ExceptionInformationExposure.cs:18:32:18:33 | access to local variable ex | access to local variable ex |

csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.expected

@@ -7,6 +7,23 @@ edges
 | CleartextStorage.cs:73:21:73:33 | access to property Text | CleartextStorage.cs:73:21:73:33 | access to property Text |
 | CleartextStorage.cs:74:21:74:29 | access to property Text | CleartextStorage.cs:74:21:74:29 | access to property Text |
 | CleartextStorage.cs:75:21:75:29 | access to property Text | CleartextStorage.cs:75:21:75:29 | access to property Text |
+nodes
+| CleartextStorage.cs:14:50:14:59 | access to field accountKey | semmle.label | access to field accountKey |
+| CleartextStorage.cs:14:50:14:59 | access to field accountKey | semmle.label | access to field accountKey |
+| CleartextStorage.cs:15:62:15:74 | call to method GetPassword | semmle.label | call to method GetPassword |
+| CleartextStorage.cs:15:62:15:74 | call to method GetPassword | semmle.label | call to method GetPassword |
+| CleartextStorage.cs:16:69:16:81 | call to method GetPassword | semmle.label | call to method GetPassword |
+| CleartextStorage.cs:16:69:16:81 | call to method GetPassword | semmle.label | call to method GetPassword |
+| CleartextStorage.cs:17:50:17:63 | call to method GetAccountID | semmle.label | call to method GetAccountID |
+| CleartextStorage.cs:17:50:17:63 | call to method GetAccountID | semmle.label | call to method GetAccountID |
+| CleartextStorage.cs:25:21:25:33 | call to method GetPassword | semmle.label | call to method GetPassword |
+| CleartextStorage.cs:25:21:25:33 | call to method GetPassword | semmle.label | call to method GetPassword |
+| CleartextStorage.cs:73:21:73:33 | access to property Text | semmle.label | access to property Text |
+| CleartextStorage.cs:73:21:73:33 | access to property Text | semmle.label | access to property Text |
+| CleartextStorage.cs:74:21:74:29 | access to property Text | semmle.label | access to property Text |
+| CleartextStorage.cs:74:21:74:29 | access to property Text | semmle.label | access to property Text |
+| CleartextStorage.cs:75:21:75:29 | access to property Text | semmle.label | access to property Text |
+| CleartextStorage.cs:75:21:75:29 | access to property Text | semmle.label | access to property Text |
 #select
 | CleartextStorage.cs:14:50:14:59 | access to field accountKey | CleartextStorage.cs:14:50:14:59 | access to field accountKey | CleartextStorage.cs:14:50:14:59 | access to field accountKey | Sensitive data returned by $@ is stored here. | CleartextStorage.cs:14:50:14:59 | access to field accountKey | access to field accountKey |
 | CleartextStorage.cs:15:62:15:74 | call to method GetPassword | CleartextStorage.cs:15:62:15:74 | call to method GetPassword | CleartextStorage.cs:15:62:15:74 | call to method GetPassword | Sensitive data returned by $@ is stored here. | CleartextStorage.cs:15:62:15:74 | call to method GetPassword | call to method GetPassword |

csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/DontInstallRootCert.expected

@@ -2,6 +2,13 @@ edges
 | Test.cs:17:31:17:59 | object creation of type X509Store | Test.cs:20:13:20:17 | access to local variable store |
 | Test.cs:27:31:27:86 | object creation of type X509Store | Test.cs:30:13:30:17 | access to local variable store |
 | Test.cs:72:31:72:86 | object creation of type X509Store | Test.cs:75:13:75:17 | access to local variable store |
+nodes
+| Test.cs:17:31:17:59 | object creation of type X509Store | semmle.label | object creation of type X509Store |
+| Test.cs:20:13:20:17 | access to local variable store | semmle.label | access to local variable store |
+| Test.cs:27:31:27:86 | object creation of type X509Store | semmle.label | object creation of type X509Store |
+| Test.cs:30:13:30:17 | access to local variable store | semmle.label | access to local variable store |
+| Test.cs:72:31:72:86 | object creation of type X509Store | semmle.label | object creation of type X509Store |
+| Test.cs:75:13:75:17 | access to local variable store | semmle.label | access to local variable store |
 #select
 | Test.cs:20:13:20:17 | access to local variable store | Test.cs:17:31:17:59 | object creation of type X509Store | Test.cs:20:13:20:17 | access to local variable store | Certificate added to the root certificate store. |
 | Test.cs:30:13:30:17 | access to local variable store | Test.cs:27:31:27:86 | object creation of type X509Store | Test.cs:30:13:30:17 | access to local variable store | Certificate added to the root certificate store. |

csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected

@@ -6,6 +6,17 @@ edges
 | InsecureRandomness.cs:62:16:62:32 | call to method ToString | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection |
 | InsecureRandomness.cs:72:31:72:39 | call to method Next | InsecureRandomness.cs:74:16:74:21 | access to local variable result |
 | InsecureRandomness.cs:74:16:74:21 | access to local variable result | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer |
+nodes
+| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | semmle.label | call to method InsecureRandomString |
+| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | semmle.label | call to method InsecureRandomStringFromSelection |
+| InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | semmle.label | call to method InsecureRandomStringFromIndexer |
+| InsecureRandomness.cs:28:23:28:43 | (...) ... | semmle.label | (...) ... |
+| InsecureRandomness.cs:28:29:28:43 | call to method Next | semmle.label | call to method Next |
+| InsecureRandomness.cs:31:16:31:32 | call to method ToString | semmle.label | call to method ToString |
+| InsecureRandomness.cs:60:31:60:39 | call to method Next | semmle.label | call to method Next |
+| InsecureRandomness.cs:62:16:62:32 | call to method ToString | semmle.label | call to method ToString |
+| InsecureRandomness.cs:72:31:72:39 | call to method Next | semmle.label | call to method Next |
+| InsecureRandomness.cs:74:16:74:21 | access to local variable result | semmle.label | access to local variable result |
 #select
 | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | InsecureRandomness.cs:28:29:28:43 | call to method Next | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | Cryptographically insecure random number is generated at $@ and used here in a security context. | InsecureRandomness.cs:28:29:28:43 | call to method Next | call to method Next |
 | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | InsecureRandomness.cs:60:31:60:39 | call to method Next | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | Cryptographically insecure random number is generated at $@ and used here in a security context. | InsecureRandomness.cs:60:31:60:39 | call to method Next | call to method Next |

csharp/ql/test/query-tests/Security Features/CWE-359/ExposureOfPrivateInformation.expected

@@ -3,6 +3,15 @@ edges
 | ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone |
 | ExposureOfPrivateInformation.cs:24:21:24:36 | call to method getTelephone | ExposureOfPrivateInformation.cs:24:21:24:36 | call to method getTelephone |
 | ExposureOfPrivateInformation.cs:42:21:42:33 | access to property Text | ExposureOfPrivateInformation.cs:42:21:42:33 | access to property Text |
+nodes
+| ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | semmle.label | access to indexer |
+| ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | semmle.label | access to indexer |
+| ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | semmle.label | call to method getTelephone |
+| ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | semmle.label | call to method getTelephone |
+| ExposureOfPrivateInformation.cs:24:21:24:36 | call to method getTelephone | semmle.label | call to method getTelephone |
+| ExposureOfPrivateInformation.cs:24:21:24:36 | call to method getTelephone | semmle.label | call to method getTelephone |
+| ExposureOfPrivateInformation.cs:42:21:42:33 | access to property Text | semmle.label | access to property Text |
+| ExposureOfPrivateInformation.cs:42:21:42:33 | access to property Text | semmle.label | access to property Text |
 #select
 | ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | access to indexer |
 | ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | call to method getTelephone |

csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected

@@ -13,6 +13,27 @@ edges
 | UrlRedirectCore.cs:47:51:47:55 | value | UrlRedirectCore.cs:50:28:50:32 | access to parameter value |
 | UrlRedirectCore.cs:47:51:47:55 | value | UrlRedirectCore.cs:55:32:55:45 | object creation of type Uri |
 | UrlRedirectCore.cs:47:51:47:55 | value | UrlRedirectCore.cs:58:31:58:35 | access to parameter value |
+nodes
+| UrlRedirect.cs:14:31:14:53 | access to property QueryString | semmle.label | access to property QueryString |
+| UrlRedirect.cs:14:31:14:61 | access to indexer | semmle.label | access to indexer |
+| UrlRedirect.cs:24:22:24:44 | access to property QueryString | semmle.label | access to property QueryString |
+| UrlRedirect.cs:39:44:39:66 | access to property QueryString | semmle.label | access to property QueryString |
+| UrlRedirect.cs:39:44:39:74 | access to indexer | semmle.label | access to indexer |
+| UrlRedirect.cs:40:47:40:69 | access to property QueryString | semmle.label | access to property QueryString |
+| UrlRedirect.cs:40:47:40:77 | access to indexer | semmle.label | access to indexer |
+| UrlRedirect.cs:49:29:49:31 | access to local variable url | semmle.label | access to local variable url |
+| UrlRedirectCore.cs:15:44:15:48 | value | semmle.label | value |
+| UrlRedirectCore.cs:18:22:18:26 | access to parameter value | semmle.label | access to parameter value |
+| UrlRedirectCore.cs:21:44:21:48 | call to operator implicit conversion | semmle.label | call to operator implicit conversion |
+| UrlRedirectCore.cs:27:46:27:50 | call to operator implicit conversion | semmle.label | call to operator implicit conversion |
+| UrlRedirectCore.cs:33:66:33:70 | access to parameter value | semmle.label | access to parameter value |
+| UrlRedirectCore.cs:36:49:36:53 | call to operator implicit conversion | semmle.label | call to operator implicit conversion |
+| UrlRedirectCore.cs:39:69:39:73 | access to parameter value | semmle.label | access to parameter value |
+| UrlRedirectCore.cs:42:39:42:53 | ... + ... | semmle.label | ... + ... |
+| UrlRedirectCore.cs:47:51:47:55 | value | semmle.label | value |
+| UrlRedirectCore.cs:50:28:50:32 | access to parameter value | semmle.label | access to parameter value |
+| UrlRedirectCore.cs:55:32:55:45 | object creation of type Uri | semmle.label | object creation of type Uri |
+| UrlRedirectCore.cs:58:31:58:35 | access to parameter value | semmle.label | access to parameter value |
 #select
 | UrlRedirect.cs:14:31:14:61 | access to indexer | UrlRedirect.cs:14:31:14:53 | access to property QueryString | UrlRedirect.cs:14:31:14:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:14:31:14:53 | access to property QueryString | user-provided value |
 | UrlRedirect.cs:39:44:39:74 | access to indexer | UrlRedirect.cs:39:44:39:66 | access to property QueryString | UrlRedirect.cs:39:44:39:74 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:39:44:39:66 | access to property QueryString | user-provided value |

csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected

@@ -1,4 +1,7 @@
 edges
 | Test.cs:13:50:13:72 | access to property QueryString | Test.cs:13:50:13:84 | access to indexer |
+nodes
+| Test.cs:13:50:13:72 | access to property QueryString | semmle.label | access to property QueryString |
+| Test.cs:13:50:13:84 | access to indexer | semmle.label | access to indexer |
 #select
 | Test.cs:13:50:13:84 | access to indexer | Test.cs:13:50:13:72 | access to property QueryString | Test.cs:13:50:13:84 | access to indexer | $@ flows to here and is loaded insecurely as XML (DTD processing is enabled with an insecure resolver). | Test.cs:13:50:13:72 | access to property QueryString | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-643/StoredXPathInjection.expected

@@ -3,6 +3,11 @@ edges
 | StoredXPathInjection.cs:24:39:24:65 | call to method GetString | StoredXPathInjection.cs:30:41:30:144 | ... + ... |
 | StoredXPathInjection.cs:25:39:25:65 | call to method GetString | StoredXPathInjection.cs:27:45:27:148 | ... + ... |
 | StoredXPathInjection.cs:25:39:25:65 | call to method GetString | StoredXPathInjection.cs:30:41:30:144 | ... + ... |
+nodes
+| StoredXPathInjection.cs:24:39:24:65 | call to method GetString | semmle.label | call to method GetString |
+| StoredXPathInjection.cs:25:39:25:65 | call to method GetString | semmle.label | call to method GetString |
+| StoredXPathInjection.cs:27:45:27:148 | ... + ... | semmle.label | ... + ... |
+| StoredXPathInjection.cs:30:41:30:144 | ... + ... | semmle.label | ... + ... |
 #select
 | StoredXPathInjection.cs:27:45:27:148 | ... + ... | StoredXPathInjection.cs:24:39:24:65 | call to method GetString | StoredXPathInjection.cs:27:45:27:148 | ... + ... | $@ flows to here and is used in an XPath expression. | StoredXPathInjection.cs:24:39:24:65 | call to method GetString | Stored user-provided value |
 | StoredXPathInjection.cs:27:45:27:148 | ... + ... | StoredXPathInjection.cs:25:39:25:65 | call to method GetString | StoredXPathInjection.cs:27:45:27:148 | ... + ... | $@ flows to here and is used in an XPath expression. | StoredXPathInjection.cs:25:39:25:65 | call to method GetString | Stored user-provided value |

csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected

@@ -3,6 +3,11 @@ edges
 | XPathInjection.cs:12:27:12:49 | access to property QueryString | XPathInjection.cs:19:29:19:132 | ... + ... |
 | XPathInjection.cs:13:27:13:49 | access to property QueryString | XPathInjection.cs:16:33:16:136 | ... + ... |
 | XPathInjection.cs:13:27:13:49 | access to property QueryString | XPathInjection.cs:19:29:19:132 | ... + ... |
+nodes
+| XPathInjection.cs:12:27:12:49 | access to property QueryString | semmle.label | access to property QueryString |
+| XPathInjection.cs:13:27:13:49 | access to property QueryString | semmle.label | access to property QueryString |
+| XPathInjection.cs:16:33:16:136 | ... + ... | semmle.label | ... + ... |
+| XPathInjection.cs:19:29:19:132 | ... + ... | semmle.label | ... + ... |
 #select
 | XPathInjection.cs:16:33:16:136 | ... + ... | XPathInjection.cs:12:27:12:49 | access to property QueryString | XPathInjection.cs:16:33:16:136 | ... + ... | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:12:27:12:49 | access to property QueryString | User-provided value |
 | XPathInjection.cs:16:33:16:136 | ... + ... | XPathInjection.cs:13:27:13:49 | access to property QueryString | XPathInjection.cs:16:33:16:136 | ... + ... | $@ flows to here and is used in an XPath expression. | XPathInjection.cs:13:27:13:49 | access to property QueryString | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected

@@ -4,6 +4,13 @@ edges
 | ExponentialRegex.cs:13:28:13:50 | access to property QueryString | ExponentialRegex.cs:21:139:21:147 | access to local variable userInput |
 | ExponentialRegex.cs:13:28:13:50 | access to property QueryString | ExponentialRegex.cs:24:43:24:51 | access to local variable userInput |
 | ExponentialRegex.cs:13:28:13:50 | access to property QueryString | ExponentialRegex.cs:26:21:26:29 | access to local variable userInput |
+nodes
+| ExponentialRegex.cs:13:28:13:50 | access to property QueryString | semmle.label | access to property QueryString |
+| ExponentialRegex.cs:17:40:17:48 | access to local variable userInput | semmle.label | access to local variable userInput |
+| ExponentialRegex.cs:18:42:18:50 | access to local variable userInput | semmle.label | access to local variable userInput |
+| ExponentialRegex.cs:21:139:21:147 | access to local variable userInput | semmle.label | access to local variable userInput |
+| ExponentialRegex.cs:24:43:24:51 | access to local variable userInput | semmle.label | access to local variable userInput |
+| ExponentialRegex.cs:26:21:26:29 | access to local variable userInput | semmle.label | access to local variable userInput |
 #select
 | ExponentialRegex.cs:17:40:17:48 | access to local variable userInput | ExponentialRegex.cs:13:28:13:50 | access to property QueryString | ExponentialRegex.cs:17:40:17:48 | access to local variable userInput | $@ flows to regular expression operation with dangerous regex. | ExponentialRegex.cs:13:28:13:50 | access to property QueryString | User-provided value |
 | ExponentialRegex.cs:18:42:18:50 | access to local variable userInput | ExponentialRegex.cs:13:28:13:50 | access to property QueryString | ExponentialRegex.cs:18:42:18:50 | access to local variable userInput | $@ flows to regular expression operation with dangerous regex. | ExponentialRegex.cs:13:28:13:50 | access to property QueryString | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected

@@ -1,3 +1,6 @@
 edges
 | ExponentialRegex.cs:15:28:15:50 | access to property QueryString | ExponentialRegex.cs:18:40:18:48 | access to local variable userInput |
+nodes
+| ExponentialRegex.cs:15:28:15:50 | access to property QueryString | semmle.label | access to property QueryString |
+| ExponentialRegex.cs:18:40:18:48 | access to local variable userInput | semmle.label | access to local variable userInput |
 #select

csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected

@@ -1,4 +1,7 @@
 edges
 | RegexInjection.cs:12:24:12:46 | access to property QueryString | RegexInjection.cs:16:19:16:23 | access to local variable regex |
+nodes
+| RegexInjection.cs:12:24:12:46 | access to property QueryString | semmle.label | access to property QueryString |
+| RegexInjection.cs:16:19:16:23 | access to local variable regex | semmle.label | access to local variable regex |
 #select
 | RegexInjection.cs:16:19:16:23 | access to local variable regex | RegexInjection.cs:12:24:12:46 | access to property QueryString | RegexInjection.cs:16:19:16:23 | access to local variable regex | $@ flows to the construction of a regular expression. | RegexInjection.cs:12:24:12:46 | access to property QueryString | User-provided value |

csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedConnectionString.expected

@@ -11,6 +11,31 @@ edges
 | TestHardcodedCredentials.cs:21:31:21:42 | "myusername" | TestHardcodedCredentials.cs:21:31:21:42 | "myusername" |
 | TestHardcodedCredentials.cs:21:45:21:56 | "mypassword" | TestHardcodedCredentials.cs:21:45:21:56 | "mypassword" |
 | TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" |
+nodes
+| HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | semmle.label | "myPa55word" |
+| HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | semmle.label | "myPa55word" |
+| HardcodedCredentials.cs:33:19:33:28 | "username" | semmle.label | "username" |
+| HardcodedCredentials.cs:33:19:33:28 | "username" | semmle.label | "username" |
+| HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | semmle.label | "myNewPa55word" |
+| HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | semmle.label | "myNewPa55word" |
+| HardcodedCredentials.cs:49:30:49:60 | array creation of type Byte[] | semmle.label | array creation of type Byte[] |
+| HardcodedCredentials.cs:52:13:52:23 | access to local variable rawCertData | semmle.label | access to local variable rawCertData |
+| HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | semmle.label | "myPa55word" |
+| HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | semmle.label | "myPa55word" |
+| HardcodedCredentials.cs:56:48:56:63 | "Password=12345" | semmle.label | "Password=12345" |
+| HardcodedCredentials.cs:56:48:56:63 | "Password=12345" | semmle.label | "Password=12345" |
+| HardcodedCredentials.cs:58:49:58:63 | "User Id=12345" | semmle.label | "User Id=12345" |
+| HardcodedCredentials.cs:58:49:58:63 | "User Id=12345" | semmle.label | "User Id=12345" |
+| HardcodedCredentials.cs:76:31:76:42 | "myusername" | semmle.label | "myusername" |
+| HardcodedCredentials.cs:76:31:76:42 | "myusername" | semmle.label | "myusername" |
+| HardcodedCredentials.cs:76:45:76:56 | "mypassword" | semmle.label | "mypassword" |
+| HardcodedCredentials.cs:76:45:76:56 | "mypassword" | semmle.label | "mypassword" |
+| TestHardcodedCredentials.cs:21:31:21:42 | "myusername" | semmle.label | "myusername" |
+| TestHardcodedCredentials.cs:21:31:21:42 | "myusername" | semmle.label | "myusername" |
+| TestHardcodedCredentials.cs:21:45:21:56 | "mypassword" | semmle.label | "mypassword" |
+| TestHardcodedCredentials.cs:21:45:21:56 | "mypassword" | semmle.label | "mypassword" |
+| TestHardcodedCredentials.cs:26:19:26:28 | "username" | semmle.label | "username" |
+| TestHardcodedCredentials.cs:26:19:26:28 | "username" | semmle.label | "username" |
 #select
 | HardcodedCredentials.cs:56:48:56:63 | "Password=12345" | HardcodedCredentials.cs:56:48:56:63 | "Password=12345" | HardcodedCredentials.cs:56:48:56:63 | "Password=12345" | 'ConnectionString' property includes hard-coded credentials set in $@. | HardcodedCredentials.cs:56:30:56:64 | object creation of type SqlConnection | object creation of type SqlConnection |
 | HardcodedCredentials.cs:58:49:58:63 | "User Id=12345" | HardcodedCredentials.cs:58:49:58:63 | "User Id=12345" | HardcodedCredentials.cs:58:49:58:63 | "User Id=12345" | 'ConnectionString' property includes hard-coded credentials set in $@. | HardcodedCredentials.cs:58:31:58:64 | object creation of type SqlConnection | object creation of type SqlConnection |

csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.expected

@@ -9,6 +9,27 @@ edges
 | TestHardcodedCredentials.cs:21:31:21:42 | "myusername" | TestHardcodedCredentials.cs:21:31:21:42 | "myusername" |
 | TestHardcodedCredentials.cs:21:45:21:56 | "mypassword" | TestHardcodedCredentials.cs:21:45:21:56 | "mypassword" |
 | TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" |
+nodes
+| HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | semmle.label | "myPa55word" |
+| HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | semmle.label | "myPa55word" |
+| HardcodedCredentials.cs:33:19:33:28 | "username" | semmle.label | "username" |
+| HardcodedCredentials.cs:33:19:33:28 | "username" | semmle.label | "username" |
+| HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | semmle.label | "myNewPa55word" |
+| HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | semmle.label | "myNewPa55word" |
+| HardcodedCredentials.cs:49:30:49:60 | array creation of type Byte[] | semmle.label | array creation of type Byte[] |
+| HardcodedCredentials.cs:52:13:52:23 | access to local variable rawCertData | semmle.label | access to local variable rawCertData |
+| HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | semmle.label | "myPa55word" |
+| HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | semmle.label | "myPa55word" |
+| HardcodedCredentials.cs:76:31:76:42 | "myusername" | semmle.label | "myusername" |
+| HardcodedCredentials.cs:76:31:76:42 | "myusername" | semmle.label | "myusername" |
+| HardcodedCredentials.cs:76:45:76:56 | "mypassword" | semmle.label | "mypassword" |
+| HardcodedCredentials.cs:76:45:76:56 | "mypassword" | semmle.label | "mypassword" |
+| TestHardcodedCredentials.cs:21:31:21:42 | "myusername" | semmle.label | "myusername" |
+| TestHardcodedCredentials.cs:21:31:21:42 | "myusername" | semmle.label | "myusername" |
+| TestHardcodedCredentials.cs:21:45:21:56 | "mypassword" | semmle.label | "mypassword" |
+| TestHardcodedCredentials.cs:21:45:21:56 | "mypassword" | semmle.label | "mypassword" |
+| TestHardcodedCredentials.cs:26:19:26:28 | "username" | semmle.label | "username" |
+| TestHardcodedCredentials.cs:26:19:26:28 | "username" | semmle.label | "username" |
 #select
 | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | The hard-coded value "myPa55word" flows to $@ which is compared against $@. | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | "myPa55word" | HardcodedCredentials.cs:17:13:17:20 | access to local variable password | access to local variable password |
 | HardcodedCredentials.cs:33:19:33:28 | "username" | HardcodedCredentials.cs:33:19:33:28 | "username" | HardcodedCredentials.cs:33:19:33:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | HardcodedCredentials.cs:33:19:33:28 | "username" | name | HardcodedCredentials.cs:31:31:45:13 | object creation of type MembershipUser | object creation of type MembershipUser |

csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected

@@ -6,6 +6,19 @@ edges
 | ConditionalBypass.cs:44:32:44:66 | call to method GetHostByAddress | ConditionalBypass.cs:51:13:51:29 | access to property HostName |
 | ConditionalBypass.cs:72:34:72:52 | access to property Cookies | ConditionalBypass.cs:74:13:74:40 | ... == ... |
 | ConditionalBypass.cs:85:34:85:52 | access to property Cookies | ConditionalBypass.cs:86:13:86:40 | ... == ... |
+nodes
+| ConditionalBypass.cs:14:26:14:48 | access to property QueryString | semmle.label | access to property QueryString |
+| ConditionalBypass.cs:18:13:18:30 | ... == ... | semmle.label | ... == ... |
+| ConditionalBypass.cs:21:34:21:52 | access to property Cookies | semmle.label | access to property Cookies |
+| ConditionalBypass.cs:24:13:24:45 | call to method Equals | semmle.label | call to method Equals |
+| ConditionalBypass.cs:29:13:29:40 | ... == ... | semmle.label | ... == ... |
+| ConditionalBypass.cs:44:32:44:66 | call to method GetHostByAddress | semmle.label | call to method GetHostByAddress |
+| ConditionalBypass.cs:46:13:46:46 | ... == ... | semmle.label | ... == ... |
+| ConditionalBypass.cs:51:13:51:29 | access to property HostName | semmle.label | access to property HostName |
+| ConditionalBypass.cs:72:34:72:52 | access to property Cookies | semmle.label | access to property Cookies |
+| ConditionalBypass.cs:74:13:74:40 | ... == ... | semmle.label | ... == ... |
+| ConditionalBypass.cs:85:34:85:52 | access to property Cookies | semmle.label | access to property Cookies |
+| ConditionalBypass.cs:86:13:86:40 | ... == ... | semmle.label | ... == ... |
 #select
 | ConditionalBypass.cs:19:13:19:33 | call to method login | ConditionalBypass.cs:14:26:14:48 | access to property QueryString | ConditionalBypass.cs:18:13:18:30 | ... == ... | Sensitive method may not be executed depending on $@, which flows from $@. | ConditionalBypass.cs:18:13:18:30 | ... == ... | this condition | ConditionalBypass.cs:14:26:14:48 | access to property QueryString | user input |
 | ConditionalBypass.cs:25:13:25:33 | call to method login | ConditionalBypass.cs:21:34:21:52 | access to property Cookies | ConditionalBypass.cs:24:13:24:45 | call to method Equals | Sensitive method may not be executed depending on $@, which flows from $@. | ConditionalBypass.cs:24:13:24:45 | call to method Equals | this condition | ConditionalBypass.cs:21:34:21:52 | access to property Cookies | user input |

csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected

@@ -11,6 +11,28 @@ edges
 | InappropriateEncoding.cs:68:16:68:42 | call to method Replace | InappropriateEncoding.cs:15:28:15:40 | call to method Encode |
 | SqlEncode.cs:16:62:16:87 | call to method Replace | SqlEncode.cs:17:46:17:50 | access to local variable query |
 | UrlEncode.cs:12:43:12:69 | call to method HtmlEncode | UrlEncode.cs:12:31:12:69 | ... + ... |
+nodes
+| HtmlEncode.cs:12:28:12:65 | ... + ... | semmle.label | ... + ... |
+| HtmlEncode.cs:12:40:12:65 | call to method UrlEncode | semmle.label | call to method UrlEncode |
+| InappropriateEncoding.cs:15:28:15:40 | call to method Encode | semmle.label | call to method Encode |
+| InappropriateEncoding.cs:20:46:20:51 | access to local variable query1 | semmle.label | access to local variable query1 |
+| InappropriateEncoding.cs:33:22:33:34 | call to method Encode | semmle.label | call to method Encode |
+| InappropriateEncoding.cs:33:22:33:34 | call to method Encode | semmle.label | call to method Encode |
+| InappropriateEncoding.cs:34:22:34:49 | call to method UrlEncode | semmle.label | call to method UrlEncode |
+| InappropriateEncoding.cs:34:22:34:49 | call to method UrlEncode | semmle.label | call to method UrlEncode |
+| InappropriateEncoding.cs:35:22:35:73 | call to method UrlEncode | semmle.label | call to method UrlEncode |
+| InappropriateEncoding.cs:35:22:35:73 | call to method UrlEncode | semmle.label | call to method UrlEncode |
+| InappropriateEncoding.cs:36:28:36:55 | call to method UrlEncode | semmle.label | call to method UrlEncode |
+| InappropriateEncoding.cs:37:32:37:43 | access to local variable encodedValue | semmle.label | access to local variable encodedValue |
+| InappropriateEncoding.cs:38:22:38:59 | ... + ... | semmle.label | ... + ... |
+| InappropriateEncoding.cs:39:22:39:71 | call to method Format | semmle.label | call to method Format |
+| InappropriateEncoding.cs:57:28:57:56 | call to method HtmlEncode | semmle.label | call to method HtmlEncode |
+| InappropriateEncoding.cs:58:31:58:42 | access to local variable encodedValue | semmle.label | access to local variable encodedValue |
+| InappropriateEncoding.cs:68:16:68:42 | call to method Replace | semmle.label | call to method Replace |
+| SqlEncode.cs:16:62:16:87 | call to method Replace | semmle.label | call to method Replace |
+| SqlEncode.cs:17:46:17:50 | access to local variable query | semmle.label | access to local variable query |
+| UrlEncode.cs:12:31:12:69 | ... + ... | semmle.label | ... + ... |
+| UrlEncode.cs:12:43:12:69 | call to method HtmlEncode | semmle.label | call to method HtmlEncode |
 #select
 | HtmlEncode.cs:12:28:12:65 | ... + ... | HtmlEncode.cs:12:40:12:65 | call to method UrlEncode | HtmlEncode.cs:12:28:12:65 | ... + ... | This HTML expression may include data from a $@. | HtmlEncode.cs:12:40:12:65 | call to method UrlEncode | possibly inappropriately encoded value |
 | InappropriateEncoding.cs:20:46:20:51 | access to local variable query1 | InappropriateEncoding.cs:15:28:15:40 | call to method Encode | InappropriateEncoding.cs:20:46:20:51 | access to local variable query1 | This SQL expression may include data from a $@. | InappropriateEncoding.cs:15:28:15:40 | call to method Encode | possibly inappropriately encoded value |