Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking

2026-05-02 12:15:17 +02:00 · 2019-08-13 14:06:01 +01:00
parent 2d9d292ee4
commit 7c4a18eee3
17 changed files with 112 additions and 439 deletions
--- a/python/ql/src/semmle/python/dataflow/Implementation.qll
+++ b/python/ql/src/semmle/python/dataflow/Implementation.qll
@@ -214,6 +214,11 @@ class TaintTrackingNode extends TTaintTrackingNode {

 class TaintTrackingImplementation extends string {

+
+    TaintTrackingImplementation() {
+        this instanceof TaintTracking::Configuration
+    }
+
    predicate hasFlowPath(TaintTrackingNode source, TaintTrackingNode sink) {
        this.isPathSource(source) and
        this.isPathSink(sink) and
@@ -221,25 +226,30 @@ class TaintTrackingImplementation extends string {
    }

    predicate flowSource(DataFlow::Node node, TaintTrackingContext context, AttributePath path, TaintKind kind) {
-        this.(TaintTracking::Configuration).isSource(node, kind) and context = TNoParam() and path = TNoAttribute()
-        or
-        exists(TaintSource source |
-            this.(TaintTracking::Configuration).isSource(source) and
-            node.asCfgNode() = source and
-            source.isSourceOf(kind)
-        ) and
-        context = TNoParam() and path = TNoAttribute()
+        context = TNoParam() and path = TNoAttribute() and
+        (
+            this.(TaintTracking::Configuration).isSource(node, kind)
+            or
+            exists(TaintSource source |
+                this.(TaintTracking::Configuration).isSource(source) and
+                node.asCfgNode() = source and
+                source.isSourceOf(kind)
+            )
+        )
    }


    predicate flowSink(DataFlow::Node node, AttributePath path, TaintKind kind) {
-        this.(TaintTracking::Configuration).isSink(node, kind) and path = TNoAttribute()
-        or
-        exists(TaintSink sink |
-            this.(TaintTracking::Configuration).isSink(sink) and
-            node.asCfgNode() = sink and
-            sink.sinks(kind)
-        ) and path = TNoAttribute()
+        path = TNoAttribute() and
+        (
+            this.(TaintTracking::Configuration).isSink(node, kind)
+            or
+            exists(TaintSink sink |
+                this.(TaintTracking::Configuration).isSink(sink) and
+                node.asCfgNode() = sink and
+                sink.sinks(kind)
+            )
+        )
    }

    predicate isPathSource(TaintTrackingNode source) {
@@ -315,7 +325,8 @@ class TaintTrackingImplementation extends string {
        test.getAChild*() = use and
        not test.(UnaryExprNode).getNode().getOp() instanceof Not and
        not Filters::equality_test(test, use, _, _) and
-        not Filters::isinstance(test, _, use)
+        not Filters::isinstance(test, _, use) and
+        not test = use
        or
        testEvaluatesMaybe(not_operand(test), use)
    }
@@ -341,8 +352,6 @@ class TaintTrackingImplementation extends string {
        )
    }

-    TaintTrackingImplementation() { this instanceof TaintTracking::Configuration }
-
    predicate flowStep(TaintTrackingNode src, DataFlow::Node node, TaintTrackingContext context, AttributePath path, TaintKind kind, string edgeLabel) {
        this.unprunedStep(src, node, context, path, kind, edgeLabel) and
        node.getBasicBlock().likelyReachable() and
@@ -710,6 +719,41 @@ class TaintTrackingImplementation extends string {

 }

+/* Backwards compatibility with config-less taint-tracking */
+private class LegacyConfiguration extends TaintTracking::Configuration {
+
+    LegacyConfiguration() {
+        /* A name that won't be accidentally chosen by users */
+        this = "Semmle: Internal legacy configuration"
+    }
+
+    override predicate isSource(DataFlow::Node source, TaintKind kind) {
+        isValid() and
+        exists(TaintSource src |
+            source.asCfgNode() = src and
+            src.isSourceOf(kind)
+        )
+    }
+
+    override predicate isSink(DataFlow::Node sink, TaintKind kind) {
+        isValid() and
+        exists(TaintSink snk |
+            sink.asCfgNode() = snk and
+            snk.sinks(kind)
+        )
+    }
+
+    override predicate isSanitizer(Sanitizer sanitizer) {
+        isValid() and
+        sanitizer = sanitizer
+    }
+
+    private predicate isValid() {
+        not exists(TaintTracking::Configuration config | config != this)
+    }
+
+}
+
 module Implementation {

    /* A call that returns a copy (or similar) of the argument */
--- a/python/ql/src/semmle/python/security/Paths.qll
+++ b/python/ql/src/semmle/python/security/Paths.qll
@@ -3,10 +3,22 @@ import python
 import semmle.python.security.TaintTracking
 private import semmle.python.dataflow.Implementation

-query predicate edges(TaintTrackingNode fromnode, TaintTrackingNode tonode) {
-    fromnode.getASuccessor() = tonode and
-    /* Don't record flow past sinks */
-    not fromnode.isSink()
+private predicate sourceReaches(TaintTrackingNode node) {
+    exists(TaintTrackingNode src |
+        src.getConfiguration() = node.getConfiguration() and
+        src.isSource() and src.getASuccessor*() = node
+    )
 }

+private predicate reachesSink(TaintTrackingNode node) {
+    exists(TaintTrackingNode sink |
+        sink.getConfiguration() = node.getConfiguration() and
+        sink.isSink() and node.getASuccessor*() = sink
+    )
+}

+query predicate edges(TaintTrackingNode fromnode, TaintTrackingNode tonode) {
+    sourceReaches(fromnode) and
+    reachesSink(tonode) and
+    fromnode.getASuccessor() = tonode
+}
--- a/python/ql/src/semmle/python/security/TaintTracking.qll
+++ b/python/ql/src/semmle/python/security/TaintTracking.qll
@@ -822,24 +822,3 @@ private predicate sequence_call(ControlFlowNode fromnode, CallNode tonode) {
    )
 }

-
-class LegacyConfiguration extends TaintTracking::Configuration {
-
-    LegacyConfiguration() { this = "Legacy configuration" }
-
-    override predicate isSource(DataFlow::Node source, TaintKind kind) {
-        exists(TaintSource src |
-            source.asCfgNode() = src and
-            src.isSourceOf(kind)
-        )
-    }
-
-    override predicate isSink(DataFlow::Node sink, TaintKind kind) {
-        exists(TaintSink snk |
-            sink.asCfgNode() = snk and
-            snk.sinks(kind)
-        )
-    }
-
-}
-
--- a/python/ql/test/3/library-tests/web/django/Taint.expected
+++ b/python/ql/test/3/library-tests/web/django/Taint.expected
@@ -1,3 +1,4 @@
+WARNING: Predicate getNode has been deprecated and may be removed in future (Taint.ql:13,54-61)
 | models.py:9 | Attribute | django.db.models.Model.objects |
 | rawsql.py:13 | Attribute | django.db.models.Model.objects |
 | rawsql.py:13 | Attribute() | django.db.models.Model.objects |
--- a/python/ql/test/library-tests/taint/config/RockPaperScissors.expected
+++ b/python/ql/test/library-tests/taint/config/RockPaperScissors.expected
@@ -25,6 +25,7 @@ edges
 | deep.py:18:15:18:17 | simple.test | deep.py:14:8:14:10 | simple.test |
 | deep.py:20:5:20:14 | simple.test | deep.py:22:6:22:6 | simple.test |
 | deep.py:20:8:20:13 | simple.test | deep.py:17:8:17:10 | simple.test |
+| module.py:3:13:3:18 | simple.test | test.py:155:20:155:38 | simple.test |
 | rockpaperscissors.py:24:9:24:12 | rock | rockpaperscissors.py:25:9:25:9 | rock |
 | rockpaperscissors.py:25:9:25:9 | rock | rockpaperscissors.py:25:9:25:16 | scissors |
 | rockpaperscissors.py:25:9:25:16 | scissors | rockpaperscissors.py:25:9:25:23 | paper |
@@ -47,6 +48,7 @@ edges
 | test.py:77:13:77:13 | simple.test | test.py:72:9:72:11 | simple.test |
 | test.py:126:13:126:25 | simple.test | test.py:130:21:130:21 | simple.test |
 | test.py:128:13:128:18 | simple.test | test.py:132:14:132:14 | simple.test |
+| test.py:155:20:155:38 | simple.test | test.py:156:6:156:11 | simple.test |
 | test.py:163:9:163:14 | simple.test | test.py:165:10:165:10 | simple.test |
 | test.py:178:9:178:14 | simple.test | test.py:180:14:180:14 | simple.test |
 | test.py:178:9:178:14 | simple.test | test.py:186:14:186:14 | simple.test |
@@ -60,174 +62,6 @@ edges
 | test.py:213:5:213:33 | simple.test | test.py:214:14:214:14 | simple.test |
 | test.py:213:14:213:32 | iterable.simple | test.py:213:5:213:33 | simple.test |
 | test.py:213:14:213:32 | sequence of simple.test | test.py:213:5:213:33 | simple.test |
-parents
-| carrier.py:13:9:13:11 | explicit.carrier | carrier.py:29:13:29:32 | explicit.carrier |
-| carrier.py:14:12:14:14 | explicit.carrier | carrier.py:29:13:29:32 | explicit.carrier |
-| deep.py:2:8:2:10 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:3:12:3:14 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:3:12:3:14 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:6:12:6:18 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:11:8:11:10 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:11:8:11:10 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:11:8:11:10 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:11:8:11:10 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:11:8:11:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:3:12:3:14 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:6:12:6:18 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:9:12:9:18 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:14:8:14:10 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:14:8:14:10 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:14:8:14:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:3:12:3:14 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:6:12:6:18 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:9:12:9:18 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:12:12:12:18 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:15:15:15:17 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:15:15:15:17 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:15:15:15:17 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:15:15:15:17 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:17:8:17:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:3:12:3:14 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:6:12:6:18 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:9:12:9:18 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:12:12:12:18 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:15:12:15:18 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:18:15:18:17 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:18:15:18:17 | simple.test | deep.py:20:8:20:13 | simple.test |
-| test.py:12:10:12:12 | simple.test | test.py:21:10:21:10 | simple.test |
-| test.py:12:10:12:12 | simple.test | test.py:51:14:51:16 | simple.test |
-| test.py:13:10:13:12 | simple.test | test.py:12:10:12:12 | simple.test |
-| test.py:13:10:13:12 | simple.test | test.py:21:10:21:10 | simple.test |
-| test.py:13:10:13:12 | simple.test | test.py:51:14:51:16 | simple.test |
-| test.py:49:17:49:19 | simple.test | test.py:63:17:63:17 | simple.test |
-| test.py:49:17:49:19 | simple.test | test.py:70:17:70:17 | simple.test |
-| test.py:51:14:51:16 | simple.test | test.py:63:17:63:17 | simple.test |
-| test.py:51:14:51:16 | simple.test | test.py:70:17:70:17 | simple.test |
-| test.py:72:9:72:11 | simple.test | test.py:77:13:77:13 | simple.test |
-| test.py:73:12:73:14 | simple.test | test.py:72:9:72:11 | simple.test |
-| test.py:73:12:73:14 | simple.test | test.py:77:13:77:13 | simple.test |
 #select
 | rockpaperscissors.py:13:10:13:17 | SCISSORS | rockpaperscissors.py:13:10:13:17 | scissors | rockpaperscissors.py:13:10:13:17 | scissors | $@ looses to $@. | rockpaperscissors.py:13:10:13:17 | SCISSORS | scissors | rockpaperscissors.py:13:10:13:17 | SCISSORS | scissors |
 | rockpaperscissors.py:16:11:16:14 | ROCK | rockpaperscissors.py:16:11:16:14 | rock | rockpaperscissors.py:16:11:16:14 | rock | $@ looses to $@. | rockpaperscissors.py:16:11:16:14 | ROCK | rock | rockpaperscissors.py:16:11:16:14 | ROCK | rock |
--- a/python/ql/test/library-tests/taint/config/Simple.expected
+++ b/python/ql/test/library-tests/taint/config/Simple.expected
@@ -25,6 +25,7 @@ edges
 | deep.py:18:15:18:17 | simple.test | deep.py:14:8:14:10 | simple.test |
 | deep.py:20:5:20:14 | simple.test | deep.py:22:6:22:6 | simple.test |
 | deep.py:20:8:20:13 | simple.test | deep.py:17:8:17:10 | simple.test |
+| module.py:3:13:3:18 | simple.test | test.py:155:20:155:38 | simple.test |
 | rockpaperscissors.py:24:9:24:12 | rock | rockpaperscissors.py:25:9:25:9 | rock |
 | rockpaperscissors.py:25:9:25:9 | rock | rockpaperscissors.py:25:9:25:16 | scissors |
 | rockpaperscissors.py:25:9:25:16 | scissors | rockpaperscissors.py:25:9:25:23 | paper |
@@ -47,6 +48,7 @@ edges
 | test.py:77:13:77:13 | simple.test | test.py:72:9:72:11 | simple.test |
 | test.py:126:13:126:25 | simple.test | test.py:130:21:130:21 | simple.test |
 | test.py:128:13:128:18 | simple.test | test.py:132:14:132:14 | simple.test |
+| test.py:155:20:155:38 | simple.test | test.py:156:6:156:11 | simple.test |
 | test.py:163:9:163:14 | simple.test | test.py:165:10:165:10 | simple.test |
 | test.py:178:9:178:14 | simple.test | test.py:180:14:180:14 | simple.test |
 | test.py:178:9:178:14 | simple.test | test.py:186:14:186:14 | simple.test |
@@ -60,174 +62,6 @@ edges
 | test.py:213:5:213:33 | simple.test | test.py:214:14:214:14 | simple.test |
 | test.py:213:14:213:32 | iterable.simple | test.py:213:5:213:33 | simple.test |
 | test.py:213:14:213:32 | sequence of simple.test | test.py:213:5:213:33 | simple.test |
-parents
-| carrier.py:13:9:13:11 | explicit.carrier | carrier.py:29:13:29:32 | explicit.carrier |
-| carrier.py:14:12:14:14 | explicit.carrier | carrier.py:29:13:29:32 | explicit.carrier |
-| deep.py:2:8:2:10 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:2:8:2:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:3:12:3:14 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:5:8:5:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:3:12:3:14 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:6:12:6:18 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:6:15:6:17 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:8:8:8:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:3:12:3:14 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:6:12:6:18 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:9:12:9:18 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:9:15:9:17 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:11:8:11:10 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:11:8:11:10 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:11:8:11:10 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:11:8:11:10 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:11:8:11:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:3:12:3:14 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:6:12:6:18 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:9:12:9:18 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:12:12:12:18 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:12:15:12:17 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:14:8:14:10 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:14:8:14:10 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:14:8:14:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:3:12:3:14 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:6:12:6:18 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:9:12:9:18 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:12:12:12:18 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:15:12:15:18 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:15:15:15:17 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:15:15:15:17 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:15:15:15:17 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:15:15:15:17 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:17:8:17:10 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:2:8:2:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:3:12:3:14 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:5:8:5:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:6:12:6:18 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:6:15:6:17 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:8:8:8:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:9:12:9:18 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:9:15:9:17 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:11:8:11:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:12:12:12:18 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:12:15:12:17 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:14:8:14:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:15:12:15:18 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:15:15:15:17 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:18:15:18:17 | simple.test |
-| deep.py:18:12:18:18 | simple.test | deep.py:20:8:20:13 | simple.test |
-| deep.py:18:15:18:17 | simple.test | deep.py:17:8:17:10 | simple.test |
-| deep.py:18:15:18:17 | simple.test | deep.py:20:8:20:13 | simple.test |
-| test.py:12:10:12:12 | simple.test | test.py:21:10:21:10 | simple.test |
-| test.py:12:10:12:12 | simple.test | test.py:51:14:51:16 | simple.test |
-| test.py:13:10:13:12 | simple.test | test.py:12:10:12:12 | simple.test |
-| test.py:13:10:13:12 | simple.test | test.py:21:10:21:10 | simple.test |
-| test.py:13:10:13:12 | simple.test | test.py:51:14:51:16 | simple.test |
-| test.py:49:17:49:19 | simple.test | test.py:63:17:63:17 | simple.test |
-| test.py:49:17:49:19 | simple.test | test.py:70:17:70:17 | simple.test |
-| test.py:51:14:51:16 | simple.test | test.py:63:17:63:17 | simple.test |
-| test.py:51:14:51:16 | simple.test | test.py:70:17:70:17 | simple.test |
-| test.py:72:9:72:11 | simple.test | test.py:77:13:77:13 | simple.test |
-| test.py:73:12:73:14 | simple.test | test.py:72:9:72:11 | simple.test |
-| test.py:73:12:73:14 | simple.test | test.py:77:13:77:13 | simple.test |
 #select
 | deep.py:22:6:22:6 | x | deep.py:20:8:20:13 | simple.test | deep.py:22:6:22:6 | simple.test | $@ flows to $@. | deep.py:20:8:20:13 | SOURCE | simple.test | deep.py:22:6:22:6 | x | simple.test |
 | test.py:3:10:3:15 | SOURCE | test.py:3:10:3:15 | simple.test | test.py:3:10:3:15 | simple.test | $@ flows to $@. | test.py:3:10:3:15 | SOURCE | simple.test | test.py:3:10:3:15 | SOURCE | simple.test |
@@ -238,6 +72,7 @@ parents
 | test.py:41:14:41:14 | t | test.py:37:13:37:18 | simple.test | test.py:41:14:41:14 | simple.test | $@ flows to $@. | test.py:37:13:37:18 | SOURCE | simple.test | test.py:41:14:41:14 | t | simple.test |
 | test.py:78:10:78:10 | t | test.py:76:9:76:14 | simple.test | test.py:78:10:78:10 | simple.test | $@ flows to $@. | test.py:76:9:76:14 | SOURCE | simple.test | test.py:78:10:78:10 | t | simple.test |
 | test.py:132:14:132:14 | t | test.py:128:13:128:18 | simple.test | test.py:132:14:132:14 | simple.test | $@ flows to $@. | test.py:128:13:128:18 | SOURCE | simple.test | test.py:132:14:132:14 | t | simple.test |
+| test.py:156:6:156:11 | unsafe | module.py:3:13:3:18 | simple.test | test.py:156:6:156:11 | simple.test | $@ flows to $@. | module.py:3:13:3:18 | SOURCE | simple.test | test.py:156:6:156:11 | unsafe | simple.test |
 | test.py:165:10:165:10 | s | test.py:163:9:163:14 | simple.test | test.py:165:10:165:10 | simple.test | $@ flows to $@. | test.py:163:9:163:14 | SOURCE | simple.test | test.py:165:10:165:10 | s | simple.test |
 | test.py:180:14:180:14 | t | test.py:178:9:178:14 | simple.test | test.py:180:14:180:14 | simple.test | $@ flows to $@. | test.py:178:9:178:14 | SOURCE | simple.test | test.py:180:14:180:14 | t | simple.test |
 | test.py:186:14:186:14 | t | test.py:178:9:178:14 | simple.test | test.py:186:14:186:14 | simple.test | $@ flows to $@. | test.py:178:9:178:14 | SOURCE | simple.test | test.py:186:14:186:14 | t | simple.test |
--- a/python/ql/test/library-tests/taint/config/TestNode.expected
+++ b/python/ql/test/library-tests/taint/config/TestNode.expected
@@ -178,6 +178,10 @@
 | simple.test | test.py:148 | SOURCE | no attribute |  |
 | simple.test | test.py:148 | SSA variable t | no attribute |  |
 | simple.test | test.py:149 | t | no attribute |  |
+| simple.test | test.py:155 | GSSA Variable unsafe | no attribute |  |
+| simple.test | test.py:155 | ImportMember | no attribute |  |
+| simple.test | test.py:156 | GSSA Variable unsafe | no attribute |  |
+| simple.test | test.py:156 | unsafe | no attribute |  |
 | simple.test | test.py:159 | SOURCE | no attribute |  |
 | simple.test | test.py:163 | SOURCE | no attribute |  |
 | simple.test | test.py:163 | SSA variable s | no attribute |  |
--- a/python/ql/test/library-tests/taint/config/TestStep.expected
+++ b/python/ql/test/library-tests/taint/config/TestStep.expected
@@ -48,6 +48,7 @@
 | Simple config: | simple.test | deep.py:18 | f5() | Parameter 0(no attribute) is simple.test |  -->  | simple.test | deep.py:20 | f6() |  |
 | Simple config: | simple.test | deep.py:20 | SOURCE |  |  -->  | simple.test | deep.py:17 | arg | Parameter 0(no attribute) is simple.test |
 | Simple config: | simple.test | deep.py:20 | f6() |  |  -->  | simple.test | deep.py:22 | x |  |
+| Simple config: | simple.test | module.py:3 | SOURCE |  |  -->  | simple.test | test.py:155 | ImportMember |  |
 | Simple config: | simple.test | test.py:6 | SOURCE |  |  -->  | simple.test | test.py:7 | s |  |
 | Simple config: | simple.test | test.py:12 | arg | Parameter 0(no attribute) is simple.test |  -->  | simple.test | test.py:13 | arg | Parameter 0(no attribute) is simple.test |
 | Simple config: | simple.test | test.py:20 | SOURCE |  |  -->  | simple.test | test.py:21 | t |  |
@@ -67,6 +68,7 @@
 | Simple config: | simple.test | test.py:128 | SOURCE |  |  -->  | simple.test | test.py:132 | t |  |
 | Simple config: | simple.test | test.py:138 | SOURCE |  |  -->  | simple.test | test.py:140 | t |  |
 | Simple config: | simple.test | test.py:148 | SOURCE |  |  -->  | simple.test | test.py:149 | t |  |
+| Simple config: | simple.test | test.py:155 | ImportMember |  |  -->  | simple.test | test.py:156 | unsafe |  |
 | Simple config: | simple.test | test.py:163 | SOURCE |  |  -->  | simple.test | test.py:164 | s |  |
 | Simple config: | simple.test | test.py:163 | SOURCE |  |  -->  | simple.test | test.py:165 | s |  |
 | Simple config: | simple.test | test.py:168 | SOURCE |  |  -->  | [simple.test] | test.py:168 | List |  |
--- a/python/ql/test/library-tests/taint/general/TaintLib.qll
+++ b/python/ql/test/library-tests/taint/general/TaintLib.qll
@@ -385,4 +385,3 @@ class TaintIterableSource extends TaintSource {
    }

 }
-
--- a/python/ql/test/library-tests/taint/strings/Taint.qll
+++ b/python/ql/test/library-tests/taint/strings/Taint.qll
@@ -43,4 +43,6 @@ class DictSource extends TaintSource {
        result = "dict taint source"
    }

-}
+}
+
+
--- a/python/ql/test/query-tests/Security/CWE-022/PathInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-022/PathInjection.expected
@@ -1,30 +1,18 @@
 edges
-| ../lib/os/path.py:4:14:4:14 | externally controlled string | ../lib/os/path.py:5:12:5:12 | externally controlled string |
-| ../lib/os/path.py:4:14:4:14 | externally controlled string | ../lib/os/path.py:5:12:5:12 | externally controlled string |
-| ../lib/os/path.py:4:14:4:14 | externally controlled string | ../lib/os/path.py:5:12:5:12 | externally controlled string |
 | path_injection.py:9:12:9:23 | dict of externally controlled string | path_injection.py:9:12:9:39 | externally controlled string |
 | path_injection.py:9:12:9:39 | externally controlled string | path_injection.py:10:40:10:43 | externally controlled string |
 | path_injection.py:10:40:10:43 | externally controlled string | path_injection.py:10:14:10:44 | externally controlled string |
 | path_injection.py:15:12:15:23 | dict of externally controlled string | path_injection.py:15:12:15:39 | externally controlled string |
 | path_injection.py:15:12:15:39 | externally controlled string | path_injection.py:16:56:16:59 | externally controlled string |
 | path_injection.py:16:13:16:61 | normalized path | path_injection.py:17:14:17:18 | normalized path |
-| path_injection.py:16:30:16:60 | externally controlled string | ../lib/os/path.py:4:14:4:14 | externally controlled string |
 | path_injection.py:16:30:16:60 | externally controlled string | path_injection.py:16:13:16:61 | normalized path |
 | path_injection.py:16:56:16:59 | externally controlled string | path_injection.py:16:30:16:60 | externally controlled string |
 | path_injection.py:24:12:24:23 | dict of externally controlled string | path_injection.py:24:12:24:39 | externally controlled string |
 | path_injection.py:24:12:24:39 | externally controlled string | path_injection.py:25:56:25:59 | externally controlled string |
-| path_injection.py:25:13:25:61 | normalized path | path_injection.py:26:8:26:12 | normalized path |
 | path_injection.py:25:13:25:61 | normalized path | path_injection.py:28:14:28:18 | normalized path |
-| path_injection.py:25:30:25:60 | externally controlled string | ../lib/os/path.py:4:14:4:14 | externally controlled string |
 | path_injection.py:25:30:25:60 | externally controlled string | path_injection.py:25:13:25:61 | normalized path |
 | path_injection.py:25:56:25:59 | externally controlled string | path_injection.py:25:30:25:60 | externally controlled string |
-| path_injection.py:33:12:33:23 | dict of externally controlled string | path_injection.py:33:12:33:39 | externally controlled string |
-| path_injection.py:33:12:33:39 | externally controlled string | path_injection.py:34:56:34:59 | externally controlled string |
-| path_injection.py:34:13:34:61 | normalized path | path_injection.py:35:8:35:12 | normalized path |
-| path_injection.py:34:30:34:60 | externally controlled string | ../lib/os/path.py:4:14:4:14 | externally controlled string |
-| path_injection.py:34:30:34:60 | externally controlled string | path_injection.py:34:13:34:61 | normalized path |
-| path_injection.py:34:56:34:59 | externally controlled string | path_injection.py:34:30:34:60 | externally controlled string |
 #select
-| path_injection.py:10:14:10:44 | argument to open() | path_injection.py:9:12:9:23 | dict of externally controlled string | path_injection.py:10:14:10:44 | externally controlled string | This path depends on $@. | path_injection.py:9:12:9:23 | flask.request.args | a user-provided value |
-| path_injection.py:17:14:17:18 | argument to open() | path_injection.py:15:12:15:23 | dict of externally controlled string | path_injection.py:17:14:17:18 | normalized path | This path depends on $@. | path_injection.py:15:12:15:23 | flask.request.args | a user-provided value |
-| path_injection.py:28:14:28:18 | argument to open() | path_injection.py:24:12:24:23 | dict of externally controlled string | path_injection.py:28:14:28:18 | normalized path | This path depends on $@. | path_injection.py:24:12:24:23 | flask.request.args | a user-provided value |
+| path_injection.py:10:14:10:44 | Attribute() | path_injection.py:9:12:9:23 | dict of externally controlled string | path_injection.py:10:14:10:44 | externally controlled string | This path depends on $@. | path_injection.py:9:12:9:23 | Attribute | a user-provided value |
+| path_injection.py:17:14:17:18 | npath | path_injection.py:15:12:15:23 | dict of externally controlled string | path_injection.py:17:14:17:18 | normalized path | This path depends on $@. | path_injection.py:15:12:15:23 | Attribute | a user-provided value |
+| path_injection.py:28:14:28:18 | npath | path_injection.py:24:12:24:23 | dict of externally controlled string | path_injection.py:28:14:28:18 | normalized path | This path depends on $@. | path_injection.py:24:12:24:23 | Attribute | a user-provided value |
--- a/python/ql/test/query-tests/Security/CWE-022/TarSlip.expected
+++ b/python/ql/test/query-tests/Security/CWE-022/TarSlip.expected
@@ -1,31 +1,14 @@
 edges
 | tarslip.py:12:7:12:39 | tarfile.open | tarslip.py:13:1:13:3 | tarfile.open |
-| tarslip.py:12:7:12:39 | tarfile.open | tarslip.py:14:1:14:3 | tarfile.open |
 | tarslip.py:16:7:16:39 | tarfile.open | tarslip.py:17:14:17:16 | tarfile.open |
-| tarslip.py:16:7:16:39 | tarfile.open | tarslip.py:18:5:18:7 | tarfile.open |
 | tarslip.py:17:1:17:17 | tarfile.entry | tarslip.py:18:17:18:21 | tarfile.entry |
 | tarslip.py:17:14:17:16 | tarfile.open | tarslip.py:17:1:17:17 | tarfile.entry |
-| tarslip.py:26:7:26:39 | tarfile.open | tarslip.py:27:14:27:16 | tarfile.open |
-| tarslip.py:26:7:26:39 | tarfile.open | tarslip.py:30:5:30:7 | tarfile.open |
-| tarslip.py:27:1:27:17 | tarfile.entry | tarslip.py:28:22:28:26 | tarfile.entry |
-| tarslip.py:27:14:27:16 | tarfile.open | tarslip.py:27:1:27:17 | tarfile.entry |
-| tarslip.py:28:22:28:26 | tarfile.entry | tarslip.py:28:22:28:31 | tarfile.entry |
 | tarslip.py:33:7:33:39 | tarfile.open | tarslip.py:34:14:34:16 | tarfile.open |
-| tarslip.py:33:7:33:39 | tarfile.open | tarslip.py:37:5:37:7 | tarfile.open |
-| tarslip.py:34:1:34:17 | tarfile.entry | tarslip.py:35:16:35:20 | tarfile.entry |
 | tarslip.py:34:1:34:17 | tarfile.entry | tarslip.py:37:17:37:21 | tarfile.entry |
 | tarslip.py:34:14:34:16 | tarfile.open | tarslip.py:34:1:34:17 | tarfile.entry |
-| tarslip.py:35:16:35:20 | tarfile.entry | tarslip.py:35:16:35:25 | tarfile.entry |
-| tarslip.py:40:7:40:39 | tarfile.open | tarslip.py:41:1:41:3 | tarfile.open |
 | tarslip.py:40:7:40:39 | tarfile.open | tarslip.py:41:24:41:26 | tarfile.open |
-| tarslip.py:45:17:45:23 | tarfile.open | tarslip.py:46:17:46:23 | tarfile.open |
-| tarslip.py:46:5:46:24 | tarfile.entry | tarslip.py:47:20:47:23 | tarfile.entry |
-| tarslip.py:46:17:46:23 | tarfile.open | tarslip.py:46:5:46:24 | tarfile.entry |
-| tarslip.py:51:7:51:39 | tarfile.open | tarslip.py:52:1:52:3 | tarfile.open |
-| tarslip.py:51:7:51:39 | tarfile.open | tarslip.py:52:36:52:38 | tarfile.open |
-| tarslip.py:52:36:52:38 | tarfile.open | tarslip.py:45:17:45:23 | tarfile.open |
 #select
-| tarslip.py:13:1:13:3 | Taint sink | tarslip.py:12:7:12:39 | tarfile.open | tarslip.py:13:1:13:3 | tarfile.open | Extraction of tarfile from $@ | tarslip.py:12:7:12:39 | Taint source | a potentially untrusted source |
-| tarslip.py:18:17:18:21 | Taint sink | tarslip.py:16:7:16:39 | tarfile.open | tarslip.py:18:17:18:21 | tarfile.entry | Extraction of tarfile from $@ | tarslip.py:16:7:16:39 | Taint source | a potentially untrusted source |
-| tarslip.py:37:17:37:21 | Taint sink | tarslip.py:33:7:33:39 | tarfile.open | tarslip.py:37:17:37:21 | tarfile.entry | Extraction of tarfile from $@ | tarslip.py:33:7:33:39 | Taint source | a potentially untrusted source |
-| tarslip.py:41:24:41:26 | Taint sink | tarslip.py:40:7:40:39 | tarfile.open | tarslip.py:41:24:41:26 | tarfile.open | Extraction of tarfile from $@ | tarslip.py:40:7:40:39 | Taint source | a potentially untrusted source |
+| tarslip.py:13:1:13:3 | tar | tarslip.py:12:7:12:39 | tarfile.open | tarslip.py:13:1:13:3 | tarfile.open | Extraction of tarfile from $@ | tarslip.py:12:7:12:39 | Attribute() | a potentially untrusted source |
+| tarslip.py:18:17:18:21 | entry | tarslip.py:16:7:16:39 | tarfile.open | tarslip.py:18:17:18:21 | tarfile.entry | Extraction of tarfile from $@ | tarslip.py:16:7:16:39 | Attribute() | a potentially untrusted source |
+| tarslip.py:37:17:37:21 | entry | tarslip.py:33:7:33:39 | tarfile.open | tarslip.py:37:17:37:21 | tarfile.entry | Extraction of tarfile from $@ | tarslip.py:33:7:33:39 | Attribute() | a potentially untrusted source |
+| tarslip.py:41:24:41:26 | tar | tarslip.py:40:7:40:39 | tarfile.open | tarslip.py:41:24:41:26 | tarfile.open | Extraction of tarfile from $@ | tarslip.py:40:7:40:39 | Attribute() | a potentially untrusted source |
--- a/python/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
@@ -8,12 +8,11 @@ edges
 | command_injection.py:24:11:24:22 | dict of externally controlled string | command_injection.py:24:11:24:37 | externally controlled string |
 | command_injection.py:24:11:24:37 | externally controlled string | command_injection.py:25:23:25:25 | externally controlled string |
 | command_injection.py:25:23:25:25 | externally controlled string | command_injection.py:25:22:25:36 | first item in sequence of externally controlled string |
-| command_injection.py:25:23:25:25 | externally controlled string | command_injection.py:25:22:25:36 | sequence of externally controlled string |
 | command_injection.py:30:13:30:24 | dict of externally controlled string | command_injection.py:30:13:30:41 | externally controlled string |
 | command_injection.py:30:13:30:41 | externally controlled string | command_injection.py:32:22:32:26 | externally controlled string |
 | command_injection.py:32:22:32:26 | externally controlled string | command_injection.py:32:14:32:26 | externally controlled string |
 #select
-| command_injection.py:12:15:12:27 | shell command | command_injection.py:10:13:10:24 | dict of externally controlled string | command_injection.py:12:15:12:27 | externally controlled string | This command depends on $@. | command_injection.py:10:13:10:24 | flask.request.args | a user-provided value |
-| command_injection.py:19:22:19:34 | shell command | command_injection.py:17:13:17:24 | dict of externally controlled string | command_injection.py:19:22:19:34 | sequence of externally controlled string | This command depends on $@. | command_injection.py:17:13:17:24 | flask.request.args | a user-provided value |
-| command_injection.py:25:22:25:36 | OS command first argument | command_injection.py:24:11:24:22 | dict of externally controlled string | command_injection.py:25:22:25:36 | first item in sequence of externally controlled string | This command depends on $@. | command_injection.py:24:11:24:22 | flask.request.args | a user-provided value |
-| command_injection.py:32:14:32:26 | shell command | command_injection.py:30:13:30:24 | dict of externally controlled string | command_injection.py:32:14:32:26 | externally controlled string | This command depends on $@. | command_injection.py:30:13:30:24 | flask.request.args | a user-provided value |
+| command_injection.py:12:15:12:27 | BinaryExpr | command_injection.py:10:13:10:24 | dict of externally controlled string | command_injection.py:12:15:12:27 | externally controlled string | This command depends on $@. | command_injection.py:10:13:10:24 | Attribute | a user-provided value |
+| command_injection.py:19:22:19:34 | List | command_injection.py:17:13:17:24 | dict of externally controlled string | command_injection.py:19:22:19:34 | sequence of externally controlled string | This command depends on $@. | command_injection.py:17:13:17:24 | Attribute | a user-provided value |
+| command_injection.py:25:22:25:36 | List | command_injection.py:24:11:24:22 | dict of externally controlled string | command_injection.py:25:22:25:36 | first item in sequence of externally controlled string | This command depends on $@. | command_injection.py:24:11:24:22 | Attribute | a user-provided value |
+| command_injection.py:32:14:32:26 | BinaryExpr | command_injection.py:30:13:30:24 | dict of externally controlled string | command_injection.py:32:14:32:26 | externally controlled string | This command depends on $@. | command_injection.py:30:13:30:24 | Attribute | a user-provided value |
--- a/python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
+++ b/python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
@@ -1,15 +1,8 @@
 edges
-| ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | ../lib/flask/__init__.py:15:19:15:20 | externally controlled string |
 | ../lib/flask/__init__.py:14:19:14:20 | externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string |
-| ../lib/flask/__init__.py:22:12:22:14 | externally controlled string | ../lib/flask/__init__.py:23:26:23:28 | externally controlled string |
-| jinja2_escaping.py:14:12:14:23 | dict of externally controlled string | jinja2_escaping.py:14:12:14:39 | externally controlled string |
-| jinja2_escaping.py:14:12:14:39 | externally controlled string | jinja2_escaping.py:16:47:16:50 | externally controlled string |
 | reflected_xss.py:7:18:7:29 | dict of externally controlled string | reflected_xss.py:7:18:7:45 | externally controlled string |
 | reflected_xss.py:7:18:7:45 | externally controlled string | reflected_xss.py:8:44:8:53 | externally controlled string |
 | reflected_xss.py:8:26:8:53 | externally controlled string | ../lib/flask/__init__.py:14:19:14:20 | externally controlled string |
 | reflected_xss.py:8:44:8:53 | externally controlled string | reflected_xss.py:8:26:8:53 | externally controlled string |
-| reflected_xss.py:12:18:12:29 | dict of externally controlled string | reflected_xss.py:12:18:12:45 | externally controlled string |
-| reflected_xss.py:12:18:12:45 | externally controlled string | reflected_xss.py:13:51:13:60 | externally controlled string |
-| reflected_xss.py:13:51:13:60 | externally controlled string | ../lib/flask/__init__.py:22:12:22:14 | externally controlled string |
 #select
-| ../lib/flask/__init__.py:16:25:16:26 | flask.response.argument | reflected_xss.py:7:18:7:29 | dict of externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | flask.request.args | user-provided value |
+| ../lib/flask/__init__.py:16:25:16:26 | rv | reflected_xss.py:7:18:7:29 | dict of externally controlled string | ../lib/flask/__init__.py:16:25:16:26 | externally controlled string | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | Attribute | user-provided value |
--- a/python/ql/test/query-tests/Security/CWE-094/CodeInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-094/CodeInjection.expected
@@ -1,10 +1,8 @@
 edges
-| code_injection.py:4:20:4:26 | django.request.HttpRequest | code_injection.py:5:8:5:14 | django.request.HttpRequest |
 | code_injection.py:4:20:4:26 | django.request.HttpRequest | code_injection.py:6:22:6:28 | django.request.HttpRequest |
 | code_injection.py:6:22:6:28 | django.request.HttpRequest | code_injection.py:6:22:6:33 | django.http.request.QueryDict |
 | code_injection.py:6:22:6:33 | django.http.request.QueryDict | code_injection.py:6:22:6:55 | externally controlled string |
 | code_injection.py:6:22:6:55 | externally controlled string | code_injection.py:7:34:7:43 | externally controlled string |
-| code_injection.py:7:34:7:43 | externally controlled string | ../lib/base64.py:1:18:1:18 | externally controlled string |
 | code_injection.py:7:34:7:43 | externally controlled string | code_injection.py:7:14:7:44 | externally controlled string |
 #select
-| code_injection.py:7:14:7:44 | exec or eval | code_injection.py:4:20:4:26 | django.request.HttpRequest | code_injection.py:7:14:7:44 | externally controlled string | $@ flows to here and is interpreted as code. | code_injection.py:4:20:4:26 | Django request source | User-provided value |
+| code_injection.py:7:14:7:44 | Attribute() | code_injection.py:4:20:4:26 | django.request.HttpRequest | code_injection.py:7:14:7:44 | externally controlled string | $@ flows to here and is interpreted as code. | code_injection.py:4:20:4:26 | request | User-provided value |
--- a/python/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
+++ b/python/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
@@ -5,5 +5,5 @@ edges
 | test.py:37:12:37:27 | exception info | test.py:34:16:34:32 | exception info |
 | test.py:37:25:37:27 | exception info | test.py:37:12:37:27 | exception info |
 #select
-| test.py:16:16:16:37 | flask.routed.response | test.py:16:16:16:37 | exception info | test.py:16:16:16:37 | exception info | $@ may be exposed to an external user | test.py:16:16:16:37 | exception.info.source | Error information |
-| test.py:34:16:34:32 | flask.routed.response | test.py:33:15:33:36 | exception info | test.py:34:16:34:32 | exception info | $@ may be exposed to an external user | test.py:33:15:33:36 | exception.info.source | Error information |
+| test.py:16:16:16:37 | Attribute() | test.py:16:16:16:37 | exception info | test.py:16:16:16:37 | exception info | $@ may be exposed to an external user | test.py:16:16:16:37 | Attribute() | Error information |
+| test.py:34:16:34:32 | format_error() | test.py:33:15:33:36 | exception info | test.py:34:16:34:32 | exception info | $@ may be exposed to an external user | test.py:33:15:33:36 | Attribute() | Error information |
--- a/python/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected
+++ b/python/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected
@@ -5,7 +5,7 @@ edges
 | test.py:11:15:11:41 | externally controlled string | test.py:14:19:14:25 | externally controlled string |
 | test.py:11:15:11:41 | externally controlled string | test.py:16:16:16:22 | externally controlled string |
 #select
-| test.py:12:18:12:24 | unpickling untrusted data | test.py:11:15:11:26 | dict of externally controlled string | test.py:12:18:12:24 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
-| test.py:13:15:13:21 | yaml.load vulnerability | test.py:11:15:11:26 | dict of externally controlled string | test.py:13:15:13:21 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
-| test.py:14:19:14:25 | unmarshaling vulnerability | test.py:11:15:11:26 | dict of externally controlled string | test.py:14:19:14:25 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
-| test.py:16:16:16:22 | unpickling untrusted data | test.py:11:15:11:26 | dict of externally controlled string | test.py:16:16:16:22 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | flask.request.args | untrusted input |
+| test.py:12:18:12:24 | payload | test.py:11:15:11:26 | dict of externally controlled string | test.py:12:18:12:24 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | Attribute | untrusted input |
+| test.py:13:15:13:21 | payload | test.py:11:15:11:26 | dict of externally controlled string | test.py:13:15:13:21 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | Attribute | untrusted input |
+| test.py:14:19:14:25 | payload | test.py:11:15:11:26 | dict of externally controlled string | test.py:14:19:14:25 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | Attribute | untrusted input |
+| test.py:16:16:16:22 | payload | test.py:11:15:11:26 | dict of externally controlled string | test.py:16:16:16:22 | externally controlled string | Deserializing of $@. | test.py:11:15:11:26 | Attribute | untrusted input |