make the alert messages of taint-tracking queries more consistent

ruby/ql/src/queries/security/cwe-022/PathInjection.ql

@@ -22,5 +22,5 @@ import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to here and is used in a path.", source.getNode(),
-  "User-provided value"
+select sink.getNode(), source, sink, "This path depends on $@.", source.getNode(),
+  "a user-provided value"

ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql

@@ -20,4 +20,4 @@ import DataFlow::PathGraph
 from ReflectedXss::Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.",
-  source.getNode(), "user-provided value"
+  source.getNode(), "a user-provided value"

ruby/ql/src/queries/security/cwe-094/CodeInjection.ql

@@ -22,5 +22,5 @@ from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, S
 where
   config.hasFlowPath(source, sink) and
   sourceNode = source.getNode()
-select sink.getNode(), source, sink, "$@ flows to here and is interpreted as code.",
-  source.getNode(), "User-provided value"
+select sink.getNode(), source, sink, "This code execution depends on $@.", source.getNode(),
+  "a user-provided value"

ruby/ql/src/queries/security/cwe-117/LogInjection.ql

@@ -17,5 +17,5 @@ import codeql.ruby.security.LogInjectionQuery
 
 from LogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to log entry.", source.getNode(),
-  "User-provided value"
+select sink.getNode(), source, sink, "Log entry depends on $@.", source.getNode(),
+  "a user-provided value"

ruby/ql/src/queries/security/cwe-1333/RegExpInjection.ql

@@ -22,5 +22,5 @@ import codeql.ruby.security.regexp.RegExpInjectionQuery
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
-  source.getNode(), "user-provided value"
+select sink.getNode(), source, sink, "This regular expression depends on $@.", source.getNode(),
+  "a user-provided value"

ruby/ql/src/queries/security/cwe-134/TaintedFormatString.ql

@@ -17,5 +17,5 @@ import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows here and is used in a format string.",
-  source.getNode(), "User-provided value"
+select sink.getNode(), source, sink, "Format string depends on $@.", source.getNode(),
+  "a user-provided value"

ruby/ql/src/queries/security/cwe-312/CleartextLogging.ql

@@ -20,5 +20,5 @@ import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Sensitive data returned by $@ is logged here.",
-  source.getNode(), source.getNode().(Source).describe()
+select sink.getNode(), source, sink, "$@ is logged here.", source.getNode(),
+  "Sensitive data returned by " + source.getNode().(Source).describe()

ruby/ql/src/queries/security/cwe-312/CleartextStorage.ql

@@ -21,5 +21,5 @@ import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select source.getNode(), source, sink, "Sensitive data returned by $@ is stored $@.",
-  source.getNode(), source.getNode().(Source).describe(), sink.getNode(), "here"
+select sink.getNode(), source, sink, "$@ is stored here.", source.getNode(),
+  "Sensitive data returned by " + source.getNode().(Source).describe()

ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.ql

@@ -18,4 +18,5 @@ import codeql.ruby.security.UnsafeDeserializationQuery
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Unsafe deserialization of $@.", source.getNode(), "user input"
+select sink.getNode(), source, sink, "Unsafe deserialization depends on $@.", source.getNode(),
+  "a user-provided value"

ruby/ql/src/queries/security/cwe-506/HardcodedDataInterpretedAsCode.ql

@@ -19,5 +19,5 @@ import DataFlow::PathGraph
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
-  "Hard-coded data from $@ is interpreted as " + sink.getNode().(Sink).getKind() + ".",
-  source.getNode(), "here"
+  "$@ is interpreted as " + sink.getNode().(Sink).getKind() + ".", source.getNode(),
+  "Hard-coded data"

ruby/ql/src/queries/security/cwe-601/UrlRedirect.ql

@@ -18,5 +18,5 @@ import codeql.ruby.DataFlow::DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Untrusted URL redirection due to $@.", source.getNode(),
+select sink.getNode(), source, sink, "Untrusted URL redirection depends on $@.", source.getNode(),
   "a user-provided value"

ruby/ql/src/queries/security/cwe-611/Xxe.ql

@@ -40,5 +40,5 @@ class XxeConfig extends TaintTracking::Configuration {
 from DataFlow::PathNode source, DataFlow::PathNode sink, XxeConfig conf
 where conf.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
-  "A $@ is parsed as XML without guarding against external entity expansion.", source.getNode(),
-  "user-provided value"
+  "XML parsing depends on $@ without guarding against external entity expansion.", source.getNode(),
+  "a user-provided value"

ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql

@@ -18,4 +18,4 @@ import codeql.ruby.security.HttpToFileAccessQuery
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to file system", source.getNode(), "Untrusted data"
+select sink.getNode(), source, sink, "$@ flows to file system.", source.getNode(), "Untrusted data"

ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected

@@ -88,15 +88,15 @@ nodes
 | tainted_path.rb:60:26:60:29 | path | semmle.label | path |
 subpaths
 #select
-| ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params :  | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | $@ flows to here and is used in a path. | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | User-provided value |
-| ArchiveApiPathTraversal.rb:68:20:68:23 | file | ArchiveApiPathTraversal.rb:10:11:10:16 | call to params :  | ArchiveApiPathTraversal.rb:68:20:68:23 | file | $@ flows to here and is used in a path. | ArchiveApiPathTraversal.rb:10:11:10:16 | call to params | User-provided value |
-| ArchiveApiPathTraversal.rb:76:19:76:26 | filename | ArchiveApiPathTraversal.rb:15:9:15:14 | call to params :  | ArchiveApiPathTraversal.rb:76:19:76:26 | filename | $@ flows to here and is used in a path. | ArchiveApiPathTraversal.rb:15:9:15:14 | call to params | User-provided value |
-| tainted_path.rb:5:26:5:29 | path | tainted_path.rb:4:12:4:17 | call to params :  | tainted_path.rb:5:26:5:29 | path | $@ flows to here and is used in a path. | tainted_path.rb:4:12:4:17 | call to params | User-provided value |
-| tainted_path.rb:11:26:11:29 | path | tainted_path.rb:10:31:10:36 | call to params :  | tainted_path.rb:11:26:11:29 | path | $@ flows to here and is used in a path. | tainted_path.rb:10:31:10:36 | call to params | User-provided value |
-| tainted_path.rb:17:26:17:29 | path | tainted_path.rb:16:28:16:33 | call to params :  | tainted_path.rb:17:26:17:29 | path | $@ flows to here and is used in a path. | tainted_path.rb:16:28:16:33 | call to params | User-provided value |
-| tainted_path.rb:23:26:23:29 | path | tainted_path.rb:22:29:22:34 | call to params :  | tainted_path.rb:23:26:23:29 | path | $@ flows to here and is used in a path. | tainted_path.rb:22:29:22:34 | call to params | User-provided value |
-| tainted_path.rb:29:26:29:29 | path | tainted_path.rb:28:22:28:27 | call to params :  | tainted_path.rb:29:26:29:29 | path | $@ flows to here and is used in a path. | tainted_path.rb:28:22:28:27 | call to params | User-provided value |
-| tainted_path.rb:35:26:35:29 | path | tainted_path.rb:34:29:34:34 | call to params :  | tainted_path.rb:35:26:35:29 | path | $@ flows to here and is used in a path. | tainted_path.rb:34:29:34:34 | call to params | User-provided value |
-| tainted_path.rb:41:26:41:29 | path | tainted_path.rb:40:26:40:31 | call to params :  | tainted_path.rb:41:26:41:29 | path | $@ flows to here and is used in a path. | tainted_path.rb:40:26:40:31 | call to params | User-provided value |
-| tainted_path.rb:48:26:48:29 | path | tainted_path.rb:47:43:47:48 | call to params :  | tainted_path.rb:48:26:48:29 | path | $@ flows to here and is used in a path. | tainted_path.rb:47:43:47:48 | call to params | User-provided value |
-| tainted_path.rb:60:26:60:29 | path | tainted_path.rb:59:40:59:45 | call to params :  | tainted_path.rb:60:26:60:29 | path | $@ flows to here and is used in a path. | tainted_path.rb:59:40:59:45 | call to params | User-provided value |
+| ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params :  | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | This path depends on $@. | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | a user-provided value |
+| ArchiveApiPathTraversal.rb:68:20:68:23 | file | ArchiveApiPathTraversal.rb:10:11:10:16 | call to params :  | ArchiveApiPathTraversal.rb:68:20:68:23 | file | This path depends on $@. | ArchiveApiPathTraversal.rb:10:11:10:16 | call to params | a user-provided value |
+| ArchiveApiPathTraversal.rb:76:19:76:26 | filename | ArchiveApiPathTraversal.rb:15:9:15:14 | call to params :  | ArchiveApiPathTraversal.rb:76:19:76:26 | filename | This path depends on $@. | ArchiveApiPathTraversal.rb:15:9:15:14 | call to params | a user-provided value |
+| tainted_path.rb:5:26:5:29 | path | tainted_path.rb:4:12:4:17 | call to params :  | tainted_path.rb:5:26:5:29 | path | This path depends on $@. | tainted_path.rb:4:12:4:17 | call to params | a user-provided value |
+| tainted_path.rb:11:26:11:29 | path | tainted_path.rb:10:31:10:36 | call to params :  | tainted_path.rb:11:26:11:29 | path | This path depends on $@. | tainted_path.rb:10:31:10:36 | call to params | a user-provided value |
+| tainted_path.rb:17:26:17:29 | path | tainted_path.rb:16:28:16:33 | call to params :  | tainted_path.rb:17:26:17:29 | path | This path depends on $@. | tainted_path.rb:16:28:16:33 | call to params | a user-provided value |
+| tainted_path.rb:23:26:23:29 | path | tainted_path.rb:22:29:22:34 | call to params :  | tainted_path.rb:23:26:23:29 | path | This path depends on $@. | tainted_path.rb:22:29:22:34 | call to params | a user-provided value |
+| tainted_path.rb:29:26:29:29 | path | tainted_path.rb:28:22:28:27 | call to params :  | tainted_path.rb:29:26:29:29 | path | This path depends on $@. | tainted_path.rb:28:22:28:27 | call to params | a user-provided value |
+| tainted_path.rb:35:26:35:29 | path | tainted_path.rb:34:29:34:34 | call to params :  | tainted_path.rb:35:26:35:29 | path | This path depends on $@. | tainted_path.rb:34:29:34:34 | call to params | a user-provided value |
+| tainted_path.rb:41:26:41:29 | path | tainted_path.rb:40:26:40:31 | call to params :  | tainted_path.rb:41:26:41:29 | path | This path depends on $@. | tainted_path.rb:40:26:40:31 | call to params | a user-provided value |
+| tainted_path.rb:48:26:48:29 | path | tainted_path.rb:47:43:47:48 | call to params :  | tainted_path.rb:48:26:48:29 | path | This path depends on $@. | tainted_path.rb:47:43:47:48 | call to params | a user-provided value |
+| tainted_path.rb:60:26:60:29 | path | tainted_path.rb:59:40:59:45 | call to params :  | tainted_path.rb:60:26:60:29 | path | This path depends on $@. | tainted_path.rb:59:40:59:45 | call to params | a user-provided value |

ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected

@@ -52,15 +52,15 @@ nodes
 | app/views/foo/bars/show.html.erb:57:13:57:28 | ...[...] | semmle.label | ...[...] |
 subpaths
 #select
-| app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
-| app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
-| app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params :  | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params | user-provided value |
-| app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
-| app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
-| app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
-| app/views/foo/bars/show.html.erb:36:3:36:14 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/show.html.erb:36:3:36:14 | call to display_text | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
-| app/views/foo/bars/show.html.erb:41:3:41:16 | @instance_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/show.html.erb:41:3:41:16 | @instance_text | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | user-provided value |
-| app/views/foo/bars/show.html.erb:47:5:47:13 | call to user_name | app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params :  | app/views/foo/bars/show.html.erb:47:5:47:13 | call to user_name | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params | user-provided value |
-| app/views/foo/bars/show.html.erb:51:5:51:18 | call to user_name_memo | app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params :  | app/views/foo/bars/show.html.erb:51:5:51:18 | call to user_name_memo | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params | user-provided value |
-| app/views/foo/bars/show.html.erb:54:29:54:44 | ...[...] | app/views/foo/bars/show.html.erb:54:29:54:34 | call to params :  | app/views/foo/bars/show.html.erb:54:29:54:44 | ...[...] | Cross-site scripting vulnerability due to $@. | app/views/foo/bars/show.html.erb:54:29:54:34 | call to params | user-provided value |
-| app/views/foo/bars/show.html.erb:57:13:57:28 | ...[...] | app/views/foo/bars/show.html.erb:57:13:57:18 | call to params :  | app/views/foo/bars/show.html.erb:57:13:57:28 | ...[...] | Cross-site scripting vulnerability due to $@. | app/views/foo/bars/show.html.erb:57:13:57:18 | call to params | user-provided value |
+| app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | a user-provided value |
+| app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/_widget.html.erb:8:9:8:36 | ...[...] | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | a user-provided value |
+| app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params :  | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params | a user-provided value |
+| app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | a user-provided value |
+| app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | a user-provided value |
+| app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/show.html.erb:12:9:12:26 | ...[...] | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | a user-provided value |
+| app/views/foo/bars/show.html.erb:36:3:36:14 | call to display_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/show.html.erb:36:3:36:14 | call to display_text | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | a user-provided value |
+| app/views/foo/bars/show.html.erb:41:3:41:16 | @instance_text | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params :  | app/views/foo/bars/show.html.erb:41:3:41:16 | @instance_text | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params | a user-provided value |
+| app/views/foo/bars/show.html.erb:47:5:47:13 | call to user_name | app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params :  | app/views/foo/bars/show.html.erb:47:5:47:13 | call to user_name | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params | a user-provided value |
+| app/views/foo/bars/show.html.erb:51:5:51:18 | call to user_name_memo | app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params :  | app/views/foo/bars/show.html.erb:51:5:51:18 | call to user_name_memo | Cross-site scripting vulnerability due to $@. | app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params | a user-provided value |
+| app/views/foo/bars/show.html.erb:54:29:54:44 | ...[...] | app/views/foo/bars/show.html.erb:54:29:54:34 | call to params :  | app/views/foo/bars/show.html.erb:54:29:54:44 | ...[...] | Cross-site scripting vulnerability due to $@. | app/views/foo/bars/show.html.erb:54:29:54:34 | call to params | a user-provided value |
+| app/views/foo/bars/show.html.erb:57:13:57:28 | ...[...] | app/views/foo/bars/show.html.erb:57:13:57:18 | call to params :  | app/views/foo/bars/show.html.erb:57:13:57:28 | ...[...] | Cross-site scripting vulnerability due to $@. | app/views/foo/bars/show.html.erb:57:13:57:18 | call to params | a user-provided value |

ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected

@@ -20,10 +20,10 @@ nodes
 | CodeInjection.rb:36:24:36:27 | code :  | semmle.label | code :  |
 subpaths
 #select
-| CodeInjection.rb:6:10:6:13 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:6:10:6:13 | code | $@ flows to here and is interpreted as code. | CodeInjection.rb:3:12:3:17 | call to params | User-provided value |
-| CodeInjection.rb:9:10:9:15 | call to params | CodeInjection.rb:9:10:9:15 | call to params | CodeInjection.rb:9:10:9:15 | call to params | $@ flows to here and is interpreted as code. | CodeInjection.rb:9:10:9:15 | call to params | User-provided value |
-| CodeInjection.rb:18:20:18:23 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:18:20:18:23 | code | $@ flows to here and is interpreted as code. | CodeInjection.rb:3:12:3:17 | call to params | User-provided value |
-| CodeInjection.rb:21:21:21:24 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:21:21:21:24 | code | $@ flows to here and is interpreted as code. | CodeInjection.rb:3:12:3:17 | call to params | User-provided value |
-| CodeInjection.rb:27:15:27:18 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:27:15:27:18 | code | $@ flows to here and is interpreted as code. | CodeInjection.rb:3:12:3:17 | call to params | User-provided value |
-| CodeInjection.rb:30:19:30:22 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:30:19:30:22 | code | $@ flows to here and is interpreted as code. | CodeInjection.rb:3:12:3:17 | call to params | User-provided value |
-| CodeInjection.rb:36:10:36:28 | call to escape | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:36:10:36:28 | call to escape | $@ flows to here and is interpreted as code. | CodeInjection.rb:3:12:3:17 | call to params | User-provided value |
+| CodeInjection.rb:6:10:6:13 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:6:10:6:13 | code | This code execution depends on $@. | CodeInjection.rb:3:12:3:17 | call to params | a user-provided value |
+| CodeInjection.rb:9:10:9:15 | call to params | CodeInjection.rb:9:10:9:15 | call to params | CodeInjection.rb:9:10:9:15 | call to params | This code execution depends on $@. | CodeInjection.rb:9:10:9:15 | call to params | a user-provided value |
+| CodeInjection.rb:18:20:18:23 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:18:20:18:23 | code | This code execution depends on $@. | CodeInjection.rb:3:12:3:17 | call to params | a user-provided value |
+| CodeInjection.rb:21:21:21:24 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:21:21:21:24 | code | This code execution depends on $@. | CodeInjection.rb:3:12:3:17 | call to params | a user-provided value |
+| CodeInjection.rb:27:15:27:18 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:27:15:27:18 | code | This code execution depends on $@. | CodeInjection.rb:3:12:3:17 | call to params | a user-provided value |
+| CodeInjection.rb:30:19:30:22 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:30:19:30:22 | code | This code execution depends on $@. | CodeInjection.rb:3:12:3:17 | call to params | a user-provided value |
+| CodeInjection.rb:36:10:36:28 | call to escape | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:36:10:36:28 | call to escape | This code execution depends on $@. | CodeInjection.rb:3:12:3:17 | call to params | a user-provided value |

ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected

@@ -28,9 +28,9 @@ nodes
 | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | semmle.label | ... + ... |
 subpaths
 #select
-| app/controllers/users_controller.rb:16:19:16:29 | unsanitized | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | app/controllers/users_controller.rb:16:19:16:29 | unsanitized | $@ flows to log entry. | app/controllers/users_controller.rb:15:19:15:24 | call to params | User-provided value |
-| app/controllers/users_controller.rb:17:19:17:41 | ... + ... | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | app/controllers/users_controller.rb:17:19:17:41 | ... + ... | $@ flows to log entry. | app/controllers/users_controller.rb:15:19:15:24 | call to params | User-provided value |
-| app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | $@ flows to log entry. | app/controllers/users_controller.rb:15:19:15:24 | call to params | User-provided value |
-| app/controllers/users_controller.rb:27:16:27:39 | ... + ... | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | app/controllers/users_controller.rb:27:16:27:39 | ... + ... | $@ flows to log entry. | app/controllers/users_controller.rb:15:19:15:24 | call to params | User-provided value |
-| app/controllers/users_controller.rb:34:33:34:43 | unsanitized | app/controllers/users_controller.rb:33:19:33:25 | call to cookies :  | app/controllers/users_controller.rb:34:33:34:43 | unsanitized | $@ flows to log entry. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | User-provided value |
-| app/controllers/users_controller.rb:35:33:35:55 | ... + ... | app/controllers/users_controller.rb:33:19:33:25 | call to cookies :  | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | $@ flows to log entry. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | User-provided value |
+| app/controllers/users_controller.rb:16:19:16:29 | unsanitized | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | app/controllers/users_controller.rb:16:19:16:29 | unsanitized | Log entry depends on $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | a user-provided value |
+| app/controllers/users_controller.rb:17:19:17:41 | ... + ... | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | app/controllers/users_controller.rb:17:19:17:41 | ... + ... | Log entry depends on $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | a user-provided value |
+| app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | Log entry depends on $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | a user-provided value |
+| app/controllers/users_controller.rb:27:16:27:39 | ... + ... | app/controllers/users_controller.rb:15:19:15:24 | call to params :  | app/controllers/users_controller.rb:27:16:27:39 | ... + ... | Log entry depends on $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | a user-provided value |
+| app/controllers/users_controller.rb:34:33:34:43 | unsanitized | app/controllers/users_controller.rb:33:19:33:25 | call to cookies :  | app/controllers/users_controller.rb:34:33:34:43 | unsanitized | Log entry depends on $@. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | a user-provided value |
+| app/controllers/users_controller.rb:35:33:35:55 | ... + ... | app/controllers/users_controller.rb:33:19:33:25 | call to cookies :  | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | Log entry depends on $@. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | a user-provided value |

ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected

@@ -27,8 +27,8 @@ nodes
 | RegExpInjection.rb:55:28:55:37 | ... + ... | semmle.label | ... + ... |
 subpaths
 #select
-| RegExpInjection.rb:5:13:5:21 | /#{...}/ | RegExpInjection.rb:4:12:4:17 | call to params :  | RegExpInjection.rb:5:13:5:21 | /#{...}/ | This regular expression is constructed from a $@. | RegExpInjection.rb:4:12:4:17 | call to params | user-provided value |
-| RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | RegExpInjection.rb:10:12:10:17 | call to params :  | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | This regular expression is constructed from a $@. | RegExpInjection.rb:10:12:10:17 | call to params | user-provided value |
-| RegExpInjection.rb:17:24:17:27 | name | RegExpInjection.rb:16:12:16:17 | call to params :  | RegExpInjection.rb:17:24:17:27 | name | This regular expression is constructed from a $@. | RegExpInjection.rb:16:12:16:17 | call to params | user-provided value |
-| RegExpInjection.rb:23:24:23:33 | ... + ... | RegExpInjection.rb:22:12:22:17 | call to params :  | RegExpInjection.rb:23:24:23:33 | ... + ... | This regular expression is constructed from a $@. | RegExpInjection.rb:22:12:22:17 | call to params | user-provided value |
-| RegExpInjection.rb:55:28:55:37 | ... + ... | RegExpInjection.rb:54:12:54:17 | call to params :  | RegExpInjection.rb:55:28:55:37 | ... + ... | This regular expression is constructed from a $@. | RegExpInjection.rb:54:12:54:17 | call to params | user-provided value |
+| RegExpInjection.rb:5:13:5:21 | /#{...}/ | RegExpInjection.rb:4:12:4:17 | call to params :  | RegExpInjection.rb:5:13:5:21 | /#{...}/ | This regular expression depends on $@. | RegExpInjection.rb:4:12:4:17 | call to params | a user-provided value |
+| RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | RegExpInjection.rb:10:12:10:17 | call to params :  | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | This regular expression depends on $@. | RegExpInjection.rb:10:12:10:17 | call to params | a user-provided value |
+| RegExpInjection.rb:17:24:17:27 | name | RegExpInjection.rb:16:12:16:17 | call to params :  | RegExpInjection.rb:17:24:17:27 | name | This regular expression depends on $@. | RegExpInjection.rb:16:12:16:17 | call to params | a user-provided value |
+| RegExpInjection.rb:23:24:23:33 | ... + ... | RegExpInjection.rb:22:12:22:17 | call to params :  | RegExpInjection.rb:23:24:23:33 | ... + ... | This regular expression depends on $@. | RegExpInjection.rb:22:12:22:17 | call to params | a user-provided value |
+| RegExpInjection.rb:55:28:55:37 | ... + ... | RegExpInjection.rb:54:12:54:17 | call to params :  | RegExpInjection.rb:55:28:55:37 | ... + ... | This regular expression depends on $@. | RegExpInjection.rb:54:12:54:17 | call to params | a user-provided value |

ruby/ql/test/query-tests/security/cwe-134/TaintedFormatString.expected

@@ -39,14 +39,14 @@ nodes
 | tainted_format_string.rb:36:30:36:44 | ...[...] :  | semmle.label | ...[...] :  |
 subpaths
 #select
-| tainted_format_string.rb:4:12:4:26 | ...[...] | tainted_format_string.rb:4:12:4:17 | call to params :  | tainted_format_string.rb:4:12:4:26 | ...[...] | $@ flows here and is used in a format string. | tainted_format_string.rb:4:12:4:17 | call to params | User-provided value |
-| tainted_format_string.rb:5:19:5:33 | ...[...] | tainted_format_string.rb:5:19:5:24 | call to params :  | tainted_format_string.rb:5:19:5:33 | ...[...] | $@ flows here and is used in a format string. | tainted_format_string.rb:5:19:5:24 | call to params | User-provided value |
-| tainted_format_string.rb:10:23:10:37 | ...[...] | tainted_format_string.rb:10:23:10:28 | call to params :  | tainted_format_string.rb:10:23:10:37 | ...[...] | $@ flows here and is used in a format string. | tainted_format_string.rb:10:23:10:28 | call to params | User-provided value |
-| tainted_format_string.rb:11:30:11:44 | ...[...] | tainted_format_string.rb:11:30:11:35 | call to params :  | tainted_format_string.rb:11:30:11:44 | ...[...] | $@ flows here and is used in a format string. | tainted_format_string.rb:11:30:11:35 | call to params | User-provided value |
-| tainted_format_string.rb:18:23:18:37 | ...[...] | tainted_format_string.rb:18:23:18:28 | call to params :  | tainted_format_string.rb:18:23:18:37 | ...[...] | $@ flows here and is used in a format string. | tainted_format_string.rb:18:23:18:28 | call to params | User-provided value |
-| tainted_format_string.rb:19:30:19:44 | ...[...] | tainted_format_string.rb:19:30:19:35 | call to params :  | tainted_format_string.rb:19:30:19:44 | ...[...] | $@ flows here and is used in a format string. | tainted_format_string.rb:19:30:19:35 | call to params | User-provided value |
-| tainted_format_string.rb:21:27:21:41 | ...[...] | tainted_format_string.rb:21:27:21:32 | call to params :  | tainted_format_string.rb:21:27:21:41 | ...[...] | $@ flows here and is used in a format string. | tainted_format_string.rb:21:27:21:32 | call to params | User-provided value |
-| tainted_format_string.rb:22:20:22:34 | ...[...] | tainted_format_string.rb:22:20:22:25 | call to params :  | tainted_format_string.rb:22:20:22:34 | ...[...] | $@ flows here and is used in a format string. | tainted_format_string.rb:22:20:22:25 | call to params | User-provided value |
-| tainted_format_string.rb:28:19:28:33 | ...[...] | tainted_format_string.rb:28:19:28:24 | call to params :  | tainted_format_string.rb:28:19:28:33 | ...[...] | $@ flows here and is used in a format string. | tainted_format_string.rb:28:19:28:24 | call to params | User-provided value |
-| tainted_format_string.rb:33:12:33:46 | ... + ... | tainted_format_string.rb:33:32:33:37 | call to params :  | tainted_format_string.rb:33:12:33:46 | ... + ... | $@ flows here and is used in a format string. | tainted_format_string.rb:33:32:33:37 | call to params | User-provided value |
-| tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | tainted_format_string.rb:36:30:36:35 | call to params :  | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | $@ flows here and is used in a format string. | tainted_format_string.rb:36:30:36:35 | call to params | User-provided value |
+| tainted_format_string.rb:4:12:4:26 | ...[...] | tainted_format_string.rb:4:12:4:17 | call to params :  | tainted_format_string.rb:4:12:4:26 | ...[...] | Format string depends on $@. | tainted_format_string.rb:4:12:4:17 | call to params | a user-provided value |
+| tainted_format_string.rb:5:19:5:33 | ...[...] | tainted_format_string.rb:5:19:5:24 | call to params :  | tainted_format_string.rb:5:19:5:33 | ...[...] | Format string depends on $@. | tainted_format_string.rb:5:19:5:24 | call to params | a user-provided value |
+| tainted_format_string.rb:10:23:10:37 | ...[...] | tainted_format_string.rb:10:23:10:28 | call to params :  | tainted_format_string.rb:10:23:10:37 | ...[...] | Format string depends on $@. | tainted_format_string.rb:10:23:10:28 | call to params | a user-provided value |
+| tainted_format_string.rb:11:30:11:44 | ...[...] | tainted_format_string.rb:11:30:11:35 | call to params :  | tainted_format_string.rb:11:30:11:44 | ...[...] | Format string depends on $@. | tainted_format_string.rb:11:30:11:35 | call to params | a user-provided value |
+| tainted_format_string.rb:18:23:18:37 | ...[...] | tainted_format_string.rb:18:23:18:28 | call to params :  | tainted_format_string.rb:18:23:18:37 | ...[...] | Format string depends on $@. | tainted_format_string.rb:18:23:18:28 | call to params | a user-provided value |
+| tainted_format_string.rb:19:30:19:44 | ...[...] | tainted_format_string.rb:19:30:19:35 | call to params :  | tainted_format_string.rb:19:30:19:44 | ...[...] | Format string depends on $@. | tainted_format_string.rb:19:30:19:35 | call to params | a user-provided value |
+| tainted_format_string.rb:21:27:21:41 | ...[...] | tainted_format_string.rb:21:27:21:32 | call to params :  | tainted_format_string.rb:21:27:21:41 | ...[...] | Format string depends on $@. | tainted_format_string.rb:21:27:21:32 | call to params | a user-provided value |
+| tainted_format_string.rb:22:20:22:34 | ...[...] | tainted_format_string.rb:22:20:22:25 | call to params :  | tainted_format_string.rb:22:20:22:34 | ...[...] | Format string depends on $@. | tainted_format_string.rb:22:20:22:25 | call to params | a user-provided value |
+| tainted_format_string.rb:28:19:28:33 | ...[...] | tainted_format_string.rb:28:19:28:24 | call to params :  | tainted_format_string.rb:28:19:28:33 | ...[...] | Format string depends on $@. | tainted_format_string.rb:28:19:28:24 | call to params | a user-provided value |
+| tainted_format_string.rb:33:12:33:46 | ... + ... | tainted_format_string.rb:33:32:33:37 | call to params :  | tainted_format_string.rb:33:12:33:46 | ... + ... | Format string depends on $@. | tainted_format_string.rb:33:32:33:37 | call to params | a user-provided value |
+| tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | tainted_format_string.rb:36:30:36:35 | call to params :  | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | Format string depends on $@. | tainted_format_string.rb:36:30:36:35 | call to params | a user-provided value |

ruby/ql/test/query-tests/security/cwe-312/CleartextLogging.expected

@@ -60,24 +60,24 @@ nodes
 | logging.rb:83:5:83:16 | password_arg :  | semmle.label | password_arg :  |
 subpaths
 #select
-| logging.rb:6:20:6:27 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:6:20:6:27 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:8:21:8:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:8:21:8:28 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:10:21:10:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:10:21:10:28 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:12:21:12:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:12:21:12:28 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:14:23:14:30 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:14:23:14:30 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:16:20:16:27 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:16:20:16:27 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:19:33:19:40 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:19:33:19:40 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:21:44:21:51 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:21:44:21:51 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:23:33:23:40 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:23:33:23:40 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:26:18:26:34 | "pw: #{...}" | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:26:18:26:34 | "pw: #{...}" | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:28:26:28:33 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:28:26:28:33 | password | Sensitive data returned by $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | an assignment to password |
-| logging.rb:37:20:37:34 | ...[...] | logging.rb:30:8:30:55 | call to [] :  | logging.rb:37:20:37:34 | ...[...] | Sensitive data returned by $@ is logged here. | logging.rb:30:8:30:55 | call to [] | a write to password |
-| logging.rb:39:20:39:34 | ...[...] | logging.rb:34:1:34:15 | call to []= :  | logging.rb:39:20:39:34 | ...[...] | Sensitive data returned by $@ is logged here. | logging.rb:34:1:34:15 | call to []= | a write to password |
-| logging.rb:69:20:69:50 | password_masked_ineffective_sub | logging.rb:59:35:59:68 | "ca497451f5e883662fb1a37bc9ec7838" :  | logging.rb:69:20:69:50 | password_masked_ineffective_sub | Sensitive data returned by $@ is logged here. | logging.rb:59:35:59:68 | "ca497451f5e883662fb1a37bc9ec7838" | an assignment to password_masked_ineffective_sub |
-| logging.rb:69:20:69:50 | password_masked_ineffective_sub | logging.rb:63:35:63:88 | call to sub :  | logging.rb:69:20:69:50 | password_masked_ineffective_sub | Sensitive data returned by $@ is logged here. | logging.rb:63:35:63:88 | call to sub | an assignment to password_masked_ineffective_sub |
-| logging.rb:71:20:71:51 | password_masked_ineffective_gsub | logging.rb:61:36:61:69 | "a7e3747b19930d4f4b8181047194832f" :  | logging.rb:71:20:71:51 | password_masked_ineffective_gsub | Sensitive data returned by $@ is logged here. | logging.rb:61:36:61:69 | "a7e3747b19930d4f4b8181047194832f" | an assignment to password_masked_ineffective_gsub |
-| logging.rb:71:20:71:51 | password_masked_ineffective_gsub | logging.rb:65:36:65:86 | call to gsub :  | logging.rb:71:20:71:51 | password_masked_ineffective_gsub | Sensitive data returned by $@ is logged here. | logging.rb:65:36:65:86 | call to gsub | an assignment to password_masked_ineffective_gsub |
-| logging.rb:73:20:73:53 | password_masked_ineffective_sub_ex | logging.rb:60:38:60:71 | "ca497451f5e883662fb1a37bc9ec7838" :  | logging.rb:73:20:73:53 | password_masked_ineffective_sub_ex | Sensitive data returned by $@ is logged here. | logging.rb:60:38:60:71 | "ca497451f5e883662fb1a37bc9ec7838" | an assignment to password_masked_ineffective_sub_ex |
-| logging.rb:75:20:75:54 | password_masked_ineffective_gsub_ex | logging.rb:62:39:62:72 | "a7e3747b19930d4f4b8181047194832f" :  | logging.rb:75:20:75:54 | password_masked_ineffective_gsub_ex | Sensitive data returned by $@ is logged here. | logging.rb:62:39:62:72 | "a7e3747b19930d4f4b8181047194832f" | an assignment to password_masked_ineffective_gsub_ex |
-| logging.rb:79:15:79:22 | password | logging.rb:79:15:79:22 | password | logging.rb:79:15:79:22 | password | Sensitive data returned by $@ is logged here. | logging.rb:79:15:79:22 | password | a parameter password |
-| logging.rb:79:15:79:22 | password | logging.rb:82:16:82:49 | "65f2950df2f0e2c38d7ba2ccca767291" :  | logging.rb:79:15:79:22 | password | Sensitive data returned by $@ is logged here. | logging.rb:82:16:82:49 | "65f2950df2f0e2c38d7ba2ccca767291" | an assignment to password_arg |
+| logging.rb:6:20:6:27 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:6:20:6:27 | password | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:8:21:8:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:8:21:8:28 | password | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:10:21:10:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:10:21:10:28 | password | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:12:21:12:28 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:12:21:12:28 | password | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:14:23:14:30 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:14:23:14:30 | password | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:16:20:16:27 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:16:20:16:27 | password | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:19:33:19:40 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:19:33:19:40 | password | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:21:44:21:51 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:21:44:21:51 | password | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:23:33:23:40 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:23:33:23:40 | password | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:26:18:26:34 | "pw: #{...}" | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:26:18:26:34 | "pw: #{...}" | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:28:26:28:33 | password | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" :  | logging.rb:28:26:28:33 | password | $@ is logged here. | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to password |
+| logging.rb:37:20:37:34 | ...[...] | logging.rb:30:8:30:55 | call to [] :  | logging.rb:37:20:37:34 | ...[...] | $@ is logged here. | logging.rb:30:8:30:55 | call to [] | Sensitive data returned by a write to password |
+| logging.rb:39:20:39:34 | ...[...] | logging.rb:34:1:34:15 | call to []= :  | logging.rb:39:20:39:34 | ...[...] | $@ is logged here. | logging.rb:34:1:34:15 | call to []= | Sensitive data returned by a write to password |
+| logging.rb:69:20:69:50 | password_masked_ineffective_sub | logging.rb:59:35:59:68 | "ca497451f5e883662fb1a37bc9ec7838" :  | logging.rb:69:20:69:50 | password_masked_ineffective_sub | $@ is logged here. | logging.rb:59:35:59:68 | "ca497451f5e883662fb1a37bc9ec7838" | Sensitive data returned by an assignment to password_masked_ineffective_sub |
+| logging.rb:69:20:69:50 | password_masked_ineffective_sub | logging.rb:63:35:63:88 | call to sub :  | logging.rb:69:20:69:50 | password_masked_ineffective_sub | $@ is logged here. | logging.rb:63:35:63:88 | call to sub | Sensitive data returned by an assignment to password_masked_ineffective_sub |
+| logging.rb:71:20:71:51 | password_masked_ineffective_gsub | logging.rb:61:36:61:69 | "a7e3747b19930d4f4b8181047194832f" :  | logging.rb:71:20:71:51 | password_masked_ineffective_gsub | $@ is logged here. | logging.rb:61:36:61:69 | "a7e3747b19930d4f4b8181047194832f" | Sensitive data returned by an assignment to password_masked_ineffective_gsub |
+| logging.rb:71:20:71:51 | password_masked_ineffective_gsub | logging.rb:65:36:65:86 | call to gsub :  | logging.rb:71:20:71:51 | password_masked_ineffective_gsub | $@ is logged here. | logging.rb:65:36:65:86 | call to gsub | Sensitive data returned by an assignment to password_masked_ineffective_gsub |
+| logging.rb:73:20:73:53 | password_masked_ineffective_sub_ex | logging.rb:60:38:60:71 | "ca497451f5e883662fb1a37bc9ec7838" :  | logging.rb:73:20:73:53 | password_masked_ineffective_sub_ex | $@ is logged here. | logging.rb:60:38:60:71 | "ca497451f5e883662fb1a37bc9ec7838" | Sensitive data returned by an assignment to password_masked_ineffective_sub_ex |
+| logging.rb:75:20:75:54 | password_masked_ineffective_gsub_ex | logging.rb:62:39:62:72 | "a7e3747b19930d4f4b8181047194832f" :  | logging.rb:75:20:75:54 | password_masked_ineffective_gsub_ex | $@ is logged here. | logging.rb:62:39:62:72 | "a7e3747b19930d4f4b8181047194832f" | Sensitive data returned by an assignment to password_masked_ineffective_gsub_ex |
+| logging.rb:79:15:79:22 | password | logging.rb:79:15:79:22 | password | logging.rb:79:15:79:22 | password | $@ is logged here. | logging.rb:79:15:79:22 | password | Sensitive data returned by a parameter password |
+| logging.rb:79:15:79:22 | password | logging.rb:82:16:82:49 | "65f2950df2f0e2c38d7ba2ccca767291" :  | logging.rb:79:15:79:22 | password | $@ is logged here. | logging.rb:82:16:82:49 | "65f2950df2f0e2c38d7ba2ccca767291" | Sensitive data returned by an assignment to password_arg |

ruby/ql/test/query-tests/security/cwe-312/CleartextStorage.expected

@@ -44,19 +44,19 @@ nodes
 | app/models/user.rb:17:21:17:32 | new_password | semmle.label | new_password |
 subpaths
 #select
-| app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" :  | app/controllers/users_controller.rb:5:39:5:50 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | an assignment to new_password | app/controllers/users_controller.rb:5:39:5:50 | new_password | here |
-| app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" :  | app/controllers/users_controller.rb:7:41:7:52 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | an assignment to new_password | app/controllers/users_controller.rb:7:41:7:52 | new_password | here |
-| app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" :  | app/controllers/users_controller.rb:13:42:13:53 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | an assignment to new_password | app/controllers/users_controller.rb:13:42:13:53 | new_password | here |
-| app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" :  | app/controllers/users_controller.rb:15:49:15:60 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | an assignment to new_password | app/controllers/users_controller.rb:15:49:15:60 | new_password | here |
-| app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" :  | app/controllers/users_controller.rb:15:87:15:98 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | an assignment to new_password | app/controllers/users_controller.rb:15:87:15:98 | new_password | here |
-| app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" :  | app/controllers/users_controller.rb:21:45:21:56 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | an assignment to new_password | app/controllers/users_controller.rb:21:45:21:56 | new_password | here |
-| app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" :  | app/controllers/users_controller.rb:21:83:21:94 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | an assignment to new_password | app/controllers/users_controller.rb:21:83:21:94 | new_password | here |
-| app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" :  | app/controllers/users_controller.rb:28:27:28:38 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | an assignment to new_password | app/controllers/users_controller.rb:28:27:28:38 | new_password | here |
-| app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" :  | app/controllers/users_controller.rb:30:28:30:39 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | an assignment to new_password | app/controllers/users_controller.rb:30:28:30:39 | new_password | here |
-| app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" | app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" :  | app/controllers/users_controller.rb:37:39:37:50 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" | an assignment to new_password | app/controllers/users_controller.rb:37:39:37:50 | new_password | here |
-| app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" | app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" :  | app/controllers/users_controller.rb:44:21:44:32 | new_password | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" | an assignment to new_password | app/controllers/users_controller.rb:44:21:44:32 | new_password | here |
-| app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" :  | app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | an assignment to new_password | app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | here |
-| app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" :  | app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | Sensitive data returned by $@ is stored $@. | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | an assignment to new_password | app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | here |
-| app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" | app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" :  | app/models/user.rb:5:27:5:38 | new_password | Sensitive data returned by $@ is stored $@. | app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" | an assignment to new_password | app/models/user.rb:5:27:5:38 | new_password | here |
-| app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" | app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" :  | app/models/user.rb:11:22:11:33 | new_password | Sensitive data returned by $@ is stored $@. | app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" | an assignment to new_password | app/models/user.rb:11:22:11:33 | new_password | here |
-| app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" | app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" :  | app/models/user.rb:17:21:17:32 | new_password | Sensitive data returned by $@ is stored $@. | app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" | an assignment to new_password | app/models/user.rb:17:21:17:32 | new_password | here |
+| app/controllers/users_controller.rb:5:39:5:50 | new_password | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" :  | app/controllers/users_controller.rb:5:39:5:50 | new_password | $@ is stored here. | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:7:41:7:52 | new_password | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" :  | app/controllers/users_controller.rb:7:41:7:52 | new_password | $@ is stored here. | app/controllers/users_controller.rb:3:20:3:53 | "043697b96909e03ca907599d6420555f" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:13:42:13:53 | new_password | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" :  | app/controllers/users_controller.rb:13:42:13:53 | new_password | $@ is stored here. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:15:49:15:60 | new_password | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" :  | app/controllers/users_controller.rb:15:49:15:60 | new_password | $@ is stored here. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:15:87:15:98 | new_password | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" :  | app/controllers/users_controller.rb:15:87:15:98 | new_password | $@ is stored here. | app/controllers/users_controller.rb:11:20:11:53 | "083c9e1da4cc0c2f5480bb4dbe6ff141" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:21:45:21:56 | new_password | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" :  | app/controllers/users_controller.rb:21:45:21:56 | new_password | $@ is stored here. | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:21:83:21:94 | new_password | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" :  | app/controllers/users_controller.rb:21:83:21:94 | new_password | $@ is stored here. | app/controllers/users_controller.rb:19:20:19:53 | "504d224a806cf8073cd14ef08242d422" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:28:27:28:38 | new_password | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" :  | app/controllers/users_controller.rb:28:27:28:38 | new_password | $@ is stored here. | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:30:28:30:39 | new_password | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" :  | app/controllers/users_controller.rb:30:28:30:39 | new_password | $@ is stored here. | app/controllers/users_controller.rb:26:20:26:53 | "7d6ae08394c3f284506dca70f05995f6" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:37:39:37:50 | new_password | app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" :  | app/controllers/users_controller.rb:37:39:37:50 | new_password | $@ is stored here. | app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:44:21:44:32 | new_password | app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" :  | app/controllers/users_controller.rb:44:21:44:32 | new_password | $@ is stored here. | app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" :  | app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | $@ is stored here. | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | Sensitive data returned by an assignment to new_password |
+| app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" :  | app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | $@ is stored here. | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | Sensitive data returned by an assignment to new_password |
+| app/models/user.rb:5:27:5:38 | new_password | app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" :  | app/models/user.rb:5:27:5:38 | new_password | $@ is stored here. | app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" | Sensitive data returned by an assignment to new_password |
+| app/models/user.rb:11:22:11:33 | new_password | app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" :  | app/models/user.rb:11:22:11:33 | new_password | $@ is stored here. | app/models/user.rb:9:20:9:53 | "52652fb5c709fb6b9b5a0194af7c6067" | Sensitive data returned by an assignment to new_password |
+| app/models/user.rb:17:21:17:32 | new_password | app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" :  | app/models/user.rb:17:21:17:32 | new_password | $@ is stored here. | app/models/user.rb:15:20:15:53 | "f982bf2531c149a8a1444a951b12e830" | Sensitive data returned by an assignment to new_password |

ruby/ql/test/query-tests/security/cwe-502/oj-global-options/UnsafeDeserialization.expected

@@ -7,4 +7,4 @@ nodes
 | OjGlobalOptions.rb:14:22:14:30 | json_data | semmle.label | json_data |
 subpaths
 #select
-| OjGlobalOptions.rb:14:22:14:30 | json_data | OjGlobalOptions.rb:13:17:13:22 | call to params :  | OjGlobalOptions.rb:14:22:14:30 | json_data | Unsafe deserialization of $@. | OjGlobalOptions.rb:13:17:13:22 | call to params | user input |
+| OjGlobalOptions.rb:14:22:14:30 | json_data | OjGlobalOptions.rb:13:17:13:22 | call to params :  | OjGlobalOptions.rb:14:22:14:30 | json_data | Unsafe deserialization depends on $@. | OjGlobalOptions.rb:13:17:13:22 | call to params | a user-provided value |

ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected

@@ -39,11 +39,11 @@ nodes
 | UnsafeDeserialization.rb:68:23:68:31 | json_data | semmle.label | json_data |
 subpaths
 #select
-| UnsafeDeserialization.rb:10:27:10:41 | serialized_data | UnsafeDeserialization.rb:9:39:9:44 | call to params :  | UnsafeDeserialization.rb:10:27:10:41 | serialized_data | Unsafe deserialization of $@. | UnsafeDeserialization.rb:9:39:9:44 | call to params | user input |
-| UnsafeDeserialization.rb:16:30:16:44 | serialized_data | UnsafeDeserialization.rb:15:39:15:44 | call to params :  | UnsafeDeserialization.rb:16:30:16:44 | serialized_data | Unsafe deserialization of $@. | UnsafeDeserialization.rb:15:39:15:44 | call to params | user input |
-| UnsafeDeserialization.rb:22:24:22:32 | json_data | UnsafeDeserialization.rb:21:17:21:22 | call to params :  | UnsafeDeserialization.rb:22:24:22:32 | json_data | Unsafe deserialization of $@. | UnsafeDeserialization.rb:21:17:21:22 | call to params | user input |
-| UnsafeDeserialization.rb:28:27:28:35 | json_data | UnsafeDeserialization.rb:27:17:27:22 | call to params :  | UnsafeDeserialization.rb:28:27:28:35 | json_data | Unsafe deserialization of $@. | UnsafeDeserialization.rb:27:17:27:22 | call to params | user input |
-| UnsafeDeserialization.rb:40:24:40:32 | yaml_data | UnsafeDeserialization.rb:39:17:39:22 | call to params :  | UnsafeDeserialization.rb:40:24:40:32 | yaml_data | Unsafe deserialization of $@. | UnsafeDeserialization.rb:39:17:39:22 | call to params | user input |
-| UnsafeDeserialization.rb:52:22:52:30 | json_data | UnsafeDeserialization.rb:51:17:51:22 | call to params :  | UnsafeDeserialization.rb:52:22:52:30 | json_data | Unsafe deserialization of $@. | UnsafeDeserialization.rb:51:17:51:22 | call to params | user input |
-| UnsafeDeserialization.rb:53:22:53:30 | json_data | UnsafeDeserialization.rb:51:17:51:22 | call to params :  | UnsafeDeserialization.rb:53:22:53:30 | json_data | Unsafe deserialization of $@. | UnsafeDeserialization.rb:51:17:51:22 | call to params | user input |
-| UnsafeDeserialization.rb:68:23:68:31 | json_data | UnsafeDeserialization.rb:58:17:58:22 | call to params :  | UnsafeDeserialization.rb:68:23:68:31 | json_data | Unsafe deserialization of $@. | UnsafeDeserialization.rb:58:17:58:22 | call to params | user input |
+| UnsafeDeserialization.rb:10:27:10:41 | serialized_data | UnsafeDeserialization.rb:9:39:9:44 | call to params :  | UnsafeDeserialization.rb:10:27:10:41 | serialized_data | Unsafe deserialization depends on $@. | UnsafeDeserialization.rb:9:39:9:44 | call to params | a user-provided value |
+| UnsafeDeserialization.rb:16:30:16:44 | serialized_data | UnsafeDeserialization.rb:15:39:15:44 | call to params :  | UnsafeDeserialization.rb:16:30:16:44 | serialized_data | Unsafe deserialization depends on $@. | UnsafeDeserialization.rb:15:39:15:44 | call to params | a user-provided value |
+| UnsafeDeserialization.rb:22:24:22:32 | json_data | UnsafeDeserialization.rb:21:17:21:22 | call to params :  | UnsafeDeserialization.rb:22:24:22:32 | json_data | Unsafe deserialization depends on $@. | UnsafeDeserialization.rb:21:17:21:22 | call to params | a user-provided value |
+| UnsafeDeserialization.rb:28:27:28:35 | json_data | UnsafeDeserialization.rb:27:17:27:22 | call to params :  | UnsafeDeserialization.rb:28:27:28:35 | json_data | Unsafe deserialization depends on $@. | UnsafeDeserialization.rb:27:17:27:22 | call to params | a user-provided value |
+| UnsafeDeserialization.rb:40:24:40:32 | yaml_data | UnsafeDeserialization.rb:39:17:39:22 | call to params :  | UnsafeDeserialization.rb:40:24:40:32 | yaml_data | Unsafe deserialization depends on $@. | UnsafeDeserialization.rb:39:17:39:22 | call to params | a user-provided value |
+| UnsafeDeserialization.rb:52:22:52:30 | json_data | UnsafeDeserialization.rb:51:17:51:22 | call to params :  | UnsafeDeserialization.rb:52:22:52:30 | json_data | Unsafe deserialization depends on $@. | UnsafeDeserialization.rb:51:17:51:22 | call to params | a user-provided value |
+| UnsafeDeserialization.rb:53:22:53:30 | json_data | UnsafeDeserialization.rb:51:17:51:22 | call to params :  | UnsafeDeserialization.rb:53:22:53:30 | json_data | Unsafe deserialization depends on $@. | UnsafeDeserialization.rb:51:17:51:22 | call to params | a user-provided value |
+| UnsafeDeserialization.rb:68:23:68:31 | json_data | UnsafeDeserialization.rb:58:17:58:22 | call to params :  | UnsafeDeserialization.rb:68:23:68:31 | json_data | Unsafe deserialization depends on $@. | UnsafeDeserialization.rb:58:17:58:22 | call to params | a user-provided value |

ruby/ql/test/query-tests/security/cwe-506/HardcodedDataInterpretedAsCode.expected

@@ -24,6 +24,6 @@ subpaths
 | tst.rb:7:8:7:30 | totally_harmless_string :  | tst.rb:1:7:1:7 | r :  | tst.rb:2:3:2:15 | call to pack :  | tst.rb:7:6:7:31 | call to e |
 | tst.rb:10:11:10:24 | "666f6f626172" :  | tst.rb:1:7:1:7 | r :  | tst.rb:2:3:2:15 | call to pack :  | tst.rb:10:9:10:25 | call to e |
 #select
-| tst.rb:7:6:7:31 | call to e | tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." :  | tst.rb:7:6:7:31 | call to e | Hard-coded data from $@ is interpreted as code. | tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." | here |
-| tst.rb:10:9:10:25 | call to e | tst.rb:10:11:10:24 | "666f6f626172" :  | tst.rb:10:9:10:25 | call to e | Hard-coded data from $@ is interpreted as an import path. | tst.rb:10:11:10:24 | "666f6f626172" | here |
-| tst.rb:17:6:17:38 | call to strip | tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." :  | tst.rb:17:6:17:38 | call to strip | Hard-coded data from $@ is interpreted as code. | tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." | here |
+| tst.rb:7:6:7:31 | call to e | tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." :  | tst.rb:7:6:7:31 | call to e | $@ is interpreted as code. | tst.rb:5:27:5:72 | "707574732822636f646520696e6a6..." | Hard-coded data |
+| tst.rb:10:9:10:25 | call to e | tst.rb:10:11:10:24 | "666f6f626172" :  | tst.rb:10:9:10:25 | call to e | $@ is interpreted as an import path. | tst.rb:10:11:10:24 | "666f6f626172" | Hard-coded data |
+| tst.rb:17:6:17:38 | call to strip | tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." :  | tst.rb:17:6:17:38 | call to strip | $@ is interpreted as code. | tst.rb:16:31:16:84 | "\\x70\\x75\\x74\\x73\\x28\\x27\\x68\\..." | Hard-coded data |

ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected

@@ -37,13 +37,13 @@ nodes
 subpaths
 | UrlRedirect.rb:24:31:24:36 | call to params :  | UrlRedirect.rb:88:21:88:32 | input_params :  | UrlRedirect.rb:89:5:89:29 | call to permit :  | UrlRedirect.rb:24:17:24:37 | call to filter_params |
 #select
-| UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | Untrusted URL redirection due to $@. | UrlRedirect.rb:4:17:4:22 | call to params | a user-provided value |
-| UrlRedirect.rb:9:17:9:28 | ...[...] | UrlRedirect.rb:9:17:9:22 | call to params :  | UrlRedirect.rb:9:17:9:28 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:9:17:9:22 | call to params | a user-provided value |
-| UrlRedirect.rb:14:17:14:43 | call to fetch | UrlRedirect.rb:14:17:14:22 | call to params :  | UrlRedirect.rb:14:17:14:43 | call to fetch | Untrusted URL redirection due to $@. | UrlRedirect.rb:14:17:14:22 | call to params | a user-provided value |
-| UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | UrlRedirect.rb:19:17:19:22 | call to params :  | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | Untrusted URL redirection due to $@. | UrlRedirect.rb:19:17:19:22 | call to params | a user-provided value |
-| UrlRedirect.rb:24:17:24:37 | call to filter_params | UrlRedirect.rb:24:31:24:36 | call to params :  | UrlRedirect.rb:24:17:24:37 | call to filter_params | Untrusted URL redirection due to $@. | UrlRedirect.rb:24:31:24:36 | call to params | a user-provided value |
-| UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | UrlRedirect.rb:34:20:34:25 | call to params :  | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | Untrusted URL redirection due to $@. | UrlRedirect.rb:34:20:34:25 | call to params | a user-provided value |
-| UrlRedirect.rb:58:17:58:28 | ...[...] | UrlRedirect.rb:58:17:58:22 | call to params :  | UrlRedirect.rb:58:17:58:28 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:58:17:58:22 | call to params | a user-provided value |
-| UrlRedirect.rb:63:38:63:49 | ...[...] | UrlRedirect.rb:63:38:63:43 | call to params :  | UrlRedirect.rb:63:38:63:49 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:63:38:63:43 | call to params | a user-provided value |
-| UrlRedirect.rb:68:38:68:49 | ...[...] | UrlRedirect.rb:68:38:68:43 | call to params :  | UrlRedirect.rb:68:38:68:49 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:68:38:68:43 | call to params | a user-provided value |
-| UrlRedirect.rb:73:25:73:36 | ...[...] | UrlRedirect.rb:73:25:73:30 | call to params :  | UrlRedirect.rb:73:25:73:36 | ...[...] | Untrusted URL redirection due to $@. | UrlRedirect.rb:73:25:73:30 | call to params | a user-provided value |
+| UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | UrlRedirect.rb:4:17:4:22 | call to params | Untrusted URL redirection depends on $@. | UrlRedirect.rb:4:17:4:22 | call to params | a user-provided value |
+| UrlRedirect.rb:9:17:9:28 | ...[...] | UrlRedirect.rb:9:17:9:22 | call to params :  | UrlRedirect.rb:9:17:9:28 | ...[...] | Untrusted URL redirection depends on $@. | UrlRedirect.rb:9:17:9:22 | call to params | a user-provided value |
+| UrlRedirect.rb:14:17:14:43 | call to fetch | UrlRedirect.rb:14:17:14:22 | call to params :  | UrlRedirect.rb:14:17:14:43 | call to fetch | Untrusted URL redirection depends on $@. | UrlRedirect.rb:14:17:14:22 | call to params | a user-provided value |
+| UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | UrlRedirect.rb:19:17:19:22 | call to params :  | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | Untrusted URL redirection depends on $@. | UrlRedirect.rb:19:17:19:22 | call to params | a user-provided value |
+| UrlRedirect.rb:24:17:24:37 | call to filter_params | UrlRedirect.rb:24:31:24:36 | call to params :  | UrlRedirect.rb:24:17:24:37 | call to filter_params | Untrusted URL redirection depends on $@. | UrlRedirect.rb:24:31:24:36 | call to params | a user-provided value |
+| UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | UrlRedirect.rb:34:20:34:25 | call to params :  | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | Untrusted URL redirection depends on $@. | UrlRedirect.rb:34:20:34:25 | call to params | a user-provided value |
+| UrlRedirect.rb:58:17:58:28 | ...[...] | UrlRedirect.rb:58:17:58:22 | call to params :  | UrlRedirect.rb:58:17:58:28 | ...[...] | Untrusted URL redirection depends on $@. | UrlRedirect.rb:58:17:58:22 | call to params | a user-provided value |
+| UrlRedirect.rb:63:38:63:49 | ...[...] | UrlRedirect.rb:63:38:63:43 | call to params :  | UrlRedirect.rb:63:38:63:49 | ...[...] | Untrusted URL redirection depends on $@. | UrlRedirect.rb:63:38:63:43 | call to params | a user-provided value |
+| UrlRedirect.rb:68:38:68:49 | ...[...] | UrlRedirect.rb:68:38:68:43 | call to params :  | UrlRedirect.rb:68:38:68:49 | ...[...] | Untrusted URL redirection depends on $@. | UrlRedirect.rb:68:38:68:43 | call to params | a user-provided value |
+| UrlRedirect.rb:73:25:73:36 | ...[...] | UrlRedirect.rb:73:25:73:30 | call to params :  | UrlRedirect.rb:73:25:73:36 | ...[...] | Untrusted URL redirection depends on $@. | UrlRedirect.rb:73:25:73:30 | call to params | a user-provided value |

ruby/ql/test/query-tests/security/cwe-611/Xxe.expected

@@ -54,26 +54,26 @@ nodes
 | Nokogiri.rb:28:26:28:32 | content | semmle.label | content |
 subpaths
 #select
-| LibXmlRuby.rb:4:34:4:40 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:4:34:4:40 | content | A $@ is parsed as XML without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
-| LibXmlRuby.rb:5:32:5:38 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:5:32:5:38 | content | A $@ is parsed as XML without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
-| LibXmlRuby.rb:6:30:6:36 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:6:30:6:36 | content | A $@ is parsed as XML without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
-| LibXmlRuby.rb:7:32:7:38 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:7:32:7:38 | content | A $@ is parsed as XML without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
-| LibXmlRuby.rb:8:30:8:36 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:8:30:8:36 | content | A $@ is parsed as XML without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
-| LibXmlRuby.rb:9:28:9:34 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:9:28:9:34 | content | A $@ is parsed as XML without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
-| LibXmlRuby.rb:11:26:11:32 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:11:26:11:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
-| LibXmlRuby.rb:12:24:12:30 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:12:24:12:30 | content | A $@ is parsed as XML without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:5:26:5:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:5:26:5:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:6:26:6:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:6:26:6:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:7:26:7:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:7:26:7:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:8:26:8:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:8:26:8:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:9:26:9:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:9:26:9:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:11:26:11:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:11:26:11:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:12:26:12:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:12:26:12:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:15:26:15:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:15:26:15:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:16:26:16:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:16:26:16:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:18:26:18:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:18:26:18:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:19:26:19:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:19:26:19:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:22:26:22:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:22:26:22:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:25:26:25:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:25:26:25:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:27:26:27:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:27:26:27:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
-| Nokogiri.rb:28:26:28:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:28:26:28:32 | content | A $@ is parsed as XML without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | user-provided value |
+| LibXmlRuby.rb:4:34:4:40 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:4:34:4:40 | content | XML parsing depends on $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | a user-provided value |
+| LibXmlRuby.rb:5:32:5:38 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:5:32:5:38 | content | XML parsing depends on $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | a user-provided value |
+| LibXmlRuby.rb:6:30:6:36 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:6:30:6:36 | content | XML parsing depends on $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | a user-provided value |
+| LibXmlRuby.rb:7:32:7:38 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:7:32:7:38 | content | XML parsing depends on $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | a user-provided value |
+| LibXmlRuby.rb:8:30:8:36 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:8:30:8:36 | content | XML parsing depends on $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | a user-provided value |
+| LibXmlRuby.rb:9:28:9:34 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:9:28:9:34 | content | XML parsing depends on $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | a user-provided value |
+| LibXmlRuby.rb:11:26:11:32 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:11:26:11:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | a user-provided value |
+| LibXmlRuby.rb:12:24:12:30 | content | LibXmlRuby.rb:3:15:3:20 | call to params :  | LibXmlRuby.rb:12:24:12:30 | content | XML parsing depends on $@ without guarding against external entity expansion. | LibXmlRuby.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:5:26:5:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:5:26:5:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:6:26:6:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:6:26:6:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:7:26:7:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:7:26:7:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:8:26:8:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:8:26:8:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:9:26:9:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:9:26:9:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:11:26:11:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:11:26:11:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:12:26:12:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:12:26:12:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:15:26:15:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:15:26:15:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:16:26:16:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:16:26:16:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:18:26:18:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:18:26:18:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:19:26:19:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:19:26:19:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:22:26:22:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:22:26:22:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:25:26:25:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:25:26:25:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:27:26:27:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:27:26:27:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |
+| Nokogiri.rb:28:26:28:32 | content | Nokogiri.rb:3:15:3:20 | call to params :  | Nokogiri.rb:28:26:28:32 | content | XML parsing depends on $@ without guarding against external entity expansion. | Nokogiri.rb:3:15:3:20 | call to params | a user-provided value |

ruby/ql/test/query-tests/security/cwe-912/HttpToFileAccess.expected

@@ -10,5 +10,5 @@ nodes
 | http_to_file_access.rb:11:18:11:23 | script | semmle.label | script |
 subpaths
 #select
-| http_to_file_access.rb:5:12:5:15 | resp | http_to_file_access.rb:3:8:3:52 | call to body :  | http_to_file_access.rb:5:12:5:15 | resp | $@ flows to file system | http_to_file_access.rb:3:8:3:52 | call to body | Untrusted data |
-| http_to_file_access.rb:11:18:11:23 | script | http_to_file_access.rb:9:16:9:21 | call to params :  | http_to_file_access.rb:11:18:11:23 | script | $@ flows to file system | http_to_file_access.rb:9:16:9:21 | call to params | Untrusted data |
+| http_to_file_access.rb:5:12:5:15 | resp | http_to_file_access.rb:3:8:3:52 | call to body :  | http_to_file_access.rb:5:12:5:15 | resp | $@ flows to file system. | http_to_file_access.rb:3:8:3:52 | call to body | Untrusted data |
+| http_to_file_access.rb:11:18:11:23 | script | http_to_file_access.rb:9:16:9:21 | call to params :  | http_to_file_access.rb:11:18:11:23 | script | $@ flows to file system. | http_to_file_access.rb:9:16:9:21 | call to params | Untrusted data |