Merge pull request #8604 from erik-krogh/httpNode

JS: refactor most library models away from AST nodes
2026-04-30 11:15:13 +02:00 · 2022-09-09 10:04:17 +02:00
parent 25b988d179 4e14177614
commit 9893650f7c
153 changed files with 1924 additions and 1163 deletions
--- a/javascript/ql/test/experimental/PoI/TestCustomPoIs.ql
+++ b/javascript/ql/test/experimental/PoI/TestCustomPoIs.ql
@@ -16,7 +16,7 @@ class RouteHandlerAndSetupPoI extends ActivePoI {
  RouteHandlerAndSetupPoI() { this = "RouteHandlerAndSetupPoI" }

  override predicate is(Node l0, Node l1, string t1) {
-    l1.asExpr().(Express::RouteSetup).getARouteHandler() = l0 and t1 = "setup"
+    l1.(Express::RouteSetup).getARouteHandler() = l0 and t1 = "setup"
  }
 }

@@ -24,9 +24,9 @@ class RouteSetupAndRouterAndRouteHandlerPoI extends ActivePoI {
  RouteSetupAndRouterAndRouteHandlerPoI() { this = "RouteSetupAndRouterAndRouteHandlerPoI" }

  override predicate is(Node l0, Node l1, string t1, Node l2, string t2) {
-    l0.asExpr().(Express::RouteSetup).getRouter().flow() = l1 and
+    l0.(Express::RouteSetup).getRouter() = l1 and
    t1 = "router" and
-    l0.asExpr().(Express::RouteSetup).getARouteHandler() = l2 and
+    l0.(Express::RouteSetup).getARouteHandler() = l2 and
    t2 = "routehandler"
  }
 }
--- a/javascript/ql/test/library-tests/SensitiveActions/tests.ql
+++ b/javascript/ql/test/library-tests/SensitiveActions/tests.ql
@@ -20,4 +20,4 @@ query predicate processTermination(NodeJSLib::ProcessTermination term) { any() }

 query predicate sensitiveAction(SensitiveAction ac) { any() }

-query predicate sensitiveExpr(SensitiveExpr e) { any() }
+query predicate sensitiveExpr(SensitiveNode e) { any() }
--- a/javascript/ql/test/library-tests/frameworks/AngularJS/dependency-dataflow/ScopeMethodCalls.ql
+++ b/javascript/ql/test/library-tests/frameworks/AngularJS/dependency-dataflow/ScopeMethodCalls.ql
@@ -1,5 +1,5 @@
 import javascript

-from AngularJS::ScopeServiceReference s, MethodCallExpr mce
+from AngularJS::ScopeServiceReference s, DataFlow::MethodCallNode mce
 where mce = s.getAMethodCall(_)
 select mce
--- a/javascript/ql/test/library-tests/frameworks/AngularJS/dependency-resolution/DependencyResolution_full.ql
+++ b/javascript/ql/test/library-tests/frameworks/AngularJS/dependency-resolution/DependencyResolution_full.ql
@@ -1,6 +1,6 @@
 import javascript
 private import AngularJS

-from InjectableFunction f, SimpleParameter p, DataFlow::Node nd
+from InjectableFunction f, DataFlow::ParameterNode p, DataFlow::Node nd
 where nd = f.getCustomServiceDependency(p)
 select p.getName(), nd
--- a/javascript/ql/test/library-tests/frameworks/AngularJS/scopes/ScopeAccess.expected
+++ b/javascript/ql/test/library-tests/frameworks/AngularJS/scopes/ScopeAccess.expected
@@ -1,92 +1,137 @@
 | isolate scope for directive1 | scope-access.js:4:41:4:45 | scope |
+| isolate scope for directive1 | scope-access.js:4:41:4:45 | scope |
 | isolate scope for directive1 | scope-access.js:5:17:5:21 | scope |
 | isolate scope for directive1 | scope-access.js:7:20:7:21 | {} |
 | isolate scope for directive2 | scope-access.js:12:34:12:39 | $scope |
+| isolate scope for directive2 | scope-access.js:12:34:12:39 | $scope |
 | isolate scope for directive2 | scope-access.js:13:17:13:22 | $scope |
 | isolate scope for directive2 | scope-access.js:15:20:15:21 | {} |
 | isolate scope for directive3 | scope-access.js:20:39:20:44 | $scope |
+| isolate scope for directive3 | scope-access.js:20:39:20:44 | $scope |
 | isolate scope for directive3 | scope-access.js:21:17:21:22 | $scope |
 | isolate scope for directive3 | scope-access.js:23:20:23:21 | {} |
 | isolate scope for directive4 | scope-access.js:28:45:28:45 | a |
+| isolate scope for directive4 | scope-access.js:28:45:28:45 | a |
 | isolate scope for directive4 | scope-access.js:29:17:29:17 | a |
 | isolate scope for directive4 | scope-access.js:31:20:31:21 | {} |
+| isolate scope for directive5 | scope-access.js:36:25:36:24 | this |
 | isolate scope for directive5 | scope-access.js:37:17:37:20 | this |
 | isolate scope for directive5 | scope-access.js:39:20:39:21 | {} |
+| isolate scope for directive6 | scope-access.js:45:25:45:24 | this |
+| isolate scope for directive6 | scope-access.js:46:18:46:26 | return of anonymous function |
 | isolate scope for directive6 | scope-access.js:46:23:46:26 | this |
 | isolate scope for directive6 | scope-access.js:48:20:48:21 | {} |
 | isolate scope for myCustomer | dev-guide-5.js:11:12:13:5 | { // Sc ... y\\n    } |
 | isolate scope for myCustomer | dev-guide-6.js:11:12:13:5 | { // Sc ... y\\n    } |
 | scope for <directive7>...</> | scope-access.js:54:34:54:39 | $scope |
+| scope for <directive7>...</> | scope-access.js:54:34:54:39 | $scope |
 | scope for <directive7>...</> | scope-access.js:55:17:55:22 | $scope |
 | scope for <div>...</> | dev-guide-1.js:4:49:4:54 | $scope |
+| scope for <div>...</> | dev-guide-1.js:4:49:4:54 | $scope |
+| scope for <div>...</> | dev-guide-1.js:4:49:4:54 | $scope |
 | scope for <div>...</> | dev-guide-1.js:5:3:5:8 | $scope |
 | scope for <div>...</> | dev-guide-1.js:7:3:7:8 | $scope |
+| scope for <div>...</> | dev-guide-1.js:7:21:7:20 | $scope |
 | scope for <div>...</> | dev-guide-1.js:8:5:8:10 | $scope |
 | scope for <div>...</> | dev-guide-1.js:8:34:8:39 | $scope |
 | scope for <div>...</> | dev-guide-2.js:4:66:4:71 | $scope |
+| scope for <div>...</> | dev-guide-2.js:4:66:4:71 | $scope |
 | scope for <div>...</> | dev-guide-2.js:5:3:5:8 | $scope |
 | scope for <div>...</> | dev-guide-2.js:8:51:8:56 | $scope |
+| scope for <div>...</> | dev-guide-2.js:8:51:8:56 | $scope |
 | scope for <div>...</> | dev-guide-2.js:9:3:9:8 | $scope |
 | scope for <div>...</> | dev-guide-3.js:4:52:4:57 | $scope |
+| scope for <div>...</> | dev-guide-3.js:4:52:4:57 | $scope |
+| scope for <div>...</> | dev-guide-3.js:4:52:4:57 | $scope |
 | scope for <div>...</> | dev-guide-3.js:5:3:5:8 | $scope |
 | scope for <div>...</> | dev-guide-3.js:6:3:6:8 | $scope |
+| scope for <div>...</> | dev-guide-3.js:6:25:6:24 | $scope |
 | scope for <div>...</> | dev-guide-3.js:7:5:7:10 | $scope |
 | scope for <div>...</> | dev-guide-4.js:4:52:4:57 | $scope |
+| scope for <div>...</> | dev-guide-4.js:4:52:4:57 | $scope |
 | scope for <div>...</> | dev-guide-4.js:5:3:5:8 | $scope |
 | scope for <div>...</> | dev-guide-4.js:10:51:10:56 | $scope |
+| scope for <div>...</> | dev-guide-4.js:10:51:10:56 | $scope |
 | scope for <div>...</> | dev-guide-4.js:11:3:11:8 | $scope |
 | scope for <div>...</> | dev-guide-5.js:4:47:4:52 | $scope |
 | scope for <div>...</> | dev-guide-5.js:4:47:4:52 | $scope |
+| scope for <div>...</> | dev-guide-5.js:4:47:4:52 | $scope |
+| scope for <div>...</> | dev-guide-5.js:4:47:4:52 | $scope |
 | scope for <div>...</> | dev-guide-5.js:5:3:5:8 | $scope |
 | scope for <div>...</> | dev-guide-5.js:5:3:5:8 | $scope |
 | scope for <div>...</> | dev-guide-5.js:6:3:6:8 | $scope |
 | scope for <div>...</> | dev-guide-5.js:6:3:6:8 | $scope |
 | scope for <div>...</> | dev-guide-6.js:4:47:4:52 | $scope |
 | scope for <div>...</> | dev-guide-6.js:4:47:4:52 | $scope |
+| scope for <div>...</> | dev-guide-6.js:4:47:4:52 | $scope |
+| scope for <div>...</> | dev-guide-6.js:4:47:4:52 | $scope |
 | scope for <div>...</> | dev-guide-6.js:5:3:5:8 | $scope |
 | scope for <div>...</> | dev-guide-6.js:5:3:5:8 | $scope |
 | scope for <div>...</> | dev-guide-6.js:6:3:6:8 | $scope |
 | scope for <div>...</> | dev-guide-6.js:6:3:6:8 | $scope |
 | scope for <elementthatusescontroller1>...</> | scope-access.js:59:52:59:57 | $scope |
+| scope for <elementthatusescontroller1>...</> | scope-access.js:59:52:59:57 | $scope |
 | scope for <elementthatusescontroller1>...</> | scope-access.js:60:9:60:14 | $scope |
 | scope for <li>...</> | dev-guide-3.js:4:52:4:57 | $scope |
 | scope for <li>...</> | dev-guide-3.js:4:52:4:57 | $scope |
+| scope for <li>...</> | dev-guide-3.js:4:52:4:57 | $scope |
+| scope for <li>...</> | dev-guide-3.js:4:52:4:57 | $scope |
+| scope for <li>...</> | dev-guide-3.js:4:52:4:57 | $scope |
+| scope for <li>...</> | dev-guide-3.js:4:52:4:57 | $scope |
 | scope for <li>...</> | dev-guide-3.js:5:3:5:8 | $scope |
 | scope for <li>...</> | dev-guide-3.js:5:3:5:8 | $scope |
 | scope for <li>...</> | dev-guide-3.js:6:3:6:8 | $scope |
 | scope for <li>...</> | dev-guide-3.js:6:3:6:8 | $scope |
+| scope for <li>...</> | dev-guide-3.js:6:25:6:24 | $scope |
+| scope for <li>...</> | dev-guide-3.js:6:25:6:24 | $scope |
 | scope for <li>...</> | dev-guide-3.js:7:5:7:10 | $scope |
 | scope for <li>...</> | dev-guide-3.js:7:5:7:10 | $scope |
 | scope in dev-guide-1.html | dev-guide-1.js:4:49:4:54 | $scope |
+| scope in dev-guide-1.html | dev-guide-1.js:4:49:4:54 | $scope |
+| scope in dev-guide-1.html | dev-guide-1.js:4:49:4:54 | $scope |
 | scope in dev-guide-1.html | dev-guide-1.js:5:3:5:8 | $scope |
 | scope in dev-guide-1.html | dev-guide-1.js:7:3:7:8 | $scope |
+| scope in dev-guide-1.html | dev-guide-1.js:7:21:7:20 | $scope |
 | scope in dev-guide-1.html | dev-guide-1.js:8:5:8:10 | $scope |
 | scope in dev-guide-1.html | dev-guide-1.js:8:34:8:39 | $scope |
 | scope in dev-guide-2.html | dev-guide-2.js:4:66:4:71 | $scope |
+| scope in dev-guide-2.html | dev-guide-2.js:4:66:4:71 | $scope |
 | scope in dev-guide-2.html | dev-guide-2.js:5:3:5:8 | $scope |
 | scope in dev-guide-2.html | dev-guide-2.js:8:51:8:56 | $scope |
+| scope in dev-guide-2.html | dev-guide-2.js:8:51:8:56 | $scope |
 | scope in dev-guide-2.html | dev-guide-2.js:9:3:9:8 | $scope |
 | scope in dev-guide-3.html | dev-guide-3.js:4:52:4:57 | $scope |
+| scope in dev-guide-3.html | dev-guide-3.js:4:52:4:57 | $scope |
+| scope in dev-guide-3.html | dev-guide-3.js:4:52:4:57 | $scope |
 | scope in dev-guide-3.html | dev-guide-3.js:5:3:5:8 | $scope |
 | scope in dev-guide-3.html | dev-guide-3.js:6:3:6:8 | $scope |
+| scope in dev-guide-3.html | dev-guide-3.js:6:25:6:24 | $scope |
 | scope in dev-guide-3.html | dev-guide-3.js:7:5:7:10 | $scope |
 | scope in dev-guide-4.html | dev-guide-4.js:4:52:4:57 | $scope |
+| scope in dev-guide-4.html | dev-guide-4.js:4:52:4:57 | $scope |
 | scope in dev-guide-4.html | dev-guide-4.js:5:3:5:8 | $scope |
 | scope in dev-guide-4.html | dev-guide-4.js:10:51:10:56 | $scope |
+| scope in dev-guide-4.html | dev-guide-4.js:10:51:10:56 | $scope |
 | scope in dev-guide-4.html | dev-guide-4.js:11:3:11:8 | $scope |
 | scope in dev-guide-5.html | dev-guide-5.js:4:47:4:52 | $scope |
+| scope in dev-guide-5.html | dev-guide-5.js:4:47:4:52 | $scope |
 | scope in dev-guide-5.html | dev-guide-5.js:5:3:5:8 | $scope |
 | scope in dev-guide-5.html | dev-guide-5.js:6:3:6:8 | $scope |
 | scope in dev-guide-5.html | dev-guide-6.js:4:47:4:52 | $scope |
+| scope in dev-guide-5.html | dev-guide-6.js:4:47:4:52 | $scope |
 | scope in dev-guide-5.html | dev-guide-6.js:5:3:5:8 | $scope |
 | scope in dev-guide-5.html | dev-guide-6.js:6:3:6:8 | $scope |
 | scope in dev-guide-6.html | dev-guide-5.js:4:47:4:52 | $scope |
+| scope in dev-guide-6.html | dev-guide-5.js:4:47:4:52 | $scope |
 | scope in dev-guide-6.html | dev-guide-5.js:5:3:5:8 | $scope |
 | scope in dev-guide-6.html | dev-guide-5.js:6:3:6:8 | $scope |
 | scope in dev-guide-6.html | dev-guide-6.js:4:47:4:52 | $scope |
+| scope in dev-guide-6.html | dev-guide-6.js:4:47:4:52 | $scope |
 | scope in dev-guide-6.html | dev-guide-6.js:5:3:5:8 | $scope |
 | scope in dev-guide-6.html | dev-guide-6.js:6:3:6:8 | $scope |
 | scope in scope-access.html | scope-access.js:54:34:54:39 | $scope |
+| scope in scope-access.html | scope-access.js:54:34:54:39 | $scope |
 | scope in scope-access.html | scope-access.js:55:17:55:22 | $scope |
 | scope in scope-access.html | scope-access.js:59:52:59:57 | $scope |
+| scope in scope-access.html | scope-access.js:59:52:59:57 | $scope |
 | scope in scope-access.html | scope-access.js:60:9:60:14 | $scope |
--- a/javascript/ql/test/library-tests/frameworks/Express/HeaderDefinition_getNameExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/HeaderDefinition_getNameExpr.qll
@@ -1,5 +1,7 @@
 import javascript

-query predicate test_HeaderDefinition_getNameExpr(HTTP::ExplicitHeaderDefinition hd, Expr res) {
-  hd.getRouteHandler() instanceof Express::RouteHandler and res = hd.getNameExpr()
+query predicate test_HeaderDefinition_getNameExpr(
+  HTTP::ExplicitHeaderDefinition hd, DataFlow::Node res
+) {
+  hd.getRouteHandler() instanceof Express::RouteHandler and res = hd.getNameNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RequestExpr.qll
@@ -1,9 +1,9 @@
 import javascript

-query predicate test_RequestExpr(Express::RequestExpr e, HTTP::RouteHandler res) {
+query predicate test_RequestExpr(Express::RequestNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }

-query predicate test_RequestExprStandalone(Express::RequestExpr e) {
+query predicate test_RequestExprStandalone(Express::RequestNode e) {
  not exists(e.getRouteHandler())
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/ResponseExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/ResponseExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_ResponseExpr(Express::ResponseExpr e, HTTP::RouteHandler res) {
+query predicate test_ResponseExpr(Express::ResponseNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteExpr.qll
@@ -1,5 +0,0 @@
-import javascript
-
-query predicate test_RouteExpr(Express::RouteExpr e, Express::RouterDefinition res) {
-  res = e.getRouter()
-}
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandler.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandler.qll
@@ -1,5 +1,7 @@
 import javascript

-query predicate test_RouteHandler(Express::RouteHandler rh, Parameter res0, Parameter res1) {
+query predicate test_RouteHandler(
+  Express::RouteHandler rh, DataFlow::ParameterNode res0, DataFlow::ParameterNode res1
+) {
  res0 = rh.getRequestParameter() and res1 = rh.getResponseParameter()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr.qll
@@ -1,7 +1,7 @@
 import javascript

 query predicate test_RouteHandlerExpr(
-  Express::RouteHandlerExpr rhe, Express::RouteSetup res0, boolean isLast
+  Express::RouteHandlerNode rhe, Express::RouteSetup res0, boolean isLast
 ) {
  (if rhe.isLastHandler() then isLast = true else isLast = false) and
  res0 = rhe.getSetup()
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr_getAMatchingAncestor.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr_getAMatchingAncestor.qll
@@ -1,7 +1,7 @@
 import javascript

 query predicate test_RouteHandlerExpr_getAMatchingAncestor(
-  Express::RouteHandlerExpr expr, Express::RouteHandlerExpr res
+  Express::RouteHandlerNode expr, Express::RouteHandlerNode res
 ) {
  res = expr.getAMatchingAncestor()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr_getAsSubRouter.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr_getAsSubRouter.qll
@@ -1,7 +1,7 @@
 import javascript

 query predicate test_RouteHandlerExpr_getAsSubRouter(
-  Express::RouteHandlerExpr expr, Express::RouterDefinition res
+  Express::RouteHandlerNode expr, Express::RouterDefinition res
 ) {
  res = expr.getAsSubRouter()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr_getBody.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr_getBody.qll
@@ -1,7 +1,7 @@
 import javascript

 query predicate test_RouteHandlerExpr_getBody(
-  Express::RouteHandlerExpr rhe, Express::RouteHandler res
+  Express::RouteHandlerNode rhe, Express::RouteHandler res
 ) {
  res = rhe.getBody()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr_getNextMiddleware.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr_getNextMiddleware.qll
@@ -1,7 +1,7 @@
 import javascript

 query predicate test_RouteHandlerExpr_getNextMiddleware(
-  Express::RouteHandlerExpr expr, Express::RouteHandlerExpr res
+  Express::RouteHandlerNode expr, Express::RouteHandlerNode res
 ) {
  res = expr.getNextMiddleware()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr_getPreviousMiddleware.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandlerExpr_getPreviousMiddleware.qll
@@ -1,7 +1,7 @@
 import javascript

 query predicate test_RouteHandlerExpr_getPreviousMiddleware(
-  Express::RouteHandlerExpr expr, Express::RouteHandlerExpr res
+  Express::RouteHandlerNode expr, Express::RouteHandlerNode res
 ) {
  res = expr.getPreviousMiddleware()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandler_getARequestBodyAccess.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandler_getARequestBodyAccess.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RouteHandler_getARequestBodyAccess(Express::RouteHandler rh, Expr res) {
+query predicate test_RouteHandler_getARequestBodyAccess(Express::RouteHandler rh, DataFlow::Node res) {
  res = rh.getARequestBodyAccess()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandler_getARequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandler_getARequestExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RouteHandler_getARequestExpr(Express::RouteHandler rh, HTTP::RequestExpr res) {
-  res = rh.getARequestExpr()
+query predicate test_RouteHandler_getARequestExpr(Express::RouteHandler rh, HTTP::RequestNode res) {
+  res = rh.getARequestNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteHandler_getAResponseExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteHandler_getAResponseExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RouteHandler_getAResponseExpr(Express::RouteHandler rh, HTTP::ResponseExpr res) {
-  res = rh.getAResponseExpr()
+query predicate test_RouteHandler_getAResponseExpr(Express::RouteHandler rh, HTTP::ResponseNode res) {
+  res = rh.getAResponseNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteSetup.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteSetup.qll
@@ -1,6 +1,6 @@
 import javascript

-query predicate test_RouteSetup(Express::RouteSetup rs, Expr res0, boolean isUseCall) {
+query predicate test_RouteSetup(Express::RouteSetup rs, DataFlow::Node res0, boolean isUseCall) {
  (if rs.isUseCall() then isUseCall = true else isUseCall = false) and
  res0 = rs.getServer()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteSetup_getARouteHandlerExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteSetup_getARouteHandlerExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RouteSetup_getARouteHandlerExpr(Express::RouteSetup r, Expr res) {
-  res = r.getARouteHandlerExpr()
+query predicate test_RouteSetup_getARouteHandlerExpr(Express::RouteSetup r, DataFlow::Node res) {
+  res = r.getARouteHandlerNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteSetup_getLastRouteHandlerExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteSetup_getLastRouteHandlerExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RouteSetup_getLastRouteHandlerExpr(Express::RouteSetup r, Expr res) {
-  res = r.getLastRouteHandlerExpr()
+query predicate test_RouteSetup_getLastRouteHandlerExpr(Express::RouteSetup r, DataFlow::Node res) {
+  res = r.getLastRouteHandlerNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteSetup_getRouteHandlerExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteSetup_getRouteHandlerExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RouteSetup_getRouteHandlerExpr(Express::RouteSetup r, int i, Expr res) {
-  res = r.getRouteHandlerExpr(i)
+query predicate test_RouteSetup_getRouteHandlerExpr(Express::RouteSetup r, int i, DataFlow::Node res) {
+  res = r.getRouteHandlerNode(i)
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteSetup_getServer.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteSetup_getServer.qll
@@ -1,3 +1,5 @@
 import javascript

-query predicate test_RouteSetup_getServer(Express::RouteSetup rs, Expr res) { res = rs.getServer() }
+query predicate test_RouteSetup_getServer(Express::RouteSetup rs, DataFlow::Node res) {
+  res = rs.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/Express/RouteSetup_handlesSameRequestMethodAs.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouteSetup_handlesSameRequestMethodAs.qll
@@ -4,7 +4,7 @@ query predicate test_RouteSetup_handlesSameRequestMethodAs(
  Express::RouteSetup rs, Express::RouteSetup rs2
 ) {
  rs.handlesSameRequestMethodAs(rs2) and
-  rs.getLocation().getStartLine() < rs2.getLocation().getStartLine() and
-  rs.getLocation().getFile().getBaseName() = "csurf-example.js" and
-  rs2.getLocation().getFile().getBaseName() = "csurf-example.js"
+  rs.asExpr().getLocation().getStartLine() < rs2.asExpr().getLocation().getStartLine() and
+  rs.asExpr().getLocation().getFile().getBaseName() = "csurf-example.js" and
+  rs2.asExpr().getLocation().getFile().getBaseName() = "csurf-example.js"
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouterDefinition_getMiddlewareStack.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouterDefinition_getMiddlewareStack.qll
@@ -1,7 +1,7 @@
 import javascript

 query predicate test_RouterDefinition_getMiddlewareStack(
-  Express::RouterDefinition r, Express::RouteHandlerExpr res
+  Express::RouterDefinition r, Express::RouteHandlerNode res
 ) {
  res = r.getMiddlewareStack()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/RouterDefinition_getMiddlewareStackAt.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/RouterDefinition_getMiddlewareStackAt.qll
@@ -1,7 +1,7 @@
 import javascript

 query predicate test_RouterDefinition_getMiddlewareStackAt(
-  Express::RouterDefinition r, ControlFlowNode nd, Express::RouteHandlerExpr res
+  Express::RouterDefinition r, ControlFlowNode nd, Express::RouteHandlerNode res
 ) {
  res = r.getMiddlewareStackAt(nd)
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/StandardRouteHandler.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/StandardRouteHandler.qll
@@ -1,7 +1,8 @@
 import javascript

 query predicate test_StandardRouteHandler(
-  Express::StandardRouteHandler rh, Expr res0, SimpleParameter res1, SimpleParameter res2
+  Express::StandardRouteHandler rh, DataFlow::Node res0, DataFlow::ParameterNode res1,
+  DataFlow::ParameterNode res2
 ) {
  res0 = rh.getServer() and res1 = rh.getRequestParameter() and res2 = rh.getResponseParameter()
 }
--- a/javascript/ql/test/library-tests/frameworks/Express/isRequest.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/isRequest.qll
@@ -1,3 +1,3 @@
 import javascript

-query predicate test_isRequest(Expr nd) { Express::isRequest(nd) }
+query predicate test_isRequest(DataFlow::Node nd) { Express::isRequest(nd) }
--- a/javascript/ql/test/library-tests/frameworks/Express/isResponse.qll
+++ b/javascript/ql/test/library-tests/frameworks/Express/isResponse.qll
@@ -1,3 +1,3 @@
 import javascript

-query predicate test_isResponse(Expr nd) { Express::isResponse(nd) }
+query predicate test_isResponse(DataFlow::Node nd) { Express::isResponse(nd) }
--- a/javascript/ql/test/library-tests/frameworks/Express/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/Express/tests.expected
--- a/javascript/ql/test/library-tests/frameworks/Express/tests.ql
+++ b/javascript/ql/test/library-tests/frameworks/Express/tests.ql
@@ -27,7 +27,6 @@ import RouterDefinition_getASubRouter
 import HeaderDefinition_getNameExpr
 import appCreation
 import RouteSetup_getRequestMethod
-import RouteExpr
 import RouteHandler_getAResponseExpr
 import isResponse
 import ResponseBody
--- a/javascript/ql/test/library-tests/frameworks/NodeJSLib/HeaderDefinition_getNameExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/NodeJSLib/HeaderDefinition_getNameExpr.qll
@@ -1,5 +1,7 @@
 import javascript

-query predicate test_HeaderDefinition_getNameExpr(HTTP::ExplicitHeaderDefinition hd, Expr res) {
-  hd.getRouteHandler() instanceof NodeJSLib::RouteHandler and res = hd.getNameExpr()
+query predicate test_HeaderDefinition_getNameExpr(
+  HTTP::ExplicitHeaderDefinition hd, DataFlow::Node res
+) {
+  hd.getRouteHandler() instanceof NodeJSLib::RouteHandler and res = hd.getNameNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/NodeJSLib/RequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/NodeJSLib/RequestExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RequestExpr(NodeJSLib::RequestExpr e, HTTP::RouteHandler res) {
+query predicate test_RequestExpr(NodeJSLib::RequestNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }
--- a/javascript/ql/test/library-tests/frameworks/NodeJSLib/ResponseExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/NodeJSLib/ResponseExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_ResponseExpr(NodeJSLib::ResponseExpr e, HTTP::RouteHandler res) {
+query predicate test_ResponseExpr(NodeJSLib::ResponseNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }
--- a/javascript/ql/test/library-tests/frameworks/NodeJSLib/RouteHandler.qll
+++ b/javascript/ql/test/library-tests/frameworks/NodeJSLib/RouteHandler.qll
@@ -1,3 +1,5 @@
 import javascript

-query predicate test_RouteHandler(NodeJSLib::RouteHandler rh, Expr res) { res = rh.getServer() }
+query predicate test_RouteHandler(NodeJSLib::RouteHandler rh, DataFlow::Node res) {
+  res = rh.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/NodeJSLib/RouteHandler_getARequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/NodeJSLib/RouteHandler_getARequestExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RouteHandler_getARequestExpr(NodeJSLib::RouteHandler rh, HTTP::RequestExpr res) {
-  res = rh.getARequestExpr()
+query predicate test_RouteHandler_getARequestExpr(NodeJSLib::RouteHandler rh, HTTP::RequestNode res) {
+  res = rh.getARequestNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/NodeJSLib/RouteHandler_getAResponseExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/NodeJSLib/RouteHandler_getAResponseExpr.qll
@@ -1,7 +1,7 @@
 import javascript

 query predicate test_RouteHandler_getAResponseExpr(
-  NodeJSLib::RouteHandler rh, HTTP::ResponseExpr res
+  NodeJSLib::RouteHandler rh, HTTP::ResponseNode res
 ) {
-  res = rh.getAResponseExpr()
+  res = rh.getAResponseNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/NodeJSLib/RouteSetup_getServer.qll
+++ b/javascript/ql/test/library-tests/frameworks/NodeJSLib/RouteSetup_getServer.qll
@@ -1,3 +1,5 @@
 import javascript

-query predicate test_RouteSetup_getServer(NodeJSLib::RouteSetup r, Expr res) { res = r.getServer() }
+query predicate test_RouteSetup_getServer(NodeJSLib::RouteSetup r, DataFlow::Node res) {
+  res = r.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/NodeJSLib/isCreateServer.qll
+++ b/javascript/ql/test/library-tests/frameworks/NodeJSLib/isCreateServer.qll
@@ -1,3 +1,3 @@
 import javascript

-query predicate test_isCreateServer(CallExpr e) { NodeJSLib::isCreateServer(e) }
+query predicate test_isCreateServer(DataFlow::CallNode e) { NodeJSLib::isCreateServer(e) }
--- a/javascript/ql/test/library-tests/frameworks/NodeJSLib/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/NodeJSLib/tests.expected
@@ -45,43 +45,61 @@ test_ResponseExpr
 | createServer.js:3:38:3:40 | res | createServer.js:3:23:3:44 | functio ... res) {} |
 | createServer.js:4:37:4:39 | res | createServer.js:4:31:4:46 | (req, res) => {} |
 | createServer.js:25:52:25:54 | res | createServer.js:25:37:27:5 | functio ... ;\\n    } |
+| createServer.js:25:52:25:54 | res | createServer.js:25:37:27:5 | functio ... ;\\n    } |
 | createServer.js:26:9:26:11 | res | createServer.js:25:37:27:5 | functio ... ;\\n    } |
 | src/http.js:4:46:4:48 | res | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
+| src/http.js:4:46:4:48 | res | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
 | src/http.js:7:3:7:5 | res | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
 | src/http.js:12:33:12:35 | res | src/http.js:12:19:16:1 | functio ... ar");\\n} |
+| src/http.js:12:33:12:35 | res | src/http.js:12:19:16:1 | functio ... ar");\\n} |
 | src/http.js:13:3:13:5 | res | src/http.js:12:19:16:1 | functio ... ar");\\n} |
 | src/http.js:14:3:14:5 | res | src/http.js:12:19:16:1 | functio ... ar");\\n} |
 | src/http.js:15:3:15:5 | res | src/http.js:12:19:16:1 | functio ... ar");\\n} |
 | src/http.js:55:25:55:27 | res | src/http.js:55:12:55:30 | function(req,res){} |
 | src/http.js:60:27:60:29 | res | src/http.js:60:14:60:32 | function(req,res){} |
 | src/http.js:62:33:62:35 | res | src/http.js:62:19:65:1 | functio ... r2");\\n} |
+| src/http.js:62:33:62:35 | res | src/http.js:62:19:65:1 | functio ... r2");\\n} |
 | src/http.js:63:3:63:5 | res | src/http.js:62:19:65:1 | functio ... r2");\\n} |
 | src/http.js:64:3:64:5 | res | src/http.js:62:19:65:1 | functio ... r2");\\n} |
 | src/http.js:68:17:68:19 | res | src/http.js:68:12:68:27 | (req,res) => f() |
 | src/http.js:72:34:72:36 | res | src/http.js:72:19:76:1 | functio ... \\n  })\\n} |
+| src/http.js:72:34:72:36 | res | src/http.js:72:19:76:1 | functio ... \\n  })\\n} |
+| src/http.js:72:34:72:36 | res | src/http.js:72:19:76:1 | functio ... \\n  })\\n} |
+| src/http.js:73:18:73:17 | res | src/http.js:72:19:76:1 | functio ... \\n  })\\n} |
 | src/http.js:74:5:74:7 | res | src/http.js:72:19:76:1 | functio ... \\n  })\\n} |
 | src/http.js:81:46:81:48 | res | src/http.js:81:22:86:1 | functio ... la");\\n} |
+| src/http.js:81:46:81:48 | res | src/http.js:81:22:86:1 | functio ... la");\\n} |
+| src/http.js:81:46:81:48 | res | src/http.js:81:22:86:1 | functio ... la");\\n} |
+| src/http.js:82:18:82:17 | res | src/http.js:81:22:86:1 | functio ... la");\\n} |
 | src/http.js:83:5:83:7 | res | src/http.js:81:22:86:1 | functio ... la");\\n} |
 | src/http.js:85:3:85:5 | res | src/http.js:81:22:86:1 | functio ... la");\\n} |
 | src/https.js:4:47:4:49 | res | src/https.js:4:33:10:1 | functio ... .foo;\\n} |
+| src/https.js:4:47:4:49 | res | src/https.js:4:33:10:1 | functio ... .foo;\\n} |
 | src/https.js:7:3:7:5 | res | src/https.js:4:33:10:1 | functio ... .foo;\\n} |
 | src/https.js:12:34:12:36 | res | src/https.js:12:20:16:1 | functio ... ar");\\n} |
+| src/https.js:12:34:12:36 | res | src/https.js:12:20:16:1 | functio ... ar");\\n} |
 | src/https.js:13:3:13:5 | res | src/https.js:12:20:16:1 | functio ... ar");\\n} |
 | src/https.js:14:3:14:5 | res | src/https.js:12:20:16:1 | functio ... ar");\\n} |
 | src/https.js:15:3:15:5 | res | src/https.js:12:20:16:1 | functio ... ar");\\n} |
 | src/indirect2.js:9:19:9:21 | res | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
+| src/indirect2.js:9:19:9:21 | res | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
 | src/indirect2.js:10:47:10:49 | res | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
 | src/indirect2.js:13:33:13:35 | res | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
+| src/indirect2.js:13:33:13:35 | res | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
+| src/indirect2.js:13:33:13:35 | res | src/indirect2.js:13:1:16:1 | functio ... \\"");\\n} |
 | src/indirect2.js:13:33:13:35 | res | src/indirect2.js:13:1:16:1 | functio ... \\"");\\n} |
 | src/indirect2.js:14:3:14:5 | res | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
 | src/indirect2.js:14:3:14:5 | res | src/indirect2.js:13:1:16:1 | functio ... \\"");\\n} |
 | src/indirect2.js:15:3:15:5 | res | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
 | src/indirect2.js:15:3:15:5 | res | src/indirect2.js:13:1:16:1 | functio ... \\"");\\n} |
 | src/indirect.js:16:26:16:28 | res | src/indirect.js:16:12:20:5 | functio ... ;\\n    } |
+| src/indirect.js:16:26:16:28 | res | src/indirect.js:16:12:20:5 | functio ... ;\\n    } |
 | src/indirect.js:19:38:19:40 | res | src/indirect.js:16:12:20:5 | functio ... ;\\n    } |
 | src/indirect.js:25:30:25:32 | res | src/indirect.js:25:24:27:3 | (req, r ... ");\\n  } |
+| src/indirect.js:25:30:25:32 | res | src/indirect.js:25:24:27:3 | (req, r ... ");\\n  } |
 | src/indirect.js:26:5:26:7 | res | src/indirect.js:25:24:27:3 | (req, r ... ");\\n  } |
 | src/indirect.js:28:29:28:31 | res | src/indirect.js:28:15:30:3 | functio ... ");\\n  } |
+| src/indirect.js:28:29:28:31 | res | src/indirect.js:28:15:30:3 | functio ... ");\\n  } |
 | src/indirect.js:29:5:29:7 | res | src/indirect.js:28:15:30:3 | functio ... ");\\n  } |
 test_HeaderDefinition
 | src/http.js:7:3:7:42 | res.wri ... rget }) | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
@@ -150,43 +168,61 @@ test_RouteHandler_getAResponseExpr
 | createServer.js:3:23:3:44 | functio ... res) {} | createServer.js:3:38:3:40 | res |
 | createServer.js:4:31:4:46 | (req, res) => {} | createServer.js:4:37:4:39 | res |
 | createServer.js:25:37:27:5 | functio ... ;\\n    } | createServer.js:25:52:25:54 | res |
+| createServer.js:25:37:27:5 | functio ... ;\\n    } | createServer.js:25:52:25:54 | res |
 | createServer.js:25:37:27:5 | functio ... ;\\n    } | createServer.js:26:9:26:11 | res |
 | src/http.js:4:32:10:1 | functio ... .foo;\\n} | src/http.js:4:46:4:48 | res |
+| src/http.js:4:32:10:1 | functio ... .foo;\\n} | src/http.js:4:46:4:48 | res |
 | src/http.js:4:32:10:1 | functio ... .foo;\\n} | src/http.js:7:3:7:5 | res |
 | src/http.js:12:19:16:1 | functio ... ar");\\n} | src/http.js:12:33:12:35 | res |
+| src/http.js:12:19:16:1 | functio ... ar");\\n} | src/http.js:12:33:12:35 | res |
 | src/http.js:12:19:16:1 | functio ... ar");\\n} | src/http.js:13:3:13:5 | res |
 | src/http.js:12:19:16:1 | functio ... ar");\\n} | src/http.js:14:3:14:5 | res |
 | src/http.js:12:19:16:1 | functio ... ar");\\n} | src/http.js:15:3:15:5 | res |
 | src/http.js:55:12:55:30 | function(req,res){} | src/http.js:55:25:55:27 | res |
 | src/http.js:60:14:60:32 | function(req,res){} | src/http.js:60:27:60:29 | res |
 | src/http.js:62:19:65:1 | functio ... r2");\\n} | src/http.js:62:33:62:35 | res |
+| src/http.js:62:19:65:1 | functio ... r2");\\n} | src/http.js:62:33:62:35 | res |
 | src/http.js:62:19:65:1 | functio ... r2");\\n} | src/http.js:63:3:63:5 | res |
 | src/http.js:62:19:65:1 | functio ... r2");\\n} | src/http.js:64:3:64:5 | res |
 | src/http.js:68:12:68:27 | (req,res) => f() | src/http.js:68:17:68:19 | res |
 | src/http.js:72:19:76:1 | functio ... \\n  })\\n} | src/http.js:72:34:72:36 | res |
+| src/http.js:72:19:76:1 | functio ... \\n  })\\n} | src/http.js:72:34:72:36 | res |
+| src/http.js:72:19:76:1 | functio ... \\n  })\\n} | src/http.js:72:34:72:36 | res |
+| src/http.js:72:19:76:1 | functio ... \\n  })\\n} | src/http.js:73:18:73:17 | res |
 | src/http.js:72:19:76:1 | functio ... \\n  })\\n} | src/http.js:74:5:74:7 | res |
 | src/http.js:81:22:86:1 | functio ... la");\\n} | src/http.js:81:46:81:48 | res |
+| src/http.js:81:22:86:1 | functio ... la");\\n} | src/http.js:81:46:81:48 | res |
+| src/http.js:81:22:86:1 | functio ... la");\\n} | src/http.js:81:46:81:48 | res |
+| src/http.js:81:22:86:1 | functio ... la");\\n} | src/http.js:82:18:82:17 | res |
 | src/http.js:81:22:86:1 | functio ... la");\\n} | src/http.js:83:5:83:7 | res |
 | src/http.js:81:22:86:1 | functio ... la");\\n} | src/http.js:85:3:85:5 | res |
 | src/https.js:4:33:10:1 | functio ... .foo;\\n} | src/https.js:4:47:4:49 | res |
+| src/https.js:4:33:10:1 | functio ... .foo;\\n} | src/https.js:4:47:4:49 | res |
 | src/https.js:4:33:10:1 | functio ... .foo;\\n} | src/https.js:7:3:7:5 | res |
 | src/https.js:12:20:16:1 | functio ... ar");\\n} | src/https.js:12:34:12:36 | res |
+| src/https.js:12:20:16:1 | functio ... ar");\\n} | src/https.js:12:34:12:36 | res |
 | src/https.js:12:20:16:1 | functio ... ar");\\n} | src/https.js:13:3:13:5 | res |
 | src/https.js:12:20:16:1 | functio ... ar");\\n} | src/https.js:14:3:14:5 | res |
 | src/https.js:12:20:16:1 | functio ... ar");\\n} | src/https.js:15:3:15:5 | res |
 | src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:9:19:9:21 | res |
+| src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:9:19:9:21 | res |
 | src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:10:47:10:49 | res |
 | src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:13:33:13:35 | res |
+| src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:13:33:13:35 | res |
 | src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:14:3:14:5 | res |
 | src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:15:3:15:5 | res |
 | src/indirect2.js:13:1:16:1 | functio ... \\"");\\n} | src/indirect2.js:13:33:13:35 | res |
+| src/indirect2.js:13:1:16:1 | functio ... \\"");\\n} | src/indirect2.js:13:33:13:35 | res |
 | src/indirect2.js:13:1:16:1 | functio ... \\"");\\n} | src/indirect2.js:14:3:14:5 | res |
 | src/indirect2.js:13:1:16:1 | functio ... \\"");\\n} | src/indirect2.js:15:3:15:5 | res |
 | src/indirect.js:16:12:20:5 | functio ... ;\\n    } | src/indirect.js:16:26:16:28 | res |
+| src/indirect.js:16:12:20:5 | functio ... ;\\n    } | src/indirect.js:16:26:16:28 | res |
 | src/indirect.js:16:12:20:5 | functio ... ;\\n    } | src/indirect.js:19:38:19:40 | res |
 | src/indirect.js:25:24:27:3 | (req, r ... ");\\n  } | src/indirect.js:25:30:25:32 | res |
+| src/indirect.js:25:24:27:3 | (req, r ... ");\\n  } | src/indirect.js:25:30:25:32 | res |
 | src/indirect.js:25:24:27:3 | (req, r ... ");\\n  } | src/indirect.js:26:5:26:7 | res |
 | src/indirect.js:28:15:30:3 | functio ... ");\\n  } | src/indirect.js:28:29:28:31 | res |
+| src/indirect.js:28:15:30:3 | functio ... ");\\n  } | src/indirect.js:28:29:28:31 | res |
 | src/indirect.js:28:15:30:3 | functio ... ");\\n  } | src/indirect.js:29:5:29:7 | res |
 test_ServerDefinition_getARouteHandler
 | createServer.js:2:1:2:42 | https.c ... es) {}) | createServer.js:2:20:2:41 | functio ... res) {} |
@@ -294,6 +330,7 @@ test_RequestExpr
 | createServer.js:4:32:4:34 | req | createServer.js:4:31:4:46 | (req, res) => {} |
 | createServer.js:25:47:25:49 | req | createServer.js:25:37:27:5 | functio ... ;\\n    } |
 | src/http.js:4:41:4:43 | req | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
+| src/http.js:4:41:4:43 | req | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
 | src/http.js:6:26:6:28 | req | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
 | src/http.js:8:3:8:5 | req | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
 | src/http.js:9:3:9:5 | req | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
@@ -301,23 +338,29 @@ test_RequestExpr
 | src/http.js:55:21:55:23 | req | src/http.js:55:12:55:30 | function(req,res){} |
 | src/http.js:60:23:60:25 | req | src/http.js:60:14:60:32 | function(req,res){} |
 | src/http.js:62:28:62:30 | req | src/http.js:62:19:65:1 | functio ... r2");\\n} |
+| src/http.js:62:28:62:30 | req | src/http.js:62:19:65:1 | functio ... r2");\\n} |
 | src/http.js:63:17:63:19 | req | src/http.js:62:19:65:1 | functio ... r2");\\n} |
 | src/http.js:68:13:68:15 | req | src/http.js:68:12:68:27 | (req,res) => f() |
 | src/http.js:72:29:72:31 | req | src/http.js:72:19:76:1 | functio ... \\n  })\\n} |
+| src/http.js:72:29:72:31 | req | src/http.js:72:19:76:1 | functio ... \\n  })\\n} |
 | src/http.js:73:3:73:5 | req | src/http.js:72:19:76:1 | functio ... \\n  })\\n} |
 | src/http.js:81:41:81:43 | req | src/http.js:81:22:86:1 | functio ... la");\\n} |
+| src/http.js:81:41:81:43 | req | src/http.js:81:22:86:1 | functio ... la");\\n} |
 | src/http.js:82:3:82:5 | req | src/http.js:81:22:86:1 | functio ... la");\\n} |
 | src/https.js:4:42:4:44 | req | src/https.js:4:33:10:1 | functio ... .foo;\\n} |
+| src/https.js:4:42:4:44 | req | src/https.js:4:33:10:1 | functio ... .foo;\\n} |
 | src/https.js:6:26:6:28 | req | src/https.js:4:33:10:1 | functio ... .foo;\\n} |
 | src/https.js:8:3:8:5 | req | src/https.js:4:33:10:1 | functio ... .foo;\\n} |
 | src/https.js:9:3:9:5 | req | src/https.js:4:33:10:1 | functio ... .foo;\\n} |
 | src/https.js:12:29:12:31 | req | src/https.js:12:20:16:1 | functio ... ar");\\n} |
 | src/indirect2.js:9:14:9:16 | req | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
+| src/indirect2.js:9:14:9:16 | req | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
 | src/indirect2.js:10:12:10:14 | req | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
 | src/indirect2.js:10:42:10:44 | req | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
 | src/indirect2.js:13:28:13:30 | req | src/indirect2.js:9:1:11:1 | functio ... res);\\n} |
 | src/indirect2.js:13:28:13:30 | req | src/indirect2.js:13:1:16:1 | functio ... \\"");\\n} |
 | src/indirect.js:16:21:16:23 | req | src/indirect.js:16:12:20:5 | functio ... ;\\n    } |
+| src/indirect.js:16:21:16:23 | req | src/indirect.js:16:12:20:5 | functio ... ;\\n    } |
 | src/indirect.js:17:28:17:30 | req | src/indirect.js:16:12:20:5 | functio ... ;\\n    } |
 | src/indirect.js:19:33:19:35 | req | src/indirect.js:16:12:20:5 | functio ... ;\\n    } |
 | src/indirect.js:25:25:25:27 | req | src/indirect.js:25:24:27:3 | (req, r ... ");\\n  } |
@@ -337,6 +380,7 @@ test_RouteHandler_getARequestExpr
 | createServer.js:4:31:4:46 | (req, res) => {} | createServer.js:4:32:4:34 | req |
 | createServer.js:25:37:27:5 | functio ... ;\\n    } | createServer.js:25:47:25:49 | req |
 | src/http.js:4:32:10:1 | functio ... .foo;\\n} | src/http.js:4:41:4:43 | req |
+| src/http.js:4:32:10:1 | functio ... .foo;\\n} | src/http.js:4:41:4:43 | req |
 | src/http.js:4:32:10:1 | functio ... .foo;\\n} | src/http.js:6:26:6:28 | req |
 | src/http.js:4:32:10:1 | functio ... .foo;\\n} | src/http.js:8:3:8:5 | req |
 | src/http.js:4:32:10:1 | functio ... .foo;\\n} | src/http.js:9:3:9:5 | req |
@@ -344,23 +388,29 @@ test_RouteHandler_getARequestExpr
 | src/http.js:55:12:55:30 | function(req,res){} | src/http.js:55:21:55:23 | req |
 | src/http.js:60:14:60:32 | function(req,res){} | src/http.js:60:23:60:25 | req |
 | src/http.js:62:19:65:1 | functio ... r2");\\n} | src/http.js:62:28:62:30 | req |
+| src/http.js:62:19:65:1 | functio ... r2");\\n} | src/http.js:62:28:62:30 | req |
 | src/http.js:62:19:65:1 | functio ... r2");\\n} | src/http.js:63:17:63:19 | req |
 | src/http.js:68:12:68:27 | (req,res) => f() | src/http.js:68:13:68:15 | req |
 | src/http.js:72:19:76:1 | functio ... \\n  })\\n} | src/http.js:72:29:72:31 | req |
+| src/http.js:72:19:76:1 | functio ... \\n  })\\n} | src/http.js:72:29:72:31 | req |
 | src/http.js:72:19:76:1 | functio ... \\n  })\\n} | src/http.js:73:3:73:5 | req |
 | src/http.js:81:22:86:1 | functio ... la");\\n} | src/http.js:81:41:81:43 | req |
+| src/http.js:81:22:86:1 | functio ... la");\\n} | src/http.js:81:41:81:43 | req |
 | src/http.js:81:22:86:1 | functio ... la");\\n} | src/http.js:82:3:82:5 | req |
 | src/https.js:4:33:10:1 | functio ... .foo;\\n} | src/https.js:4:42:4:44 | req |
+| src/https.js:4:33:10:1 | functio ... .foo;\\n} | src/https.js:4:42:4:44 | req |
 | src/https.js:4:33:10:1 | functio ... .foo;\\n} | src/https.js:6:26:6:28 | req |
 | src/https.js:4:33:10:1 | functio ... .foo;\\n} | src/https.js:8:3:8:5 | req |
 | src/https.js:4:33:10:1 | functio ... .foo;\\n} | src/https.js:9:3:9:5 | req |
 | src/https.js:12:20:16:1 | functio ... ar");\\n} | src/https.js:12:29:12:31 | req |
 | src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:9:14:9:16 | req |
+| src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:9:14:9:16 | req |
 | src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:10:12:10:14 | req |
 | src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:10:42:10:44 | req |
 | src/indirect2.js:9:1:11:1 | functio ... res);\\n} | src/indirect2.js:13:28:13:30 | req |
 | src/indirect2.js:13:1:16:1 | functio ... \\"");\\n} | src/indirect2.js:13:28:13:30 | req |
 | src/indirect.js:16:12:20:5 | functio ... ;\\n    } | src/indirect.js:16:21:16:23 | req |
+| src/indirect.js:16:12:20:5 | functio ... ;\\n    } | src/indirect.js:16:21:16:23 | req |
 | src/indirect.js:16:12:20:5 | functio ... ;\\n    } | src/indirect.js:17:28:17:30 | req |
 | src/indirect.js:16:12:20:5 | functio ... ;\\n    } | src/indirect.js:19:33:19:35 | req |
 | src/indirect.js:25:24:27:3 | (req, r ... ");\\n  } | src/indirect.js:25:25:25:27 | req |
--- a/javascript/ql/test/library-tests/frameworks/SQL/Credentials.ql
+++ b/javascript/ql/test/library-tests/frameworks/SQL/Credentials.ql
@@ -1,4 +1,4 @@
 import javascript

-from CredentialsExpr ce
+from CredentialsNode ce
 select ce, ce.getCredentialsKind()
--- a/javascript/ql/test/library-tests/frameworks/connect/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/connect/tests.expected
@@ -9,6 +9,7 @@ test_RouteSetup
 | src/test.js:32:1:35:2 | app.use ... rl);\\n}) |
 test_RequestInputAccess
 | src/test.js:8:5:8:26 | req.coo ... ('foo') | cookie | src/test.js:6:9:9:1 | functio ... oo');\\n} |
+| src/test.js:28:20:28:22 | url | url | src/test.js:28:9:30:1 | functio ... bar);\\n} |
 | src/test.js:33:15:33:21 | req.url | url | src/test.js:32:9:35:1 | functio ... url);\\n} |
 test_RouteHandler_getAResponseHeader
 | src/test.js:6:9:9:1 | functio ... oo');\\n} | header1 | src/test.js:7:5:7:32 | res.set ... 1', '') |
@@ -18,14 +19,17 @@ test_HeaderDefinition_defines
 | src/test.js:25:5:25:32 | res.set ... 2', '') | header2 |  |
 test_ResponseExpr
 | src/test.js:6:32:6:34 | res | src/test.js:6:9:9:1 | functio ... oo');\\n} |
+| src/test.js:6:32:6:34 | res | src/test.js:6:9:9:1 | functio ... oo');\\n} |
 | src/test.js:7:5:7:7 | res | src/test.js:6:9:9:1 | functio ... oo');\\n} |
 | src/test.js:15:27:15:29 | res | src/test.js:15:12:15:32 | functio ...  res){} |
 | src/test.js:19:22:19:24 | res | src/test.js:19:9:19:27 | function(req,res){} |
 | src/test.js:20:23:20:25 | res | src/test.js:20:10:20:28 | function(req,res){} |
 | src/test.js:24:31:24:33 | res | src/test.js:24:9:26:1 | functio ...  '');\\n} |
+| src/test.js:24:31:24:33 | res | src/test.js:24:9:26:1 | functio ...  '');\\n} |
 | src/test.js:25:5:25:7 | res | src/test.js:24:9:26:1 | functio ...  '');\\n} |
 | src/test.js:28:42:28:44 | res | src/test.js:28:9:30:1 | functio ... bar);\\n} |
 | src/test.js:32:24:32:26 | res | src/test.js:32:9:35:1 | functio ... url);\\n} |
+| src/test.js:32:24:32:26 | res | src/test.js:32:9:35:1 | functio ... url);\\n} |
 | src/test.js:34:5:34:7 | res | src/test.js:32:9:35:1 | functio ... url);\\n} |
 test_HeaderDefinition
 | src/test.js:7:5:7:32 | res.set ... 1', '') | src/test.js:6:9:9:1 | functio ... oo');\\n} |
@@ -46,14 +50,17 @@ test_ServerDefinition
 | src/test.js:4:11:4:19 | connect() |
 test_RouteHandler_getAResponseExpr
 | src/test.js:6:9:9:1 | functio ... oo');\\n} | src/test.js:6:32:6:34 | res |
+| src/test.js:6:9:9:1 | functio ... oo');\\n} | src/test.js:6:32:6:34 | res |
 | src/test.js:6:9:9:1 | functio ... oo');\\n} | src/test.js:7:5:7:7 | res |
 | src/test.js:15:12:15:32 | functio ...  res){} | src/test.js:15:27:15:29 | res |
 | src/test.js:19:9:19:27 | function(req,res){} | src/test.js:19:22:19:24 | res |
 | src/test.js:20:10:20:28 | function(req,res){} | src/test.js:20:23:20:25 | res |
 | src/test.js:24:9:26:1 | functio ...  '');\\n} | src/test.js:24:31:24:33 | res |
+| src/test.js:24:9:26:1 | functio ...  '');\\n} | src/test.js:24:31:24:33 | res |
 | src/test.js:24:9:26:1 | functio ...  '');\\n} | src/test.js:25:5:25:7 | res |
 | src/test.js:28:9:30:1 | functio ... bar);\\n} | src/test.js:28:42:28:44 | res |
 | src/test.js:32:9:35:1 | functio ... url);\\n} | src/test.js:32:24:32:26 | res |
+| src/test.js:32:9:35:1 | functio ... url);\\n} | src/test.js:32:24:32:26 | res |
 | src/test.js:32:9:35:1 | functio ... url);\\n} | src/test.js:34:5:34:7 | res |
 test_RouteSetup_getARouteHandler
 | src/test.js:6:1:9:2 | app.use ... o');\\n}) | src/test.js:6:9:9:1 | functio ... oo');\\n} |
@@ -76,6 +83,7 @@ test_RouteHandler
 | src/test.js:32:9:35:1 | functio ... url);\\n} | src/test.js:4:11:4:19 | connect() |
 test_RequestExpr
 | src/test.js:6:27:6:29 | req | src/test.js:6:9:9:1 | functio ... oo');\\n} |
+| src/test.js:6:27:6:29 | req | src/test.js:6:9:9:1 | functio ... oo');\\n} |
 | src/test.js:8:5:8:7 | req | src/test.js:6:9:9:1 | functio ... oo');\\n} |
 | src/test.js:15:22:15:24 | req | src/test.js:15:12:15:32 | functio ...  res){} |
 | src/test.js:19:18:19:20 | req | src/test.js:19:9:19:27 | function(req,res){} |
@@ -83,12 +91,14 @@ test_RequestExpr
 | src/test.js:24:26:24:28 | req | src/test.js:24:9:26:1 | functio ...  '');\\n} |
 | src/test.js:28:19:28:39 | {url, q ... ookies} | src/test.js:28:9:30:1 | functio ... bar);\\n} |
 | src/test.js:32:19:32:21 | req | src/test.js:32:9:35:1 | functio ... url);\\n} |
+| src/test.js:32:19:32:21 | req | src/test.js:32:9:35:1 | functio ... url);\\n} |
 | src/test.js:33:15:33:17 | req | src/test.js:32:9:35:1 | functio ... url);\\n} |
 test_Credentials
 | src/test.js:12:19:12:28 | 'username' | user name |
 | src/test.js:12:31:12:40 | 'password' | password |
 test_RouteHandler_getARequestExpr
 | src/test.js:6:9:9:1 | functio ... oo');\\n} | src/test.js:6:27:6:29 | req |
+| src/test.js:6:9:9:1 | functio ... oo');\\n} | src/test.js:6:27:6:29 | req |
 | src/test.js:6:9:9:1 | functio ... oo');\\n} | src/test.js:8:5:8:7 | req |
 | src/test.js:15:12:15:32 | functio ...  res){} | src/test.js:15:22:15:24 | req |
 | src/test.js:19:9:19:27 | function(req,res){} | src/test.js:19:18:19:20 | req |
@@ -96,4 +106,5 @@ test_RouteHandler_getARequestExpr
 | src/test.js:24:9:26:1 | functio ...  '');\\n} | src/test.js:24:26:24:28 | req |
 | src/test.js:28:9:30:1 | functio ... bar);\\n} | src/test.js:28:19:28:39 | {url, q ... ookies} |
 | src/test.js:32:9:35:1 | functio ... url);\\n} | src/test.js:32:19:32:21 | req |
+| src/test.js:32:9:35:1 | functio ... url);\\n} | src/test.js:32:19:32:21 | req |
 | src/test.js:32:9:35:1 | functio ... url);\\n} | src/test.js:33:15:33:17 | req |
--- a/javascript/ql/test/library-tests/frameworks/connect/tests.ql
+++ b/javascript/ql/test/library-tests/frameworks/connect/tests.ql
@@ -18,7 +18,7 @@ query predicate test_HeaderDefinition_defines(HTTP::HeaderDefinition hd, string
  hd.defines(name, value) and hd.getRouteHandler() instanceof Connect::RouteHandler
 }

-query predicate test_ResponseExpr(HTTP::ResponseExpr e, HTTP::RouteHandler res) {
+query predicate test_ResponseExpr(HTTP::ResponseNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }

@@ -26,7 +26,9 @@ query predicate test_HeaderDefinition(HTTP::HeaderDefinition hd, Connect::RouteH
  rh = hd.getRouteHandler()
 }

-query predicate test_RouteSetup_getServer(Connect::RouteSetup rs, Expr res) { res = rs.getServer() }
+query predicate test_RouteSetup_getServer(Connect::RouteSetup rs, DataFlow::Node res) {
+  res = rs.getServer()
+}

 query predicate test_HeaderDefinition_getAHeaderName(HTTP::HeaderDefinition hd, string res) {
  hd.getRouteHandler() instanceof Connect::RouteHandler and res = hd.getAHeaderName()
@@ -34,17 +36,19 @@ query predicate test_HeaderDefinition_getAHeaderName(HTTP::HeaderDefinition hd,

 query predicate test_ServerDefinition(Connect::ServerDefinition s) { any() }

-query predicate test_RouteHandler_getAResponseExpr(Connect::RouteHandler rh, HTTP::ResponseExpr res) {
-  res = rh.getAResponseExpr()
+query predicate test_RouteHandler_getAResponseExpr(Connect::RouteHandler rh, HTTP::ResponseNode res) {
+  res = rh.getAResponseNode()
 }

 query predicate test_RouteSetup_getARouteHandler(Connect::RouteSetup r, DataFlow::SourceNode res) {
  res = r.getARouteHandler()
 }

-query predicate test_RouteHandler(Connect::RouteHandler rh, Expr res) { res = rh.getServer() }
+query predicate test_RouteHandler(Connect::RouteHandler rh, DataFlow::Node res) {
+  res = rh.getServer()
+}

-query predicate test_RequestExpr(HTTP::RequestExpr e, HTTP::RouteHandler res) {
+query predicate test_RequestExpr(HTTP::RequestNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }

@@ -52,6 +56,6 @@ query predicate test_Credentials(Connect::Credentials cr, string res) {
  res = cr.getCredentialsKind()
 }

-query predicate test_RouteHandler_getARequestExpr(Connect::RouteHandler rh, HTTP::RequestExpr res) {
-  res = rh.getARequestExpr()
+query predicate test_RouteHandler_getARequestExpr(Connect::RouteHandler rh, HTTP::RequestNode res) {
+  res = rh.getARequestNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/fastify/RouteHandler.qll
+++ b/javascript/ql/test/library-tests/frameworks/fastify/RouteHandler.qll
@@ -1,3 +1,5 @@
 import javascript

-query predicate test_RouteHandler(Fastify::RouteHandler rh, Expr res) { res = rh.getServer() }
+query predicate test_RouteHandler(Fastify::RouteHandler rh, DataFlow::Node res) {
+  res = rh.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/fastify/RouteHandler_getARequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/fastify/RouteHandler_getARequestExpr.qll
@@ -1,5 +1,5 @@
 import semmle.javascript.frameworks.Express

-query predicate test_RouteHandler_getARequestExpr(Fastify::RouteHandler rh, HTTP::RequestExpr res) {
-  res = rh.getARequestExpr()
+query predicate test_RouteHandler_getARequestExpr(Fastify::RouteHandler rh, HTTP::RequestNode res) {
+  res = rh.getARequestNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/fastify/RouteSetup_getServer.qll
+++ b/javascript/ql/test/library-tests/frameworks/fastify/RouteSetup_getServer.qll
@@ -1,3 +1,5 @@
 import javascript

-query predicate test_RouteSetup_getServer(Fastify::RouteSetup rs, Expr res) { res = rs.getServer() }
+query predicate test_RouteSetup_getServer(Fastify::RouteSetup rs, DataFlow::Node res) {
+  res = rs.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/fastify/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/fastify/tests.expected
@@ -97,23 +97,28 @@ test_RouteHandler_getARequestExpr
 | src/fastify.js:20:26:20:47 | (reques ... ) => {} | src/fastify.js:20:27:20:33 | request |
 | src/fastify.js:26:17:28:3 | (reques ... nse\\n  } | src/fastify.js:26:18:26:24 | request |
 | src/fastify.js:34:17:46:3 | functio ... eam\\n  } | src/fastify.js:34:26:34:32 | request |
+| src/fastify.js:34:17:46:3 | functio ... eam\\n  } | src/fastify.js:34:26:34:32 | request |
 | src/fastify.js:34:17:46:3 | functio ... eam\\n  } | src/fastify.js:36:5:36:11 | request |
 | src/fastify.js:34:17:46:3 | functio ... eam\\n  } | src/fastify.js:37:5:37:11 | request |
 | src/fastify.js:34:17:46:3 | functio ... eam\\n  } | src/fastify.js:38:5:38:11 | request |
 | src/fastify.js:34:17:46:3 | functio ... eam\\n  } | src/fastify.js:39:5:39:11 | request |
 | src/fastify.js:54:17:58:3 | functio ... ms;\\n  } | src/fastify.js:54:26:54:32 | request |
+| src/fastify.js:54:17:58:3 | functio ... ms;\\n  } | src/fastify.js:54:26:54:32 | request |
 | src/fastify.js:54:17:58:3 | functio ... ms;\\n  } | src/fastify.js:55:5:55:11 | request |
 | src/fastify.js:54:17:58:3 | functio ... ms;\\n  } | src/fastify.js:56:5:56:11 | request |
 | src/fastify.js:54:17:58:3 | functio ... ms;\\n  } | src/fastify.js:57:5:57:11 | request |
 | src/fastify.js:65:17:69:3 | functio ... ms;\\n  } | src/fastify.js:65:26:65:32 | request |
+| src/fastify.js:65:17:69:3 | functio ... ms;\\n  } | src/fastify.js:65:26:65:32 | request |
 | src/fastify.js:65:17:69:3 | functio ... ms;\\n  } | src/fastify.js:66:5:66:11 | request |
 | src/fastify.js:65:17:69:3 | functio ... ms;\\n  } | src/fastify.js:67:5:67:11 | request |
 | src/fastify.js:65:17:69:3 | functio ... ms;\\n  } | src/fastify.js:68:5:68:11 | request |
 | src/fastify.js:76:17:80:3 | functio ... ms;\\n  } | src/fastify.js:76:26:76:32 | request |
+| src/fastify.js:76:17:80:3 | functio ... ms;\\n  } | src/fastify.js:76:26:76:32 | request |
 | src/fastify.js:76:17:80:3 | functio ... ms;\\n  } | src/fastify.js:77:5:77:11 | request |
 | src/fastify.js:76:17:80:3 | functio ... ms;\\n  } | src/fastify.js:78:5:78:11 | request |
 | src/fastify.js:76:17:80:3 | functio ... ms;\\n  } | src/fastify.js:79:5:79:11 | request |
 | src/fastify.js:87:17:91:3 | functio ... ms;\\n  } | src/fastify.js:87:26:87:32 | request |
+| src/fastify.js:87:17:91:3 | functio ... ms;\\n  } | src/fastify.js:87:26:87:32 | request |
 | src/fastify.js:87:17:91:3 | functio ... ms;\\n  } | src/fastify.js:88:5:88:11 | request |
 | src/fastify.js:87:17:91:3 | functio ... ms;\\n  } | src/fastify.js:89:5:89:11 | request |
 | src/fastify.js:87:17:91:3 | functio ... ms;\\n  } | src/fastify.js:90:5:90:11 | request |
--- a/javascript/ql/test/library-tests/frameworks/hapi/RequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/hapi/RequestExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RequestExpr(Hapi::RequestExpr e, HTTP::RouteHandler res) {
+query predicate test_RequestExpr(Hapi::RequestNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }
--- a/javascript/ql/test/library-tests/frameworks/hapi/ResponseExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/hapi/ResponseExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_ResponseExpr(Hapi::ResponseExpr e, HTTP::RouteHandler res) {
+query predicate test_ResponseExpr(Hapi::ResponseNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }
--- a/javascript/ql/test/library-tests/frameworks/hapi/RouteHandler.qll
+++ b/javascript/ql/test/library-tests/frameworks/hapi/RouteHandler.qll
@@ -1,3 +1,5 @@
 import javascript

-query predicate test_RouteHandler(Hapi::RouteHandler rh, Expr res) { res = rh.getServer() }
+query predicate test_RouteHandler(Hapi::RouteHandler rh, DataFlow::Node res) {
+  res = rh.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/hapi/RouteHandler_getARequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/hapi/RouteHandler_getARequestExpr.qll
@@ -1,5 +1,5 @@
 import semmle.javascript.frameworks.Express

-query predicate test_RouteHandler_getARequestExpr(Hapi::RouteHandler rh, HTTP::RequestExpr res) {
-  res = rh.getARequestExpr()
+query predicate test_RouteHandler_getARequestExpr(Hapi::RouteHandler rh, HTTP::RequestNode res) {
+  res = rh.getARequestNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/hapi/RouteSetup_getServer.qll
+++ b/javascript/ql/test/library-tests/frameworks/hapi/RouteSetup_getServer.qll
@@ -1,3 +1,5 @@
 import javascript

-query predicate test_RouteSetup_getServer(Hapi::RouteSetup rs, Expr res) { res = rs.getServer() }
+query predicate test_RouteSetup_getServer(Hapi::RouteSetup rs, DataFlow::Node res) {
+  res = rs.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/hapi/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/hapi/tests.expected
@@ -48,9 +48,11 @@ test_RouteHandler
 | src/hapi.js:34:12:34:30 | function (req, h){} | src/hapi.js:4:15:4:31 | new Hapi.Server() |
 test_RequestExpr
 | src/hapi.js:13:32:13:38 | request | src/hapi.js:13:14:15:5 | functio ... n\\n    } |
+| src/hapi.js:13:32:13:38 | request | src/hapi.js:13:14:15:5 | functio ... n\\n    } |
 | src/hapi.js:14:9:14:15 | request | src/hapi.js:13:14:15:5 | functio ... n\\n    } |
 | src/hapi.js:17:48:17:54 | request | src/hapi.js:17:30:18:1 | functio ... ndler\\n} |
 | src/hapi.js:20:19:20:25 | request | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
+| src/hapi.js:20:19:20:25 | request | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
 | src/hapi.js:21:3:21:9 | request | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
 | src/hapi.js:22:3:22:9 | request | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
 | src/hapi.js:23:3:23:9 | request | src/hapi.js:20:1:27:1 | functio ... oken;\\n} |
@@ -60,9 +62,11 @@ test_RequestExpr
 | src/hapi.js:34:22:34:24 | req | src/hapi.js:34:12:34:30 | function (req, h){} |
 test_RouteHandler_getARequestExpr
 | src/hapi.js:13:14:15:5 | functio ... n\\n    } | src/hapi.js:13:32:13:38 | request |
+| src/hapi.js:13:14:15:5 | functio ... n\\n    } | src/hapi.js:13:32:13:38 | request |
 | src/hapi.js:13:14:15:5 | functio ... n\\n    } | src/hapi.js:14:9:14:15 | request |
 | src/hapi.js:17:30:18:1 | functio ... ndler\\n} | src/hapi.js:17:48:17:54 | request |
 | src/hapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapi.js:20:19:20:25 | request |
+| src/hapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapi.js:20:19:20:25 | request |
 | src/hapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapi.js:21:3:21:9 | request |
 | src/hapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapi.js:22:3:22:9 | request |
 | src/hapi.js:20:1:27:1 | functio ... oken;\\n} | src/hapi.js:23:3:23:9 | request |
--- a/javascript/ql/test/library-tests/frameworks/koa/ContextExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/koa/ContextExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_ContextExpr(Koa::ContextExpr e, Koa::RouteHandler res) {
+query predicate test_ContextExpr(Koa::ContextNode e, Koa::RouteHandler res) {
  res = e.getRouteHandler()
 }
--- a/javascript/ql/test/library-tests/frameworks/koa/RedirectInvocation.qll
+++ b/javascript/ql/test/library-tests/frameworks/koa/RedirectInvocation.qll
@@ -1,7 +1,7 @@
 import javascript

 query predicate test_RedirectInvocation(
-  HTTP::RedirectInvocation redirect, Expr url, HTTP::RouteHandler rh
+  HTTP::RedirectInvocation redirect, DataFlow::Node url, HTTP::RouteHandler rh
 ) {
  redirect.getUrlArgument() = url and
  redirect.getRouteHandler() = rh
--- a/javascript/ql/test/library-tests/frameworks/koa/RequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/koa/RequestExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RequestExpr(Koa::RequestExpr e, HTTP::RouteHandler res) {
+query predicate test_RequestExpr(Koa::RequestNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }
--- a/javascript/ql/test/library-tests/frameworks/koa/ResponseExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/koa/ResponseExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_ResponseExpr(Koa::ResponseExpr e, HTTP::RouteHandler res) {
+query predicate test_ResponseExpr(Koa::ResponseNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }
--- a/javascript/ql/test/library-tests/frameworks/koa/RouteHandler.qll
+++ b/javascript/ql/test/library-tests/frameworks/koa/RouteHandler.qll
@@ -1,3 +1,3 @@
 import javascript

-query predicate test_RouteHandler(Koa::RouteHandler rh, Expr res) { res = rh.getServer() }
+query predicate test_RouteHandler(Koa::RouteHandler rh, DataFlow::Node res) { res = rh.getServer() }
--- a/javascript/ql/test/library-tests/frameworks/koa/RouteHandler_getAContextExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/koa/RouteHandler_getAContextExpr.qll
@@ -1,5 +1,5 @@
 import semmle.javascript.frameworks.Express

-query predicate test_RouteHandler_getAContextExpr(Koa::RouteHandler rh, Expr res) {
-  res = rh.getAContextExpr()
+query predicate test_RouteHandler_getAContextExpr(Koa::RouteHandler rh, DataFlow::Node res) {
+  res = rh.getAContextNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/koa/RouteHandler_getARequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/koa/RouteHandler_getARequestExpr.qll
@@ -1,5 +1,5 @@
 import semmle.javascript.frameworks.Express

-query predicate test_RouteHandler_getARequestExpr(Koa::RouteHandler rh, HTTP::RequestExpr res) {
-  res = rh.getARequestExpr()
+query predicate test_RouteHandler_getARequestExpr(Koa::RouteHandler rh, HTTP::RequestNode res) {
+  res = rh.getARequestNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/koa/RouteHandler_getAResponseExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/koa/RouteHandler_getAResponseExpr.qll
@@ -1,5 +1,5 @@
 import semmle.javascript.frameworks.Express

-query predicate test_RouteHandler_getAResponseExpr(Koa::RouteHandler rh, HTTP::ResponseExpr res) {
-  res = rh.getAResponseExpr()
+query predicate test_RouteHandler_getAResponseExpr(Koa::RouteHandler rh, HTTP::ResponseNode res) {
+  res = rh.getAResponseNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/koa/RouteSetup_getServer.qll
+++ b/javascript/ql/test/library-tests/frameworks/koa/RouteSetup_getServer.qll
@@ -1,3 +1,5 @@
 import javascript

-query predicate test_RouteSetup_getServer(Koa::RouteSetup rs, Expr res) { res = rs.getServer() }
+query predicate test_RouteSetup_getServer(Koa::RouteSetup rs, DataFlow::Node res) {
+  res = rs.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/koa/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/koa/tests.expected
@@ -41,11 +41,15 @@ test_HeaderDefinition_defines
 test_ResponseExpr
 | src/koa.js:12:3:12:15 | this.response | src/koa.js:10:10:28:1 | functio ... az');\\n} |
 | src/koa.js:14:3:14:14 | ctx.response | src/koa.js:10:10:28:1 | functio ... az');\\n} |
+| src/koa.js:15:7:15:24 | rsp | src/koa.js:10:10:28:1 | functio ... az');\\n} |
 | src/koa.js:15:13:15:24 | ctx.response | src/koa.js:10:10:28:1 | functio ... az');\\n} |
 | src/koa.js:16:3:16:5 | rsp | src/koa.js:10:10:28:1 | functio ... az');\\n} |
 | src/koa.js:18:3:18:14 | ctx.response | src/koa.js:10:10:28:1 | functio ... az');\\n} |
 | src/koa.js:44:2:44:13 | ctx.response | src/koa.js:30:10:45:1 | async c ... url);\\n} |
 test_RouteHandler_getAContextExpr
+| src/koa.js:7:1:7:22 | functio ... r1() {} | src/koa.js:7:1:7:0 | this |
+| src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:10:10:10:9 | this |
+| src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:10:28:10:30 | ctx |
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:10:28:10:30 | ctx |
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:11:3:11:6 | this |
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:12:3:12:6 | this |
@@ -63,6 +67,7 @@ test_RouteHandler_getAContextExpr
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:26:3:26:5 | ctx |
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:27:3:27:5 | ctx |
 | src/koa.js:30:10:45:1 | async c ... url);\\n} | src/koa.js:30:16:30:18 | ctx |
+| src/koa.js:30:10:45:1 | async c ... url);\\n} | src/koa.js:30:16:30:18 | ctx |
 | src/koa.js:30:10:45:1 | async c ... url);\\n} | src/koa.js:31:2:31:4 | ctx |
 | src/koa.js:30:10:45:1 | async c ... url);\\n} | src/koa.js:32:2:32:4 | ctx |
 | src/koa.js:30:10:45:1 | async c ... url);\\n} | src/koa.js:33:2:33:4 | ctx |
@@ -77,9 +82,11 @@ test_RouteHandler_getAContextExpr
 | src/koa.js:30:10:45:1 | async c ... url);\\n} | src/koa.js:43:2:43:4 | ctx |
 | src/koa.js:30:10:45:1 | async c ... url);\\n} | src/koa.js:44:2:44:4 | ctx |
 | src/koa.js:47:10:56:1 | async c ... .foo;\\n} | src/koa.js:47:16:47:18 | ctx |
+| src/koa.js:47:10:56:1 | async c ... .foo;\\n} | src/koa.js:47:16:47:18 | ctx |
 | src/koa.js:47:10:56:1 | async c ... .foo;\\n} | src/koa.js:48:16:48:18 | ctx |
 | src/koa.js:47:10:56:1 | async c ... .foo;\\n} | src/koa.js:51:14:51:16 | ctx |
 | src/koa.js:47:10:56:1 | async c ... .foo;\\n} | src/koa.js:54:16:54:18 | ctx |
+| src/koa.js:59:10:61:1 | functio ... .url;\\n} | src/koa.js:59:10:59:9 | this |
 | src/koa.js:59:10:61:1 | functio ... .url;\\n} | src/koa.js:60:2:60:5 | this |
 test_HeaderDefinition
 | src/koa.js:11:3:11:25 | this.se ... 1', '') | src/koa.js:10:10:28:1 | functio ... az');\\n} |
@@ -111,6 +118,7 @@ test_HeaderAccess
 test_RouteHandler_getAResponseExpr
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:12:3:12:15 | this.response |
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:14:3:14:14 | ctx.response |
+| src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:15:7:15:24 | rsp |
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:15:13:15:24 | ctx.response |
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:16:3:16:5 | rsp |
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:18:3:18:14 | ctx.response |
@@ -155,6 +163,9 @@ test_RouteHandler_getARequestExpr
 | src/koa.js:10:10:28:1 | functio ... az');\\n} | src/koa.js:26:3:26:13 | ctx.request |
 | src/koa.js:59:10:61:1 | functio ... .url;\\n} | src/koa.js:60:2:60:13 | this.request |
 test_ContextExpr
+| src/koa.js:7:1:7:0 | this | src/koa.js:7:1:7:22 | functio ... r1() {} |
+| src/koa.js:10:10:10:9 | this | src/koa.js:10:10:28:1 | functio ... az');\\n} |
+| src/koa.js:10:28:10:30 | ctx | src/koa.js:10:10:28:1 | functio ... az');\\n} |
 | src/koa.js:10:28:10:30 | ctx | src/koa.js:10:10:28:1 | functio ... az');\\n} |
 | src/koa.js:11:3:11:6 | this | src/koa.js:10:10:28:1 | functio ... az');\\n} |
 | src/koa.js:12:3:12:6 | this | src/koa.js:10:10:28:1 | functio ... az');\\n} |
@@ -172,6 +183,7 @@ test_ContextExpr
 | src/koa.js:26:3:26:5 | ctx | src/koa.js:10:10:28:1 | functio ... az');\\n} |
 | src/koa.js:27:3:27:5 | ctx | src/koa.js:10:10:28:1 | functio ... az');\\n} |
 | src/koa.js:30:16:30:18 | ctx | src/koa.js:30:10:45:1 | async c ... url);\\n} |
+| src/koa.js:30:16:30:18 | ctx | src/koa.js:30:10:45:1 | async c ... url);\\n} |
 | src/koa.js:31:2:31:4 | ctx | src/koa.js:30:10:45:1 | async c ... url);\\n} |
 | src/koa.js:32:2:32:4 | ctx | src/koa.js:30:10:45:1 | async c ... url);\\n} |
 | src/koa.js:33:2:33:4 | ctx | src/koa.js:30:10:45:1 | async c ... url);\\n} |
@@ -186,9 +198,11 @@ test_ContextExpr
 | src/koa.js:43:2:43:4 | ctx | src/koa.js:30:10:45:1 | async c ... url);\\n} |
 | src/koa.js:44:2:44:4 | ctx | src/koa.js:30:10:45:1 | async c ... url);\\n} |
 | src/koa.js:47:16:47:18 | ctx | src/koa.js:47:10:56:1 | async c ... .foo;\\n} |
+| src/koa.js:47:16:47:18 | ctx | src/koa.js:47:10:56:1 | async c ... .foo;\\n} |
 | src/koa.js:48:16:48:18 | ctx | src/koa.js:47:10:56:1 | async c ... .foo;\\n} |
 | src/koa.js:51:14:51:16 | ctx | src/koa.js:47:10:56:1 | async c ... .foo;\\n} |
 | src/koa.js:54:16:54:18 | ctx | src/koa.js:47:10:56:1 | async c ... .foo;\\n} |
+| src/koa.js:59:10:59:9 | this | src/koa.js:59:10:61:1 | functio ... .url;\\n} |
 | src/koa.js:60:2:60:5 | this | src/koa.js:59:10:61:1 | functio ... .url;\\n} |
 test_RedirectInvocation
 | src/koa.js:43:2:43:18 | ctx.redirect(url) | src/koa.js:43:15:43:17 | url | src/koa.js:30:10:45:1 | async c ... url);\\n} |
--- a/javascript/ql/test/library-tests/frameworks/restify/RequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/restify/RequestExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_RequestExpr(Restify::RequestExpr e, HTTP::RouteHandler res) {
+query predicate test_RequestExpr(Restify::RequestNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }
--- a/javascript/ql/test/library-tests/frameworks/restify/ResponseExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/restify/ResponseExpr.qll
@@ -1,5 +1,5 @@
 import javascript

-query predicate test_ResponseExpr(Restify::ResponseExpr e, HTTP::RouteHandler res) {
+query predicate test_ResponseExpr(Restify::ResponseNode e, HTTP::RouteHandler res) {
  res = e.getRouteHandler()
 }
--- a/javascript/ql/test/library-tests/frameworks/restify/RouteHandler.qll
+++ b/javascript/ql/test/library-tests/frameworks/restify/RouteHandler.qll
@@ -1,3 +1,5 @@
 import javascript

-query predicate test_RouteHandler(Restify::RouteHandler rh, Expr res) { res = rh.getServer() }
+query predicate test_RouteHandler(Restify::RouteHandler rh, DataFlow::Node res) {
+  res = rh.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/restify/RouteHandler_getARequestExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/restify/RouteHandler_getARequestExpr.qll
@@ -1,5 +1,5 @@
 import semmle.javascript.frameworks.Express

-query predicate test_RouteHandler_getARequestExpr(Restify::RouteHandler rh, HTTP::RequestExpr res) {
-  res = rh.getARequestExpr()
+query predicate test_RouteHandler_getARequestExpr(Restify::RouteHandler rh, HTTP::RequestNode res) {
+  res = rh.getARequestNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/restify/RouteHandler_getAResponseExpr.qll
+++ b/javascript/ql/test/library-tests/frameworks/restify/RouteHandler_getAResponseExpr.qll
@@ -1,5 +1,5 @@
 import semmle.javascript.frameworks.Express

-query predicate test_RouteHandler_getAResponseExpr(Restify::RouteHandler rh, HTTP::ResponseExpr res) {
-  res = rh.getAResponseExpr()
+query predicate test_RouteHandler_getAResponseExpr(Restify::RouteHandler rh, HTTP::ResponseNode res) {
+  res = rh.getAResponseNode()
 }
--- a/javascript/ql/test/library-tests/frameworks/restify/RouteSetup_getServer.qll
+++ b/javascript/ql/test/library-tests/frameworks/restify/RouteSetup_getServer.qll
@@ -1,3 +1,5 @@
 import javascript

-query predicate test_RouteSetup_getServer(Restify::RouteSetup rs, Expr res) { res = rs.getServer() }
+query predicate test_RouteSetup_getServer(Restify::RouteSetup rs, DataFlow::Node res) {
+  res = rs.getServer()
+}
--- a/javascript/ql/test/library-tests/frameworks/restify/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/restify/tests.expected
@@ -18,8 +18,10 @@ test_HeaderDefinition_defines
 | src/test.js:13:5:13:37 | respons ... 2', '') | header2 |  |
 test_ResponseExpr
 | src/test.js:9:46:9:53 | response | src/test.js:9:19:11:1 | functio ... ition\\n} |
+| src/test.js:9:46:9:53 | response | src/test.js:9:19:11:1 | functio ... ition\\n} |
 | src/test.js:10:5:10:12 | response | src/test.js:9:19:11:1 | functio ... ition\\n} |
 | src/test.js:12:46:12:53 | response | src/test.js:12:19:22:1 | functio ... okie;\\n} |
+| src/test.js:12:46:12:53 | response | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 | src/test.js:13:5:13:12 | response | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 test_HeaderDefinition
 | src/test.js:10:5:10:34 | respons ... 1', '') | src/test.js:9:19:11:1 | functio ... ition\\n} |
@@ -36,8 +38,10 @@ test_ServerDefinition
 | src/test.js:4:15:4:36 | restify ... erver() |
 test_RouteHandler_getAResponseExpr
 | src/test.js:9:19:11:1 | functio ... ition\\n} | src/test.js:9:46:9:53 | response |
+| src/test.js:9:19:11:1 | functio ... ition\\n} | src/test.js:9:46:9:53 | response |
 | src/test.js:9:19:11:1 | functio ... ition\\n} | src/test.js:10:5:10:12 | response |
 | src/test.js:12:19:22:1 | functio ... okie;\\n} | src/test.js:12:46:12:53 | response |
+| src/test.js:12:19:22:1 | functio ... okie;\\n} | src/test.js:12:46:12:53 | response |
 | src/test.js:12:19:22:1 | functio ... okie;\\n} | src/test.js:13:5:13:12 | response |
 test_RouteSetup_getARouteHandler
 | src/test.js:7:1:7:26 | server2 ... ndler1) | src/test.js:6:1:6:21 | functio ... er1(){} |
@@ -50,6 +54,7 @@ test_RouteHandler
 test_RequestExpr
 | src/test.js:9:37:9:43 | request | src/test.js:9:19:11:1 | functio ... ition\\n} |
 | src/test.js:12:37:12:43 | request | src/test.js:12:19:22:1 | functio ... okie;\\n} |
+| src/test.js:12:37:12:43 | request | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 | src/test.js:14:5:14:11 | request | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 | src/test.js:15:5:15:11 | request | src/test.js:12:19:22:1 | functio ... okie;\\n} |
 | src/test.js:16:5:16:11 | request | src/test.js:12:19:22:1 | functio ... okie;\\n} |
@@ -61,6 +66,7 @@ test_RequestExpr
 test_RouteHandler_getARequestExpr
 | src/test.js:9:19:11:1 | functio ... ition\\n} | src/test.js:9:37:9:43 | request |
 | src/test.js:12:19:22:1 | functio ... okie;\\n} | src/test.js:12:37:12:43 | request |
+| src/test.js:12:19:22:1 | functio ... okie;\\n} | src/test.js:12:37:12:43 | request |
 | src/test.js:12:19:22:1 | functio ... okie;\\n} | src/test.js:14:5:14:11 | request |
 | src/test.js:12:19:22:1 | functio ... okie;\\n} | src/test.js:15:5:15:11 | request |
 | src/test.js:12:19:22:1 | functio ... okie;\\n} | src/test.js:16:5:16:11 | request |
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
@@ -116,6 +116,11 @@ nodes
 | classnames.js:15:47:15:63 | clsx(window.name) |
 | classnames.js:15:52:15:62 | window.name |
 | classnames.js:15:52:15:62 | window.name |
+| classnames.js:17:32:17:79 | `<span  ... <span>` |
+| classnames.js:17:32:17:79 | `<span  ... <span>` |
+| classnames.js:17:48:17:64 | clsx(window.name) |
+| classnames.js:17:53:17:63 | window.name |
+| classnames.js:17:53:17:63 | window.name |
 | clipboard.ts:8:11:8:51 | html |
 | clipboard.ts:8:11:8:51 | html |
 | clipboard.ts:8:18:8:51 | clipboa ... /html') |
@@ -1187,6 +1192,10 @@ edges
 | classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `<span  ... <span>` |
 | classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) |
 | classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) |
+| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `<span  ... <span>` |
+| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `<span  ... <span>` |
+| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) |
+| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) |
 | clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
 | clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
 | clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
@@ -2182,6 +2191,7 @@ edges
 | classnames.js:11:31:11:79 | `<span  ... <span>` | classnames.js:10:45:10:55 | window.name | classnames.js:11:31:11:79 | `<span  ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:10:45:10:55 | window.name | user-provided value |
 | classnames.js:13:31:13:83 | `<span  ... <span>` | classnames.js:13:57:13:67 | window.name | classnames.js:13:31:13:83 | `<span  ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:13:57:13:67 | window.name | user-provided value |
 | classnames.js:15:31:15:78 | `<span  ... <span>` | classnames.js:15:52:15:62 | window.name | classnames.js:15:31:15:78 | `<span  ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:15:52:15:62 | window.name | user-provided value |
+| classnames.js:17:32:17:79 | `<span  ... <span>` | classnames.js:17:53:17:63 | window.name | classnames.js:17:32:17:79 | `<span  ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:17:53:17:63 | window.name | user-provided value |
 | clipboard.ts:15:25:15:28 | html | clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:15:25:15:28 | html | Cross-site scripting vulnerability due to $@. | clipboard.ts:8:18:8:51 | clipboa ... /html') | user-provided value |
 | clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | Cross-site scripting vulnerability due to $@. | clipboard.ts:24:23:24:58 | e.clipb ... /html') | user-provided value |
 | clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | Cross-site scripting vulnerability due to $@. | clipboard.ts:29:19:29:54 | e.clipb ... /html') | user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
@@ -116,6 +116,11 @@ nodes
 | classnames.js:15:47:15:63 | clsx(window.name) |
 | classnames.js:15:52:15:62 | window.name |
 | classnames.js:15:52:15:62 | window.name |
+| classnames.js:17:32:17:79 | `<span  ... <span>` |
+| classnames.js:17:32:17:79 | `<span  ... <span>` |
+| classnames.js:17:48:17:64 | clsx(window.name) |
+| classnames.js:17:53:17:63 | window.name |
+| classnames.js:17:53:17:63 | window.name |
 | clipboard.ts:8:11:8:51 | html |
 | clipboard.ts:8:11:8:51 | html |
 | clipboard.ts:8:18:8:51 | clipboa ... /html') |
@@ -1237,6 +1242,10 @@ edges
 | classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `<span  ... <span>` |
 | classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) |
 | classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) |
+| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `<span  ... <span>` |
+| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `<span  ... <span>` |
+| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) |
+| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) |
 | clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
 | clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
 | clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/classnames.js
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/classnames.js
@@ -13,4 +13,6 @@ function main() {
    document.body.innerHTML = `<span class="${safeStyle(window.name)}">Hello<span>`; // NOT OK
    document.body.innerHTML = `<span class="${safeStyle('foo')}">Hello<span>`; // OK
    document.body.innerHTML = `<span class="${clsx(window.name)}">Hello<span>`; // NOT OK
+
+    document.body.innerHTML += `<span class="${clsx(window.name)}">Hello<span>`; // NOT OK
 }
--- a/javascript/ql/test/tutorials/Introducing
+++ b/javascript/ql/test/tutorials/Introducing
@@ -1,5 +1,5 @@
 import javascript

 query predicate test_query20(SQL::SqlString ss, string res) {
-  ss instanceof AddExpr and res = "Use templating instead of string concatenation."
+  ss.asExpr() instanceof AddExpr and res = "Use templating instead of string concatenation."
 }