From 11c71fdd18ae4e031b789ececc29ea4152290fac Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 14 Nov 2023 00:05:00 +0100 Subject: [PATCH 1/6] Python: remove EssaNodes This commit removes SSA nodes from the data flow graph. Specifically, for a definition and use such as ```python x = expr y = x + 2 ``` we used to have flow from `expr` to an SSA variable representing x and from that SSA variable to the use of `x` in the definition of `y`. Now we instead have flow from `expr` to the control flow node for `x` at line 1 and from there to the control flow node for `x` at line 2. Specific changes: - `EssaNode` from the data flow layer no longer exists. - Several glue steps between `EssaNode`s and `CfgNode`s have been deleted. - Entry nodes are now admitted as `CfgNodes` in the data flow layer (they were filtered out before). - Entry nodes now have a new `toString` taking into account that the module name may be ambigous. - Some tests have been rewritten to accomodate the changes, but only `python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll` should have semantic changes. - Comments have been updated - Test output has been updated, but apart from `python/ql/test/experimental/dataflow/basic/maximalFlows.expected` only `python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py` should have a semantic change. This is a bonus fix, probably meaning that something was never connected up correctly. --- python/ql/lib/semmle/python/Flow.qll | 5 +- .../dataflow/new/internal/DataFlowPrivate.qll | 70 ++--- .../dataflow/new/internal/DataFlowPublic.qll | 30 +- .../new/internal/ImportResolution.qll | 12 +- .../new/internal/IterableUnpacking.qll | 19 +- .../dataflow/new/internal/LocalSources.qll | 4 +- .../dataflow/new/internal/MatchUnpacking.qll | 15 +- .../new/internal/TaintTrackingPrivate.qll | 4 +- .../new/internal/TypeTrackerSpecific.qll | 19 +- .../lib/semmle/python/frameworks/Django.qll | 2 +- .../security/dataflow/ExceptionInfo.qll | 4 +- .../dataflow/basic/global.expected | 83 +++-- .../dataflow/basic/globalStep.expected | 76 ++--- .../dataflow/basic/local.expected | 46 +-- .../dataflow/basic/localStep.expected | 21 +- .../dataflow/basic/maximalFlows.expected | 15 +- .../dataflow/basic/maximalFlowsConfig.qll | 7 +- .../dataflow/basic/sinks.expected | 12 +- .../dataflow/basic/sources.expected | 12 +- .../test/experimental/dataflow/basic/test.py | 12 +- .../dataflow/coverage-py3/classes.py | 4 +- .../dataflow/coverage/argumentRoutingTest.ql | 6 +- .../experimental/dataflow/coverage/classes.py | 216 ++++++------- .../dataflow/coverage/localFlow.expected | 33 +- .../EnclosingCallable.expected | 3 + .../dataflow/import-star/global.expected | 18 ++ .../module-initialization/localFlow.ql | 5 +- .../module-initialization/multiphase.py | 22 +- .../strange-essaflow/testFlow.expected | 4 +- .../dataflow/strange-essaflow/testFlow.ql | 28 +- .../dataflow/summaries/summaries.expected | 60 ++-- .../basic/LocalTaintStep.expected | 10 +- .../typetracking-summaries/summaries.py | 4 +- .../dataflow/typetracking/moduleattr.expected | 8 +- .../dataflow/typetracking/tracked.ql | 3 +- .../import-resolution/ModuleExport.expected | 126 ++++---- .../Security/CWE-022-TarSlip/TarSlip.expected | 230 +++++++------- .../Security/CWE-022-TarSlip/ZipSlip.expected | 50 +-- .../UnsafeUnpack.expected | 110 +++---- .../TemplateInjection.expected | 84 ++--- .../Security/CWE-079/EmailXss.expected | 62 ++-- .../XsltInjection.expected | 96 +++--- .../Security/CWE-113/HeaderInjection.expected | 48 +-- .../Security/CWE-1236/CsvInjection.expected | 22 +- .../CWE-176/UnicodeBypassValidation.expected | 20 +- .../PossibleTimingAttackAgainstHash.expected | 6 +- ...eTimingAttackAgainstSensitiveInfo.expected | 3 + .../ConstantSecretKey.expected | 24 +- ...sageOfClientSideEncryptionVersion.expected | 58 ++-- ...ientSuppliedIpUsedInSecurityCheck.expected | 18 +- .../CWE-522/LdapInsecureAuth.expected | 30 +- .../Security/CWE-614/CookieInjection.expected | 12 +- .../PointsTo/new/ImpliesDataflow.expected | 17 + .../django-orm/ReflectedXss.expected | 58 ++-- .../PoorMansFunctionResolutionTest.ql | 4 + .../modeling-example/NaiveModel.expected | 30 +- .../modeling-example/ProperModel.expected | 72 ++--- .../UntrustedDataToExternalAPI.expected | 56 ++-- .../PathInjection.expected | 232 +++++++------- .../Security/CWE-022-TarSlip/TarSlip.expected | 42 +-- .../CommandInjection.expected | 28 +- .../CommandInjection.expected | 78 ++--- .../ReflectedXss.expected | 28 +- .../LdapInjection.expected | 156 +++++----- .../CodeInjection.expected | 28 +- .../LogInjection.expected | 36 +-- .../StackTraceExposure.expected | 24 +- .../PamAuthorization.expected | 12 +- .../CleartextLogging.expected | 26 +- .../CleartextStorage.expected | 10 +- .../CleartextStorage.expected | 24 +- .../WeakSensitiveDataHashing.expected | 64 ++-- .../UnsafeDeserialization.expected | 20 +- .../CWE-601-UrlRedirect/UrlRedirect.expected | 104 +++---- .../Security/CWE-611-Xxe/Xxe.expected | 20 +- .../XpathInjection.expected | 50 +-- .../PolynomialReDoS.expected | 20 +- .../RegexInjection.expected | 28 +- .../Security/CWE-776-XmlBomb/XmlBomb.expected | 12 +- .../HardcodedCredentials.expected | 12 +- .../FullServerSideRequestForgery.expected | 150 ++++----- .../PartialServerSideRequestForgery.expected | 290 +++++++++--------- .../NoSqlInjection.expected | 260 ++++++++-------- 83 files changed, 1924 insertions(+), 1958 deletions(-) diff --git a/python/ql/lib/semmle/python/Flow.qll b/python/ql/lib/semmle/python/Flow.qll index 4a79ead0875..90633651f11 100644 --- a/python/ql/lib/semmle/python/Flow.qll +++ b/python/ql/lib/semmle/python/Flow.qll @@ -126,7 +126,10 @@ class ControlFlowNode extends @py_flow_node { cached string toString() { Stages::AST::ref() and - exists(Scope s | s.getEntryNode() = this | result = "Entry node for " + s.toString()) + // Since modules can have ambigous names, entry nodes can too, if we do not collate them. + exists(Scope s | s.getEntryNode() = this | + result = "Entry node for " + concat( | | s.toString(), ",") + ) or exists(Scope s | s.getANormalExit() = this | result = "Exit node for " + s.toString()) or diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll index 3df487e939a..839f147411e 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll @@ -281,28 +281,33 @@ class DataFlowExpr = Expr; /** * A module to compute local flow. * - * Flow will generally go from control flow nodes into essa variables at definitions, + * Flow will generally go from control flow nodes for expressions into + * control flow nodes for variables at definitions, * and from there via use-use flow to other control flow nodes. * * Some syntaxtic constructs are handled separately. */ module LocalFlow { - /** Holds if `nodeFrom` is the control flow node defining the essa variable `nodeTo`. */ + /** Holds if `nodeFrom` is the expression defining the value for the variable `nodeTo`. */ predicate definitionFlowStep(Node nodeFrom, Node nodeTo) { // Definition // `x = f(42)` - // nodeFrom is `f(42)`, cfg node - // nodeTo is `x`, essa var - nodeFrom.(CfgNode).getNode() = - nodeTo.(EssaNode).getVar().getDefinition().(AssignmentDefinition).getValue() + // nodeFrom is `f(42)` + // nodeTo is `x` + exists(AssignmentDefinition def | + nodeFrom.(CfgNode).getNode() = def.getValue() and + nodeTo.(CfgNode).getNode() = def.getDefiningNode() + ) or // With definition // `with f(42) as x:` - // nodeFrom is `f(42)`, cfg node - // nodeTo is `x`, essa var - exists(With with, ControlFlowNode contextManager, ControlFlowNode var | + // nodeFrom is `f(42)` + // nodeTo is `x` + exists(With with, ControlFlowNode contextManager, WithDefinition withDef, ControlFlowNode var | + var = withDef.getDefiningNode() + | nodeFrom.(CfgNode).getNode() = contextManager and - nodeTo.(EssaNode).getVar().getDefinition().(WithDefinition).getDefiningNode() = var and + nodeTo.(CfgNode).getNode() = var and // see `with_flow` in `python/ql/src/semmle/python/dataflow/Implementation.qll` with.getContextExpr() = contextManager.getNode() and with.getOptionalVars() = var.getNode() and @@ -313,34 +318,6 @@ module LocalFlow { // * `foo = x.foo(); await foo.async_method(); foo.close()` and // * `async with x.foo() as foo: await foo.async_method()`. ) - or - // Async with var definition - // `async with f(42) as x:` - // nodeFrom is `x`, cfg node - // nodeTo is `x`, essa var - // - // This makes the cfg node the local source of the awaited value. - // - // We have this step in addition to the step above, to handle cases where the QL - // modeling of `f(42)` requires a `.getAwaited()` step (in API graphs) when not - // using `async with`, so you can do both: - // * `foo = await x.foo(); await foo.async_method(); foo.close()` and - // * `async with x.foo() as foo: await foo.async_method()`. - exists(With with, ControlFlowNode var | - nodeFrom.(CfgNode).getNode() = var and - nodeTo.(EssaNode).getVar().getDefinition().(WithDefinition).getDefiningNode() = var and - with.getOptionalVars() = var.getNode() and - with.isAsync() - ) - or - // Parameter definition - // `def foo(x):` - // nodeFrom is `x`, cfgNode - // nodeTo is `x`, essa var - exists(ParameterDefinition pd | - nodeFrom.(CfgNode).getNode() = pd.getDefiningNode() and - nodeTo.(EssaNode).getVar() = pd.getVariable() - ) } predicate expressionFlowStep(Node nodeFrom, Node nodeTo) { @@ -372,9 +349,12 @@ module LocalFlow { // First use after definition // `y = 42` // `x = f(y)` - // nodeFrom is `y` on first line, essa var - // nodeTo is `y` on second line, cfg node - defToFirstUse(nodeFrom.asVar(), nodeTo.asCfgNode()) + // nodeFrom is `y` on first line + // nodeTo is `y` on second line + exists(EssaDefinition def | + nodeFrom.(CfgNode).getNode() = def.(EssaNodeDefinition).getDefiningNode() and + AdjacentUses::firstUse(def, nodeTo.(CfgNode).getNode()) + ) or // Next use after use // `x = f(y)` @@ -565,11 +545,7 @@ predicate neverSkipInPathGraph(Node n) { // ``` // we would end up saying that the path MUST not skip the x in `y = x`, which is just // annoying and doesn't help the path explanation become clearer. - n.asVar() instanceof EssaDefinition and - // For a parameter we have flow from ControlFlowNode to SSA node, and then onwards - // with use-use flow, and since the CFN is already part of the path graph, we don't - // want to force showing the SSA node as well. - not n.asVar() instanceof ParameterDefinition + n.asCfgNode() = any(EssaNodeDefinition def).getDefiningNode() } /** @@ -916,7 +892,7 @@ predicate subscriptReadStep(CfgNode nodeFrom, Content c, CfgNode nodeTo) { predicate forReadStep(CfgNode nodeFrom, Content c, Node nodeTo) { exists(ForTarget target | nodeFrom.asExpr() = target.getSource() and - nodeTo.asVar().(EssaNodeDefinition).getDefiningNode() = target + nodeTo.asCfgNode() = target ) and ( c instanceof ListElementContent diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll index e204d0db063..b6c29814eab 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll @@ -23,13 +23,13 @@ private import FlowSummaryImpl as FlowSummaryImpl * The current implementation of these cross flows can be seen in `EssaTaintTracking`. */ newtype TNode = - /** A node corresponding to an SSA variable. */ - TEssaNode(EssaVariable var) or /** A node corresponding to a control flow node. */ TCfgNode(ControlFlowNode node) { isExpressionNode(node) or node.getNode() instanceof Pattern + or + node = any(ScopeEntryDefinition def).getDefiningNode() } or /** * A synthetic node representing the value of an object before a state change. @@ -155,9 +155,6 @@ class Node extends TNode { this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) } - /** Gets the ESSA variable corresponding to this node, if any. */ - EssaVariable asVar() { none() } - /** Gets the control-flow node corresponding to this node, if any. */ ControlFlowNode asCfgNode() { none() } @@ -170,25 +167,6 @@ class Node extends TNode { LocalSourceNode getALocalSource() { result.flowsTo(this) } } -/** A data-flow node corresponding to an SSA variable. */ -class EssaNode extends Node, TEssaNode { - EssaVariable var; - - EssaNode() { this = TEssaNode(var) } - - /** Gets the `EssaVariable` represented by this data-flow node. */ - EssaVariable getVar() { result = var } - - override EssaVariable asVar() { result = var } - - /** Gets a textual representation of this element. */ - override string toString() { result = var.toString() } - - override Scope getScope() { result = var.getScope() } - - override Location getLocation() { result = var.getLocation() } -} - /** A data-flow node corresponding to a control-flow node. */ class CfgNode extends Node, TCfgNode { ControlFlowNode node; @@ -411,8 +389,8 @@ class ModuleVariableNode extends Node, TModuleVariableNode { } /** Gets an `EssaNode` that corresponds to an assignment of this global variable. */ - EssaNode getAWrite() { - result.getVar().getDefinition().(EssaNodeDefinition).definedBy(var, any(DefinitionNode defn)) + Node getAWrite() { + any(EssaNodeDefinition def).definedBy(var, result.asCfgNode().(DefinitionNode)) } /** Gets the possible values of the variable at the end of import time */ diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll b/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll index d7a5d3c2a9d..ebbe2f2d0cb 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll @@ -112,7 +112,7 @@ module ImportResolution { not allowedEssaImportStep(_, firstDef) | not LocalFlow::defToFirstUse(firstDef, _) and - val.asVar() = firstDef + val.asCfgNode() = firstDef.getDefinition().(EssaNodeDefinition).getDefiningNode() or exists(ControlFlowNode mid, ControlFlowNode end | LocalFlow::defToFirstUse(firstDef, mid) and @@ -320,11 +320,11 @@ module ImportResolution { // name as a submodule, we always consider that this attribute _could_ be a // reference to the submodule, even if we don't know that the submodule has been // imported yet. - exists(string submodule, Module package | - submodule = result.asVar().getName() and - SsaSource::init_module_submodule_defn(result.asVar().getSourceVariable(), - package.getEntryNode()) and - m = getModuleFromName(package.getPackageName() + "." + submodule) + exists(string submodule, Module package, EssaVariable var | + submodule = var.getName() and + SsaSource::init_module_submodule_defn(var.getSourceVariable(), package.getEntryNode()) and + m = getModuleFromName(package.getPackageName() + "." + submodule) and + result.asCfgNode() = var.getDefinition().(EssaNodeDefinition).getDefiningNode() ) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll b/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll index 9f4dfed0871..05b08467252 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll @@ -87,13 +87,13 @@ * This is adequate as the route through `TIterableElement(sequence)` does not transfer precise content. * * 5. [Read] Content is read from `sequence` to its elements. - * a) If the element is a plain variable, the target is the corresponding essa node. + * a) If the element is a plain variable, the target is the corresponding control flow node. * * b) If the element is itself a sequence, with control-flow node `seq`, the target is `TIterableSequence(seq)`. * * c) If the element is a starred variable, with control-flow node `v`, the target is `TIterableElement(v)`. * - * 6. [Store] Content is stored from `TIterableElement(v)` to the essa variable for `v`, with + * 6. [Store] Content is stored from `TIterableElement(v)` to the control flow node for variable `v`, with * content type `ListElementContent`. * * 7. [Flow, Read, Store] Steps 2 through 7 are repeated for all recursive elements which are sequences. @@ -313,7 +313,7 @@ predicate iterableUnpackingConvertingStoreStep(Node nodeFrom, Content c, Node no * Step 5 * For a sequence node inside an iterable unpacking, data flows from the sequence to its elements. There are * three cases for what `toNode` should be: - * a) If the element is a plain variable, `toNode` is the corresponding essa node. + * a) If the element is a plain variable, `toNode` is the corresponding control flow node. * * b) If the element is itself a sequence, with control-flow node `seq`, `toNode` is `TIterableSequence(seq)`. * @@ -351,20 +351,25 @@ predicate iterableUnpackingElementReadStep(Node nodeFrom, Content c, Node nodeTo nodeTo = TIterableElementNode(element) else // Step 5a - nodeTo.asVar().getDefinition().(MultiAssignmentDefinition).getDefiningNode() = element + exists(MultiAssignmentDefinition mad | element = mad.getDefiningNode() | + nodeTo.(CfgNode).getNode() = element + ) ) ) } /** * Step 6 - * Data flows from `TIterableElement(v)` to the essa variable for `v`, with + * Data flows from `TIterableElement(v)` to the control flow node for variable `v`, with * content type `ListElementContent`. */ predicate iterableUnpackingStarredElementStoreStep(Node nodeFrom, Content c, Node nodeTo) { - exists(ControlFlowNode starred | starred.getNode() instanceof Starred | + exists(ControlFlowNode starred, MultiAssignmentDefinition mad | + starred.getNode() instanceof Starred and + starred = mad.getDefiningNode() + | nodeFrom = TIterableElementNode(starred) and - nodeTo.asVar().getDefinition().(MultiAssignmentDefinition).getDefiningNode() = starred and + nodeTo.asCfgNode() = starred and c instanceof ListElementContent ) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll b/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll index eeaf0872f6c..d03ea0a877c 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll @@ -71,7 +71,7 @@ class LocalSourceNode extends Node { or // We include all scope entry definitions, as these act as the local source within the scope they // enter. - this.asVar() instanceof ScopeEntryDefinition + this.asCfgNode() = any(ScopeEntryDefinition def).getDefiningNode() } /** Holds if this `LocalSourceNode` can flow to `nodeTo` in one or more local flow steps. */ @@ -165,7 +165,7 @@ class LocalSourceNodeNotModuleVariableNode extends LocalSourceNode { LocalSourceNodeNotModuleVariableNode() { this instanceof ExprNode or - this.asVar() instanceof ScopeEntryDefinition + this.asCfgNode() = any(ScopeEntryDefinition def).getDefiningNode() } } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/MatchUnpacking.qll b/python/ql/lib/semmle/python/dataflow/new/internal/MatchUnpacking.qll index 1447b726f2a..4883dea52d4 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/MatchUnpacking.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/MatchUnpacking.qll @@ -89,8 +89,9 @@ predicate matchAsFlowStep(Node nodeFrom, Node nodeTo) { or // the interior pattern flows to the alias nodeFrom.(CfgNode).getNode().getNode() = subject.getPattern() and - nodeTo.(EssaNode).getVar().getDefinition().(PatternAliasDefinition).getDefiningNode().getNode() = - alias + exists(PatternAliasDefinition pad | pad.getDefiningNode().getNode() = alias | + nodeTo.(CfgNode).getNode() = pad.getDefiningNode() + ) ) } @@ -123,13 +124,9 @@ predicate matchLiteralFlowStep(Node nodeFrom, Node nodeTo) { predicate matchCaptureFlowStep(Node nodeFrom, Node nodeTo) { exists(MatchCapturePattern capture, Name var | capture.getVariable() = var | nodeFrom.(CfgNode).getNode().getNode() = capture and - nodeTo - .(EssaNode) - .getVar() - .getDefinition() - .(PatternCaptureDefinition) - .getDefiningNode() - .getNode() = var + exists(PatternCaptureDefinition pcd | pcd.getDefiningNode().getNode() = var | + nodeTo.(CfgNode).getNode() = pcd.getDefiningNode() + ) ) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll index 4b90d0d82d3..1841001c2f8 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll @@ -216,8 +216,10 @@ predicate awaitStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { */ predicate asyncWithStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { exists(With with, ControlFlowNode contextManager, ControlFlowNode var | + var = any(WithDefinition wd).getDefiningNode() + | nodeFrom.(DataFlow::CfgNode).getNode() = contextManager and - nodeTo.(DataFlow::EssaNode).getVar().getDefinition().(WithDefinition).getDefiningNode() = var and + nodeTo.(DataFlow::CfgNode).getNode() = var and // see `with_flow` in `python/ql/src/semmle/python/dataflow/Implementation.qll` with.getContextExpr() = contextManager.getNode() and with.getOptionalVars() = var.getNode() and diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll index beee5674c60..7b9d4f06f31 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll @@ -50,8 +50,20 @@ predicate jumpStep(Node nodeFrom, Node nodeTo) { } predicate capturedJumpStep(Node nodeFrom, Node nodeTo) { - exists(SsaSourceVariable var, DefinitionNode def | var.hasDefiningNode(def) | - nodeTo.asVar().(ScopeEntryDefinition).getSourceVariable() = var and + // Jump into a capturing scope. + // + // var = expr + // ... + // def f(): + // ..var is used.. + // + // nodeFrom is `expr` + // nodeTo is entry node for `f` + exists(ScopeEntryDefinition e, SsaSourceVariable var, DefinitionNode def | + e.getSourceVariable() = var and + var.hasDefiningNode(def) + | + nodeTo.asCfgNode() = e.getDefiningNode() and nodeFrom.asCfgNode() = def.getValue() and var.getScope().getScope*() = nodeFrom.getScope() ) @@ -228,8 +240,7 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input { | param = FlowSummary::SummaryComponent::parameter(apos) and DataFlowDispatch::parameterMatch(ppos, apos) and - // pick the SsaNode rather than the CfgNode - result.asVar().getDefinition().(ParameterDefinition).getParameter() = p and + result.asCfgNode().getNode() = p and ( exists(int i | ppos.isPositional(i) | p = callable.getALocalSource().asExpr().(CallableExpr).getInnerScope().getArg(i) diff --git a/python/ql/lib/semmle/python/frameworks/Django.qll b/python/ql/lib/semmle/python/frameworks/Django.qll index 28aaa0a227d..eb54dd7b740 100644 --- a/python/ql/lib/semmle/python/frameworks/Django.qll +++ b/python/ql/lib/semmle/python/frameworks/Django.qll @@ -2740,7 +2740,7 @@ module PrivateDjango { this.asExpr() = list and // we look for an assignment to the `MIDDLEWARE` setting exists(DataFlow::Node mw | - mw.asVar().getName() = "MIDDLEWARE" and + mw.asExpr().(Name).getId() = "MIDDLEWARE" and DataFlow::localFlow(this, mw) | // To only include results where CSRF protection matters, we only care about CSRF diff --git a/python/ql/lib/semmle/python/security/dataflow/ExceptionInfo.qll b/python/ql/lib/semmle/python/security/dataflow/ExceptionInfo.qll index 73911f52509..e389dd3dd4d 100644 --- a/python/ql/lib/semmle/python/security/dataflow/ExceptionInfo.qll +++ b/python/ql/lib/semmle/python/security/dataflow/ExceptionInfo.qll @@ -28,8 +28,8 @@ private class TracebackFunctionCall extends ExceptionInfo, DataFlow::CallCfgNode /** A caught exception. */ private class CaughtException extends ExceptionInfo { CaughtException() { - this.asVar().getDefinition().(EssaNodeDefinition).getDefiningNode().getNode() = - any(ExceptStmt s).getName() + this.asExpr() = any(ExceptStmt s).getName() and + this.asCfgNode() = any(EssaNodeDefinition def).getDefiningNode() } } diff --git a/python/ql/test/experimental/dataflow/basic/global.expected b/python/ql/test/experimental/dataflow/basic/global.expected index 8894bcc190a..7d2c0cab9b9 100644 --- a/python/ql/test/experimental/dataflow/basic/global.expected +++ b/python/ql/test/experimental/dataflow/basic/global.expected @@ -1,69 +1,58 @@ -| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | +| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | -| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | +| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | ControlFlowNode for b | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y | -| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:1:19:1:19 | SSA variable x | test.py:3:3:3:3 | SSA variable z | -| test.py:1:19:1:19 | SSA variable x | test.py:3:7:3:7 | ControlFlowNode for y | -| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:1:19:1:19 | SSA variable x | test.py:7:1:7:1 | GSSA Variable b | -| test.py:1:19:1:19 | SSA variable x | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z | -| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y | -| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:2:3:2:3 | SSA variable y | test.py:7:1:7:1 | GSSA Variable b | -| test.py:2:3:2:3 | SSA variable y | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | -| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:7:1:7:1 | ControlFlowNode for b | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | +| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | +| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z | | test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y | | test.py:2:7:2:7 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:2:7:2:7 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b | +| test.py:2:7:2:7 | ControlFlowNode for x | test.py:7:1:7:1 | ControlFlowNode for b | | test.py:2:7:2:7 | ControlFlowNode for x | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:3:3:3:3 | SSA variable z | test.py:7:1:7:1 | GSSA Variable b | -| test.py:3:3:3:3 | SSA variable z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z | +| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:3:3:3:3 | ControlFlowNode for z | test.py:7:1:7:1 | ControlFlowNode for b | +| test.py:3:3:3:3 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | +| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | | test.py:3:7:3:7 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:3:7:3:7 | ControlFlowNode for y | test.py:7:1:7:1 | GSSA Variable b | +| test.py:3:7:3:7 | ControlFlowNode for y | test.py:7:1:7:1 | ControlFlowNode for b | | test.py:3:7:3:7 | ControlFlowNode for y | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:1:7:1 | GSSA Variable b | +| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:1:7:1 | ControlFlowNode for b | | test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:6:1:6:1 | GSSA Variable a | test.py:1:19:1:19 | ControlFlowNode for x | -| test.py:6:1:6:1 | GSSA Variable a | test.py:1:19:1:19 | SSA variable x | -| test.py:6:1:6:1 | GSSA Variable a | test.py:2:3:2:3 | SSA variable y | -| test.py:6:1:6:1 | GSSA Variable a | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:6:1:6:1 | GSSA Variable a | test.py:3:3:3:3 | SSA variable z | -| test.py:6:1:6:1 | GSSA Variable a | test.py:3:7:3:7 | ControlFlowNode for y | -| test.py:6:1:6:1 | GSSA Variable a | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:6:1:6:1 | GSSA Variable a | test.py:7:1:7:1 | GSSA Variable b | -| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:2:3:2:3 | ControlFlowNode for y | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:2:7:2:7 | ControlFlowNode for x | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:3:7:3:7 | ControlFlowNode for y | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:1:7:1 | ControlFlowNode for b | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a | | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:1:19:1:19 | ControlFlowNode for x | -| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:1:19:1:19 | SSA variable x | -| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:2:3:2:3 | SSA variable y | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:2:3:2:3 | ControlFlowNode for y | | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:3:3:3:3 | SSA variable z | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:3:3:3:3 | ControlFlowNode for z | | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:3:7:3:7 | ControlFlowNode for y | | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a | -| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:1:7:1 | GSSA Variable b | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:1:7:1 | ControlFlowNode for b | | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a | -| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b | +| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b | | test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x | -| test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | SSA variable x | -| test.py:7:19:7:19 | ControlFlowNode for a | test.py:2:3:2:3 | SSA variable y | +| test.py:7:19:7:19 | ControlFlowNode for a | test.py:2:3:2:3 | ControlFlowNode for y | | test.py:7:19:7:19 | ControlFlowNode for a | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:7:19:7:19 | ControlFlowNode for a | test.py:3:3:3:3 | SSA variable z | +| test.py:7:19:7:19 | ControlFlowNode for a | test.py:3:3:3:3 | ControlFlowNode for z | | test.py:7:19:7:19 | ControlFlowNode for a | test.py:3:7:3:7 | ControlFlowNode for y | | test.py:7:19:7:19 | ControlFlowNode for a | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:1:7:1 | GSSA Variable b | +| test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:1:7:1 | ControlFlowNode for b | | test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | diff --git a/python/ql/test/experimental/dataflow/basic/globalStep.expected b/python/ql/test/experimental/dataflow/basic/globalStep.expected index 9c7e3cca254..00ee53dba00 100644 --- a/python/ql/test/experimental/dataflow/basic/globalStep.expected +++ b/python/ql/test/experimental/dataflow/basic/globalStep.expected @@ -1,53 +1,41 @@ -| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | -| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | -| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | +| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | +| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | +| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y | -| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y | -| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y | -| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y | -| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z | -| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z | -| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z | -| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z | -| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y | -| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y | -| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y | -| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y | -| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | -| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | -| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | -| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | -| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z | -| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z | -| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z | -| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y | +| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | +| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | +| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | +| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | +| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | | test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | | test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a | -| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a | -| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a | -| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a | -| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a | +| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b | | test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x | | test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x | | test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | diff --git a/python/ql/test/experimental/dataflow/basic/local.expected b/python/ql/test/experimental/dataflow/basic/local.expected index cdf40018ed0..14a40023b6b 100644 --- a/python/ql/test/experimental/dataflow/basic/local.expected +++ b/python/ql/test/experimental/dataflow/basic/local.expected @@ -1,57 +1,41 @@ -| test.py:0:0:0:0 | GSSA Variable __name__ | test.py:0:0:0:0 | GSSA Variable __name__ | -| test.py:0:0:0:0 | GSSA Variable __package__ | test.py:0:0:0:0 | GSSA Variable __package__ | -| test.py:0:0:0:0 | GSSA Variable b | test.py:0:0:0:0 | GSSA Variable b | -| test.py:0:0:0:0 | SSA variable $ | test.py:0:0:0:0 | SSA variable $ | +| test.py:0:0:0:0 | Entry node for Module test | test.py:0:0:0:0 | Entry node for Module test | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | -| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | +| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | | test.py:1:1:1:21 | SynthDictSplatParameterNode | test.py:1:1:1:21 | SynthDictSplatParameterNode | | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | -| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:1:5:1:17 | GSSA Variable obfuscated_id | -| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | +| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | ControlFlowNode for x | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:1:19:1:19 | SSA variable x | test.py:1:19:1:19 | SSA variable x | -| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y | -| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:1:19:1:19 | SSA variable x | test.py:3:3:3:3 | SSA variable z | -| test.py:1:19:1:19 | SSA variable x | test.py:3:7:3:7 | ControlFlowNode for y | -| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z | | test.py:2:3:2:3 | ControlFlowNode for y | test.py:2:3:2:3 | ControlFlowNode for y | -| test.py:2:3:2:3 | SSA variable y | test.py:2:3:2:3 | SSA variable y | -| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z | -| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y | -| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | | test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z | +| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z | | test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y | | test.py:2:7:2:7 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z | | test.py:3:3:3:3 | ControlFlowNode for z | test.py:3:3:3:3 | ControlFlowNode for z | -| test.py:3:3:3:3 | SSA variable z | test.py:3:3:3:3 | SSA variable z | -| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z | +| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | | test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y | | test.py:3:7:3:7 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z | | test.py:4:10:4:10 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z | | test.py:6:1:6:1 | ControlFlowNode for a | test.py:6:1:6:1 | ControlFlowNode for a | -| test.py:6:1:6:1 | GSSA Variable a | test.py:6:1:6:1 | GSSA Variable a | -| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a | -| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a | | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a | | test.py:7:1:7:1 | ControlFlowNode for b | test.py:7:1:7:1 | ControlFlowNode for b | -| test.py:7:1:7:1 | GSSA Variable b | test.py:7:1:7:1 | GSSA Variable b | | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | | test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id | -| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b | +| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b | | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:7:5:7:20 | GSSA Variable a | test.py:7:5:7:20 | GSSA Variable a | | test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() | test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() | | test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a | | test.py:7:19:7:19 | [post] ControlFlowNode for a | test.py:7:19:7:19 | [post] ControlFlowNode for a | diff --git a/python/ql/test/experimental/dataflow/basic/localStep.expected b/python/ql/test/experimental/dataflow/basic/localStep.expected index e147bb9f4fc..ce190945d36 100644 --- a/python/ql/test/experimental/dataflow/basic/localStep.expected +++ b/python/ql/test/experimental/dataflow/basic/localStep.expected @@ -1,11 +1,10 @@ -| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | -| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x | -| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x | -| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y | -| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y | -| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z | -| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a | -| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a | -| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b | +| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | +| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x | +| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y | +| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y | +| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z | +| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a | +| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b | diff --git a/python/ql/test/experimental/dataflow/basic/maximalFlows.expected b/python/ql/test/experimental/dataflow/basic/maximalFlows.expected index b6f8a1730f1..a9fa5d8da92 100644 --- a/python/ql/test/experimental/dataflow/basic/maximalFlows.expected +++ b/python/ql/test/experimental/dataflow/basic/maximalFlows.expected @@ -1,10 +1,7 @@ +| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b | -| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:1:19:1:19 | SSA variable x | test.py:7:1:7:1 | GSSA Variable b | -| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:2:3:2:3 | SSA variable y | test.py:7:1:7:1 | GSSA Variable b | -| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:3:3:3:3 | SSA variable z | test.py:7:1:7:1 | GSSA Variable b | -| test.py:6:1:6:1 | GSSA Variable a | test.py:4:10:4:10 | ControlFlowNode for z | -| test.py:6:1:6:1 | GSSA Variable a | test.py:7:1:7:1 | GSSA Variable b | +| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | ControlFlowNode for b | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:4:10:4:10 | ControlFlowNode for z | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:1:7:1 | ControlFlowNode for b | +| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a | +| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b | diff --git a/python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll b/python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll index e3e65c92c24..c34d46d5f3c 100644 --- a/python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll +++ b/python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll @@ -1,3 +1,4 @@ +import python import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate @@ -11,14 +12,12 @@ class MaximalFlowsConfig extends DataFlow::Configuration { override predicate isSource(DataFlow::Node node) { node instanceof DataFlow::ParameterNode or - node instanceof DataFlow::EssaNode and - not exists(DataFlow::EssaNode pred | DataFlow::localFlowStep(pred, node)) + node instanceof DataFlow::LocalSourceNode } override predicate isSink(DataFlow::Node node) { node instanceof DataFlowPrivate::ReturnNode or - node instanceof DataFlow::EssaNode and - not exists(node.(DataFlow::EssaNode).getVar().getASourceUse()) + not DataFlowPrivate::LocalFlow::localFlowStep(node, _) } } diff --git a/python/ql/test/experimental/dataflow/basic/sinks.expected b/python/ql/test/experimental/dataflow/basic/sinks.expected index 944f8190aa5..76fb986517c 100644 --- a/python/ql/test/experimental/dataflow/basic/sinks.expected +++ b/python/ql/test/experimental/dataflow/basic/sinks.expected @@ -1,29 +1,19 @@ -| test.py:0:0:0:0 | GSSA Variable __name__ | -| test.py:0:0:0:0 | GSSA Variable __package__ | -| test.py:0:0:0:0 | GSSA Variable b | -| test.py:0:0:0:0 | SSA variable $ | +| test.py:0:0:0:0 | Entry node for Module test | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | | test.py:1:1:1:21 | SynthDictSplatParameterNode | | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | -| test.py:1:5:1:17 | GSSA Variable obfuscated_id | | test.py:1:19:1:19 | ControlFlowNode for x | -| test.py:1:19:1:19 | SSA variable x | | test.py:2:3:2:3 | ControlFlowNode for y | -| test.py:2:3:2:3 | SSA variable y | | test.py:2:7:2:7 | ControlFlowNode for x | | test.py:3:3:3:3 | ControlFlowNode for z | -| test.py:3:3:3:3 | SSA variable z | | test.py:3:7:3:7 | ControlFlowNode for y | | test.py:4:10:4:10 | ControlFlowNode for z | | test.py:6:1:6:1 | ControlFlowNode for a | -| test.py:6:1:6:1 | GSSA Variable a | | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | | test.py:7:1:7:1 | ControlFlowNode for b | -| test.py:7:1:7:1 | GSSA Variable b | | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | | test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id | | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:7:5:7:20 | GSSA Variable a | | test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() | | test.py:7:19:7:19 | ControlFlowNode for a | | test.py:7:19:7:19 | [post] ControlFlowNode for a | diff --git a/python/ql/test/experimental/dataflow/basic/sources.expected b/python/ql/test/experimental/dataflow/basic/sources.expected index 944f8190aa5..76fb986517c 100644 --- a/python/ql/test/experimental/dataflow/basic/sources.expected +++ b/python/ql/test/experimental/dataflow/basic/sources.expected @@ -1,29 +1,19 @@ -| test.py:0:0:0:0 | GSSA Variable __name__ | -| test.py:0:0:0:0 | GSSA Variable __package__ | -| test.py:0:0:0:0 | GSSA Variable b | -| test.py:0:0:0:0 | SSA variable $ | +| test.py:0:0:0:0 | Entry node for Module test | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | | test.py:1:1:1:21 | SynthDictSplatParameterNode | | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | -| test.py:1:5:1:17 | GSSA Variable obfuscated_id | | test.py:1:19:1:19 | ControlFlowNode for x | -| test.py:1:19:1:19 | SSA variable x | | test.py:2:3:2:3 | ControlFlowNode for y | -| test.py:2:3:2:3 | SSA variable y | | test.py:2:7:2:7 | ControlFlowNode for x | | test.py:3:3:3:3 | ControlFlowNode for z | -| test.py:3:3:3:3 | SSA variable z | | test.py:3:7:3:7 | ControlFlowNode for y | | test.py:4:10:4:10 | ControlFlowNode for z | | test.py:6:1:6:1 | ControlFlowNode for a | -| test.py:6:1:6:1 | GSSA Variable a | | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | | test.py:7:1:7:1 | ControlFlowNode for b | -| test.py:7:1:7:1 | GSSA Variable b | | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | | test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id | | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | -| test.py:7:5:7:20 | GSSA Variable a | | test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() | | test.py:7:19:7:19 | ControlFlowNode for a | | test.py:7:19:7:19 | [post] ControlFlowNode for a | diff --git a/python/ql/test/experimental/dataflow/basic/test.py b/python/ql/test/experimental/dataflow/basic/test.py index 7ea19e9d4d0..aa1f9906b7c 100644 --- a/python/ql/test/experimental/dataflow/basic/test.py +++ b/python/ql/test/experimental/dataflow/basic/test.py @@ -1,7 +1,7 @@ -def obfuscated_id(x): #$ step="FunctionExpr -> GSSA Variable obfuscated_id" step="x -> SSA variable x" - y = x #$ step="x -> SSA variable y" step="SSA variable x, l:-1 -> x" - z = y #$ step="y -> SSA variable z" step="SSA variable y, l:-1 -> y" - return z #$ flow="42, l:+2 -> z" step="SSA variable z, l:-1 -> z" +def obfuscated_id(x): #$ step="FunctionExpr -> obfuscated_id" + y = x #$ step="x -> y" step="x, l:-1 -> x" + z = y #$ step="y -> z" step="y, l:-1 -> y" + return z #$ flow="42, l:+2 -> z" step="z, l:-1 -> z" -a = 42 #$ step="42 -> GSSA Variable a" -b = obfuscated_id(a) #$ flow="42, l:-1 -> GSSA Variable b" flow="FunctionExpr, l:-6 -> obfuscated_id" step="obfuscated_id(..) -> GSSA Variable b" step="GSSA Variable obfuscated_id, l:-6 -> obfuscated_id" step="GSSA Variable a, l:-1 -> a" +a = 42 #$ step="42 -> a" +b = obfuscated_id(a) #$ flow="42, l:-1 -> b" flow="FunctionExpr, l:-6 -> obfuscated_id" step="obfuscated_id(..) -> b" step="obfuscated_id, l:-6 -> obfuscated_id" step="a, l:-1 -> a" diff --git a/python/ql/test/experimental/dataflow/coverage-py3/classes.py b/python/ql/test/experimental/dataflow/coverage-py3/classes.py index 308c79acbb4..199c31c2535 100644 --- a/python/ql/test/experimental/dataflow/coverage-py3/classes.py +++ b/python/ql/test/experimental/dataflow/coverage-py3/classes.py @@ -51,7 +51,7 @@ class With_length_hint: def test_length_hint(): import operator - with_length_hint = With_length_hint() #$ arg1="SSA variable with_length_hint" func=With_length_hint.__length_hint__ + with_length_hint = With_length_hint() #$ arg1="with_length_hint" func=With_length_hint.__length_hint__ operator.length_hint(with_length_hint) @@ -68,5 +68,5 @@ class With_index: def test_index(): import operator - with_index = With_index() #$ arg1="SSA variable with_index" func=With_index.__index__ + with_index = With_index() #$ arg1="with_index" func=With_index.__index__ operator.index(with_index) diff --git a/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql b/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql index eccbbea2b4d..3e79c8581ce 100644 --- a/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql +++ b/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql @@ -67,11 +67,13 @@ class Argument1ExtraRoutingConfig extends DataFlow::Configuration { override predicate isSource(DataFlow::Node node) { exists(AssignmentDefinition def, DataFlow::CallCfgNode call | - def.getVariable() = node.(DataFlow::EssaNode).getVar() and + // def.getVariable() = node.(DataFlow::EssaNode).getVar() and + def.getDefiningNode() = node.(DataFlow::CfgNode).getNode() and def.getValue() = call.getNode() and call.getFunction().asCfgNode().(NameNode).getId().matches("With\\_%") ) and - node.(DataFlow::EssaNode).getVar().getName().matches("with\\_%") + // node.(DataFlow::EssaNode).getVar().getName().matches("with\\_%") + node.(DataFlow::CfgNode).getNode().(NameNode).getId().matches("with\\_%") } override predicate isSink(DataFlow::Node node) { diff --git a/python/ql/test/experimental/dataflow/coverage/classes.py b/python/ql/test/experimental/dataflow/coverage/classes.py index 2569921d6c9..74127d34d20 100644 --- a/python/ql/test/experimental/dataflow/coverage/classes.py +++ b/python/ql/test/experimental/dataflow/coverage/classes.py @@ -57,7 +57,7 @@ class With_init: def test_init(): - with_init = With_init() #$ MISSING: arg1="SSA variable with_init" func=With_init.__init__ + with_init = With_init() #$ MISSING: arg1="with_init" func=With_init.__init__ # object.__del__(self) @@ -68,7 +68,7 @@ class With_del: def test_del(): - with_del = With_del() #$ MISSING: arg1="SSA variable with_del" func=With_del.__del__ + with_del = With_del() #$ MISSING: arg1="with_del" func=With_del.__del__ del with_del @@ -81,7 +81,7 @@ class With_repr: def test_repr(): - with_repr = With_repr() #$ MISSING: arg1="SSA variable with_repr" func=With_repr.__repr__ + with_repr = With_repr() #$ MISSING: arg1="with_repr" func=With_repr.__repr__ repr(with_repr) @@ -94,7 +94,7 @@ class With_str: def test_str(): - with_str = With_str() #$ MISSING: arg1="SSA variable with_str" func=With_str.__str__ + with_str = With_str() #$ MISSING: arg1="with_str" func=With_str.__str__ str(with_str) @@ -107,7 +107,7 @@ class With_bytes: def test_bytes(): - with_bytes = With_bytes() #$ MISSING: arg1="SSA variable with_bytes" func=With_bytes.__bytes__ + with_bytes = With_bytes() #$ MISSING: arg1="with_bytes" func=With_bytes.__bytes__ bytes(with_bytes) @@ -121,18 +121,18 @@ class With_format: def test_format(): - with_format = With_format() #$ MISSING: arg1="SSA variable with_format" func=With_format.__format__ + with_format = With_format() #$ MISSING: arg1="with_format" func=With_format.__format__ arg2 = "" #$ MISSING: arg2 func=With_format.__format__ format(with_format, arg2) def test_format_str(): - with_format = With_format() #$ MISSING: arg1="SSA variable with_format" func=With_format.__format__ + with_format = With_format() #$ MISSING: arg1="with_format" func=With_format.__format__ "{0}".format(with_format) def test_format_fstr(): - with_format = With_format() #$ MISSING: arg1="SSA variable with_format" func=With_format.__format__ + with_format = With_format() #$ MISSING: arg1="with_format" func=With_format.__format__ f"{with_format}" @@ -146,7 +146,7 @@ class With_lt: def test_lt(): - with_lt = With_lt() #$ MISSING: arg1="SSA variable with_lt" func=With_lt.__lt__ + with_lt = With_lt() #$ MISSING: arg1="with_lt" func=With_lt.__lt__ arg2 = with_lt #$ MISSING: arg2 func=With_lt.__lt__ with_lt < arg2 @@ -161,7 +161,7 @@ class With_le: def test_le(): - with_le = With_le() #$ MISSING: arg1="SSA variable with_le" func=With_le.__le__ + with_le = With_le() #$ MISSING: arg1="with_le" func=With_le.__le__ arg2 = with_le #$ MISSING: arg2 func=With_le.__le__ with_le <= arg2 @@ -176,7 +176,7 @@ class With_eq: def test_eq(): - with_eq = With_eq() #$ MISSING: arg1="SSA variable with_eq" func=With_eq.__eq__ + with_eq = With_eq() #$ MISSING: arg1="with_eq" func=With_eq.__eq__ with_eq == with_eq #$ MISSING: arg2="with_eq" func=With_eq.__eq__ @@ -190,7 +190,7 @@ class With_ne: def test_ne(): - with_ne = With_ne() #$ MISSING: arg1="SSA variable with_ne" func=With_ne.__ne__ + with_ne = With_ne() #$ MISSING: arg1="with_ne" func=With_ne.__ne__ with_ne != with_ne #$ MISSING: arg2="with_ne" func=With_ne.__ne__ @@ -204,7 +204,7 @@ class With_gt: def test_gt(): - with_gt = With_gt() #$ MISSING: arg1="SSA variable with_gt" func=With_gt.__gt__ + with_gt = With_gt() #$ MISSING: arg1="with_gt" func=With_gt.__gt__ arg2 = with_gt #$ MISSING: arg2 func=With_gt.__gt__ with_gt > arg2 @@ -219,7 +219,7 @@ class With_ge: def test_ge(): - with_ge = With_ge() #$ MISSING: arg1="SSA variable with_ge" func=With_ge.__ge__ + with_ge = With_ge() #$ MISSING: arg1="with_ge" func=With_ge.__ge__ arg2 = with_ge #$ MISSING: arg2 func=With_ge.__ge__ with_ge >= arg2 @@ -233,22 +233,22 @@ class With_hash: def test_hash(): - with_hash = With_hash() #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__ + with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__ hash(with_hash) def test_hash_set(): - with_hash = With_hash() #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__ + with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__ len(set([with_hash])) def test_hash_frozenset(): - with_hash = With_hash() #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__ + with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__ len(frozenset([with_hash])) def test_hash_dict(): - with_hash = With_hash() #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__ + with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__ len(dict({with_hash: 0})) @@ -261,12 +261,12 @@ class With_bool: def test_bool(): - with_bool = With_bool() #$ MISSING: arg1="SSA variable with_bool" func=With_bool.__bool__ + with_bool = With_bool() #$ MISSING: arg1="with_bool" func=With_bool.__bool__ bool(with_bool) def test_bool_if(): - with_bool = With_bool() #$ MISSING: arg1="SSA variable with_bool" func=With_bool.__bool__ + with_bool = With_bool() #$ MISSING: arg1="with_bool" func=With_bool.__bool__ if with_bool: pass @@ -282,7 +282,7 @@ class With_getattr: def test_getattr(): - with_getattr = With_getattr() #$ MISSING: arg1="SSA variable with_getattr" func=With_getattr.__getattr__ + with_getattr = With_getattr() #$ MISSING: arg1="with_getattr" func=With_getattr.__getattr__ with_getattr.arg2 #$ MISSING: arg2="with_getattr.arg2" func=With_getattr.__getattr__ @@ -296,7 +296,7 @@ class With_getattribute: def test_getattribute(): - with_getattribute = With_getattribute() #$ MISSING: arg1="SSA variable with_getattribute" func=With_getattribute.__getattribute__ + with_getattribute = With_getattribute() #$ MISSING: arg1="with_getattribute" func=With_getattribute.__getattribute__ with_getattribute.arg2 #$ MISSING: arg2 func=With_getattribute.__getattribute__ @@ -310,7 +310,7 @@ class With_setattr: def test_setattr(): - with_setattr = With_setattr() #$ MISSING: arg1="SSA variable with_setattr" func=With_setattr.__setattr__ + with_setattr = With_setattr() #$ MISSING: arg1="with_setattr" func=With_setattr.__setattr__ arg3 = "" #$ MISSING: arg3 func=With_setattr.__setattr__ with_setattr.arg2 = arg3 #$ MISSING: arg2 func=With_setattr.__setattr__ @@ -324,7 +324,7 @@ class With_delattr: def test_delattr(): - with_delattr = With_delattr() #$ MISSING: arg1="SSA variable with_delattr" func=With_delattr.__delattr__ + with_delattr = With_delattr() #$ MISSING: arg1="with_delattr" func=With_delattr.__delattr__ del with_delattr.arg2 #$ MISSING: arg2 func=With_delattr.__delattr__ @@ -337,7 +337,7 @@ class With_dir: def test_dir(): - with_dir = With_dir() #$ MISSING: arg1="SSA variable with_dir" func=With_dir.__dir__ + with_dir = With_dir() #$ MISSING: arg1="with_dir" func=With_dir.__dir__ dir(with_dir) @@ -360,7 +360,7 @@ def test_get(): class arg3: pass - with_get = With_get() #$ MISSING: arg1="SSA variable with_get" func=With_get.__get__ + with_get = With_get() #$ MISSING: arg1="with_get" func=With_get.__get__ arg3.attr = with_get arg2 = arg3() #$ MISSING: arg2 func=With_get.__get__ arg2.attr @@ -376,7 +376,7 @@ class With_set: def test_set(): - with_set = With_set() #$ MISSING: arg1="SSA variable with_set" func=With_set.__set__ + with_set = With_set() #$ MISSING: arg1="with_set" func=With_set.__set__ Owner.attr = with_set arg2 = Owner() #$ MISSING: arg2 func=With_set.__set__ arg3 = "" #$ MISSING: arg3 func=With_set.__set__ @@ -392,7 +392,7 @@ class With_delete: def test_delete(): - with_delete = With_delete() #$ MISSING: arg1="SSA variable with_delete" func=With_delete.__delete__ + with_delete = With_delete() #$ MISSING: arg1="with_delete" func=With_delete.__delete__ Owner.attr = with_delete arg2 = Owner() #$ MISSING: arg2 func=With_delete.__delete__ del arg2.attr @@ -408,7 +408,7 @@ class With_set_name: def test_set_name(): - with_set_name = With_set_name() #$ MISSING: arg1="SSA variable with_set_name" func=With_set_name.__set_name__ + with_set_name = With_set_name() #$ MISSING: arg1="with_set_name" func=With_set_name.__set_name__ type("arg2", (object,), dict(arg3=with_set_name)) #$ MISSING: arg2 arg3 func=With_set_name.__set_name__ @@ -462,7 +462,7 @@ class With_instancecheck: def test_instancecheck(): - with_instancecheck = With_instancecheck() #$ MISSING: arg1="SSA variable with_instancecheck" func=With_instancecheck.__instancecheck__ + with_instancecheck = With_instancecheck() #$ MISSING: arg1="with_instancecheck" func=With_instancecheck.__instancecheck__ arg2 = "" #$ MISSING: arg2 func=With_instancecheck.__instancecheck__ isinstance(arg2, with_instancecheck) @@ -477,7 +477,7 @@ class With_subclasscheck: def test_subclasscheck(): - with_subclasscheck = With_subclasscheck() #$ MISSING: arg1="SSA variable with_subclasscheck" func=With_subclasscheck.__subclasscheck__ + with_subclasscheck = With_subclasscheck() #$ MISSING: arg1="with_subclasscheck" func=With_subclasscheck.__subclasscheck__ arg2 = object #$ MISSING: arg2 func=With_subclasscheck.__subclasscheck__ issubclass(arg2, with_subclasscheck) @@ -506,7 +506,7 @@ class With_call: def test_call(): - with_call = With_call() #$ arg1="SSA variable with_call" func=With_call.__call__ + with_call = With_call() #$ arg1="with_call" func=With_call.__call__ with_call() @@ -520,17 +520,17 @@ class With_len: def test_len(): - with_len = With_len() #$ MISSING: arg1="SSA variable with_len" func=With_len.__len__ + with_len = With_len() #$ MISSING: arg1="with_len" func=With_len.__len__ len(with_len) def test_len_bool(): - with_len = With_len() #$ MISSING: arg1="SSA variable with_len" func=With_len.__len__ + with_len = With_len() #$ MISSING: arg1="with_len" func=With_len.__len__ bool(with_len) def test_len_if(): - with_len = With_len() #$ MISSING: arg1="SSA variable with_len" func=With_len.__len__ + with_len = With_len() #$ MISSING: arg1="with_len" func=With_len.__len__ if with_len: pass @@ -545,7 +545,7 @@ class With_getitem: def test_getitem(): - with_getitem = With_getitem() #$ MISSING: arg1="SSA variable with_getitem" func=With_getitem.__getitem__ + with_getitem = With_getitem() #$ MISSING: arg1="with_getitem" func=With_getitem.__getitem__ arg2 = 0 with_getitem[arg2] #$ MISSING: arg2 func=With_getitem.__getitem__ @@ -560,7 +560,7 @@ class With_setitem: def test_setitem(): - with_setitem = With_setitem() #$ MISSING: arg1="SSA variable with_setitem" func=With_setitem.__setitem__ + with_setitem = With_setitem() #$ MISSING: arg1="with_setitem" func=With_setitem.__setitem__ arg2 = 0 arg3 = "" with_setitem[arg2] = arg3 #$ MISSING: arg2 arg3 func=With_setitem.__setitem__ @@ -575,7 +575,7 @@ class With_delitem: def test_delitem(): - with_delitem = With_delitem() #$ MISSING: arg1="SSA variable with_delitem" func=With_delitem.__delitem__ + with_delitem = With_delitem() #$ MISSING: arg1="with_delitem" func=With_delitem.__delitem__ arg2 = 0 del with_delitem[arg2] #$ MISSING: arg2 func=With_delitem.__delitem__ @@ -590,7 +590,7 @@ class With_missing(dict): def test_missing(): - with_missing = With_missing() #$ MISSING: arg1="SSA variable with_missing" func=With_missing.__missing__ + with_missing = With_missing() #$ MISSING: arg1="with_missing" func=With_missing.__missing__ arg2 = 0 #$ MISSING: arg2 func=With_missing.__missing__ with_missing[arg2] @@ -604,7 +604,7 @@ class With_iter: def test_iter(): - with_iter = With_iter() #$ MISSING: arg1="SSA variable with_iter" func=With_iter.__iter__ + with_iter = With_iter() #$ MISSING: arg1="with_iter" func=With_iter.__iter__ [x for x in with_iter] @@ -617,7 +617,7 @@ class With_reversed: def test_reversed(): - with_reversed = With_reversed() #$ MISSING: arg1="SSA variable with_reversed" func=With_reversed.__reversed__ + with_reversed = With_reversed() #$ MISSING: arg1="with_reversed" func=With_reversed.__reversed__ reversed(with_reversed) @@ -631,7 +631,7 @@ class With_contains: def test_contains(): - with_contains = With_contains() #$ MISSING: arg1="SSA variable with_contains" func=With_contains.__contains__ + with_contains = With_contains() #$ MISSING: arg1="with_contains" func=With_contains.__contains__ arg2 = 0 #$ MISSING: arg2 func=With_contains.__contains__ arg2 in with_contains @@ -647,7 +647,7 @@ class With_add: def test_add(): - with_add = With_add() #$ MISSING: arg1="SSA variable with_add" func=With_add.__add__ + with_add = With_add() #$ MISSING: arg1="with_add" func=With_add.__add__ arg2 = with_add with_add + arg2 #$ MISSING: arg2 func=With_add.__add__ @@ -662,7 +662,7 @@ class With_sub: def test_sub(): - with_sub = With_sub() #$ MISSING: arg1="SSA variable with_sub" func=With_sub.__sub__ + with_sub = With_sub() #$ MISSING: arg1="with_sub" func=With_sub.__sub__ arg2 = with_sub with_sub - arg2 #$ MISSING: arg2 func=With_sub.__sub__ @@ -677,7 +677,7 @@ class With_mul: def test_mul(): - with_mul = With_mul() #$ MISSING: arg1="SSA variable with_mul" func=With_mul.__mul__ + with_mul = With_mul() #$ MISSING: arg1="with_mul" func=With_mul.__mul__ arg2 = with_mul with_mul * arg2 #$ MISSING: arg2 func=With_mul.__mul__ @@ -692,7 +692,7 @@ class With_matmul: def test_matmul(): - with_matmul = With_matmul() #$ MISSING: arg1="SSA variable with_matmul" func=With_matmul.__matmul__ + with_matmul = With_matmul() #$ MISSING: arg1="with_matmul" func=With_matmul.__matmul__ arg2 = with_matmul with_matmul @ arg2 #$ MISSING: arg2 func=With_matmul.__matmul__ @@ -707,7 +707,7 @@ class With_truediv: def test_truediv(): - with_truediv = With_truediv() #$ MISSING: arg1="SSA variable with_truediv" func=With_truediv.__truediv__ + with_truediv = With_truediv() #$ MISSING: arg1="with_truediv" func=With_truediv.__truediv__ arg2 = with_truediv with_truediv / arg2 #$ MISSING: arg2 func=With_truediv.__truediv__ @@ -722,7 +722,7 @@ class With_floordiv: def test_floordiv(): - with_floordiv = With_floordiv() #$ MISSING: arg1="SSA variable with_floordiv" func=With_floordiv.__floordiv__ + with_floordiv = With_floordiv() #$ MISSING: arg1="with_floordiv" func=With_floordiv.__floordiv__ arg2 = with_floordiv with_floordiv // arg2 #$ MISSING: arg2 func=With_floordiv.__floordiv__ @@ -737,7 +737,7 @@ class With_mod: def test_mod(): - with_mod = With_mod() #$ MISSING: arg1="SSA variable with_mod" func=With_mod.__mod__ + with_mod = With_mod() #$ MISSING: arg1="with_mod" func=With_mod.__mod__ arg2 = with_mod with_mod % arg2 #$ MISSING: arg2 func=With_mod.__mod__ @@ -752,7 +752,7 @@ class With_divmod: def test_divmod(): - with_divmod = With_divmod() #$ MISSING: arg1="SSA variable with_divmod" func=With_divmod.__divmod__ + with_divmod = With_divmod() #$ MISSING: arg1="with_divmod" func=With_divmod.__divmod__ arg2 = With_divmod #$ MISSING: arg2 func=With_divmod.__divmod__ divmod(with_divmod, arg2) @@ -767,13 +767,13 @@ class With_pow: def test_pow(): - with_pow = With_pow() #$ MISSING: arg1="SSA variable with_pow" func=With_pow.__pow__ + with_pow = With_pow() #$ MISSING: arg1="with_pow" func=With_pow.__pow__ arg2 = with_pow pow(with_pow, arg2) #$ MISSING: arg2 func=With_pow.__pow__ def test_pow_op(): - with_pow = With_pow() #$ MISSING: arg1="SSA variable with_pow" func=With_pow.__pow__ + with_pow = With_pow() #$ MISSING: arg1="with_pow" func=With_pow.__pow__ arg2 = with_pow with_pow ** arg2 #$ MISSING: arg2 func=With_pow.__pow__ @@ -788,7 +788,7 @@ class With_lshift: def test_lshift(): - with_lshift = With_lshift() #$ MISSING: arg1="SSA variable with_lshift" func=With_lshift.__lshift__ + with_lshift = With_lshift() #$ MISSING: arg1="with_lshift" func=With_lshift.__lshift__ arg2 = with_lshift with_lshift << arg2 #$ MISSING: arg2 func=With_lshift.__lshift__ @@ -803,7 +803,7 @@ class With_rshift: def test_rshift(): - with_rshift = With_rshift() #$ MISSING: arg1="SSA variable with_rshift" func=With_rshift.__rshift__ + with_rshift = With_rshift() #$ MISSING: arg1="with_rshift" func=With_rshift.__rshift__ arg2 = with_rshift with_rshift >> arg2 #$ MISSING: arg2 func=With_rshift.__rshift__ @@ -818,7 +818,7 @@ class With_and: def test_and(): - with_and = With_and() #$ MISSING: arg1="SSA variable with_and" func=With_and.__and__ + with_and = With_and() #$ MISSING: arg1="with_and" func=With_and.__and__ arg2 = with_and with_and & arg2 #$ MISSING: arg2 func=With_and.__and__ @@ -833,7 +833,7 @@ class With_xor: def test_xor(): - with_xor = With_xor() #$ MISSING: arg1="SSA variable with_xor" func=With_xor.__xor__ + with_xor = With_xor() #$ MISSING: arg1="with_xor" func=With_xor.__xor__ arg2 = with_xor with_xor ^ arg2 #$ MISSING: arg2 func=With_xor.__xor__ @@ -848,7 +848,7 @@ class With_or: def test_or(): - with_or = With_or() #$ MISSING: arg1="SSA variable with_or" func=With_or.__or__ + with_or = With_or() #$ MISSING: arg1="with_or" func=With_or.__or__ arg2 = with_or with_or | arg2 #$ MISSING: arg2 func=With_or.__or__ @@ -863,7 +863,7 @@ class With_radd: def test_radd(): - with_radd = With_radd() #$ MISSING: arg1="SSA variable with_radd" func=With_radd.__radd__ + with_radd = With_radd() #$ MISSING: arg1="with_radd" func=With_radd.__radd__ arg2 = "" #$ MISSING: arg2 func=With_radd.__radd__ arg2 + with_radd @@ -878,7 +878,7 @@ class With_rsub: def test_rsub(): - with_rsub = With_rsub() #$ MISSING: arg1="SSA variable with_rsub" func=With_rsub.__rsub__ + with_rsub = With_rsub() #$ MISSING: arg1="with_rsub" func=With_rsub.__rsub__ arg2 = "" #$ MISSING: arg2 func=With_rsub.__rsub__ arg2 - with_rsub @@ -893,7 +893,7 @@ class With_rmul: def test_rmul(): - with_rmul = With_rmul() #$ MISSING: arg1="SSA variable with_rmul" func=With_rmul.__rmul__ + with_rmul = With_rmul() #$ MISSING: arg1="with_rmul" func=With_rmul.__rmul__ arg2 = "" #$ MISSING: arg2 func=With_rmul.__rmul__ arg2 * with_rmul @@ -908,7 +908,7 @@ class With_rmatmul: def test_rmatmul(): - with_rmatmul = With_rmatmul() #$ MISSING: arg1="SSA variable with_rmatmul" func=With_rmatmul.__rmatmul__ + with_rmatmul = With_rmatmul() #$ MISSING: arg1="with_rmatmul" func=With_rmatmul.__rmatmul__ arg2 = "" #$ MISSING: arg2 func=With_rmatmul.__rmatmul__ arg2 @ with_rmatmul @@ -923,7 +923,7 @@ class With_rtruediv: def test_rtruediv(): - with_rtruediv = With_rtruediv() #$ MISSING: arg1="SSA variable with_rtruediv" func=With_rtruediv.__rtruediv__ + with_rtruediv = With_rtruediv() #$ MISSING: arg1="with_rtruediv" func=With_rtruediv.__rtruediv__ arg2 = "" #$ MISSING: arg2 func=With_rtruediv.__rtruediv__ arg2 / with_rtruediv @@ -938,7 +938,7 @@ class With_rfloordiv: def test_rfloordiv(): - with_rfloordiv = With_rfloordiv() #$ MISSING: arg1="SSA variable with_rfloordiv" func=With_rfloordiv.__rfloordiv__ + with_rfloordiv = With_rfloordiv() #$ MISSING: arg1="with_rfloordiv" func=With_rfloordiv.__rfloordiv__ arg2 = "" #$ MISSING: arg2 func=With_rfloordiv.__rfloordiv__ arg2 // with_rfloordiv @@ -953,7 +953,7 @@ class With_rmod: def test_rmod(): - with_rmod = With_rmod() #$ MISSING: arg1="SSA variable with_rmod" func=With_rmod.__rmod__ + with_rmod = With_rmod() #$ MISSING: arg1="with_rmod" func=With_rmod.__rmod__ arg2 = {} #$ MISSING: arg2 func=With_rmod.__rmod__ arg2 % with_rmod @@ -968,7 +968,7 @@ class With_rdivmod: def test_rdivmod(): - with_rdivmod = With_rdivmod() #$ MISSING: arg1="SSA variable with_rdivmod" func=With_rdivmod.__rdivmod__ + with_rdivmod = With_rdivmod() #$ MISSING: arg1="with_rdivmod" func=With_rdivmod.__rdivmod__ arg2 = "" #$ MISSING: arg2 func=With_rdivmod.__rdivmod__ divmod(arg2, with_rdivmod) @@ -983,13 +983,13 @@ class With_rpow: def test_rpow(): - with_rpow = With_rpow() #$ MISSING: arg1="SSA variable with_rpow" func=With_rpow.__rpow__ + with_rpow = With_rpow() #$ MISSING: arg1="with_rpow" func=With_rpow.__rpow__ arg2 = "" #$ MISSING: arg2 func=With_rpow.__rpow__ pow(arg2, with_rpow) def test_rpow_op(): - with_rpow = With_rpow() #$ MISSING: arg1="SSA variable with_rpow" func=With_rpow.__rpow__ + with_rpow = With_rpow() #$ MISSING: arg1="with_rpow" func=With_rpow.__rpow__ arg2 = "" #$ MISSING: arg2 func=With_rpow.__rpow__ arg2 ** with_rpow @@ -1004,7 +1004,7 @@ class With_rlshift: def test_rlshift(): - with_rlshift = With_rlshift() #$ MISSING: arg1="SSA variable with_rlshift" func=With_rlshift.__rlshift__ + with_rlshift = With_rlshift() #$ MISSING: arg1="with_rlshift" func=With_rlshift.__rlshift__ arg2 = "" #$ MISSING: arg2 func=With_rlshift.__rlshift__ arg2 << with_rlshift @@ -1019,7 +1019,7 @@ class With_rrshift: def test_rrshift(): - with_rrshift = With_rrshift() #$ MISSING: arg1="SSA variable with_rrshift" func=With_rrshift.__rrshift__ + with_rrshift = With_rrshift() #$ MISSING: arg1="with_rrshift" func=With_rrshift.__rrshift__ arg2 = "" #$ MISSING: arg2 func=With_rrshift.__rrshift__ arg2 >> with_rrshift @@ -1034,7 +1034,7 @@ class With_rand: def test_rand(): - with_rand = With_rand() #$ MISSING: arg1="SSA variable with_rand" func=With_rand.__rand__ + with_rand = With_rand() #$ MISSING: arg1="with_rand" func=With_rand.__rand__ arg2 = "" #$ MISSING: arg2 func=With_rand.__rand__ arg2 & with_rand @@ -1049,7 +1049,7 @@ class With_rxor: def test_rxor(): - with_rxor = With_rxor() #$ MISSING: arg1="SSA variable with_rxor" func=With_rxor.__rxor__ + with_rxor = With_rxor() #$ MISSING: arg1="with_rxor" func=With_rxor.__rxor__ arg2 = "" #$ MISSING: arg2 func=With_rxor.__rxor__ arg2 ^ with_rxor @@ -1064,7 +1064,7 @@ class With_ror: def test_ror(): - with_ror = With_ror() #$ MISSING: arg1="SSA variable with_ror" func=With_ror.__ror__ + with_ror = With_ror() #$ MISSING: arg1="with_ror" func=With_ror.__ror__ arg2 = "" #$ MISSING: arg2 func=With_ror.__ror__ arg2 | with_ror @@ -1079,7 +1079,7 @@ class With_iadd: def test_iadd(): - with_iadd = With_iadd() #$ MISSING: arg1="SSA variable with_iadd" func=With_iadd.__iadd__ + with_iadd = With_iadd() #$ MISSING: arg1="with_iadd" func=With_iadd.__iadd__ arg2 = with_iadd #$ MISSING: arg2 func=With_iadd.__iadd__ with_iadd += arg2 @@ -1094,7 +1094,7 @@ class With_isub: def test_isub(): - with_isub = With_isub() #$ MISSING: arg1="SSA variable with_isub" func=With_isub.__isub__ + with_isub = With_isub() #$ MISSING: arg1="with_isub" func=With_isub.__isub__ arg2 = with_isub #$ MISSING: arg2 func=With_isub.__isub__ with_isub -= arg2 @@ -1109,7 +1109,7 @@ class With_imul: def test_imul(): - with_imul = With_imul() #$ MISSING: arg1="SSA variable with_imul" func=With_imul.__imul__ + with_imul = With_imul() #$ MISSING: arg1="with_imul" func=With_imul.__imul__ arg2 = with_imul #$ MISSING: arg2 func=With_imul.__imul__ with_imul *= arg2 @@ -1124,7 +1124,7 @@ class With_imatmul: def test_imatmul(): - with_imatmul = With_imatmul() #$ MISSING: arg1="SSA variable with_imatmul" func=With_imatmul.__imatmul__ + with_imatmul = With_imatmul() #$ MISSING: arg1="with_imatmul" func=With_imatmul.__imatmul__ arg2 = with_imatmul #$ MISSING: arg2 func=With_imatmul.__imatmul__ with_imatmul @= arg2 @@ -1139,7 +1139,7 @@ class With_itruediv: def test_itruediv(): - with_itruediv = With_itruediv() #$ MISSING: arg1="SSA variable with_itruediv" func=With_itruediv.__itruediv__ + with_itruediv = With_itruediv() #$ MISSING: arg1="with_itruediv" func=With_itruediv.__itruediv__ arg2 = with_itruediv #$ MISSING: arg2 func=With_itruediv.__itruediv__ with_itruediv /= arg2 @@ -1154,7 +1154,7 @@ class With_ifloordiv: def test_ifloordiv(): - with_ifloordiv = With_ifloordiv() #$ MISSING: arg1="SSA variable with_ifloordiv" func=With_ifloordiv.__ifloordiv__ + with_ifloordiv = With_ifloordiv() #$ MISSING: arg1="with_ifloordiv" func=With_ifloordiv.__ifloordiv__ arg2 = with_ifloordiv #$ MISSING: arg2 func=With_ifloordiv.__ifloordiv__ with_ifloordiv //= arg2 @@ -1169,7 +1169,7 @@ class With_imod: def test_imod(): - with_imod = With_imod() #$ MISSING: arg1="SSA variable with_imod" func=With_imod.__imod__ + with_imod = With_imod() #$ MISSING: arg1="with_imod" func=With_imod.__imod__ arg2 = with_imod #$ MISSING: arg2 func=With_imod.__imod__ with_imod %= arg2 @@ -1184,7 +1184,7 @@ class With_ipow: def test_ipow(): - with_ipow = With_ipow() #$ MISSING: arg1="SSA variable with_ipow" func=With_ipow.__ipow__ + with_ipow = With_ipow() #$ MISSING: arg1="with_ipow" func=With_ipow.__ipow__ arg2 = with_ipow #$ MISSING: arg2 func=With_ipow.__ipow__ with_ipow **= arg2 @@ -1199,7 +1199,7 @@ class With_ilshift: def test_ilshift(): - with_ilshift = With_ilshift() #$ MISSING: arg1="SSA variable with_ilshift" func=With_ilshift.__ilshift__ + with_ilshift = With_ilshift() #$ MISSING: arg1="with_ilshift" func=With_ilshift.__ilshift__ arg2 = with_ilshift #$ MISSING: arg2 func=With_ilshift.__ilshift__ with_ilshift <<= arg2 @@ -1214,7 +1214,7 @@ class With_irshift: def test_irshift(): - with_irshift = With_irshift() #$ MISSING: arg1="SSA variable with_irshift" func=With_irshift.__irshift__ + with_irshift = With_irshift() #$ MISSING: arg1="with_irshift" func=With_irshift.__irshift__ arg2 = with_irshift #$ MISSING: arg2 func=With_irshift.__irshift__ with_irshift >>= arg2 @@ -1229,7 +1229,7 @@ class With_iand: def test_iand(): - with_iand = With_iand() #$ MISSING: arg1="SSA variable with_iand" func=With_iand.__iand__ + with_iand = With_iand() #$ MISSING: arg1="with_iand" func=With_iand.__iand__ arg2 = with_iand #$ MISSING: arg2 func=With_iand.__iand__ with_iand &= arg2 @@ -1244,7 +1244,7 @@ class With_ixor: def test_ixor(): - with_ixor = With_ixor() #$ MISSING: arg1="SSA variable with_ixor" func=With_ixor.__ixor__ + with_ixor = With_ixor() #$ MISSING: arg1="with_ixor" func=With_ixor.__ixor__ arg2 = with_ixor #$ MISSING: arg2 func=With_ixor.__ixor__ with_ixor ^= arg2 @@ -1259,7 +1259,7 @@ class With_ior: def test_ior(): - with_ior = With_ior() #$ MISSING: arg1="SSA variable with_ior" func=With_ior.__ior__ + with_ior = With_ior() #$ MISSING: arg1="with_ior" func=With_ior.__ior__ arg2 = with_ior #$ MISSING: arg2 func=With_ior.__ior__ with_ior |= arg2 @@ -1273,7 +1273,7 @@ class With_neg: def test_neg(): - with_neg = With_neg() #$ MISSING: arg1="SSA variable with_neg" func=With_neg.__neg__ + with_neg = With_neg() #$ MISSING: arg1="with_neg" func=With_neg.__neg__ -with_neg @@ -1286,7 +1286,7 @@ class With_pos: def test_pos(): - with_pos = With_pos() #$ MISSING: arg1="SSA variable with_pos" func=With_pos.__pos__ + with_pos = With_pos() #$ MISSING: arg1="with_pos" func=With_pos.__pos__ +with_pos @@ -1299,7 +1299,7 @@ class With_abs: def test_abs(): - with_abs = With_abs() #$ MISSING: arg1="SSA variable with_abs" func=With_abs.__abs__ + with_abs = With_abs() #$ MISSING: arg1="with_abs" func=With_abs.__abs__ abs(with_abs) @@ -1312,7 +1312,7 @@ class With_invert: def test_invert(): - with_invert = With_invert() #$ MISSING: arg1="SSA variable with_invert" func=With_invert.__invert__ + with_invert = With_invert() #$ MISSING: arg1="with_invert" func=With_invert.__invert__ ~with_invert @@ -1325,7 +1325,7 @@ class With_complex: def test_complex(): - with_complex = With_complex() #$ MISSING: arg1="SSA variable with_complex" func=With_complex.__complex__ + with_complex = With_complex() #$ MISSING: arg1="with_complex" func=With_complex.__complex__ complex(with_complex) @@ -1338,7 +1338,7 @@ class With_int: def test_int(): - with_int = With_int() #$ MISSING: arg1="SSA variable with_int" func=With_int.__int__ + with_int = With_int() #$ MISSING: arg1="with_int" func=With_int.__int__ int(with_int) @@ -1351,7 +1351,7 @@ class With_float: def test_float(): - with_float = With_float() #$ MISSING: arg1="SSA variable with_float" func=With_float.__float__ + with_float = With_float() #$ MISSING: arg1="with_float" func=With_float.__float__ float(with_float) @@ -1364,37 +1364,37 @@ class With_index: def test_index_slicing(): - with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__ + with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ [0][with_index:1] def test_index_bin(): - with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__ + with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ bin(with_index) def test_index_hex(): - with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__ + with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ hex(with_index) def test_index_oct(): - with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__ + with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ oct(with_index) def test_index_int(): - with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__ + with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ int(with_index) def test_index_float(): - with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__ + with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ float(with_index) def test_index_complex(): - with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__ + with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ complex(with_index) @@ -1407,7 +1407,7 @@ class With_round: def test_round(): - with_round = With_round() #$ MISSING: arg1="SSA variable with_round" func=With_round.__round__ + with_round = With_round() #$ MISSING: arg1="with_round" func=With_round.__round__ round(with_round) @@ -1420,7 +1420,7 @@ class With_trunc: def test_trunc(): - with_trunc = With_trunc() #$ MISSING: arg1="SSA variable with_trunc" func=With_trunc.__trunc__ + with_trunc = With_trunc() #$ MISSING: arg1="with_trunc" func=With_trunc.__trunc__ import math math.trunc(with_trunc) @@ -1435,7 +1435,7 @@ class With_floor: def test_floor(): - with_floor = With_floor() #$ MISSING: arg1="SSA variable with_floor" func=With_floor.__floor__ + with_floor = With_floor() #$ MISSING: arg1="with_floor" func=With_floor.__floor__ import math math.floor(with_floor) @@ -1450,7 +1450,7 @@ class With_ceil: def test_ceil(): - with_ceil = With_ceil() #$ MISSING: arg1="SSA variable with_ceil" func=With_ceil.__ceil__ + with_ceil = With_ceil() #$ MISSING: arg1="with_ceil" func=With_ceil.__ceil__ import math math.ceil(with_ceil) @@ -1503,7 +1503,7 @@ class With_await: async def atest_await(): - with_await = With_await() #$ MISSING: arg1="SSA variable with_await" func=With_await.__await__ + with_await = With_await() #$ MISSING: arg1="with_await" func=With_await.__await__ await (with_await) @@ -1525,7 +1525,7 @@ class With_aiter: async def atest_aiter(): - with_aiter = With_aiter() #$ MISSING: arg1="SSA variable with_aiter" func=With_aiter.__aiter__ + with_aiter = With_aiter() #$ MISSING: arg1="with_aiter" func=With_aiter.__aiter__ async for x in with_aiter: pass @@ -1542,7 +1542,7 @@ class With_anext: async def atest_anext(): - with_anext = With_anext() #$ MISSING: arg1="SSA variable with_anext" func=With_anext.__anext__ + with_anext = With_anext() #$ MISSING: arg1="with_anext" func=With_anext.__anext__ async for x in with_anext: pass @@ -1559,7 +1559,7 @@ class With_aenter: async def atest_aenter(): - with_aenter = With_aenter() #$ MISSING: arg1="SSA variable with_aenter" func=With_aenter.__aenter__ + with_aenter = With_aenter() #$ MISSING: arg1="with_aenter" func=With_aenter.__aenter__ async with with_aenter: pass @@ -1578,6 +1578,6 @@ class With_aexit: async def atest_aexit(): - with_aexit = With_aexit() #$ MISSING: arg1="SSA variable with_aexit" func=With_aexit.__aexit__ + with_aexit = With_aexit() #$ MISSING: arg1="with_aexit" func=With_aexit.__aexit__ async with with_aexit: pass diff --git a/python/ql/test/experimental/dataflow/coverage/localFlow.expected b/python/ql/test/experimental/dataflow/coverage/localFlow.expected index 08faa21c903..9712b9939f0 100644 --- a/python/ql/test/experimental/dataflow/coverage/localFlow.expected +++ b/python/ql/test/experimental/dataflow/coverage/localFlow.expected @@ -1,17 +1,16 @@ -| test.py:41:1:41:33 | GSSA Variable NONSOURCE | test.py:42:10:42:18 | ControlFlowNode for NONSOURCE | -| test.py:41:1:41:33 | GSSA Variable SINK | test.py:44:5:44:8 | ControlFlowNode for SINK | -| test.py:41:1:41:33 | GSSA Variable SOURCE | test.py:42:21:42:26 | ControlFlowNode for SOURCE | -| test.py:42:5:42:5 | SSA variable x | test.py:43:9:43:9 | ControlFlowNode for x | -| test.py:42:10:42:26 | ControlFlowNode for Tuple | test.py:42:5:42:5 | SSA variable x | -| test.py:43:5:43:5 | SSA variable y | test.py:44:10:44:10 | ControlFlowNode for y | -| test.py:43:9:43:12 | ControlFlowNode for Subscript | test.py:43:5:43:5 | SSA variable y | -| test.py:208:1:208:53 | GSSA Variable SINK | test.py:210:5:210:8 | ControlFlowNode for SINK | -| test.py:208:1:208:53 | GSSA Variable SOURCE | test.py:209:25:209:30 | ControlFlowNode for SOURCE | -| test.py:209:5:209:5 | SSA variable x | test.py:210:10:210:10 | ControlFlowNode for x | -| test.py:209:9:209:68 | ControlFlowNode for .0 | test.py:209:9:209:68 | SSA variable .0 | -| test.py:209:9:209:68 | ControlFlowNode for ListComp | test.py:209:5:209:5 | SSA variable x | -| test.py:209:9:209:68 | SSA variable .0 | test.py:209:9:209:68 | ControlFlowNode for .0 | -| test.py:209:16:209:16 | SSA variable v | test.py:209:45:209:45 | ControlFlowNode for v | -| test.py:209:40:209:40 | SSA variable u | test.py:209:56:209:56 | ControlFlowNode for u | -| test.py:209:51:209:51 | SSA variable z | test.py:209:67:209:67 | ControlFlowNode for z | -| test.py:209:62:209:62 | SSA variable y | test.py:209:10:209:10 | ControlFlowNode for y | +| test.py:41:1:41:33 | Entry node for Function test_tuple_with_local_flow | test.py:42:10:42:18 | ControlFlowNode for NONSOURCE | +| test.py:41:1:41:33 | Entry node for Function test_tuple_with_local_flow | test.py:42:21:42:26 | ControlFlowNode for SOURCE | +| test.py:41:1:41:33 | Entry node for Function test_tuple_with_local_flow | test.py:44:5:44:8 | ControlFlowNode for SINK | +| test.py:42:5:42:5 | ControlFlowNode for x | test.py:43:9:43:9 | ControlFlowNode for x | +| test.py:42:10:42:26 | ControlFlowNode for Tuple | test.py:42:5:42:5 | ControlFlowNode for x | +| test.py:43:5:43:5 | ControlFlowNode for y | test.py:44:10:44:10 | ControlFlowNode for y | +| test.py:43:9:43:12 | ControlFlowNode for Subscript | test.py:43:5:43:5 | ControlFlowNode for y | +| test.py:208:1:208:53 | Entry node for Function test_nested_comprehension_deep_with_local_flow | test.py:209:25:209:30 | ControlFlowNode for SOURCE | +| test.py:208:1:208:53 | Entry node for Function test_nested_comprehension_deep_with_local_flow | test.py:210:5:210:8 | ControlFlowNode for SINK | +| test.py:209:5:209:5 | ControlFlowNode for x | test.py:210:10:210:10 | ControlFlowNode for x | +| test.py:209:9:209:68 | ControlFlowNode for .0 | test.py:209:9:209:68 | ControlFlowNode for .0 | +| test.py:209:9:209:68 | ControlFlowNode for ListComp | test.py:209:5:209:5 | ControlFlowNode for x | +| test.py:209:16:209:16 | ControlFlowNode for v | test.py:209:45:209:45 | ControlFlowNode for v | +| test.py:209:40:209:40 | ControlFlowNode for u | test.py:209:56:209:56 | ControlFlowNode for u | +| test.py:209:51:209:51 | ControlFlowNode for z | test.py:209:67:209:67 | ControlFlowNode for z | +| test.py:209:62:209:62 | ControlFlowNode for y | test.py:209:10:209:10 | ControlFlowNode for y | diff --git a/python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.expected b/python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.expected index 3bd4cd81d54..0cd2141558b 100644 --- a/python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.expected +++ b/python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.expected @@ -1,3 +1,4 @@ +| class_example.py:0:0:0:0 | Module class_example | class_example.py:0:0:0:0 | Entry node for Module class_example | | class_example.py:0:0:0:0 | Module class_example | class_example.py:1:1:1:3 | ControlFlowNode for wat | | class_example.py:0:0:0:0 | Module class_example | class_example.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | | class_example.py:0:0:0:0 | Module class_example | class_example.py:3:1:3:10 | ControlFlowNode for ClassExpr | @@ -12,12 +13,14 @@ | class_example.py:0:0:0:0 | Module class_example | class_example.py:7:1:7:23 | ControlFlowNode for print() | | class_example.py:0:0:0:0 | Module class_example | class_example.py:7:7:7:17 | ControlFlowNode for Str | | class_example.py:0:0:0:0 | Module class_example | class_example.py:7:20:7:22 | ControlFlowNode for wat | +| generator.py:0:0:0:0 | Module generator | generator.py:0:0:0:0 | Entry node for Module generator | | generator.py:0:0:0:0 | Module generator | generator.py:1:1:1:23 | ControlFlowNode for FunctionExpr | | generator.py:0:0:0:0 | Module generator | generator.py:1:5:1:18 | ControlFlowNode for generator_func | | generator.py:1:1:1:23 | Function generator_func | generator.py:1:20:1:21 | ControlFlowNode for xs | | generator.py:1:1:1:23 | Function generator_func | generator.py:2:12:2:26 | ControlFlowNode for .0 | | generator.py:1:1:1:23 | Function generator_func | generator.py:2:12:2:26 | ControlFlowNode for .0 | | generator.py:1:1:1:23 | Function generator_func | generator.py:2:12:2:26 | ControlFlowNode for ListComp | +| generator.py:1:1:1:23 | Function generator_func | generator.py:2:12:2:26 | Entry node for Function listcomp | | generator.py:1:1:1:23 | Function generator_func | generator.py:2:13:2:13 | ControlFlowNode for Yield | | generator.py:1:1:1:23 | Function generator_func | generator.py:2:13:2:13 | ControlFlowNode for x | | generator.py:1:1:1:23 | Function generator_func | generator.py:2:19:2:19 | ControlFlowNode for x | diff --git a/python/ql/test/experimental/dataflow/import-star/global.expected b/python/ql/test/experimental/dataflow/import-star/global.expected index 21a0c387ddc..ee324324a5c 100644 --- a/python/ql/test/experimental/dataflow/import-star/global.expected +++ b/python/ql/test/experimental/dataflow/import-star/global.expected @@ -1,15 +1,33 @@ +| deux.py:0:0:0:0 | Entry node for Module deux | deux.py:2:1:2:5 | ControlFlowNode for print | +| deux.py:0:0:0:0 | Entry node for Module deux | deux.py:2:7:2:9 | ControlFlowNode for foo | +| test1.py:0:0:0:0 | Entry node for Module test1 | test1.py:2:1:2:5 | ControlFlowNode for print | +| test1.py:0:0:0:0 | Entry node for Module test1 | test1.py:2:7:2:9 | ControlFlowNode for foo | +| test2.py:0:0:0:0 | Entry node for Module test2 | test2.py:2:1:2:5 | ControlFlowNode for print | +| test2.py:0:0:0:0 | Entry node for Module test2 | test2.py:2:7:2:9 | ControlFlowNode for foo | +| test3.py:1:17:1:19 | ControlFlowNode for ImportMember | test3.py:1:17:1:19 | ControlFlowNode for foo | | test3.py:1:17:1:19 | ControlFlowNode for ImportMember | test3.py:2:7:2:9 | ControlFlowNode for foo | +| test3.py:1:17:1:19 | ControlFlowNode for foo | test3.py:2:7:2:9 | ControlFlowNode for foo | | three.py:1:1:1:3 | ControlFlowNode for foo | test1.py:2:7:2:9 | ControlFlowNode for foo | | three.py:1:1:1:3 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for ImportMember | +| three.py:1:1:1:3 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for foo | | three.py:1:1:1:3 | ControlFlowNode for foo | test3.py:2:7:2:9 | ControlFlowNode for foo | | three.py:1:1:1:3 | ControlFlowNode for foo | two.py:2:7:2:9 | ControlFlowNode for foo | | three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test1.py:2:7:2:9 | ControlFlowNode for foo | | three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test3.py:1:17:1:19 | ControlFlowNode for ImportMember | +| three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test3.py:1:17:1:19 | ControlFlowNode for foo | | three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test3.py:2:7:2:9 | ControlFlowNode for foo | +| three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | three.py:1:1:1:3 | ControlFlowNode for foo | | three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | two.py:2:7:2:9 | ControlFlowNode for foo | | trois.py:1:1:1:3 | ControlFlowNode for foo | deux.py:2:7:2:9 | ControlFlowNode for foo | | trois.py:1:1:1:3 | ControlFlowNode for foo | test2.py:2:7:2:9 | ControlFlowNode for foo | | trois.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | deux.py:2:7:2:9 | ControlFlowNode for foo | | trois.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test2.py:2:7:2:9 | ControlFlowNode for foo | +| trois.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | trois.py:1:1:1:3 | ControlFlowNode for foo | +| two.py:0:0:0:0 | Entry node for Module two | test3.py:1:17:1:19 | ControlFlowNode for ImportMember | +| two.py:0:0:0:0 | Entry node for Module two | test3.py:1:17:1:19 | ControlFlowNode for foo | +| two.py:0:0:0:0 | Entry node for Module two | test3.py:2:7:2:9 | ControlFlowNode for foo | +| two.py:0:0:0:0 | Entry node for Module two | two.py:2:1:2:5 | ControlFlowNode for print | +| two.py:0:0:0:0 | Entry node for Module two | two.py:2:7:2:9 | ControlFlowNode for foo | | two.py:2:7:2:9 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for ImportMember | +| two.py:2:7:2:9 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for foo | | two.py:2:7:2:9 | ControlFlowNode for foo | test3.py:2:7:2:9 | ControlFlowNode for foo | diff --git a/python/ql/test/experimental/dataflow/module-initialization/localFlow.ql b/python/ql/test/experimental/dataflow/module-initialization/localFlow.ql index 0935f3569b7..22a0f88d77e 100644 --- a/python/ql/test/experimental/dataflow/module-initialization/localFlow.ql +++ b/python/ql/test/experimental/dataflow/module-initialization/localFlow.ql @@ -11,7 +11,10 @@ module ImportTimeLocalFlowTest implements FlowTestSig { nodeFrom.getLocation().getFile().getBaseName() = "multiphase.py" and // results are displayed next to `nodeTo`, so we need a line to write on nodeTo.getLocation().getStartLine() > 0 and - nodeTo.asVar() instanceof GlobalSsaVariable and + exists(GlobalSsaVariable g | + nodeTo.asCfgNode() = g.getDefinition().(EssaNodeDefinition).getDefiningNode() + ) and + // nodeTo.asVar() instanceof GlobalSsaVariable and DP::PhaseDependentFlow::importTimeStep(nodeFrom, nodeTo) } } diff --git a/python/ql/test/experimental/dataflow/module-initialization/multiphase.py b/python/ql/test/experimental/dataflow/module-initialization/multiphase.py index 6f14945dbe0..9a3512732f5 100644 --- a/python/ql/test/experimental/dataflow/module-initialization/multiphase.py +++ b/python/ql/test/experimental/dataflow/module-initialization/multiphase.py @@ -1,40 +1,40 @@ -import sys #$ importTimeFlow="ImportExpr -> GSSA Variable sys" -import os #$ importTimeFlow="ImportExpr -> GSSA Variable os" +import sys #$ importTimeFlow="ImportExpr -> sys" +import os #$ importTimeFlow="ImportExpr -> os" sys.path.append(os.path.dirname(os.path.dirname((__file__)))) -from testlib import expects #$ importTimeFlow="ImportMember -> GSSA Variable expects" +from testlib import expects #$ importTimeFlow="ImportMember -> expects" # These are defined so that we can evaluate the test code. -NONSOURCE = "not a source" #$ importTimeFlow="'not a source' -> GSSA Variable NONSOURCE" -SOURCE = "source" #$ importTimeFlow="'source' -> GSSA Variable SOURCE" +NONSOURCE = "not a source" #$ importTimeFlow="'not a source' -> NONSOURCE" +SOURCE = "source" #$ importTimeFlow="'source' -> SOURCE" -def is_source(x): #$ importTimeFlow="FunctionExpr -> GSSA Variable is_source" +def is_source(x): #$ importTimeFlow="FunctionExpr -> is_source" return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j -def SINK(x): #$ importTimeFlow="FunctionExpr -> GSSA Variable SINK" +def SINK(x): #$ importTimeFlow="FunctionExpr -> SINK" if is_source(x): #$ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-17 -> is_source" print("OK") #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-18 -> print" else: print("Unexpected flow", x) #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-20 -> print" -def SINK_F(x): #$ importTimeFlow="FunctionExpr -> GSSA Variable SINK_F" +def SINK_F(x): #$ importTimeFlow="FunctionExpr -> SINK_F" if is_source(x): #$ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-24 -> is_source" print("Unexpected flow", x) #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-25 -> print" else: print("OK") #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-27 -> print" -def set_foo(): #$ importTimeFlow="FunctionExpr -> GSSA Variable set_foo" +def set_foo(): #$ importTimeFlow="FunctionExpr -> set_foo" global foo foo = SOURCE #$ runtimeFlow="ModuleVariableNode in Module multiphase for SOURCE, l:-31 -> SOURCE" # missing final definition of foo -foo = NONSOURCE #$ importTimeFlow="NONSOURCE -> GSSA Variable foo" +foo = NONSOURCE #$ importTimeFlow="NONSOURCE -> foo" set_foo() @expects(2) -def test_phases(): #$ importTimeFlow="expects(..)(..), l:-1 -> GSSA Variable test_phases" +def test_phases(): #$ importTimeFlow="expects(..)(..), l:-1 -> test_phases" global foo SINK(foo) #$ runtimeFlow="ModuleVariableNode in Module multiphase for SINK, l:-39 -> SINK" runtimeFlow="ModuleVariableNode in Module multiphase for foo, l:-39 -> foo" foo = NONSOURCE #$ runtimeFlow="ModuleVariableNode in Module multiphase for NONSOURCE, l:-40 -> NONSOURCE" diff --git a/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.expected b/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.expected index 7f8ef86e30d..bff38b71fc9 100644 --- a/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.expected +++ b/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.expected @@ -1,6 +1,6 @@ os_import -| test.py:2:8:2:9 | GSSA Variable os | +| test.py:2:8:2:9 | ControlFlowNode for os | flowstep jumpStep -| test.py:2:8:2:9 | GSSA Variable os | test.py:0:0:0:0 | ModuleVariableNode in Module test for os | +| test.py:2:8:2:9 | ControlFlowNode for os | test.py:0:0:0:0 | ModuleVariableNode in Module test for os | essaFlowStep diff --git a/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql b/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql index 9c4f08448c1..74cf109114a 100644 --- a/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql +++ b/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql @@ -3,16 +3,26 @@ import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate /** Gets the EssaNode that holds the module imported by the fully qualified module name `name` */ -DataFlow::EssaNode module_import(string name) { - exists(Variable var, Import imp, Alias alias | +DataFlow::CfgNode module_import(string name) { + // exists(Variable var, Import imp, Alias alias | + // alias = imp.getAName() and + // alias.getAsname() = var.getAStore() and + // ( + // name = alias.getValue().(ImportMember).getImportedModuleName() + // or + // name = alias.getValue().(ImportExpr).getImportedModuleName() + // ) and + // result.getVar().(AssignmentDefinition).getSourceVariable() = var + // ) + exists(Variable var, AssignmentDefinition def, Import imp, Alias alias | + var = def.getSourceVariable() and + result.getNode() = def.getDefiningNode() and alias = imp.getAName() and - alias.getAsname() = var.getAStore() and - ( - name = alias.getValue().(ImportMember).getImportedModuleName() - or - name = alias.getValue().(ImportExpr).getImportedModuleName() - ) and - result.getVar().(AssignmentDefinition).getSourceVariable() = var + alias.getAsname() = var.getAStore() + | + name = alias.getValue().(ImportMember).getImportedModuleName() + or + name = alias.getValue().(ImportExpr).getImportedModuleName() ) } diff --git a/python/ql/test/experimental/dataflow/summaries/summaries.expected b/python/ql/test/experimental/dataflow/summaries/summaries.expected index b94a911e8c2..d7b64ceaf1f 100644 --- a/python/ql/test/experimental/dataflow/summaries/summaries.expected +++ b/python/ql/test/experimental/dataflow/summaries/summaries.expected @@ -1,55 +1,55 @@ edges -| summaries.py:32:1:32:7 | GSSA Variable tainted | summaries.py:33:6:33:12 | ControlFlowNode for tainted | -| summaries.py:32:11:32:26 | ControlFlowNode for identity() | summaries.py:32:1:32:7 | GSSA Variable tainted | +| summaries.py:32:1:32:7 | ControlFlowNode for tainted | summaries.py:33:6:33:12 | ControlFlowNode for tainted | +| summaries.py:32:11:32:26 | ControlFlowNode for identity() | summaries.py:32:1:32:7 | ControlFlowNode for tainted | | summaries.py:32:20:32:25 | ControlFlowNode for SOURCE | summaries.py:32:11:32:26 | ControlFlowNode for identity() | -| summaries.py:36:1:36:14 | GSSA Variable tainted_lambda | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda | -| summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | summaries.py:36:1:36:14 | GSSA Variable tainted_lambda | +| summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda | +| summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda | | summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | -| summaries.py:44:1:44:12 | GSSA Variable tainted_list | summaries.py:45:6:45:20 | ControlFlowNode for Subscript | -| summaries.py:44:1:44:12 | GSSA Variable tainted_list [List element] | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | -| summaries.py:44:16:44:33 | ControlFlowNode for reversed() | summaries.py:44:1:44:12 | GSSA Variable tainted_list | -| summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | summaries.py:44:1:44:12 | GSSA Variable tainted_list [List element] | +| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list | summaries.py:45:6:45:20 | ControlFlowNode for Subscript | +| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | +| summaries.py:44:16:44:33 | ControlFlowNode for reversed() | summaries.py:44:1:44:12 | ControlFlowNode for tainted_list | +| summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] | | summaries.py:44:25:44:32 | ControlFlowNode for List | summaries.py:44:16:44:33 | ControlFlowNode for reversed() | | summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | | summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List | | summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | summaries.py:45:6:45:20 | ControlFlowNode for Subscript | -| summaries.py:51:1:51:14 | GSSA Variable tainted_mapped [List element] | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | -| summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | summaries.py:51:1:51:14 | GSSA Variable tainted_mapped [List element] | +| summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | +| summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] | | summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | | summaries.py:51:39:51:44 | ControlFlowNode for SOURCE | summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | summaries.py:52:6:52:22 | ControlFlowNode for Subscript | -| summaries.py:57:1:57:23 | GSSA Variable tainted_mapped_explicit [List element] | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | -| summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | summaries.py:57:1:57:23 | GSSA Variable tainted_mapped_explicit [List element] | +| summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | +| summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] | | summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | | summaries.py:57:56:57:61 | ControlFlowNode for SOURCE | summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | summaries.py:58:6:58:31 | ControlFlowNode for Subscript | -| summaries.py:60:1:60:22 | GSSA Variable tainted_mapped_summary [List element] | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | -| summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | summaries.py:60:1:60:22 | GSSA Variable tainted_mapped_summary [List element] | +| summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | +| summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] | | summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | | summaries.py:60:46:60:51 | ControlFlowNode for SOURCE | summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | summaries.py:61:6:61:30 | ControlFlowNode for Subscript | -| summaries.py:63:1:63:12 | GSSA Variable tainted_list [List element] | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | -| summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | summaries.py:63:1:63:12 | GSSA Variable tainted_list [List element] | +| summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | +| summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] | | summaries.py:63:35:63:40 | ControlFlowNode for SOURCE | summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | summaries.py:64:6:64:20 | ControlFlowNode for Subscript | -| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist | summaries.py:68:6:68:26 | ControlFlowNode for Subscript | -| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist [List element] | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | -| summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist [List element] | -| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist | +| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | summaries.py:68:6:68:26 | ControlFlowNode for Subscript | +| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | +| summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] | +| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | | summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | summaries.py:68:6:68:26 | ControlFlowNode for Subscript | nodes -| summaries.py:32:1:32:7 | GSSA Variable tainted | semmle.label | GSSA Variable tainted | +| summaries.py:32:1:32:7 | ControlFlowNode for tainted | semmle.label | ControlFlowNode for tainted | | summaries.py:32:11:32:26 | ControlFlowNode for identity() | semmle.label | ControlFlowNode for identity() | | summaries.py:32:20:32:25 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE | | summaries.py:33:6:33:12 | ControlFlowNode for tainted | semmle.label | ControlFlowNode for tainted | -| summaries.py:36:1:36:14 | GSSA Variable tainted_lambda | semmle.label | GSSA Variable tainted_lambda | +| summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda | semmle.label | ControlFlowNode for tainted_lambda | | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | semmle.label | ControlFlowNode for apply_lambda() | | summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE | | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda | semmle.label | ControlFlowNode for tainted_lambda | -| summaries.py:44:1:44:12 | GSSA Variable tainted_list | semmle.label | GSSA Variable tainted_list | -| summaries.py:44:1:44:12 | GSSA Variable tainted_list [List element] | semmle.label | GSSA Variable tainted_list [List element] | +| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list | semmle.label | ControlFlowNode for tainted_list | +| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] | | summaries.py:44:16:44:33 | ControlFlowNode for reversed() | semmle.label | ControlFlowNode for reversed() | | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | semmle.label | ControlFlowNode for reversed() [List element] | | summaries.py:44:25:44:32 | ControlFlowNode for List | semmle.label | ControlFlowNode for List | @@ -57,31 +57,31 @@ nodes | summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE | | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] | | summaries.py:45:6:45:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | -| summaries.py:51:1:51:14 | GSSA Variable tainted_mapped [List element] | semmle.label | GSSA Variable tainted_mapped [List element] | +| summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] | semmle.label | ControlFlowNode for tainted_mapped [List element] | | summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | semmle.label | ControlFlowNode for list_map() [List element] | | summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] | | summaries.py:51:39:51:44 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE | | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | semmle.label | ControlFlowNode for tainted_mapped [List element] | | summaries.py:52:6:52:22 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | -| summaries.py:57:1:57:23 | GSSA Variable tainted_mapped_explicit [List element] | semmle.label | GSSA Variable tainted_mapped_explicit [List element] | +| summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] | semmle.label | ControlFlowNode for tainted_mapped_explicit [List element] | | summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | semmle.label | ControlFlowNode for list_map() [List element] | | summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] | | summaries.py:57:56:57:61 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE | | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | semmle.label | ControlFlowNode for tainted_mapped_explicit [List element] | | summaries.py:58:6:58:31 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | -| summaries.py:60:1:60:22 | GSSA Variable tainted_mapped_summary [List element] | semmle.label | GSSA Variable tainted_mapped_summary [List element] | +| summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] | semmle.label | ControlFlowNode for tainted_mapped_summary [List element] | | summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | semmle.label | ControlFlowNode for list_map() [List element] | | summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] | | summaries.py:60:46:60:51 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE | | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | semmle.label | ControlFlowNode for tainted_mapped_summary [List element] | | summaries.py:61:6:61:30 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | -| summaries.py:63:1:63:12 | GSSA Variable tainted_list [List element] | semmle.label | GSSA Variable tainted_list [List element] | +| summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] | | summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | semmle.label | ControlFlowNode for append_to_list() [List element] | | summaries.py:63:35:63:40 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE | | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] | | summaries.py:64:6:64:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | -| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist | semmle.label | GSSA Variable tainted_resultlist | -| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist [List element] | semmle.label | GSSA Variable tainted_resultlist [List element] | +| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | semmle.label | ControlFlowNode for tainted_resultlist | +| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] | semmle.label | ControlFlowNode for tainted_resultlist [List element] | | summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | semmle.label | ControlFlowNode for json_loads() [List element] | | summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE | | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | semmle.label | ControlFlowNode for tainted_resultlist [List element] | diff --git a/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected b/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected index 3b3f18c5b9e..b2b151f6ded 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected @@ -1,5 +1,5 @@ -| test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:6:4:12 | ControlFlowNode for tainted | -| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | GSSA Variable tainted | -| test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | GSSA Variable func | -| test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:10:8:21 | ControlFlowNode for also_tainted | -| test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:7:5:7:16 | SSA variable also_tainted | +| test.py:3:1:3:7 | ControlFlowNode for tainted | test.py:4:6:4:12 | ControlFlowNode for tainted | +| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | ControlFlowNode for tainted | +| test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | ControlFlowNode for func | +| test.py:7:5:7:16 | ControlFlowNode for also_tainted | test.py:8:10:8:21 | ControlFlowNode for also_tainted | +| test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:7:5:7:16 | ControlFlowNode for also_tainted | diff --git a/python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py b/python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py index f838032b063..e11f451b865 100644 --- a/python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py +++ b/python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py @@ -6,10 +6,8 @@ tainted = TTS_identity(tracked) # $ tracked tainted # $ tracked # Lambda summary -# I think the missing result is expected because type tracking -# is not allowed to flow back out of a call. tainted_lambda = TTS_apply_lambda(lambda x: x, tracked) # $ tracked -tainted_lambda # $ MISSING: tracked +tainted_lambda # $ tracked # A lambda that directly introduces taint bad_lambda = TTS_apply_lambda(lambda x: tracked, 1) # $ tracked diff --git a/python/ql/test/experimental/dataflow/typetracking/moduleattr.expected b/python/ql/test/experimental/dataflow/typetracking/moduleattr.expected index ac2d2f510aa..baa29e053ce 100644 --- a/python/ql/test/experimental/dataflow/typetracking/moduleattr.expected +++ b/python/ql/test/experimental/dataflow/typetracking/moduleattr.expected @@ -3,9 +3,9 @@ module_tracker module_attr_tracker | import_as_attr.py:0:0:0:0 | ModuleVariableNode in Module import_as_attr for attr_ref | | import_as_attr.py:1:20:1:35 | ControlFlowNode for ImportMember | -| import_as_attr.py:1:28:1:35 | GSSA Variable attr_ref | -| import_as_attr.py:3:1:3:1 | GSSA Variable x | +| import_as_attr.py:1:28:1:35 | ControlFlowNode for attr_ref | +| import_as_attr.py:3:1:3:1 | ControlFlowNode for x | | import_as_attr.py:3:5:3:12 | ControlFlowNode for attr_ref | -| import_as_attr.py:5:1:5:10 | GSSA Variable attr_ref | -| import_as_attr.py:6:5:6:5 | SSA variable y | +| import_as_attr.py:5:1:5:10 | Entry node for Function fun | +| import_as_attr.py:6:5:6:5 | ControlFlowNode for y | | import_as_attr.py:6:9:6:16 | ControlFlowNode for attr_ref | diff --git a/python/ql/test/experimental/dataflow/typetracking/tracked.ql b/python/ql/test/experimental/dataflow/typetracking/tracked.ql index b6aa9d268d0..e9bbb6d43b6 100644 --- a/python/ql/test/experimental/dataflow/typetracking/tracked.ql +++ b/python/ql/test/experimental/dataflow/typetracking/tracked.ql @@ -26,7 +26,8 @@ module TrackedTest implements TestSig { not e.getLocation().getStartLine() = 0 and // We do not wish to annotate scope entry definitions, // as they do not appear in the source code. - not e.asVar() instanceof ScopeEntryDefinition and + // not e.asVar() instanceof ScopeEntryDefinition and + not e.asCfgNode() = any(ScopeEntryDefinition def).getDefiningNode() and tag = "tracked" and location = e.getLocation() and value = t.getAttr() and diff --git a/python/ql/test/experimental/import-resolution/ModuleExport.expected b/python/ql/test/experimental/import-resolution/ModuleExport.expected index b1f63a02a78..4f455caa22e 100644 --- a/python/ql/test/experimental/import-resolution/ModuleExport.expected +++ b/python/ql/test/experimental/import-resolution/ModuleExport.expected @@ -1,58 +1,58 @@ | attr_clash.__init__ | __file__ | attr_clash/__init__.py:6:6:6:13 | ControlFlowNode for __file__ | -| attr_clash.__init__ | __name__ | attr_clash/__init__.py:0:0:0:0 | GSSA Variable __name__ | -| attr_clash.__init__ | __package__ | attr_clash/__init__.py:0:0:0:0 | GSSA Variable __package__ | -| attr_clash.__init__ | clashing_attr | attr_clash/__init__.py:4:1:4:13 | GSSA Variable clashing_attr | +| attr_clash.__init__ | __name__ | attr_clash/__init__.py:0:0:0:0 | Entry node for Module attr_clash.__init__ | +| attr_clash.__init__ | __package__ | attr_clash/__init__.py:0:0:0:0 | Entry node for Module attr_clash.__init__ | +| attr_clash.__init__ | clashing_attr | attr_clash/__init__.py:4:1:4:13 | ControlFlowNode for clashing_attr | | attr_clash.__init__ | enter | attr_clash/__init__.py:2:1:2:5 | ControlFlowNode for enter | | attr_clash.__init__ | exit | attr_clash/__init__.py:6:1:6:4 | ControlFlowNode for exit | | attr_clash.clashing_attr | __file__ | attr_clash/clashing_attr.py:4:6:4:13 | ControlFlowNode for __file__ | -| attr_clash.clashing_attr | __name__ | attr_clash/clashing_attr.py:0:0:0:0 | GSSA Variable __name__ | -| attr_clash.clashing_attr | __package__ | attr_clash/clashing_attr.py:0:0:0:0 | GSSA Variable __package__ | +| attr_clash.clashing_attr | __name__ | attr_clash/clashing_attr.py:0:0:0:0 | Entry node for Module attr_clash.clashing_attr | +| attr_clash.clashing_attr | __package__ | attr_clash/clashing_attr.py:0:0:0:0 | Entry node for Module attr_clash.clashing_attr | | attr_clash.clashing_attr | enter | attr_clash/clashing_attr.py:2:1:2:5 | ControlFlowNode for enter | | attr_clash.clashing_attr | exit | attr_clash/clashing_attr.py:4:1:4:4 | ControlFlowNode for exit | | attr_clash.non_clashing_submodule | __file__ | attr_clash/non_clashing_submodule.py:4:6:4:13 | ControlFlowNode for __file__ | -| attr_clash.non_clashing_submodule | __name__ | attr_clash/non_clashing_submodule.py:0:0:0:0 | GSSA Variable __name__ | -| attr_clash.non_clashing_submodule | __package__ | attr_clash/non_clashing_submodule.py:0:0:0:0 | GSSA Variable __package__ | +| attr_clash.non_clashing_submodule | __name__ | attr_clash/non_clashing_submodule.py:0:0:0:0 | Entry node for Module attr_clash.non_clashing_submodule | +| attr_clash.non_clashing_submodule | __package__ | attr_clash/non_clashing_submodule.py:0:0:0:0 | Entry node for Module attr_clash.non_clashing_submodule | | attr_clash.non_clashing_submodule | enter | attr_clash/non_clashing_submodule.py:2:1:2:5 | ControlFlowNode for enter | | attr_clash.non_clashing_submodule | exit | attr_clash/non_clashing_submodule.py:4:1:4:4 | ControlFlowNode for exit | | bar | __file__ | bar.py:6:6:6:13 | ControlFlowNode for __file__ | -| bar | __name__ | bar.py:0:0:0:0 | GSSA Variable __name__ | -| bar | __package__ | bar.py:0:0:0:0 | GSSA Variable __package__ | -| bar | bar_attr | bar.py:4:1:4:8 | GSSA Variable bar_attr | +| bar | __name__ | bar.py:0:0:0:0 | Entry node for Module bar | +| bar | __package__ | bar.py:0:0:0:0 | Entry node for Module bar | +| bar | bar_attr | bar.py:4:1:4:8 | ControlFlowNode for bar_attr | | bar | enter | bar.py:2:1:2:5 | ControlFlowNode for enter | | bar | exit | bar.py:6:1:6:4 | ControlFlowNode for exit | | baz | __file__ | baz.py:6:6:6:13 | ControlFlowNode for __file__ | -| baz | __name__ | baz.py:0:0:0:0 | GSSA Variable __name__ | -| baz | __package__ | baz.py:0:0:0:0 | GSSA Variable __package__ | -| baz | baz_attr | baz.py:4:1:4:8 | GSSA Variable baz_attr | +| baz | __name__ | baz.py:0:0:0:0 | Entry node for Module baz | +| baz | __package__ | baz.py:0:0:0:0 | Entry node for Module baz | +| baz | baz_attr | baz.py:4:1:4:8 | ControlFlowNode for baz_attr | | baz | enter | baz.py:2:1:2:5 | ControlFlowNode for enter | | baz | exit | baz.py:6:1:6:4 | ControlFlowNode for exit | | block_flow_check | SOURCE | block_flow_check.py:12:25:12:30 | ControlFlowNode for SOURCE | | block_flow_check | __file__ | block_flow_check.py:14:6:14:13 | ControlFlowNode for __file__ | -| block_flow_check | __name__ | block_flow_check.py:0:0:0:0 | GSSA Variable __name__ | -| block_flow_check | __package__ | block_flow_check.py:0:0:0:0 | GSSA Variable __package__ | +| block_flow_check | __name__ | block_flow_check.py:0:0:0:0 | Entry node for Module block_flow_check | +| block_flow_check | __package__ | block_flow_check.py:0:0:0:0 | Entry node for Module block_flow_check | | block_flow_check | check | block_flow_check.py:12:1:12:5 | ControlFlowNode for check | | block_flow_check | enter | block_flow_check.py:2:1:2:5 | ControlFlowNode for enter | | block_flow_check | exit | block_flow_check.py:14:1:14:4 | ControlFlowNode for exit | | block_flow_check | globals | block_flow_check.py:12:33:12:39 | ControlFlowNode for globals | | block_flow_check | object | block_flow_check.py:4:14:4:19 | ControlFlowNode for object | -| block_flow_check | staticmethod | block_flow_check.py:0:0:0:0 | GSSA Variable staticmethod | +| block_flow_check | staticmethod | block_flow_check.py:0:0:0:0 | Entry node for Module block_flow_check | | foo | __file__ | foo.py:14:6:14:13 | ControlFlowNode for __file__ | -| foo | __name__ | foo.py:0:0:0:0 | GSSA Variable __name__ | -| foo | __package__ | foo.py:0:0:0:0 | GSSA Variable __package__ | -| foo | __private_foo_attr | foo.py:8:1:8:18 | GSSA Variable __private_foo_attr | +| foo | __name__ | foo.py:0:0:0:0 | Entry node for Module foo | +| foo | __package__ | foo.py:0:0:0:0 | Entry node for Module foo | +| foo | __private_foo_attr | foo.py:8:1:8:18 | ControlFlowNode for __private_foo_attr | | foo | bar_reexported | foo.py:11:8:11:10 | ControlFlowNode for ImportExpr | | foo | bar_reexported | foo.py:12:34:12:47 | ControlFlowNode for bar_reexported | | foo | check | foo.py:12:1:12:5 | ControlFlowNode for check | | foo | enter | foo.py:2:1:2:5 | ControlFlowNode for enter | | foo | exit | foo.py:14:1:14:4 | ControlFlowNode for exit | -| foo | foo_attr | foo.py:5:1:5:8 | GSSA Variable foo_attr | +| foo | foo_attr | foo.py:5:1:5:8 | ControlFlowNode for foo_attr | | foo | globals | foo.py:12:71:12:77 | ControlFlowNode for globals | | generous_export | Exception | generous_export.py:16:11:16:19 | ControlFlowNode for Exception | | generous_export | SOURCE | generous_export.py:15:11:15:16 | ControlFlowNode for SOURCE | | generous_export | SOURCE | generous_export.py:20:25:20:30 | ControlFlowNode for SOURCE | | generous_export | __file__ | generous_export.py:22:6:22:13 | ControlFlowNode for __file__ | -| generous_export | __name__ | generous_export.py:0:0:0:0 | GSSA Variable __name__ | -| generous_export | __package__ | generous_export.py:0:0:0:0 | GSSA Variable __package__ | +| generous_export | __name__ | generous_export.py:0:0:0:0 | Entry node for Module generous_export | +| generous_export | __package__ | generous_export.py:0:0:0:0 | Entry node for Module generous_export | | generous_export | check | generous_export.py:20:1:20:5 | ControlFlowNode for check | | generous_export | enter | generous_export.py:2:1:2:5 | ControlFlowNode for enter | | generous_export | eval | generous_export.py:10:4:10:7 | ControlFlowNode for eval | @@ -60,43 +60,43 @@ | generous_export | globals | generous_export.py:20:33:20:39 | ControlFlowNode for globals | | generous_export | object | generous_export.py:4:14:4:19 | ControlFlowNode for object | | generous_export | print | generous_export.py:15:5:15:9 | ControlFlowNode for print | -| generous_export | staticmethod | generous_export.py:0:0:0:0 | GSSA Variable staticmethod | -| has_defined_all | __all__ | has_defined_all.py:7:1:7:7 | GSSA Variable __all__ | +| generous_export | staticmethod | generous_export.py:0:0:0:0 | Entry node for Module generous_export | +| has_defined_all | __all__ | has_defined_all.py:7:1:7:7 | ControlFlowNode for __all__ | | has_defined_all | __file__ | has_defined_all.py:9:6:9:13 | ControlFlowNode for __file__ | -| has_defined_all | __name__ | has_defined_all.py:0:0:0:0 | GSSA Variable __name__ | -| has_defined_all | __package__ | has_defined_all.py:0:0:0:0 | GSSA Variable __package__ | -| has_defined_all | all_defined_bar | has_defined_all.py:5:1:5:15 | GSSA Variable all_defined_bar | -| has_defined_all | all_defined_foo | has_defined_all.py:4:1:4:15 | GSSA Variable all_defined_foo | +| has_defined_all | __name__ | has_defined_all.py:0:0:0:0 | Entry node for Module has_defined_all | +| has_defined_all | __package__ | has_defined_all.py:0:0:0:0 | Entry node for Module has_defined_all | +| has_defined_all | all_defined_bar | has_defined_all.py:5:1:5:15 | ControlFlowNode for all_defined_bar | +| has_defined_all | all_defined_foo | has_defined_all.py:4:1:4:15 | ControlFlowNode for all_defined_foo | | has_defined_all | enter | has_defined_all.py:2:1:2:5 | ControlFlowNode for enter | | has_defined_all | exit | has_defined_all.py:9:1:9:4 | ControlFlowNode for exit | -| has_defined_all_copy | __all__ | has_defined_all_copy.py:9:1:9:7 | GSSA Variable __all__ | +| has_defined_all_copy | __all__ | has_defined_all_copy.py:9:1:9:7 | ControlFlowNode for __all__ | | has_defined_all_copy | __file__ | has_defined_all_copy.py:11:6:11:13 | ControlFlowNode for __file__ | -| has_defined_all_copy | __name__ | has_defined_all_copy.py:0:0:0:0 | GSSA Variable __name__ | -| has_defined_all_copy | __package__ | has_defined_all_copy.py:0:0:0:0 | GSSA Variable __package__ | -| has_defined_all_copy | all_defined_bar_copy | has_defined_all_copy.py:7:1:7:20 | GSSA Variable all_defined_bar_copy | -| has_defined_all_copy | all_defined_foo_copy | has_defined_all_copy.py:6:1:6:20 | GSSA Variable all_defined_foo_copy | +| has_defined_all_copy | __name__ | has_defined_all_copy.py:0:0:0:0 | Entry node for Module has_defined_all_copy | +| has_defined_all_copy | __package__ | has_defined_all_copy.py:0:0:0:0 | Entry node for Module has_defined_all_copy | +| has_defined_all_copy | all_defined_bar_copy | has_defined_all_copy.py:7:1:7:20 | ControlFlowNode for all_defined_bar_copy | +| has_defined_all_copy | all_defined_foo_copy | has_defined_all_copy.py:6:1:6:20 | ControlFlowNode for all_defined_foo_copy | | has_defined_all_copy | enter | has_defined_all_copy.py:4:1:4:5 | ControlFlowNode for enter | | has_defined_all_copy | exit | has_defined_all_copy.py:11:1:11:4 | ControlFlowNode for exit | | has_defined_all_indirection | __file__ | has_defined_all_indirection.py:6:6:6:13 | ControlFlowNode for __file__ | -| has_defined_all_indirection | __name__ | has_defined_all_indirection.py:0:0:0:0 | GSSA Variable __name__ | -| has_defined_all_indirection | __package__ | has_defined_all_indirection.py:0:0:0:0 | GSSA Variable __package__ | -| has_defined_all_indirection | all_defined_foo_copy | has_defined_all_copy.py:6:1:6:20 | GSSA Variable all_defined_foo_copy | +| has_defined_all_indirection | __name__ | has_defined_all_indirection.py:0:0:0:0 | Entry node for Module has_defined_all_indirection | +| has_defined_all_indirection | __package__ | has_defined_all_indirection.py:0:0:0:0 | Entry node for Module has_defined_all_indirection | +| has_defined_all_indirection | all_defined_foo_copy | has_defined_all_copy.py:6:1:6:20 | ControlFlowNode for all_defined_foo_copy | | has_defined_all_indirection | enter | has_defined_all_indirection.py:2:1:2:5 | ControlFlowNode for enter | | has_defined_all_indirection | exit | has_defined_all_indirection.py:6:1:6:4 | ControlFlowNode for exit | | if_then_else | __file__ | if_then_else.py:16:6:16:13 | ControlFlowNode for __file__ | -| if_then_else | __name__ | if_then_else.py:0:0:0:0 | GSSA Variable __name__ | -| if_then_else | __package__ | if_then_else.py:0:0:0:0 | GSSA Variable __package__ | +| if_then_else | __name__ | if_then_else.py:0:0:0:0 | Entry node for Module if_then_else | +| if_then_else | __package__ | if_then_else.py:0:0:0:0 | Entry node for Module if_then_else | | if_then_else | enter | if_then_else.py:2:1:2:5 | ControlFlowNode for enter | | if_then_else | eval | if_then_else.py:11:8:11:11 | ControlFlowNode for eval | | if_then_else | exit | if_then_else.py:16:1:16:4 | ControlFlowNode for exit | -| if_then_else | if_then_else_defined | if_then_else.py:7:5:7:24 | GSSA Variable if_then_else_defined | -| if_then_else | if_then_else_defined | if_then_else.py:12:9:12:28 | GSSA Variable if_then_else_defined | -| if_then_else | if_then_else_defined | if_then_else.py:14:9:14:28 | GSSA Variable if_then_else_defined | +| if_then_else | if_then_else_defined | if_then_else.py:7:5:7:24 | ControlFlowNode for if_then_else_defined | +| if_then_else | if_then_else_defined | if_then_else.py:12:9:12:28 | ControlFlowNode for if_then_else_defined | +| if_then_else | if_then_else_defined | if_then_else.py:14:9:14:28 | ControlFlowNode for if_then_else_defined | | if_then_else_refined | SOURCE | if_then_else_refined.py:11:11:11:16 | ControlFlowNode for SOURCE | | if_then_else_refined | SOURCE | if_then_else_refined.py:13:11:13:16 | ControlFlowNode for SOURCE | | if_then_else_refined | __file__ | if_then_else_refined.py:19:6:19:13 | ControlFlowNode for __file__ | -| if_then_else_refined | __name__ | if_then_else_refined.py:0:0:0:0 | GSSA Variable __name__ | -| if_then_else_refined | __package__ | if_then_else_refined.py:0:0:0:0 | GSSA Variable __package__ | +| if_then_else_refined | __name__ | if_then_else_refined.py:0:0:0:0 | Entry node for Module if_then_else_refined | +| if_then_else_refined | __package__ | if_then_else_refined.py:0:0:0:0 | Entry node for Module if_then_else_refined | | if_then_else_refined | check | if_then_else_refined.py:17:1:17:5 | ControlFlowNode for check | | if_then_else_refined | enter | if_then_else_refined.py:4:1:4:5 | ControlFlowNode for enter | | if_then_else_refined | eval | if_then_else_refined.py:10:4:10:7 | ControlFlowNode for eval | @@ -104,21 +104,21 @@ | if_then_else_refined | globals | if_then_else_refined.py:17:24:17:30 | ControlFlowNode for globals | | if_then_else_refined | src | if_then_else_refined.py:17:19:17:21 | ControlFlowNode for src | | package.__init__ | __file__ | package/__init__.py:7:6:7:13 | ControlFlowNode for __file__ | -| package.__init__ | __name__ | package/__init__.py:0:0:0:0 | GSSA Variable __name__ | -| package.__init__ | __package__ | package/__init__.py:0:0:0:0 | GSSA Variable __package__ | -| package.__init__ | attr_used_in_subpackage | package/__init__.py:4:1:4:23 | GSSA Variable attr_used_in_subpackage | +| package.__init__ | __name__ | package/__init__.py:0:0:0:0 | Entry node for Module package.__init__ | +| package.__init__ | __package__ | package/__init__.py:0:0:0:0 | Entry node for Module package.__init__ | +| package.__init__ | attr_used_in_subpackage | package/__init__.py:4:1:4:23 | ControlFlowNode for attr_used_in_subpackage | | package.__init__ | enter | package/__init__.py:2:1:2:5 | ControlFlowNode for enter | | package.__init__ | exit | package/__init__.py:7:1:7:4 | ControlFlowNode for exit | -| package.__init__ | package_attr | package/__init__.py:5:1:5:12 | GSSA Variable package_attr | +| package.__init__ | package_attr | package/__init__.py:5:1:5:12 | ControlFlowNode for package_attr | | package.subpackage2.__init__ | __file__ | package/subpackage2/__init__.py:6:6:6:13 | ControlFlowNode for __file__ | -| package.subpackage2.__init__ | __name__ | package/subpackage2/__init__.py:0:0:0:0 | GSSA Variable __name__ | -| package.subpackage2.__init__ | __package__ | package/subpackage2/__init__.py:0:0:0:0 | GSSA Variable __package__ | +| package.subpackage2.__init__ | __name__ | package/subpackage2/__init__.py:0:0:0:0 | Entry node for Module package.subpackage2.__init__ | +| package.subpackage2.__init__ | __package__ | package/subpackage2/__init__.py:0:0:0:0 | Entry node for Module package.subpackage2.__init__ | | package.subpackage2.__init__ | enter | package/subpackage2/__init__.py:2:1:2:5 | ControlFlowNode for enter | | package.subpackage2.__init__ | exit | package/subpackage2/__init__.py:6:1:6:4 | ControlFlowNode for exit | -| package.subpackage2.__init__ | subpackage2_attr | package/subpackage2/__init__.py:4:1:4:16 | GSSA Variable subpackage2_attr | +| package.subpackage2.__init__ | subpackage2_attr | package/subpackage2/__init__.py:4:1:4:16 | ControlFlowNode for subpackage2_attr | | package.subpackage.__init__ | __file__ | package/subpackage/__init__.py:14:6:14:13 | ControlFlowNode for __file__ | -| package.subpackage.__init__ | __name__ | package/subpackage/__init__.py:0:0:0:0 | GSSA Variable __name__ | -| package.subpackage.__init__ | __package__ | package/subpackage/__init__.py:0:0:0:0 | GSSA Variable __package__ | +| package.subpackage.__init__ | __name__ | package/subpackage/__init__.py:0:0:0:0 | Entry node for Module package.subpackage.__init__ | +| package.subpackage.__init__ | __package__ | package/subpackage/__init__.py:0:0:0:0 | Entry node for Module package.subpackage.__init__ | | package.subpackage.__init__ | check | package/subpackage/__init__.py:12:1:12:5 | ControlFlowNode for check | | package.subpackage.__init__ | enter | package/subpackage/__init__.py:2:1:2:5 | ControlFlowNode for enter | | package.subpackage.__init__ | exit | package/subpackage/__init__.py:14:1:14:4 | ControlFlowNode for exit | @@ -126,31 +126,31 @@ | package.subpackage.__init__ | imported_attr | package/subpackage/__init__.py:7:16:7:55 | ControlFlowNode for ImportMember | | package.subpackage.__init__ | imported_attr | package/subpackage/__init__.py:8:24:8:36 | ControlFlowNode for imported_attr | | package.subpackage.__init__ | irrelevant_attr | package/subpackage/__init__.py:11:24:11:38 | ControlFlowNode for ImportMember | -| package.subpackage.__init__ | irrelevant_attr | package/subpackage/__init__.py:11:24:11:38 | GSSA Variable irrelevant_attr | +| package.subpackage.__init__ | irrelevant_attr | package/subpackage/__init__.py:11:24:11:38 | ControlFlowNode for irrelevant_attr | | package.subpackage.__init__ | submodule | package/subpackage/__init__.py:12:35:12:43 | ControlFlowNode for submodule | -| package.subpackage.__init__ | subpackage_attr | package/subpackage/__init__.py:4:1:4:15 | GSSA Variable subpackage_attr | +| package.subpackage.__init__ | subpackage_attr | package/subpackage/__init__.py:4:1:4:15 | ControlFlowNode for subpackage_attr | | package.subpackage.submodule | __file__ | package/subpackage/submodule.py:7:6:7:13 | ControlFlowNode for __file__ | -| package.subpackage.submodule | __name__ | package/subpackage/submodule.py:0:0:0:0 | GSSA Variable __name__ | -| package.subpackage.submodule | __package__ | package/subpackage/submodule.py:0:0:0:0 | GSSA Variable __package__ | +| package.subpackage.submodule | __name__ | package/subpackage/submodule.py:0:0:0:0 | Entry node for Module package.subpackage.submodule | +| package.subpackage.submodule | __package__ | package/subpackage/submodule.py:0:0:0:0 | Entry node for Module package.subpackage.submodule | | package.subpackage.submodule | enter | package/subpackage/submodule.py:2:1:2:5 | ControlFlowNode for enter | | package.subpackage.submodule | exit | package/subpackage/submodule.py:7:1:7:4 | ControlFlowNode for exit | -| package.subpackage.submodule | irrelevant_attr | package/subpackage/submodule.py:5:1:5:15 | GSSA Variable irrelevant_attr | -| package.subpackage.submodule | submodule_attr | package/subpackage/submodule.py:4:1:4:14 | GSSA Variable submodule_attr | +| package.subpackage.submodule | irrelevant_attr | package/subpackage/submodule.py:5:1:5:15 | ControlFlowNode for irrelevant_attr | +| package.subpackage.submodule | submodule_attr | package/subpackage/submodule.py:4:1:4:14 | ControlFlowNode for submodule_attr | | refined | SOURCE | refined.py:12:25:12:30 | ControlFlowNode for SOURCE | | refined | __file__ | refined.py:14:6:14:13 | ControlFlowNode for __file__ | -| refined | __name__ | refined.py:0:0:0:0 | GSSA Variable __name__ | -| refined | __package__ | refined.py:0:0:0:0 | GSSA Variable __package__ | +| refined | __name__ | refined.py:0:0:0:0 | Entry node for Module refined | +| refined | __package__ | refined.py:0:0:0:0 | Entry node for Module refined | | refined | check | refined.py:12:1:12:5 | ControlFlowNode for check | | refined | enter | refined.py:2:1:2:5 | ControlFlowNode for enter | | refined | exit | refined.py:14:1:14:4 | ControlFlowNode for exit | | refined | globals | refined.py:12:33:12:39 | ControlFlowNode for globals | | refined | object | refined.py:4:14:4:19 | ControlFlowNode for object | | simplistic_reexport | __file__ | simplistic_reexport.py:19:6:19:13 | ControlFlowNode for __file__ | -| simplistic_reexport | __name__ | simplistic_reexport.py:0:0:0:0 | GSSA Variable __name__ | -| simplistic_reexport | __package__ | simplistic_reexport.py:0:0:0:0 | GSSA Variable __package__ | +| simplistic_reexport | __name__ | simplistic_reexport.py:0:0:0:0 | Entry node for Module simplistic_reexport | +| simplistic_reexport | __package__ | simplistic_reexport.py:0:0:0:0 | Entry node for Module simplistic_reexport | | simplistic_reexport | bar_attr | simplistic_reexport.py:6:17:6:24 | ControlFlowNode for ImportMember | | simplistic_reexport | bar_attr | simplistic_reexport.py:10:19:10:26 | ControlFlowNode for bar_attr | -| simplistic_reexport | baz_attr | baz.py:4:1:4:8 | GSSA Variable baz_attr | +| simplistic_reexport | baz_attr | baz.py:4:1:4:8 | ControlFlowNode for baz_attr | | simplistic_reexport | baz_attr | simplistic_reexport.py:17:19:17:26 | ControlFlowNode for baz_attr | | simplistic_reexport | check | simplistic_reexport.py:17:1:17:5 | ControlFlowNode for check | | simplistic_reexport | enter | baz.py:2:1:2:5 | ControlFlowNode for enter | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected b/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected index 75e8b40b929..d785d0e5460 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected @@ -1,199 +1,199 @@ edges -| TarSlipImprov.py:15:1:15:3 | GSSA Variable tar | TarSlipImprov.py:17:5:17:10 | GSSA Variable member | -| TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:15:1:15:3 | GSSA Variable tar | -| TarSlipImprov.py:17:5:17:10 | GSSA Variable member | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | +| TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member | +| TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | +| TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | -| TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | TarSlipImprov.py:28:9:28:14 | SSA variable member | -| TarSlipImprov.py:28:9:28:14 | SSA variable member | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | +| TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | +| TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result | | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | -| TarSlipImprov.py:38:1:38:3 | GSSA Variable tar | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | -| TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:38:1:38:3 | GSSA Variable tar | +| TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | +| TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | -| TarSlipImprov.py:43:6:43:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:43:43:43:45 | GSSA Variable tar | -| TarSlipImprov.py:43:43:43:45 | GSSA Variable tar | TarSlipImprov.py:44:9:44:13 | GSSA Variable entry | -| TarSlipImprov.py:44:9:44:13 | GSSA Variable entry | TarSlipImprov.py:47:21:47:25 | ControlFlowNode for entry | -| TarSlipImprov.py:54:6:54:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:54:43:54:45 | GSSA Variable tar | -| TarSlipImprov.py:54:43:54:45 | GSSA Variable tar | TarSlipImprov.py:56:9:56:13 | GSSA Variable entry | -| TarSlipImprov.py:56:9:56:13 | GSSA Variable entry | TarSlipImprov.py:58:21:58:25 | ControlFlowNode for entry | -| TarSlipImprov.py:88:6:88:43 | ControlFlowNode for Attribute() | TarSlipImprov.py:88:48:88:50 | GSSA Variable tar | -| TarSlipImprov.py:88:48:88:50 | GSSA Variable tar | TarSlipImprov.py:91:5:91:7 | ControlFlowNode for tar | -| TarSlipImprov.py:111:1:111:3 | GSSA Variable tar | TarSlipImprov.py:115:9:115:11 | ControlFlowNode for tar | -| TarSlipImprov.py:111:7:111:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:111:1:111:3 | GSSA Variable tar | -| TarSlipImprov.py:123:6:123:29 | ControlFlowNode for Attribute() | TarSlipImprov.py:123:34:123:36 | GSSA Variable tar | -| TarSlipImprov.py:123:34:123:36 | GSSA Variable tar | TarSlipImprov.py:124:9:124:13 | GSSA Variable entry | -| TarSlipImprov.py:124:9:124:13 | GSSA Variable entry | TarSlipImprov.py:125:36:125:40 | ControlFlowNode for entry | -| TarSlipImprov.py:129:6:129:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:129:31:129:33 | GSSA Variable tar | -| TarSlipImprov.py:129:31:129:33 | GSSA Variable tar | TarSlipImprov.py:130:5:130:7 | ControlFlowNode for tar | -| TarSlipImprov.py:133:1:133:3 | GSSA Variable tar | TarSlipImprov.py:134:1:134:3 | ControlFlowNode for tar | -| TarSlipImprov.py:133:7:133:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:133:1:133:3 | GSSA Variable tar | -| TarSlipImprov.py:141:6:141:29 | ControlFlowNode for Attribute() | TarSlipImprov.py:141:34:141:36 | GSSA Variable tar | -| TarSlipImprov.py:141:34:141:36 | GSSA Variable tar | TarSlipImprov.py:142:9:142:13 | GSSA Variable entry | -| TarSlipImprov.py:142:9:142:13 | GSSA Variable entry | TarSlipImprov.py:143:36:143:40 | ControlFlowNode for entry | -| TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | TarSlipImprov.py:151:55:151:56 | SSA variable tf | +| TarSlipImprov.py:43:6:43:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:43:43:43:45 | ControlFlowNode for tar | +| TarSlipImprov.py:43:43:43:45 | ControlFlowNode for tar | TarSlipImprov.py:44:9:44:13 | ControlFlowNode for entry | +| TarSlipImprov.py:44:9:44:13 | ControlFlowNode for entry | TarSlipImprov.py:47:21:47:25 | ControlFlowNode for entry | +| TarSlipImprov.py:54:6:54:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:54:43:54:45 | ControlFlowNode for tar | +| TarSlipImprov.py:54:43:54:45 | ControlFlowNode for tar | TarSlipImprov.py:56:9:56:13 | ControlFlowNode for entry | +| TarSlipImprov.py:56:9:56:13 | ControlFlowNode for entry | TarSlipImprov.py:58:21:58:25 | ControlFlowNode for entry | +| TarSlipImprov.py:88:6:88:43 | ControlFlowNode for Attribute() | TarSlipImprov.py:88:48:88:50 | ControlFlowNode for tar | +| TarSlipImprov.py:88:48:88:50 | ControlFlowNode for tar | TarSlipImprov.py:91:5:91:7 | ControlFlowNode for tar | +| TarSlipImprov.py:111:1:111:3 | ControlFlowNode for tar | TarSlipImprov.py:115:9:115:11 | ControlFlowNode for tar | +| TarSlipImprov.py:111:7:111:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:111:1:111:3 | ControlFlowNode for tar | +| TarSlipImprov.py:123:6:123:29 | ControlFlowNode for Attribute() | TarSlipImprov.py:123:34:123:36 | ControlFlowNode for tar | +| TarSlipImprov.py:123:34:123:36 | ControlFlowNode for tar | TarSlipImprov.py:124:9:124:13 | ControlFlowNode for entry | +| TarSlipImprov.py:124:9:124:13 | ControlFlowNode for entry | TarSlipImprov.py:125:36:125:40 | ControlFlowNode for entry | +| TarSlipImprov.py:129:6:129:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:129:31:129:33 | ControlFlowNode for tar | +| TarSlipImprov.py:129:31:129:33 | ControlFlowNode for tar | TarSlipImprov.py:130:5:130:7 | ControlFlowNode for tar | +| TarSlipImprov.py:133:1:133:3 | ControlFlowNode for tar | TarSlipImprov.py:134:1:134:3 | ControlFlowNode for tar | +| TarSlipImprov.py:133:7:133:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:133:1:133:3 | ControlFlowNode for tar | +| TarSlipImprov.py:141:6:141:29 | ControlFlowNode for Attribute() | TarSlipImprov.py:141:34:141:36 | ControlFlowNode for tar | +| TarSlipImprov.py:141:34:141:36 | ControlFlowNode for tar | TarSlipImprov.py:142:9:142:13 | ControlFlowNode for entry | +| TarSlipImprov.py:142:9:142:13 | ControlFlowNode for entry | TarSlipImprov.py:143:36:143:40 | ControlFlowNode for entry | +| TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | | TarSlipImprov.py:151:22:151:49 | ControlFlowNode for Attribute() | TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | -| TarSlipImprov.py:151:55:151:56 | SSA variable tf | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | +| TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | -| TarSlipImprov.py:157:9:157:14 | SSA variable tar_cm | TarSlipImprov.py:162:20:162:23 | SSA variable tarc | -| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | TarSlipImprov.py:157:9:157:14 | SSA variable tar_cm | -| TarSlipImprov.py:159:9:159:14 | SSA variable tar_cm | TarSlipImprov.py:162:20:162:23 | SSA variable tarc | -| TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | TarSlipImprov.py:159:9:159:14 | SSA variable tar_cm | +| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | +| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | +| TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | +| TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | | TarSlipImprov.py:159:26:159:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | -| TarSlipImprov.py:162:20:162:23 | SSA variable tarc | TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc | -| TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:176:36:176:38 | GSSA Variable tar | -| TarSlipImprov.py:176:36:176:38 | GSSA Variable tar | TarSlipImprov.py:177:9:177:13 | GSSA Variable entry | -| TarSlipImprov.py:177:9:177:13 | GSSA Variable entry | TarSlipImprov.py:178:36:178:40 | ControlFlowNode for entry | -| TarSlipImprov.py:182:6:182:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:182:36:182:38 | GSSA Variable tar | -| TarSlipImprov.py:182:36:182:38 | GSSA Variable tar | TarSlipImprov.py:183:9:183:13 | GSSA Variable entry | -| TarSlipImprov.py:183:9:183:13 | GSSA Variable entry | TarSlipImprov.py:184:21:184:25 | ControlFlowNode for entry | -| TarSlipImprov.py:188:1:188:3 | GSSA Variable tar | TarSlipImprov.py:189:1:189:3 | ControlFlowNode for tar | -| TarSlipImprov.py:188:7:188:27 | ControlFlowNode for Attribute() | TarSlipImprov.py:188:1:188:3 | GSSA Variable tar | -| TarSlipImprov.py:193:6:193:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:193:36:193:38 | GSSA Variable tar | -| TarSlipImprov.py:193:36:193:38 | GSSA Variable tar | TarSlipImprov.py:194:49:194:51 | ControlFlowNode for tar | -| TarSlipImprov.py:210:6:210:43 | ControlFlowNode for Attribute() | TarSlipImprov.py:210:48:210:50 | GSSA Variable tar | -| TarSlipImprov.py:210:48:210:50 | GSSA Variable tar | TarSlipImprov.py:211:5:211:7 | ControlFlowNode for tar | -| TarSlipImprov.py:231:6:231:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:231:43:231:52 | GSSA Variable corpus_tar | -| TarSlipImprov.py:231:43:231:52 | GSSA Variable corpus_tar | TarSlipImprov.py:233:9:233:9 | GSSA Variable f | -| TarSlipImprov.py:233:9:233:9 | GSSA Variable f | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | +| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc | +| TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | +| TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry | +| TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry | TarSlipImprov.py:178:36:178:40 | ControlFlowNode for entry | +| TarSlipImprov.py:182:6:182:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:182:36:182:38 | ControlFlowNode for tar | +| TarSlipImprov.py:182:36:182:38 | ControlFlowNode for tar | TarSlipImprov.py:183:9:183:13 | ControlFlowNode for entry | +| TarSlipImprov.py:183:9:183:13 | ControlFlowNode for entry | TarSlipImprov.py:184:21:184:25 | ControlFlowNode for entry | +| TarSlipImprov.py:188:1:188:3 | ControlFlowNode for tar | TarSlipImprov.py:189:1:189:3 | ControlFlowNode for tar | +| TarSlipImprov.py:188:7:188:27 | ControlFlowNode for Attribute() | TarSlipImprov.py:188:1:188:3 | ControlFlowNode for tar | +| TarSlipImprov.py:193:6:193:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:193:36:193:38 | ControlFlowNode for tar | +| TarSlipImprov.py:193:36:193:38 | ControlFlowNode for tar | TarSlipImprov.py:194:49:194:51 | ControlFlowNode for tar | +| TarSlipImprov.py:210:6:210:43 | ControlFlowNode for Attribute() | TarSlipImprov.py:210:48:210:50 | ControlFlowNode for tar | +| TarSlipImprov.py:210:48:210:50 | ControlFlowNode for tar | TarSlipImprov.py:211:5:211:7 | ControlFlowNode for tar | +| TarSlipImprov.py:231:6:231:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar | +| TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar | TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | +| TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | TarSlipImprov.py:236:44:236:50 | ControlFlowNode for members | | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | -| TarSlipImprov.py:258:6:258:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:258:31:258:33 | GSSA Variable tar | -| TarSlipImprov.py:258:31:258:33 | GSSA Variable tar | TarSlipImprov.py:259:9:259:13 | GSSA Variable entry | -| TarSlipImprov.py:259:9:259:13 | GSSA Variable entry | TarSlipImprov.py:261:25:261:29 | ControlFlowNode for entry | -| TarSlipImprov.py:264:6:264:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:264:43:264:45 | GSSA Variable tar | -| TarSlipImprov.py:264:43:264:45 | GSSA Variable tar | TarSlipImprov.py:265:9:265:13 | GSSA Variable entry | -| TarSlipImprov.py:265:9:265:13 | GSSA Variable entry | TarSlipImprov.py:268:21:268:25 | ControlFlowNode for entry | -| TarSlipImprov.py:271:6:271:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:271:44:271:46 | GSSA Variable tar | -| TarSlipImprov.py:271:44:271:46 | GSSA Variable tar | TarSlipImprov.py:272:9:272:13 | GSSA Variable entry | -| TarSlipImprov.py:272:9:272:13 | GSSA Variable entry | TarSlipImprov.py:274:25:274:29 | ControlFlowNode for entry | -| TarSlipImprov.py:276:6:276:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:276:43:276:45 | GSSA Variable tar | -| TarSlipImprov.py:276:43:276:45 | GSSA Variable tar | TarSlipImprov.py:277:9:277:13 | GSSA Variable entry | -| TarSlipImprov.py:277:9:277:13 | GSSA Variable entry | TarSlipImprov.py:280:21:280:25 | ControlFlowNode for entry | -| TarSlipImprov.py:283:6:283:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:283:56:283:58 | GSSA Variable tar | -| TarSlipImprov.py:283:56:283:58 | GSSA Variable tar | TarSlipImprov.py:284:5:284:7 | ControlFlowNode for tar | -| TarSlipImprov.py:287:1:287:3 | GSSA Variable tar | TarSlipImprov.py:288:49:288:51 | ControlFlowNode for tar | -| TarSlipImprov.py:287:7:287:28 | ControlFlowNode for Attribute() | TarSlipImprov.py:287:1:287:3 | GSSA Variable tar | -| TarSlipImprov.py:292:1:292:3 | GSSA Variable tar | TarSlipImprov.py:293:1:293:3 | ControlFlowNode for tar | -| TarSlipImprov.py:292:7:292:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:292:1:292:3 | GSSA Variable tar | -| TarSlipImprov.py:300:6:300:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:300:56:300:58 | GSSA Variable tar | -| TarSlipImprov.py:300:56:300:58 | GSSA Variable tar | TarSlipImprov.py:301:49:301:51 | ControlFlowNode for tar | -| TarSlipImprov.py:304:1:304:3 | GSSA Variable tar | TarSlipImprov.py:306:5:306:10 | GSSA Variable member | -| TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:304:1:304:3 | GSSA Variable tar | -| TarSlipImprov.py:306:5:306:10 | GSSA Variable member | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | +| TarSlipImprov.py:258:6:258:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | +| TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | +| TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | TarSlipImprov.py:261:25:261:29 | ControlFlowNode for entry | +| TarSlipImprov.py:264:6:264:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:264:43:264:45 | ControlFlowNode for tar | +| TarSlipImprov.py:264:43:264:45 | ControlFlowNode for tar | TarSlipImprov.py:265:9:265:13 | ControlFlowNode for entry | +| TarSlipImprov.py:265:9:265:13 | ControlFlowNode for entry | TarSlipImprov.py:268:21:268:25 | ControlFlowNode for entry | +| TarSlipImprov.py:271:6:271:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:271:44:271:46 | ControlFlowNode for tar | +| TarSlipImprov.py:271:44:271:46 | ControlFlowNode for tar | TarSlipImprov.py:272:9:272:13 | ControlFlowNode for entry | +| TarSlipImprov.py:272:9:272:13 | ControlFlowNode for entry | TarSlipImprov.py:274:25:274:29 | ControlFlowNode for entry | +| TarSlipImprov.py:276:6:276:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:276:43:276:45 | ControlFlowNode for tar | +| TarSlipImprov.py:276:43:276:45 | ControlFlowNode for tar | TarSlipImprov.py:277:9:277:13 | ControlFlowNode for entry | +| TarSlipImprov.py:277:9:277:13 | ControlFlowNode for entry | TarSlipImprov.py:280:21:280:25 | ControlFlowNode for entry | +| TarSlipImprov.py:283:6:283:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:283:56:283:58 | ControlFlowNode for tar | +| TarSlipImprov.py:283:56:283:58 | ControlFlowNode for tar | TarSlipImprov.py:284:5:284:7 | ControlFlowNode for tar | +| TarSlipImprov.py:287:1:287:3 | ControlFlowNode for tar | TarSlipImprov.py:288:49:288:51 | ControlFlowNode for tar | +| TarSlipImprov.py:287:7:287:28 | ControlFlowNode for Attribute() | TarSlipImprov.py:287:1:287:3 | ControlFlowNode for tar | +| TarSlipImprov.py:292:1:292:3 | ControlFlowNode for tar | TarSlipImprov.py:293:1:293:3 | ControlFlowNode for tar | +| TarSlipImprov.py:292:7:292:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:292:1:292:3 | ControlFlowNode for tar | +| TarSlipImprov.py:300:6:300:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:300:56:300:58 | ControlFlowNode for tar | +| TarSlipImprov.py:300:56:300:58 | ControlFlowNode for tar | TarSlipImprov.py:301:49:301:51 | ControlFlowNode for tar | +| TarSlipImprov.py:304:1:304:3 | ControlFlowNode for tar | TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member | +| TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:304:1:304:3 | ControlFlowNode for tar | +| TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | TarSlipImprov.py:310:49:310:54 | ControlFlowNode for result | | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | nodes -| TarSlipImprov.py:15:1:15:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:17:5:17:10 | GSSA Variable member | semmle.label | GSSA Variable member | +| TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member | semmle.label | ControlFlowNode for member | | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result | | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | semmle.label | ControlFlowNode for member | | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | semmle.label | ControlFlowNode for result | | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | semmle.label | ControlFlowNode for tarfile | -| TarSlipImprov.py:28:9:28:14 | SSA variable member | semmle.label | SSA variable member | +| TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | semmle.label | ControlFlowNode for member | | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result | | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | semmle.label | ControlFlowNode for member | | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result | semmle.label | ControlFlowNode for result | -| TarSlipImprov.py:38:1:38:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | semmle.label | ControlFlowNode for members_filter1() | | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:43:6:43:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:43:43:43:45 | GSSA Variable tar | semmle.label | GSSA Variable tar | -| TarSlipImprov.py:44:9:44:13 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| TarSlipImprov.py:43:43:43:45 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | +| TarSlipImprov.py:44:9:44:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:47:21:47:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:54:6:54:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:54:43:54:45 | GSSA Variable tar | semmle.label | GSSA Variable tar | -| TarSlipImprov.py:56:9:56:13 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| TarSlipImprov.py:54:43:54:45 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | +| TarSlipImprov.py:56:9:56:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:58:21:58:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:88:6:88:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:88:48:88:50 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:88:48:88:50 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:91:5:91:7 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | -| TarSlipImprov.py:111:1:111:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:111:1:111:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:111:7:111:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | TarSlipImprov.py:115:9:115:11 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:123:6:123:29 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:123:34:123:36 | GSSA Variable tar | semmle.label | GSSA Variable tar | -| TarSlipImprov.py:124:9:124:13 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| TarSlipImprov.py:123:34:123:36 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | +| TarSlipImprov.py:124:9:124:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:125:36:125:40 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:129:6:129:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:129:31:129:33 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:129:31:129:33 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:130:5:130:7 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | -| TarSlipImprov.py:133:1:133:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:133:1:133:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:133:7:133:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | TarSlipImprov.py:134:1:134:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:141:6:141:29 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:141:34:141:36 | GSSA Variable tar | semmle.label | GSSA Variable tar | -| TarSlipImprov.py:142:9:142:13 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| TarSlipImprov.py:141:34:141:36 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | +| TarSlipImprov.py:142:9:142:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:143:36:143:40 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | semmle.label | ControlFlowNode for closing() | | TarSlipImprov.py:151:22:151:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:151:55:151:56 | SSA variable tf | semmle.label | SSA variable tf | +| TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | semmle.label | ControlFlowNode for tf | | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | semmle.label | ControlFlowNode for tf | -| TarSlipImprov.py:157:9:157:14 | SSA variable tar_cm | semmle.label | SSA variable tar_cm | +| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | semmle.label | ControlFlowNode for tar_cm | | TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | semmle.label | ControlFlowNode for py2_tarxz() | -| TarSlipImprov.py:159:9:159:14 | SSA variable tar_cm | semmle.label | SSA variable tar_cm | +| TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | semmle.label | ControlFlowNode for tar_cm | | TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | semmle.label | ControlFlowNode for closing() | | TarSlipImprov.py:159:26:159:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:162:20:162:23 | SSA variable tarc | semmle.label | SSA variable tarc | +| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | semmle.label | ControlFlowNode for tarc | | TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc | semmle.label | ControlFlowNode for tarc | | TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:176:36:176:38 | GSSA Variable tar | semmle.label | GSSA Variable tar | -| TarSlipImprov.py:177:9:177:13 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | +| TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:178:36:178:40 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:182:6:182:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:182:36:182:38 | GSSA Variable tar | semmle.label | GSSA Variable tar | -| TarSlipImprov.py:183:9:183:13 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| TarSlipImprov.py:182:36:182:38 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | +| TarSlipImprov.py:183:9:183:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:184:21:184:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | -| TarSlipImprov.py:188:1:188:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:188:1:188:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:188:7:188:27 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | TarSlipImprov.py:189:1:189:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:193:6:193:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:193:36:193:38 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:193:36:193:38 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:194:49:194:51 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:210:6:210:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:210:48:210:50 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:210:48:210:50 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:211:5:211:7 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:231:6:231:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:231:43:231:52 | GSSA Variable corpus_tar | semmle.label | GSSA Variable corpus_tar | -| TarSlipImprov.py:233:9:233:9 | GSSA Variable f | semmle.label | GSSA Variable f | +| TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar | semmle.label | ControlFlowNode for corpus_tar | +| TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | semmle.label | ControlFlowNode for f | | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | semmle.label | [post] ControlFlowNode for members | | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | semmle.label | ControlFlowNode for f | | TarSlipImprov.py:236:44:236:50 | ControlFlowNode for members | semmle.label | ControlFlowNode for members | | TarSlipImprov.py:254:1:254:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | TarSlipImprov.py:258:6:258:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:258:31:258:33 | GSSA Variable tar | semmle.label | GSSA Variable tar | -| TarSlipImprov.py:259:9:259:13 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | +| TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:261:25:261:29 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:264:6:264:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:264:43:264:45 | GSSA Variable tar | semmle.label | GSSA Variable tar | -| TarSlipImprov.py:265:9:265:13 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| TarSlipImprov.py:264:43:264:45 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | +| TarSlipImprov.py:265:9:265:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:268:21:268:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:271:6:271:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:271:44:271:46 | GSSA Variable tar | semmle.label | GSSA Variable tar | -| TarSlipImprov.py:272:9:272:13 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| TarSlipImprov.py:271:44:271:46 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | +| TarSlipImprov.py:272:9:272:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:274:25:274:29 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:276:6:276:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:276:43:276:45 | GSSA Variable tar | semmle.label | GSSA Variable tar | -| TarSlipImprov.py:277:9:277:13 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| TarSlipImprov.py:276:43:276:45 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | +| TarSlipImprov.py:277:9:277:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:280:21:280:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | TarSlipImprov.py:283:6:283:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:283:56:283:58 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:283:56:283:58 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:284:5:284:7 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | -| TarSlipImprov.py:287:1:287:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:287:1:287:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:287:7:287:28 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | TarSlipImprov.py:288:49:288:51 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | -| TarSlipImprov.py:292:1:292:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:292:1:292:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:292:7:292:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | TarSlipImprov.py:293:1:293:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:300:6:300:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:300:56:300:58 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:300:56:300:58 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:301:49:301:51 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | -| TarSlipImprov.py:304:1:304:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| TarSlipImprov.py:304:1:304:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| TarSlipImprov.py:306:5:306:10 | GSSA Variable member | semmle.label | GSSA Variable member | +| TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member | semmle.label | ControlFlowNode for member | | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result | | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | semmle.label | ControlFlowNode for member | | TarSlipImprov.py:310:49:310:54 | ControlFlowNode for result | semmle.label | ControlFlowNode for result | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/ZipSlip.expected b/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/ZipSlip.expected index a709b3ba04f..e99928a05b8 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/ZipSlip.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/ZipSlip.expected @@ -1,39 +1,39 @@ edges -| zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | zipslip_bad.py:8:36:8:39 | SSA variable zipf | -| zipslip_bad.py:8:36:8:39 | SSA variable zipf | zipslip_bad.py:10:13:10:17 | SSA variable entry | -| zipslip_bad.py:10:13:10:17 | SSA variable entry | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | -| zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | zipslip_bad.py:14:33:14:36 | SSA variable zipf | -| zipslip_bad.py:14:33:14:36 | SSA variable zipf | zipslip_bad.py:16:13:16:17 | SSA variable entry | -| zipslip_bad.py:16:13:16:17 | SSA variable entry | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | -| zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | zipslip_bad.py:20:32:20:35 | SSA variable zipf | -| zipslip_bad.py:20:32:20:35 | SSA variable zipf | zipslip_bad.py:22:13:22:17 | SSA variable entry | -| zipslip_bad.py:22:13:22:17 | SSA variable entry | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | -| zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | zipslip_bad.py:27:27:27:34 | SSA variable filelist | -| zipslip_bad.py:27:27:27:34 | SSA variable filelist | zipslip_bad.py:29:13:29:13 | SSA variable x | -| zipslip_bad.py:29:13:29:13 | SSA variable x | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | -| zipslip_bad.py:34:5:34:12 | SSA variable filelist | zipslip_bad.py:35:9:35:9 | SSA variable x | -| zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | zipslip_bad.py:34:5:34:12 | SSA variable filelist | -| zipslip_bad.py:35:9:35:9 | SSA variable x | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | +| zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | zipslip_bad.py:8:36:8:39 | ControlFlowNode for zipf | +| zipslip_bad.py:8:36:8:39 | ControlFlowNode for zipf | zipslip_bad.py:10:13:10:17 | ControlFlowNode for entry | +| zipslip_bad.py:10:13:10:17 | ControlFlowNode for entry | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | +| zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | zipslip_bad.py:14:33:14:36 | ControlFlowNode for zipf | +| zipslip_bad.py:14:33:14:36 | ControlFlowNode for zipf | zipslip_bad.py:16:13:16:17 | ControlFlowNode for entry | +| zipslip_bad.py:16:13:16:17 | ControlFlowNode for entry | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | +| zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | zipslip_bad.py:20:32:20:35 | ControlFlowNode for zipf | +| zipslip_bad.py:20:32:20:35 | ControlFlowNode for zipf | zipslip_bad.py:22:13:22:17 | ControlFlowNode for entry | +| zipslip_bad.py:22:13:22:17 | ControlFlowNode for entry | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | +| zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | zipslip_bad.py:27:27:27:34 | ControlFlowNode for filelist | +| zipslip_bad.py:27:27:27:34 | ControlFlowNode for filelist | zipslip_bad.py:29:13:29:13 | ControlFlowNode for x | +| zipslip_bad.py:29:13:29:13 | ControlFlowNode for x | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | +| zipslip_bad.py:34:5:34:12 | ControlFlowNode for filelist | zipslip_bad.py:35:9:35:9 | ControlFlowNode for x | +| zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | zipslip_bad.py:34:5:34:12 | ControlFlowNode for filelist | +| zipslip_bad.py:35:9:35:9 | ControlFlowNode for x | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | nodes | zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| zipslip_bad.py:8:36:8:39 | SSA variable zipf | semmle.label | SSA variable zipf | -| zipslip_bad.py:10:13:10:17 | SSA variable entry | semmle.label | SSA variable entry | +| zipslip_bad.py:8:36:8:39 | ControlFlowNode for zipf | semmle.label | ControlFlowNode for zipf | +| zipslip_bad.py:10:13:10:17 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| zipslip_bad.py:14:33:14:36 | SSA variable zipf | semmle.label | SSA variable zipf | -| zipslip_bad.py:16:13:16:17 | SSA variable entry | semmle.label | SSA variable entry | +| zipslip_bad.py:14:33:14:36 | ControlFlowNode for zipf | semmle.label | ControlFlowNode for zipf | +| zipslip_bad.py:16:13:16:17 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| zipslip_bad.py:20:32:20:35 | SSA variable zipf | semmle.label | SSA variable zipf | -| zipslip_bad.py:22:13:22:17 | SSA variable entry | semmle.label | SSA variable entry | +| zipslip_bad.py:20:32:20:35 | ControlFlowNode for zipf | semmle.label | ControlFlowNode for zipf | +| zipslip_bad.py:22:13:22:17 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| zipslip_bad.py:27:27:27:34 | SSA variable filelist | semmle.label | SSA variable filelist | -| zipslip_bad.py:29:13:29:13 | SSA variable x | semmle.label | SSA variable x | +| zipslip_bad.py:27:27:27:34 | ControlFlowNode for filelist | semmle.label | ControlFlowNode for filelist | +| zipslip_bad.py:29:13:29:13 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | -| zipslip_bad.py:34:5:34:12 | SSA variable filelist | semmle.label | SSA variable filelist | +| zipslip_bad.py:34:5:34:12 | ControlFlowNode for filelist | semmle.label | ControlFlowNode for filelist | | zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| zipslip_bad.py:35:9:35:9 | SSA variable x | semmle.label | SSA variable x | +| zipslip_bad.py:35:9:35:9 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | subpaths #select diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected b/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected index f8921911e4f..742eecdb92e 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected @@ -1,12 +1,12 @@ edges -| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | UnsafeUnpack.py:5:26:5:32 | GSSA Variable request | -| UnsafeUnpack.py:5:26:5:32 | GSSA Variable request | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | -| UnsafeUnpack.py:11:7:11:14 | SSA variable filename | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | +| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | +| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | +| UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:11:7:11:14 | SSA variable filename | -| UnsafeUnpack.py:13:13:13:20 | SSA variable response | UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | -| UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | UnsafeUnpack.py:13:13:13:20 | SSA variable response | +| UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | +| UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | +| UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | UnsafeUnpack.py:19:35:19:41 | ControlFlowNode for tarpath | | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | | UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | @@ -14,65 +14,65 @@ edges | UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | | UnsafeUnpack.py:33:50:33:65 | ControlFlowNode for local_ziped_path | UnsafeUnpack.py:34:23:34:38 | ControlFlowNode for local_ziped_path | | UnsafeUnpack.py:47:20:47:34 | ControlFlowNode for compressed_file | UnsafeUnpack.py:48:23:48:37 | ControlFlowNode for compressed_file | -| UnsafeUnpack.py:51:1:51:15 | GSSA Variable compressed_file | UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file | -| UnsafeUnpack.py:51:19:51:36 | ControlFlowNode for Attribute() | UnsafeUnpack.py:51:1:51:15 | GSSA Variable compressed_file | -| UnsafeUnpack.py:65:1:65:15 | GSSA Variable compressed_file | UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file | -| UnsafeUnpack.py:65:19:65:31 | ControlFlowNode for Attribute | UnsafeUnpack.py:65:1:65:15 | GSSA Variable compressed_file | -| UnsafeUnpack.py:79:1:79:12 | GSSA Variable url_filename | UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:79:1:79:12 | GSSA Variable url_filename | UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | UnsafeUnpack.py:79:1:79:12 | GSSA Variable url_filename | -| UnsafeUnpack.py:81:1:81:8 | GSSA Variable response | UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | -| UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:81:1:81:8 | GSSA Variable response | +| UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file | UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file | +| UnsafeUnpack.py:51:19:51:36 | ControlFlowNode for Attribute() | UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file | +| UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file | UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file | +| UnsafeUnpack.py:65:19:65:31 | ControlFlowNode for Attribute | UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file | +| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | +| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | +| UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | +| UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | +| UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:87:23:87:29 | ControlFlowNode for tarpath | | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | | UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | UnsafeUnpack.py:105:35:105:42 | ControlFlowNode for savepath | -| UnsafeUnpack.py:103:23:103:27 | SSA variable chunk | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | +| UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | | UnsafeUnpack.py:103:32:103:44 | ControlFlowNode for Attribute | UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | | UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:103:23:103:27 | SSA variable chunk | +| UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | -| UnsafeUnpack.py:108:13:108:18 | SSA variable myfile | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | +| UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | | UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | UnsafeUnpack.py:108:13:108:18 | SSA variable myfile | +| UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | UnsafeUnpack.py:112:35:112:43 | ControlFlowNode for file_path | | UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | | UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | -| UnsafeUnpack.py:116:17:116:21 | SSA variable ufile | UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | +| UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile | UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | | UnsafeUnpack.py:116:27:116:39 | ControlFlowNode for Attribute | UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:116:17:116:21 | SSA variable ufile | -| UnsafeUnpack.py:118:19:118:26 | SSA variable filename | UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | -| UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | UnsafeUnpack.py:118:19:118:26 | SSA variable filename | +| UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile | +| UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename | UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | +| UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename | | UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | | UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:119:19:119:36 | SSA variable uploaded_file_path | UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path | -| UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | UnsafeUnpack.py:119:19:119:36 | SSA variable uploaded_file_path | +| UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path | UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path | +| UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path | | UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:140:1:140:19 | GSSA Variable unsafe_filename_tar | UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | -| UnsafeUnpack.py:140:23:140:35 | ControlFlowNode for Attribute | UnsafeUnpack.py:140:1:140:19 | GSSA Variable unsafe_filename_tar | -| UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | UnsafeUnpack.py:141:56:141:58 | GSSA Variable tar | +| UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar | UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | +| UnsafeUnpack.py:140:23:140:35 | ControlFlowNode for Attribute | UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar | +| UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar | | UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:141:56:141:58 | GSSA Variable tar | UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar | +| UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar | UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar | | UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | -| UnsafeUnpack.py:158:23:158:27 | SSA variable chunk | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | +| UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | | UnsafeUnpack.py:158:32:158:44 | ControlFlowNode for Attribute | UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | | UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:158:23:158:27 | SSA variable chunk | +| UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | -| UnsafeUnpack.py:161:19:161:21 | SSA variable tar | UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | -| UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | UnsafeUnpack.py:161:19:161:21 | SSA variable tar | +| UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | +| UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | | UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:163:23:163:28 | SSA variable member | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | -| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | UnsafeUnpack.py:163:23:163:28 | SSA variable member | +| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | +| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | -| UnsafeUnpack.py:171:1:171:8 | GSSA Variable response | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | -| UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:171:1:171:8 | GSSA Variable response | +| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | +| UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | | UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | @@ -83,12 +83,12 @@ edges | UnsafeUnpack.py:201:29:201:31 | ControlFlowNode for tmp | UnsafeUnpack.py:201:29:201:36 | ControlFlowNode for Attribute | nodes | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| UnsafeUnpack.py:5:26:5:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| UnsafeUnpack.py:11:7:11:14 | SSA variable filename | semmle.label | SSA variable filename | +| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:13:13:13:20 | SSA variable response | semmle.label | SSA variable response | +| UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | semmle.label | ControlFlowNode for response | | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath | | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | semmle.label | ControlFlowNode for f | @@ -100,15 +100,15 @@ nodes | UnsafeUnpack.py:34:23:34:38 | ControlFlowNode for local_ziped_path | semmle.label | ControlFlowNode for local_ziped_path | | UnsafeUnpack.py:47:20:47:34 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file | | UnsafeUnpack.py:48:23:48:37 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file | -| UnsafeUnpack.py:51:1:51:15 | GSSA Variable compressed_file | semmle.label | GSSA Variable compressed_file | +| UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file | | UnsafeUnpack.py:51:19:51:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file | -| UnsafeUnpack.py:65:1:65:15 | GSSA Variable compressed_file | semmle.label | GSSA Variable compressed_file | +| UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file | | UnsafeUnpack.py:65:19:65:31 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file | -| UnsafeUnpack.py:79:1:79:12 | GSSA Variable url_filename | semmle.label | GSSA Variable url_filename | +| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | semmle.label | ControlFlowNode for url_filename | | UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | -| UnsafeUnpack.py:81:1:81:8 | GSSA Variable response | semmle.label | GSSA Variable response | +| UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | semmle.label | ControlFlowNode for response | | UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath | | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | semmle.label | ControlFlowNode for f | @@ -117,14 +117,14 @@ nodes | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:87:23:87:29 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath | | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath | -| UnsafeUnpack.py:103:23:103:27 | SSA variable chunk | semmle.label | SSA variable chunk | +| UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk | | UnsafeUnpack.py:103:32:103:44 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | semmle.label | ControlFlowNode for wfile | | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk | | UnsafeUnpack.py:105:35:105:42 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath | -| UnsafeUnpack.py:108:13:108:18 | SSA variable myfile | semmle.label | SSA variable myfile | +| UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | semmle.label | ControlFlowNode for myfile | | UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path | @@ -132,39 +132,39 @@ nodes | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | semmle.label | ControlFlowNode for myfile | | UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:112:35:112:43 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path | -| UnsafeUnpack.py:116:17:116:21 | SSA variable ufile | semmle.label | SSA variable ufile | +| UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile | semmle.label | ControlFlowNode for ufile | | UnsafeUnpack.py:116:27:116:39 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| UnsafeUnpack.py:118:19:118:26 | SSA variable filename | semmle.label | SSA variable filename | +| UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | semmle.label | ControlFlowNode for ufile | | UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | -| UnsafeUnpack.py:119:19:119:36 | SSA variable uploaded_file_path | semmle.label | SSA variable uploaded_file_path | +| UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path | semmle.label | ControlFlowNode for uploaded_file_path | | UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path | semmle.label | ControlFlowNode for uploaded_file_path | -| UnsafeUnpack.py:140:1:140:19 | GSSA Variable unsafe_filename_tar | semmle.label | GSSA Variable unsafe_filename_tar | +| UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar | semmle.label | ControlFlowNode for unsafe_filename_tar | | UnsafeUnpack.py:140:23:140:35 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | semmle.label | ControlFlowNode for unsafe_filename_tar | -| UnsafeUnpack.py:141:56:141:58 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath | -| UnsafeUnpack.py:158:23:158:27 | SSA variable chunk | semmle.label | SSA variable chunk | +| UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk | | UnsafeUnpack.py:158:32:158:44 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | semmle.label | ControlFlowNode for wfile | | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk | -| UnsafeUnpack.py:161:19:161:21 | SSA variable tar | semmle.label | SSA variable tar | +| UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath | -| UnsafeUnpack.py:163:23:163:28 | SSA variable member | semmle.label | SSA variable member | +| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | semmle.label | ControlFlowNode for member | | UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result | | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | semmle.label | ControlFlowNode for member | | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | semmle.label | ControlFlowNode for result | -| UnsafeUnpack.py:171:1:171:8 | GSSA Variable response | semmle.label | GSSA Variable response | +| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | semmle.label | ControlFlowNode for response | | UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath | | UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | semmle.label | ControlFlowNode for f | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected index 34bb9d7e66c..0bfa6affc39 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected @@ -1,78 +1,78 @@ edges -| AirspeedSsti.py:2:26:2:32 | ControlFlowNode for ImportMember | AirspeedSsti.py:2:26:2:32 | GSSA Variable request | -| AirspeedSsti.py:2:26:2:32 | GSSA Variable request | AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request | -| AirspeedSsti.py:10:5:10:12 | SSA variable template | AirspeedSsti.py:11:30:11:37 | ControlFlowNode for template | +| AirspeedSsti.py:2:26:2:32 | ControlFlowNode for ImportMember | AirspeedSsti.py:2:26:2:32 | ControlFlowNode for request | +| AirspeedSsti.py:2:26:2:32 | ControlFlowNode for request | AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request | +| AirspeedSsti.py:10:5:10:12 | ControlFlowNode for template | AirspeedSsti.py:11:30:11:37 | ControlFlowNode for template | | AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request | AirspeedSsti.py:10:16:10:27 | ControlFlowNode for Attribute | | AirspeedSsti.py:10:16:10:27 | ControlFlowNode for Attribute | AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | -| AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | AirspeedSsti.py:10:5:10:12 | SSA variable template | -| CheetahSinks.py:1:26:1:32 | ControlFlowNode for ImportMember | CheetahSinks.py:1:26:1:32 | GSSA Variable request | -| CheetahSinks.py:1:26:1:32 | GSSA Variable request | CheetahSinks.py:10:16:10:22 | ControlFlowNode for request | -| CheetahSinks.py:1:26:1:32 | GSSA Variable request | CheetahSinks.py:21:16:21:22 | ControlFlowNode for request | -| CheetahSinks.py:10:5:10:12 | SSA variable template | CheetahSinks.py:11:21:11:28 | ControlFlowNode for template | +| AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | AirspeedSsti.py:10:5:10:12 | ControlFlowNode for template | +| CheetahSinks.py:1:26:1:32 | ControlFlowNode for ImportMember | CheetahSinks.py:1:26:1:32 | ControlFlowNode for request | +| CheetahSinks.py:1:26:1:32 | ControlFlowNode for request | CheetahSinks.py:10:16:10:22 | ControlFlowNode for request | +| CheetahSinks.py:1:26:1:32 | ControlFlowNode for request | CheetahSinks.py:21:16:21:22 | ControlFlowNode for request | +| CheetahSinks.py:10:5:10:12 | ControlFlowNode for template | CheetahSinks.py:11:21:11:28 | ControlFlowNode for template | | CheetahSinks.py:10:16:10:22 | ControlFlowNode for request | CheetahSinks.py:10:16:10:27 | ControlFlowNode for Attribute | | CheetahSinks.py:10:16:10:27 | ControlFlowNode for Attribute | CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() | -| CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() | CheetahSinks.py:10:5:10:12 | SSA variable template | -| CheetahSinks.py:21:5:21:12 | SSA variable template | CheetahSinks.py:22:20:22:27 | ControlFlowNode for template | +| CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() | CheetahSinks.py:10:5:10:12 | ControlFlowNode for template | +| CheetahSinks.py:21:5:21:12 | ControlFlowNode for template | CheetahSinks.py:22:20:22:27 | ControlFlowNode for template | | CheetahSinks.py:21:16:21:22 | ControlFlowNode for request | CheetahSinks.py:21:16:21:27 | ControlFlowNode for Attribute | | CheetahSinks.py:21:16:21:27 | ControlFlowNode for Attribute | CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() | -| CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() | CheetahSinks.py:21:5:21:12 | SSA variable template | -| ChevronSsti.py:1:26:1:32 | ControlFlowNode for ImportMember | ChevronSsti.py:1:26:1:32 | GSSA Variable request | -| ChevronSsti.py:1:26:1:32 | GSSA Variable request | ChevronSsti.py:10:16:10:22 | ControlFlowNode for request | -| ChevronSsti.py:10:5:10:12 | SSA variable template | ChevronSsti.py:11:27:11:34 | ControlFlowNode for template | +| CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() | CheetahSinks.py:21:5:21:12 | ControlFlowNode for template | +| ChevronSsti.py:1:26:1:32 | ControlFlowNode for ImportMember | ChevronSsti.py:1:26:1:32 | ControlFlowNode for request | +| ChevronSsti.py:1:26:1:32 | ControlFlowNode for request | ChevronSsti.py:10:16:10:22 | ControlFlowNode for request | +| ChevronSsti.py:10:5:10:12 | ControlFlowNode for template | ChevronSsti.py:11:27:11:34 | ControlFlowNode for template | | ChevronSsti.py:10:16:10:22 | ControlFlowNode for request | ChevronSsti.py:10:16:10:27 | ControlFlowNode for Attribute | | ChevronSsti.py:10:16:10:27 | ControlFlowNode for Attribute | ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | -| ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | ChevronSsti.py:10:5:10:12 | SSA variable template | -| DjangoTemplates.py:6:8:6:14 | ControlFlowNode for request | DjangoTemplates.py:8:5:8:12 | SSA variable template | -| DjangoTemplates.py:8:5:8:12 | SSA variable template | DjangoTemplates.py:9:18:9:25 | ControlFlowNode for template | -| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for ImportMember | FlaskTemplate.py:1:26:1:32 | GSSA Variable request | -| FlaskTemplate.py:1:26:1:32 | GSSA Variable request | FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request | -| FlaskTemplate.py:1:26:1:32 | GSSA Variable request | FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request | -| FlaskTemplate.py:1:26:1:32 | GSSA Variable request | FlaskTemplate.py:17:41:17:47 | ControlFlowNode for request | +| ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | ChevronSsti.py:10:5:10:12 | ControlFlowNode for template | +| DjangoTemplates.py:6:8:6:14 | ControlFlowNode for request | DjangoTemplates.py:8:5:8:12 | ControlFlowNode for template | +| DjangoTemplates.py:8:5:8:12 | ControlFlowNode for template | DjangoTemplates.py:9:18:9:25 | ControlFlowNode for template | +| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for ImportMember | FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | +| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request | +| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request | +| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | FlaskTemplate.py:17:41:17:47 | ControlFlowNode for request | | FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | | FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | FlaskTemplate.py:11:39:11:66 | ControlFlowNode for Attribute() | | FlaskTemplate.py:17:41:17:47 | ControlFlowNode for request | FlaskTemplate.py:17:41:17:52 | ControlFlowNode for Attribute | | FlaskTemplate.py:17:41:17:52 | ControlFlowNode for Attribute | FlaskTemplate.py:17:41:17:68 | ControlFlowNode for Attribute() | -| JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | JinjaSsti.py:9:5:9:12 | SSA variable template | -| JinjaSsti.py:9:5:9:12 | SSA variable template | JinjaSsti.py:10:25:10:32 | ControlFlowNode for template | -| JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | JinjaSsti.py:19:5:19:12 | SSA variable template | -| JinjaSsti.py:19:5:19:12 | SSA variable template | JinjaSsti.py:20:28:20:35 | ControlFlowNode for template | -| MakoSsti.py:6:10:6:16 | ControlFlowNode for request | MakoSsti.py:8:5:8:12 | SSA variable template | -| MakoSsti.py:8:5:8:12 | SSA variable template | MakoSsti.py:9:27:9:34 | ControlFlowNode for template | -| TRender.py:5:13:5:19 | ControlFlowNode for request | TRender.py:6:5:6:12 | SSA variable template | -| TRender.py:6:5:6:12 | SSA variable template | TRender.py:7:24:7:31 | ControlFlowNode for template | +| JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | +| JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | JinjaSsti.py:10:25:10:32 | ControlFlowNode for template | +| JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | +| JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | JinjaSsti.py:20:28:20:35 | ControlFlowNode for template | +| MakoSsti.py:6:10:6:16 | ControlFlowNode for request | MakoSsti.py:8:5:8:12 | ControlFlowNode for template | +| MakoSsti.py:8:5:8:12 | ControlFlowNode for template | MakoSsti.py:9:27:9:34 | ControlFlowNode for template | +| TRender.py:5:13:5:19 | ControlFlowNode for request | TRender.py:6:5:6:12 | ControlFlowNode for template | +| TRender.py:6:5:6:12 | ControlFlowNode for template | TRender.py:7:24:7:31 | ControlFlowNode for template | nodes | AirspeedSsti.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| AirspeedSsti.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| AirspeedSsti.py:10:5:10:12 | SSA variable template | semmle.label | SSA variable template | +| AirspeedSsti.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| AirspeedSsti.py:10:5:10:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | AirspeedSsti.py:10:16:10:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | AirspeedSsti.py:11:30:11:37 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | CheetahSinks.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| CheetahSinks.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| CheetahSinks.py:10:5:10:12 | SSA variable template | semmle.label | SSA variable template | +| CheetahSinks.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| CheetahSinks.py:10:5:10:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | CheetahSinks.py:10:16:10:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | CheetahSinks.py:10:16:10:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | CheetahSinks.py:11:21:11:28 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | -| CheetahSinks.py:21:5:21:12 | SSA variable template | semmle.label | SSA variable template | +| CheetahSinks.py:21:5:21:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | CheetahSinks.py:21:16:21:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | CheetahSinks.py:21:16:21:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | CheetahSinks.py:22:20:22:27 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | ChevronSsti.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| ChevronSsti.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| ChevronSsti.py:10:5:10:12 | SSA variable template | semmle.label | SSA variable template | +| ChevronSsti.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| ChevronSsti.py:10:5:10:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | ChevronSsti.py:10:16:10:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | ChevronSsti.py:10:16:10:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | ChevronSsti.py:11:27:11:34 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | DjangoTemplates.py:6:8:6:14 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| DjangoTemplates.py:8:5:8:12 | SSA variable template | semmle.label | SSA variable template | +| DjangoTemplates.py:8:5:8:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | DjangoTemplates.py:9:18:9:25 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | FlaskTemplate.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| FlaskTemplate.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | +| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | @@ -81,16 +81,16 @@ nodes | FlaskTemplate.py:17:41:17:52 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | FlaskTemplate.py:17:41:17:68 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| JinjaSsti.py:9:5:9:12 | SSA variable template | semmle.label | SSA variable template | +| JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | JinjaSsti.py:10:25:10:32 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| JinjaSsti.py:19:5:19:12 | SSA variable template | semmle.label | SSA variable template | +| JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | JinjaSsti.py:20:28:20:35 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | MakoSsti.py:6:10:6:16 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| MakoSsti.py:8:5:8:12 | SSA variable template | semmle.label | SSA variable template | +| MakoSsti.py:8:5:8:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | MakoSsti.py:9:27:9:34 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | TRender.py:5:13:5:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| TRender.py:6:5:6:12 | SSA variable template | semmle.label | SSA variable template | +| TRender.py:6:5:6:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | | TRender.py:7:24:7:31 | ControlFlowNode for template | semmle.label | ControlFlowNode for template | subpaths #select diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/EmailXss.expected b/python/ql/test/experimental/query-tests/Security/CWE-079/EmailXss.expected index 02fed5424cc..00172d78319 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-079/EmailXss.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-079/EmailXss.expected @@ -1,46 +1,46 @@ edges -| flask_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | flask_mail.py:1:19:1:25 | GSSA Variable request | -| flask_mail.py:1:19:1:25 | GSSA Variable request | flask_mail.py:13:22:13:28 | ControlFlowNode for request | -| flask_mail.py:1:19:1:25 | GSSA Variable request | flask_mail.py:18:14:18:20 | ControlFlowNode for request | -| flask_mail.py:1:19:1:25 | GSSA Variable request | flask_mail.py:31:24:31:30 | ControlFlowNode for request | +| flask_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | flask_mail.py:1:19:1:25 | ControlFlowNode for request | +| flask_mail.py:1:19:1:25 | ControlFlowNode for request | flask_mail.py:13:22:13:28 | ControlFlowNode for request | +| flask_mail.py:1:19:1:25 | ControlFlowNode for request | flask_mail.py:18:14:18:20 | ControlFlowNode for request | +| flask_mail.py:1:19:1:25 | ControlFlowNode for request | flask_mail.py:31:24:31:30 | ControlFlowNode for request | | flask_mail.py:13:22:13:28 | ControlFlowNode for request | flask_mail.py:13:22:13:41 | ControlFlowNode for Subscript | | flask_mail.py:13:22:13:28 | ControlFlowNode for request | flask_mail.py:18:14:18:33 | ControlFlowNode for Subscript | | flask_mail.py:18:14:18:20 | ControlFlowNode for request | flask_mail.py:18:14:18:33 | ControlFlowNode for Subscript | | flask_mail.py:31:24:31:30 | ControlFlowNode for request | flask_mail.py:31:24:31:43 | ControlFlowNode for Subscript | -| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | sendgrid_mail.py:1:19:1:25 | GSSA Variable request | -| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | -| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request | -| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | +| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | +| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | +| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request | +| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | sendgrid_mail.py:14:22:14:49 | ControlFlowNode for Subscript | | sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request | sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript | | sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript | sendgrid_mail.py:26:22:26:62 | ControlFlowNode for HtmlContent() | | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | sendgrid_mail.py:37:41:37:68 | ControlFlowNode for Subscript | -| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for ImportMember | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | -| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | -| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | -| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | +| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for ImportMember | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | +| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | +| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | +| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:16:26:16:79 | ControlFlowNode for Attribute() | | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:25:27:77 | ControlFlowNode for Attribute() | | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:25:27:77 | ControlFlowNode for Attribute() | | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | -| smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_subparts.py:2:26:2:32 | GSSA Variable request | -| smtplib_bad_subparts.py:2:26:2:32 | GSSA Variable request | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | -| smtplib_bad_subparts.py:17:5:17:8 | SSA variable name | smtplib_bad_subparts.py:20:5:20:8 | SSA variable html | -| smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | smtplib_bad_subparts.py:17:5:17:8 | SSA variable name | -| smtplib_bad_subparts.py:20:5:20:8 | SSA variable html | smtplib_bad_subparts.py:24:22:24:25 | ControlFlowNode for html | -| smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_via_attach.py:2:26:2:32 | GSSA Variable request | -| smtplib_bad_via_attach.py:2:26:2:32 | GSSA Variable request | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | -| smtplib_bad_via_attach.py:20:5:20:8 | SSA variable name | smtplib_bad_via_attach.py:23:5:23:8 | SSA variable html | -| smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | smtplib_bad_via_attach.py:20:5:20:8 | SSA variable name | -| smtplib_bad_via_attach.py:23:5:23:8 | SSA variable html | smtplib_bad_via_attach.py:27:22:27:25 | ControlFlowNode for html | +| smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for request | +| smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for request | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | +| smtplib_bad_subparts.py:17:5:17:8 | ControlFlowNode for name | smtplib_bad_subparts.py:20:5:20:8 | ControlFlowNode for html | +| smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | smtplib_bad_subparts.py:17:5:17:8 | ControlFlowNode for name | +| smtplib_bad_subparts.py:20:5:20:8 | ControlFlowNode for html | smtplib_bad_subparts.py:24:22:24:25 | ControlFlowNode for html | +| smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for request | +| smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for request | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | +| smtplib_bad_via_attach.py:20:5:20:8 | ControlFlowNode for name | smtplib_bad_via_attach.py:23:5:23:8 | ControlFlowNode for html | +| smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | smtplib_bad_via_attach.py:20:5:20:8 | ControlFlowNode for name | +| smtplib_bad_via_attach.py:23:5:23:8 | ControlFlowNode for html | smtplib_bad_via_attach.py:27:22:27:25 | ControlFlowNode for html | nodes | django_mail.py:14:48:14:82 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | django_mail.py:23:30:23:64 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | django_mail.py:25:32:25:66 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | flask_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| flask_mail.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | +| flask_mail.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | flask_mail.py:13:22:13:28 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | flask_mail.py:13:22:13:41 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | flask_mail.py:18:14:18:20 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | @@ -48,7 +48,7 @@ nodes | flask_mail.py:31:24:31:30 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | flask_mail.py:31:24:31:43 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | +| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | sendgrid_mail.py:14:22:14:49 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | sendgrid_mail.py:26:22:26:62 | ControlFlowNode for HtmlContent() | semmle.label | ControlFlowNode for HtmlContent() | @@ -57,7 +57,7 @@ nodes | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | sendgrid_mail.py:37:41:37:68 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | semmle.label | GSSA Variable request | +| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | sendgrid_via_mail_send_post_request_body_bad.py:16:26:16:79 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | sendgrid_via_mail_send_post_request_body_bad.py:27:25:27:77 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | @@ -65,16 +65,16 @@ nodes | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| smtplib_bad_subparts.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| smtplib_bad_subparts.py:17:5:17:8 | SSA variable name | semmle.label | SSA variable name | +| smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| smtplib_bad_subparts.py:17:5:17:8 | ControlFlowNode for name | semmle.label | ControlFlowNode for name | | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| smtplib_bad_subparts.py:20:5:20:8 | SSA variable html | semmle.label | SSA variable html | +| smtplib_bad_subparts.py:20:5:20:8 | ControlFlowNode for html | semmle.label | ControlFlowNode for html | | smtplib_bad_subparts.py:24:22:24:25 | ControlFlowNode for html | semmle.label | ControlFlowNode for html | | smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| smtplib_bad_via_attach.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| smtplib_bad_via_attach.py:20:5:20:8 | SSA variable name | semmle.label | SSA variable name | +| smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| smtplib_bad_via_attach.py:20:5:20:8 | ControlFlowNode for name | semmle.label | ControlFlowNode for name | | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| smtplib_bad_via_attach.py:23:5:23:8 | SSA variable html | semmle.label | SSA variable html | +| smtplib_bad_via_attach.py:23:5:23:8 | ControlFlowNode for html | semmle.label | ControlFlowNode for html | | smtplib_bad_via_attach.py:27:22:27:25 | ControlFlowNode for html | semmle.label | ControlFlowNode for html | subpaths #select diff --git a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected index 92ea83f4cdd..fba2ae1acdc 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected @@ -1,106 +1,106 @@ edges -| xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | xslt.py:3:26:3:32 | GSSA Variable request | -| xslt.py:3:26:3:32 | GSSA Variable request | xslt.py:10:17:10:23 | ControlFlowNode for request | -| xslt.py:10:5:10:13 | SSA variable xsltQuery | xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | +| xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | xslt.py:3:26:3:32 | ControlFlowNode for request | +| xslt.py:3:26:3:32 | ControlFlowNode for request | xslt.py:10:17:10:23 | ControlFlowNode for request | +| xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery | xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | | xslt.py:10:17:10:23 | ControlFlowNode for request | xslt.py:10:17:10:28 | ControlFlowNode for Attribute | | xslt.py:10:17:10:28 | ControlFlowNode for Attribute | xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | -| xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | xslt.py:10:5:10:13 | SSA variable xsltQuery | -| xslt.py:11:5:11:13 | SSA variable xslt_root | xslt.py:14:29:14:37 | ControlFlowNode for xslt_root | -| xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | xslt.py:11:5:11:13 | SSA variable xslt_root | +| xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery | +| xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | xslt.py:14:29:14:37 | ControlFlowNode for xslt_root | +| xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | | xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | -| xsltInjection.py:3:26:3:32 | ControlFlowNode for ImportMember | xsltInjection.py:3:26:3:32 | GSSA Variable request | -| xsltInjection.py:3:26:3:32 | GSSA Variable request | xsltInjection.py:10:17:10:23 | ControlFlowNode for request | -| xsltInjection.py:3:26:3:32 | GSSA Variable request | xsltInjection.py:17:17:17:23 | ControlFlowNode for request | -| xsltInjection.py:3:26:3:32 | GSSA Variable request | xsltInjection.py:26:17:26:23 | ControlFlowNode for request | -| xsltInjection.py:3:26:3:32 | GSSA Variable request | xsltInjection.py:35:17:35:23 | ControlFlowNode for request | -| xsltInjection.py:3:26:3:32 | GSSA Variable request | xsltInjection.py:44:17:44:23 | ControlFlowNode for request | -| xsltInjection.py:10:5:10:13 | SSA variable xsltQuery | xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | +| xsltInjection.py:3:26:3:32 | ControlFlowNode for ImportMember | xsltInjection.py:3:26:3:32 | ControlFlowNode for request | +| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:10:17:10:23 | ControlFlowNode for request | +| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:17:17:17:23 | ControlFlowNode for request | +| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:26:17:26:23 | ControlFlowNode for request | +| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:35:17:35:23 | ControlFlowNode for request | +| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:44:17:44:23 | ControlFlowNode for request | +| xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery | xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | | xsltInjection.py:10:17:10:23 | ControlFlowNode for request | xsltInjection.py:10:17:10:28 | ControlFlowNode for Attribute | | xsltInjection.py:10:17:10:28 | ControlFlowNode for Attribute | xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | -| xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | xsltInjection.py:10:5:10:13 | SSA variable xsltQuery | -| xsltInjection.py:11:5:11:13 | SSA variable xslt_root | xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root | -| xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | xsltInjection.py:11:5:11:13 | SSA variable xslt_root | +| xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery | +| xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root | +| xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | | xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | -| xsltInjection.py:17:5:17:13 | SSA variable xsltQuery | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | +| xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | | xsltInjection.py:17:17:17:23 | ControlFlowNode for request | xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute | | xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute | xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | -| xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | xsltInjection.py:17:5:17:13 | SSA variable xsltQuery | -| xsltInjection.py:18:5:18:13 | SSA variable xslt_root | xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root | -| xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | xsltInjection.py:18:5:18:13 | SSA variable xslt_root | +| xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | +| xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root | +| xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | -| xsltInjection.py:26:5:26:13 | SSA variable xsltQuery | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | +| xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | | xsltInjection.py:26:17:26:23 | ControlFlowNode for request | xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute | | xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute | xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | -| xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | xsltInjection.py:26:5:26:13 | SSA variable xsltQuery | -| xsltInjection.py:27:5:27:13 | SSA variable xslt_root | xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root | -| xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | xsltInjection.py:27:5:27:13 | SSA variable xslt_root | +| xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | +| xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root | +| xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | -| xsltInjection.py:35:5:35:13 | SSA variable xsltQuery | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | +| xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | | xsltInjection.py:35:17:35:23 | ControlFlowNode for request | xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute | | xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute | xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | -| xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | xsltInjection.py:35:5:35:13 | SSA variable xsltQuery | -| xsltInjection.py:36:5:36:13 | SSA variable xslt_root | xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root | -| xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | xsltInjection.py:36:5:36:13 | SSA variable xslt_root | +| xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | +| xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root | +| xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | -| xsltInjection.py:44:5:44:13 | SSA variable xsltQuery | xsltInjection.py:45:5:45:15 | SSA variable xsltStrings | +| xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | | xsltInjection.py:44:17:44:23 | ControlFlowNode for request | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | -| xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | xsltInjection.py:44:5:44:13 | SSA variable xsltQuery | -| xsltInjection.py:45:5:45:15 | SSA variable xsltStrings | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | -| xsltInjection.py:46:5:46:13 | SSA variable xslt_root | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | -| xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | xsltInjection.py:46:5:46:13 | SSA variable xslt_root | +| xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | +| xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | +| xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | +| xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | nodes | xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| xslt.py:3:26:3:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| xslt.py:10:5:10:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery | +| xslt.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xslt.py:10:17:10:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xslt.py:10:17:10:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| xslt.py:11:5:11:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root | +| xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xslt.py:14:29:14:37 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | | xsltInjection.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| xsltInjection.py:3:26:3:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| xsltInjection.py:10:5:10:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery | +| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xsltInjection.py:10:17:10:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xsltInjection.py:10:17:10:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| xsltInjection.py:11:5:11:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root | +| xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | -| xsltInjection.py:17:5:17:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery | +| xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xsltInjection.py:17:17:17:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| xsltInjection.py:18:5:18:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root | +| xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | -| xsltInjection.py:26:5:26:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery | +| xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xsltInjection.py:26:17:26:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| xsltInjection.py:27:5:27:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root | +| xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | -| xsltInjection.py:35:5:35:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery | +| xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xsltInjection.py:35:17:35:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| xsltInjection.py:36:5:36:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root | +| xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | -| xsltInjection.py:44:5:44:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery | +| xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery | | xsltInjection.py:44:17:44:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| xsltInjection.py:45:5:45:15 | SSA variable xsltStrings | semmle.label | SSA variable xsltStrings | -| xsltInjection.py:46:5:46:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root | +| xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | semmle.label | ControlFlowNode for xsltStrings | +| xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | semmle.label | ControlFlowNode for xsltStrings | | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected index 4b5931dcaf1..55a7c5de999 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected @@ -1,40 +1,40 @@ edges -| django_bad.py:5:5:5:14 | SSA variable rfs_header | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | -| django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | django_bad.py:5:5:5:14 | SSA variable rfs_header | -| django_bad.py:12:5:12:14 | SSA variable rfs_header | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | -| django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | django_bad.py:12:5:12:14 | SSA variable rfs_header | -| flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:1:29:1:35 | GSSA Variable request | -| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:9:18:9:24 | ControlFlowNode for request | -| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:19:18:19:24 | ControlFlowNode for request | -| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:27:18:27:24 | ControlFlowNode for request | -| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:35:18:35:24 | ControlFlowNode for request | -| flask_bad.py:9:5:9:14 | SSA variable rfs_header | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | -| flask_bad.py:9:18:9:24 | ControlFlowNode for request | flask_bad.py:9:5:9:14 | SSA variable rfs_header | -| flask_bad.py:19:5:19:14 | SSA variable rfs_header | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | -| flask_bad.py:19:18:19:24 | ControlFlowNode for request | flask_bad.py:19:5:19:14 | SSA variable rfs_header | -| flask_bad.py:27:5:27:14 | SSA variable rfs_header | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | -| flask_bad.py:27:18:27:24 | ControlFlowNode for request | flask_bad.py:27:5:27:14 | SSA variable rfs_header | -| flask_bad.py:35:5:35:14 | SSA variable rfs_header | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | -| flask_bad.py:35:18:35:24 | ControlFlowNode for request | flask_bad.py:35:5:35:14 | SSA variable rfs_header | +| django_bad.py:5:5:5:14 | ControlFlowNode for rfs_header | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | +| django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | django_bad.py:5:5:5:14 | ControlFlowNode for rfs_header | +| django_bad.py:12:5:12:14 | ControlFlowNode for rfs_header | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | +| django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | django_bad.py:12:5:12:14 | ControlFlowNode for rfs_header | +| flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:1:29:1:35 | ControlFlowNode for request | +| flask_bad.py:1:29:1:35 | ControlFlowNode for request | flask_bad.py:9:18:9:24 | ControlFlowNode for request | +| flask_bad.py:1:29:1:35 | ControlFlowNode for request | flask_bad.py:19:18:19:24 | ControlFlowNode for request | +| flask_bad.py:1:29:1:35 | ControlFlowNode for request | flask_bad.py:27:18:27:24 | ControlFlowNode for request | +| flask_bad.py:1:29:1:35 | ControlFlowNode for request | flask_bad.py:35:18:35:24 | ControlFlowNode for request | +| flask_bad.py:9:5:9:14 | ControlFlowNode for rfs_header | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | +| flask_bad.py:9:18:9:24 | ControlFlowNode for request | flask_bad.py:9:5:9:14 | ControlFlowNode for rfs_header | +| flask_bad.py:19:5:19:14 | ControlFlowNode for rfs_header | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | +| flask_bad.py:19:18:19:24 | ControlFlowNode for request | flask_bad.py:19:5:19:14 | ControlFlowNode for rfs_header | +| flask_bad.py:27:5:27:14 | ControlFlowNode for rfs_header | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | +| flask_bad.py:27:18:27:24 | ControlFlowNode for request | flask_bad.py:27:5:27:14 | ControlFlowNode for rfs_header | +| flask_bad.py:35:5:35:14 | ControlFlowNode for rfs_header | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | +| flask_bad.py:35:18:35:24 | ControlFlowNode for request | flask_bad.py:35:5:35:14 | ControlFlowNode for rfs_header | nodes -| django_bad.py:5:5:5:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header | +| django_bad.py:5:5:5:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | -| django_bad.py:12:5:12:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header | +| django_bad.py:12:5:12:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| flask_bad.py:1:29:1:35 | GSSA Variable request | semmle.label | GSSA Variable request | -| flask_bad.py:9:5:9:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header | +| flask_bad.py:1:29:1:35 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| flask_bad.py:9:5:9:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | | flask_bad.py:9:18:9:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | -| flask_bad.py:19:5:19:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header | +| flask_bad.py:19:5:19:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | | flask_bad.py:19:18:19:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | -| flask_bad.py:27:5:27:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header | +| flask_bad.py:27:5:27:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | | flask_bad.py:27:18:27:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | -| flask_bad.py:35:5:35:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header | +| flask_bad.py:35:5:35:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | | flask_bad.py:35:18:35:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | subpaths diff --git a/python/ql/test/experimental/query-tests/Security/CWE-1236/CsvInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-1236/CsvInjection.expected index 8ddadb93cee..2fb925fb664 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-1236/CsvInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-1236/CsvInjection.expected @@ -1,26 +1,26 @@ edges -| csv_bad.py:9:19:9:25 | ControlFlowNode for ImportMember | csv_bad.py:9:19:9:25 | GSSA Variable request | -| csv_bad.py:9:19:9:25 | GSSA Variable request | csv_bad.py:16:16:16:22 | ControlFlowNode for request | -| csv_bad.py:9:19:9:25 | GSSA Variable request | csv_bad.py:24:16:24:22 | ControlFlowNode for request | -| csv_bad.py:16:5:16:12 | SSA variable csv_data | csv_bad.py:18:24:18:31 | ControlFlowNode for csv_data | -| csv_bad.py:16:5:16:12 | SSA variable csv_data | csv_bad.py:19:25:19:32 | ControlFlowNode for csv_data | +| csv_bad.py:9:19:9:25 | ControlFlowNode for ImportMember | csv_bad.py:9:19:9:25 | ControlFlowNode for request | +| csv_bad.py:9:19:9:25 | ControlFlowNode for request | csv_bad.py:16:16:16:22 | ControlFlowNode for request | +| csv_bad.py:9:19:9:25 | ControlFlowNode for request | csv_bad.py:24:16:24:22 | ControlFlowNode for request | +| csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data | csv_bad.py:18:24:18:31 | ControlFlowNode for csv_data | +| csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data | csv_bad.py:19:25:19:32 | ControlFlowNode for csv_data | | csv_bad.py:16:16:16:22 | ControlFlowNode for request | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() | -| csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() | csv_bad.py:16:5:16:12 | SSA variable csv_data | -| csv_bad.py:24:5:24:12 | SSA variable csv_data | csv_bad.py:25:46:25:53 | ControlFlowNode for csv_data | +| csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() | csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data | +| csv_bad.py:24:5:24:12 | ControlFlowNode for csv_data | csv_bad.py:25:46:25:53 | ControlFlowNode for csv_data | | csv_bad.py:24:16:24:22 | ControlFlowNode for request | csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute | | csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute | csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() | -| csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() | csv_bad.py:24:5:24:12 | SSA variable csv_data | +| csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() | csv_bad.py:24:5:24:12 | ControlFlowNode for csv_data | nodes | csv_bad.py:9:19:9:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| csv_bad.py:9:19:9:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| csv_bad.py:16:5:16:12 | SSA variable csv_data | semmle.label | SSA variable csv_data | +| csv_bad.py:9:19:9:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data | semmle.label | ControlFlowNode for csv_data | | csv_bad.py:16:16:16:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | csv_bad.py:18:24:18:31 | ControlFlowNode for csv_data | semmle.label | ControlFlowNode for csv_data | | csv_bad.py:19:25:19:32 | ControlFlowNode for csv_data | semmle.label | ControlFlowNode for csv_data | -| csv_bad.py:24:5:24:12 | SSA variable csv_data | semmle.label | SSA variable csv_data | +| csv_bad.py:24:5:24:12 | ControlFlowNode for csv_data | semmle.label | ControlFlowNode for csv_data | | csv_bad.py:24:16:24:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected b/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected index eac8eb55151..24f62f1a107 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected @@ -1,27 +1,27 @@ edges -| samples.py:2:26:2:32 | ControlFlowNode for ImportMember | samples.py:2:26:2:32 | GSSA Variable request | -| samples.py:2:26:2:32 | GSSA Variable request | samples.py:9:25:9:31 | ControlFlowNode for request | -| samples.py:2:26:2:32 | GSSA Variable request | samples.py:16:25:16:31 | ControlFlowNode for request | -| samples.py:9:5:9:14 | SSA variable user_input | samples.py:10:59:10:68 | ControlFlowNode for user_input | -| samples.py:9:18:9:47 | ControlFlowNode for escape() | samples.py:9:5:9:14 | SSA variable user_input | +| samples.py:2:26:2:32 | ControlFlowNode for ImportMember | samples.py:2:26:2:32 | ControlFlowNode for request | +| samples.py:2:26:2:32 | ControlFlowNode for request | samples.py:9:25:9:31 | ControlFlowNode for request | +| samples.py:2:26:2:32 | ControlFlowNode for request | samples.py:16:25:16:31 | ControlFlowNode for request | +| samples.py:9:5:9:14 | ControlFlowNode for user_input | samples.py:10:59:10:68 | ControlFlowNode for user_input | +| samples.py:9:18:9:47 | ControlFlowNode for escape() | samples.py:9:5:9:14 | ControlFlowNode for user_input | | samples.py:9:25:9:31 | ControlFlowNode for request | samples.py:9:25:9:36 | ControlFlowNode for Attribute | | samples.py:9:25:9:36 | ControlFlowNode for Attribute | samples.py:9:25:9:46 | ControlFlowNode for Attribute() | | samples.py:9:25:9:46 | ControlFlowNode for Attribute() | samples.py:9:18:9:47 | ControlFlowNode for escape() | -| samples.py:16:5:16:14 | SSA variable user_input | samples.py:20:62:20:71 | ControlFlowNode for user_input | -| samples.py:16:18:16:47 | ControlFlowNode for escape() | samples.py:16:5:16:14 | SSA variable user_input | +| samples.py:16:5:16:14 | ControlFlowNode for user_input | samples.py:20:62:20:71 | ControlFlowNode for user_input | +| samples.py:16:18:16:47 | ControlFlowNode for escape() | samples.py:16:5:16:14 | ControlFlowNode for user_input | | samples.py:16:25:16:31 | ControlFlowNode for request | samples.py:16:25:16:36 | ControlFlowNode for Attribute | | samples.py:16:25:16:36 | ControlFlowNode for Attribute | samples.py:16:25:16:46 | ControlFlowNode for Attribute() | | samples.py:16:25:16:46 | ControlFlowNode for Attribute() | samples.py:16:18:16:47 | ControlFlowNode for escape() | nodes | samples.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| samples.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| samples.py:9:5:9:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| samples.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| samples.py:9:5:9:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | samples.py:9:18:9:47 | ControlFlowNode for escape() | semmle.label | ControlFlowNode for escape() | | samples.py:9:25:9:31 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | samples.py:9:25:9:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | samples.py:9:25:9:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | samples.py:10:59:10:68 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| samples.py:16:5:16:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| samples.py:16:5:16:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | samples.py:16:18:16:47 | ControlFlowNode for escape() | semmle.label | ControlFlowNode for escape() | | samples.py:16:25:16:31 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | samples.py:16:25:16:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.expected b/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.expected index 450c2dbccb9..c0fbf3b7eab 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.expected @@ -1,9 +1,9 @@ edges -| TimingAttackAgainstHash.py:26:5:26:13 | SSA variable signature | TimingAttackAgainstHash.py:27:24:27:32 | ControlFlowNode for signature | -| TimingAttackAgainstHash.py:26:17:26:41 | ControlFlowNode for Attribute() | TimingAttackAgainstHash.py:26:5:26:13 | SSA variable signature | +| TimingAttackAgainstHash.py:26:5:26:13 | ControlFlowNode for signature | TimingAttackAgainstHash.py:27:24:27:32 | ControlFlowNode for signature | +| TimingAttackAgainstHash.py:26:17:26:41 | ControlFlowNode for Attribute() | TimingAttackAgainstHash.py:26:5:26:13 | ControlFlowNode for signature | | TimingAttackAgainstHash.py:30:12:30:47 | ControlFlowNode for Attribute() | TimingAttackAgainstHash.py:37:19:37:48 | ControlFlowNode for sign() | nodes -| TimingAttackAgainstHash.py:26:5:26:13 | SSA variable signature | semmle.label | SSA variable signature | +| TimingAttackAgainstHash.py:26:5:26:13 | ControlFlowNode for signature | semmle.label | ControlFlowNode for signature | | TimingAttackAgainstHash.py:26:17:26:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | TimingAttackAgainstHash.py:27:24:27:32 | ControlFlowNode for signature | semmle.label | ControlFlowNode for signature | | TimingAttackAgainstHash.py:30:12:30:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.expected b/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.expected index 63d5e8ad821..724913de062 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.expected @@ -1,6 +1,9 @@ edges +| TimingAttackAgainstSensitiveInfo.py:15:9:15:16 | ControlFlowNode for password | TimingAttackAgainstSensitiveInfo.py:16:16:16:23 | ControlFlowNode for password | nodes +| TimingAttackAgainstSensitiveInfo.py:15:9:15:16 | ControlFlowNode for password | semmle.label | ControlFlowNode for password | | TimingAttackAgainstSensitiveInfo.py:16:16:16:23 | ControlFlowNode for password | semmle.label | ControlFlowNode for password | subpaths #select +| TimingAttackAgainstSensitiveInfo.py:16:16:16:23 | ControlFlowNode for password | TimingAttackAgainstSensitiveInfo.py:15:9:15:16 | ControlFlowNode for password | TimingAttackAgainstSensitiveInfo.py:16:16:16:23 | ControlFlowNode for password | Timing attack against $@ validation. | TimingAttackAgainstSensitiveInfo.py:15:9:15:16 | ControlFlowNode for password | client-supplied token | | TimingAttackAgainstSensitiveInfo.py:16:16:16:23 | ControlFlowNode for password | TimingAttackAgainstSensitiveInfo.py:16:16:16:23 | ControlFlowNode for password | TimingAttackAgainstSensitiveInfo.py:16:16:16:23 | ControlFlowNode for password | Timing attack against $@ validation. | TimingAttackAgainstSensitiveInfo.py:16:16:16:23 | ControlFlowNode for password | client-supplied token | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-287-ConstantSecretKey/ConstantSecretKey.expected b/python/ql/test/experimental/query-tests/Security/CWE-287-ConstantSecretKey/ConstantSecretKey.expected index e84a435431c..eebb4f2cf1f 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-287-ConstantSecretKey/ConstantSecretKey.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-287-ConstantSecretKey/ConstantSecretKey.expected @@ -1,14 +1,14 @@ edges -| app_unsafe.py:4:1:4:9 | GSSA Variable aConstant | app_unsafe.py:5:28:5:36 | ControlFlowNode for aConstant | -| app_unsafe.py:4:1:4:9 | GSSA Variable aConstant | app_unsafe.py:6:18:6:26 | ControlFlowNode for aConstant | -| app_unsafe.py:4:1:4:9 | GSSA Variable aConstant | app_unsafe.py:7:30:7:38 | ControlFlowNode for aConstant | -| app_unsafe.py:4:1:4:9 | GSSA Variable aConstant | app_unsafe.py:8:36:8:44 | ControlFlowNode for aConstant | -| app_unsafe.py:4:13:4:23 | ControlFlowNode for Str | app_unsafe.py:4:1:4:9 | GSSA Variable aConstant | -| config.py:7:1:7:9 | GSSA Variable aConstant | config.py:12:18:12:26 | ControlFlowNode for aConstant | -| config.py:7:1:7:9 | GSSA Variable aConstant | config.py:12:18:12:26 | ControlFlowNode for aConstant | -| config.py:7:1:7:9 | GSSA Variable aConstant | config.py:17:38:17:46 | ControlFlowNode for aConstant | -| config.py:7:1:7:9 | GSSA Variable aConstant | config.py:18:43:18:51 | ControlFlowNode for aConstant | -| config.py:7:13:7:23 | ControlFlowNode for Str | config.py:7:1:7:9 | GSSA Variable aConstant | +| app_unsafe.py:4:1:4:9 | ControlFlowNode for aConstant | app_unsafe.py:5:28:5:36 | ControlFlowNode for aConstant | +| app_unsafe.py:4:1:4:9 | ControlFlowNode for aConstant | app_unsafe.py:6:18:6:26 | ControlFlowNode for aConstant | +| app_unsafe.py:4:1:4:9 | ControlFlowNode for aConstant | app_unsafe.py:7:30:7:38 | ControlFlowNode for aConstant | +| app_unsafe.py:4:1:4:9 | ControlFlowNode for aConstant | app_unsafe.py:8:36:8:44 | ControlFlowNode for aConstant | +| app_unsafe.py:4:13:4:23 | ControlFlowNode for Str | app_unsafe.py:4:1:4:9 | ControlFlowNode for aConstant | +| config.py:7:1:7:9 | ControlFlowNode for aConstant | config.py:12:18:12:26 | ControlFlowNode for aConstant | +| config.py:7:1:7:9 | ControlFlowNode for aConstant | config.py:12:18:12:26 | ControlFlowNode for aConstant | +| config.py:7:1:7:9 | ControlFlowNode for aConstant | config.py:17:38:17:46 | ControlFlowNode for aConstant | +| config.py:7:1:7:9 | ControlFlowNode for aConstant | config.py:18:43:18:51 | ControlFlowNode for aConstant | +| config.py:7:13:7:23 | ControlFlowNode for Str | config.py:7:1:7:9 | ControlFlowNode for aConstant | | config.py:12:18:12:26 | ControlFlowNode for aConstant | config.py:17:38:17:46 | ControlFlowNode for aConstant | | config.py:12:18:12:26 | ControlFlowNode for aConstant | config.py:18:43:18:51 | ControlFlowNode for aConstant | | config.py:17:38:17:46 | ControlFlowNode for aConstant | config.py:17:18:17:47 | ControlFlowNode for Attribute() | @@ -16,14 +16,14 @@ edges | config.py:18:43:18:51 | ControlFlowNode for aConstant | config.py:18:18:18:52 | ControlFlowNode for Attribute() | nodes | app_safe.py:5:28:5:37 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str | -| app_unsafe.py:4:1:4:9 | GSSA Variable aConstant | semmle.label | GSSA Variable aConstant | +| app_unsafe.py:4:1:4:9 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant | | app_unsafe.py:4:13:4:23 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str | | app_unsafe.py:5:28:5:36 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant | | app_unsafe.py:6:18:6:26 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant | | app_unsafe.py:7:30:7:38 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant | | app_unsafe.py:8:36:8:44 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant | | config2.py:5:14:5:24 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str | -| config.py:7:1:7:9 | GSSA Variable aConstant | semmle.label | GSSA Variable aConstant | +| config.py:7:1:7:9 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant | | config.py:7:13:7:23 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str | | config.py:12:18:12:26 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant | | config.py:12:18:12:26 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-327-UnsafeUsageOfClientSideEncryptionVersion/UnsafeUsageOfClientSideEncryptionVersion.expected b/python/ql/test/experimental/query-tests/Security/CWE-327-UnsafeUsageOfClientSideEncryptionVersion/UnsafeUsageOfClientSideEncryptionVersion.expected index e2402251994..0bed45a110f 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-327-UnsafeUsageOfClientSideEncryptionVersion/UnsafeUsageOfClientSideEncryptionVersion.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-327-UnsafeUsageOfClientSideEncryptionVersion/UnsafeUsageOfClientSideEncryptionVersion.expected @@ -1,88 +1,88 @@ edges -| test.py:3:1:3:3 | GSSA Variable BSC | test.py:7:19:7:21 | ControlFlowNode for BSC | -| test.py:3:1:3:3 | GSSA Variable BSC | test.py:35:19:35:21 | ControlFlowNode for BSC | -| test.py:3:1:3:3 | GSSA Variable BSC | test.py:66:19:66:21 | ControlFlowNode for BSC | -| test.py:3:7:3:51 | ControlFlowNode for Attribute() | test.py:3:1:3:3 | GSSA Variable BSC | -| test.py:7:5:7:15 | SSA variable blob_client | test.py:8:5:8:15 | ControlFlowNode for blob_client | +| test.py:3:1:3:3 | ControlFlowNode for BSC | test.py:7:19:7:21 | ControlFlowNode for BSC | +| test.py:3:1:3:3 | ControlFlowNode for BSC | test.py:35:19:35:21 | ControlFlowNode for BSC | +| test.py:3:1:3:3 | ControlFlowNode for BSC | test.py:66:19:66:21 | ControlFlowNode for BSC | +| test.py:3:7:3:51 | ControlFlowNode for Attribute() | test.py:3:1:3:3 | ControlFlowNode for BSC | +| test.py:7:5:7:15 | ControlFlowNode for blob_client | test.py:8:5:8:15 | ControlFlowNode for blob_client | | test.py:7:19:7:21 | ControlFlowNode for BSC | test.py:7:19:7:42 | ControlFlowNode for Attribute() | -| test.py:7:19:7:42 | ControlFlowNode for Attribute() | test.py:7:5:7:15 | SSA variable blob_client | +| test.py:7:19:7:42 | ControlFlowNode for Attribute() | test.py:7:5:7:15 | ControlFlowNode for blob_client | | test.py:8:5:8:15 | ControlFlowNode for blob_client | test.py:9:5:9:15 | ControlFlowNode for blob_client | | test.py:9:5:9:15 | ControlFlowNode for blob_client | test.py:9:5:9:15 | [post] ControlFlowNode for blob_client | | test.py:9:5:9:15 | [post] ControlFlowNode for blob_client | test.py:11:9:11:19 | ControlFlowNode for blob_client | -| test.py:15:5:15:23 | SSA variable blob_service_client | test.py:16:5:16:23 | ControlFlowNode for blob_service_client | -| test.py:15:27:15:71 | ControlFlowNode for Attribute() | test.py:15:5:15:23 | SSA variable blob_service_client | +| test.py:15:5:15:23 | ControlFlowNode for blob_service_client | test.py:16:5:16:23 | ControlFlowNode for blob_service_client | +| test.py:15:27:15:71 | ControlFlowNode for Attribute() | test.py:15:5:15:23 | ControlFlowNode for blob_service_client | | test.py:16:5:16:23 | ControlFlowNode for blob_service_client | test.py:17:5:17:23 | ControlFlowNode for blob_service_client | | test.py:17:5:17:23 | ControlFlowNode for blob_service_client | test.py:17:5:17:23 | [post] ControlFlowNode for blob_service_client | | test.py:17:5:17:23 | [post] ControlFlowNode for blob_service_client | test.py:19:19:19:37 | ControlFlowNode for blob_service_client | -| test.py:19:5:19:15 | SSA variable blob_client | test.py:21:9:21:19 | ControlFlowNode for blob_client | +| test.py:19:5:19:15 | ControlFlowNode for blob_client | test.py:21:9:21:19 | ControlFlowNode for blob_client | | test.py:19:19:19:37 | ControlFlowNode for blob_service_client | test.py:19:19:19:58 | ControlFlowNode for Attribute() | -| test.py:19:19:19:58 | ControlFlowNode for Attribute() | test.py:19:5:19:15 | SSA variable blob_client | -| test.py:25:5:25:20 | SSA variable container_client | test.py:26:5:26:20 | ControlFlowNode for container_client | -| test.py:25:24:25:66 | ControlFlowNode for Attribute() | test.py:25:5:25:20 | SSA variable container_client | +| test.py:19:19:19:58 | ControlFlowNode for Attribute() | test.py:19:5:19:15 | ControlFlowNode for blob_client | +| test.py:25:5:25:20 | ControlFlowNode for container_client | test.py:26:5:26:20 | ControlFlowNode for container_client | +| test.py:25:24:25:66 | ControlFlowNode for Attribute() | test.py:25:5:25:20 | ControlFlowNode for container_client | | test.py:26:5:26:20 | ControlFlowNode for container_client | test.py:27:5:27:20 | ControlFlowNode for container_client | | test.py:27:5:27:20 | ControlFlowNode for container_client | test.py:27:5:27:20 | [post] ControlFlowNode for container_client | | test.py:27:5:27:20 | [post] ControlFlowNode for container_client | test.py:29:19:29:34 | ControlFlowNode for container_client | -| test.py:29:5:29:15 | SSA variable blob_client | test.py:31:9:31:19 | ControlFlowNode for blob_client | +| test.py:29:5:29:15 | ControlFlowNode for blob_client | test.py:31:9:31:19 | ControlFlowNode for blob_client | | test.py:29:19:29:34 | ControlFlowNode for container_client | test.py:29:19:29:55 | ControlFlowNode for Attribute() | -| test.py:29:19:29:55 | ControlFlowNode for Attribute() | test.py:29:5:29:15 | SSA variable blob_client | -| test.py:35:5:35:15 | SSA variable blob_client | test.py:36:5:36:15 | ControlFlowNode for blob_client | +| test.py:29:19:29:55 | ControlFlowNode for Attribute() | test.py:29:5:29:15 | ControlFlowNode for blob_client | +| test.py:35:5:35:15 | ControlFlowNode for blob_client | test.py:36:5:36:15 | ControlFlowNode for blob_client | | test.py:35:19:35:21 | ControlFlowNode for BSC | test.py:35:19:35:42 | ControlFlowNode for Attribute() | -| test.py:35:19:35:42 | ControlFlowNode for Attribute() | test.py:35:5:35:15 | SSA variable blob_client | +| test.py:35:19:35:42 | ControlFlowNode for Attribute() | test.py:35:5:35:15 | ControlFlowNode for blob_client | | test.py:36:5:36:15 | ControlFlowNode for blob_client | test.py:37:5:37:15 | ControlFlowNode for blob_client | | test.py:37:5:37:15 | ControlFlowNode for blob_client | test.py:37:5:37:15 | [post] ControlFlowNode for blob_client | | test.py:37:5:37:15 | [post] ControlFlowNode for blob_client | test.py:43:9:43:19 | ControlFlowNode for blob_client | -| test.py:66:5:66:15 | SSA variable blob_client | test.py:67:5:67:15 | ControlFlowNode for blob_client | +| test.py:66:5:66:15 | ControlFlowNode for blob_client | test.py:67:5:67:15 | ControlFlowNode for blob_client | | test.py:66:19:66:21 | ControlFlowNode for BSC | test.py:66:19:66:42 | ControlFlowNode for Attribute() | -| test.py:66:19:66:42 | ControlFlowNode for Attribute() | test.py:66:5:66:15 | SSA variable blob_client | +| test.py:66:19:66:42 | ControlFlowNode for Attribute() | test.py:66:5:66:15 | ControlFlowNode for blob_client | | test.py:67:5:67:15 | ControlFlowNode for blob_client | test.py:68:5:68:15 | ControlFlowNode for blob_client | | test.py:68:5:68:15 | ControlFlowNode for blob_client | test.py:68:5:68:15 | [post] ControlFlowNode for blob_client | | test.py:68:5:68:15 | [post] ControlFlowNode for blob_client | test.py:69:12:69:22 | ControlFlowNode for blob_client | | test.py:69:12:69:22 | ControlFlowNode for blob_client | test.py:73:10:73:33 | ControlFlowNode for get_unsafe_blob_client() | -| test.py:73:5:73:6 | SSA variable bc | test.py:75:9:75:10 | ControlFlowNode for bc | -| test.py:73:10:73:33 | ControlFlowNode for get_unsafe_blob_client() | test.py:73:5:73:6 | SSA variable bc | +| test.py:73:5:73:6 | ControlFlowNode for bc | test.py:75:9:75:10 | ControlFlowNode for bc | +| test.py:73:10:73:33 | ControlFlowNode for get_unsafe_blob_client() | test.py:73:5:73:6 | ControlFlowNode for bc | nodes -| test.py:3:1:3:3 | GSSA Variable BSC | semmle.label | GSSA Variable BSC | +| test.py:3:1:3:3 | ControlFlowNode for BSC | semmle.label | ControlFlowNode for BSC | | test.py:3:7:3:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:7:5:7:15 | SSA variable blob_client | semmle.label | SSA variable blob_client | +| test.py:7:5:7:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:7:19:7:21 | ControlFlowNode for BSC | semmle.label | ControlFlowNode for BSC | | test.py:7:19:7:42 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:8:5:8:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:9:5:9:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:9:5:9:15 | [post] ControlFlowNode for blob_client | semmle.label | [post] ControlFlowNode for blob_client | | test.py:11:9:11:19 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | -| test.py:15:5:15:23 | SSA variable blob_service_client | semmle.label | SSA variable blob_service_client | +| test.py:15:5:15:23 | ControlFlowNode for blob_service_client | semmle.label | ControlFlowNode for blob_service_client | | test.py:15:27:15:71 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:16:5:16:23 | ControlFlowNode for blob_service_client | semmle.label | ControlFlowNode for blob_service_client | | test.py:17:5:17:23 | ControlFlowNode for blob_service_client | semmle.label | ControlFlowNode for blob_service_client | | test.py:17:5:17:23 | [post] ControlFlowNode for blob_service_client | semmle.label | [post] ControlFlowNode for blob_service_client | -| test.py:19:5:19:15 | SSA variable blob_client | semmle.label | SSA variable blob_client | +| test.py:19:5:19:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:19:19:19:37 | ControlFlowNode for blob_service_client | semmle.label | ControlFlowNode for blob_service_client | | test.py:19:19:19:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:21:9:21:19 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | -| test.py:25:5:25:20 | SSA variable container_client | semmle.label | SSA variable container_client | +| test.py:25:5:25:20 | ControlFlowNode for container_client | semmle.label | ControlFlowNode for container_client | | test.py:25:24:25:66 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:26:5:26:20 | ControlFlowNode for container_client | semmle.label | ControlFlowNode for container_client | | test.py:27:5:27:20 | ControlFlowNode for container_client | semmle.label | ControlFlowNode for container_client | | test.py:27:5:27:20 | [post] ControlFlowNode for container_client | semmle.label | [post] ControlFlowNode for container_client | -| test.py:29:5:29:15 | SSA variable blob_client | semmle.label | SSA variable blob_client | +| test.py:29:5:29:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:29:19:29:34 | ControlFlowNode for container_client | semmle.label | ControlFlowNode for container_client | | test.py:29:19:29:55 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:31:9:31:19 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | -| test.py:35:5:35:15 | SSA variable blob_client | semmle.label | SSA variable blob_client | +| test.py:35:5:35:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:35:19:35:21 | ControlFlowNode for BSC | semmle.label | ControlFlowNode for BSC | | test.py:35:19:35:42 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:36:5:36:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:37:5:37:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:37:5:37:15 | [post] ControlFlowNode for blob_client | semmle.label | [post] ControlFlowNode for blob_client | | test.py:43:9:43:19 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | -| test.py:66:5:66:15 | SSA variable blob_client | semmle.label | SSA variable blob_client | +| test.py:66:5:66:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:66:19:66:21 | ControlFlowNode for BSC | semmle.label | ControlFlowNode for BSC | | test.py:66:19:66:42 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:67:5:67:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:68:5:68:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | | test.py:68:5:68:15 | [post] ControlFlowNode for blob_client | semmle.label | [post] ControlFlowNode for blob_client | | test.py:69:12:69:22 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client | -| test.py:73:5:73:6 | SSA variable bc | semmle.label | SSA variable bc | +| test.py:73:5:73:6 | ControlFlowNode for bc | semmle.label | ControlFlowNode for bc | | test.py:73:10:73:33 | ControlFlowNode for get_unsafe_blob_client() | semmle.label | ControlFlowNode for get_unsafe_blob_client() | | test.py:75:9:75:10 | ControlFlowNode for bc | semmle.label | ControlFlowNode for bc | subpaths diff --git a/python/ql/test/experimental/query-tests/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected b/python/ql/test/experimental/query-tests/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected index 617c77ec0dd..5bfe6e64917 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected @@ -1,18 +1,18 @@ edges -| flask_bad.py:13:5:13:13 | SSA variable client_ip | flask_bad.py:14:12:14:20 | ControlFlowNode for client_ip | -| flask_bad.py:13:17:13:54 | ControlFlowNode for Attribute() | flask_bad.py:13:5:13:13 | SSA variable client_ip | -| flask_bad.py:20:5:20:13 | SSA variable client_ip | flask_bad.py:21:12:21:20 | ControlFlowNode for client_ip | -| flask_bad.py:20:17:20:54 | ControlFlowNode for Attribute() | flask_bad.py:20:5:20:13 | SSA variable client_ip | -| tornado_bad.py:22:13:22:21 | SSA variable client_ip | tornado_bad.py:23:16:23:24 | ControlFlowNode for client_ip | -| tornado_bad.py:22:25:22:69 | ControlFlowNode for Attribute() | tornado_bad.py:22:13:22:21 | SSA variable client_ip | +| flask_bad.py:13:5:13:13 | ControlFlowNode for client_ip | flask_bad.py:14:12:14:20 | ControlFlowNode for client_ip | +| flask_bad.py:13:17:13:54 | ControlFlowNode for Attribute() | flask_bad.py:13:5:13:13 | ControlFlowNode for client_ip | +| flask_bad.py:20:5:20:13 | ControlFlowNode for client_ip | flask_bad.py:21:12:21:20 | ControlFlowNode for client_ip | +| flask_bad.py:20:17:20:54 | ControlFlowNode for Attribute() | flask_bad.py:20:5:20:13 | ControlFlowNode for client_ip | +| tornado_bad.py:22:13:22:21 | ControlFlowNode for client_ip | tornado_bad.py:23:16:23:24 | ControlFlowNode for client_ip | +| tornado_bad.py:22:25:22:69 | ControlFlowNode for Attribute() | tornado_bad.py:22:13:22:21 | ControlFlowNode for client_ip | nodes -| flask_bad.py:13:5:13:13 | SSA variable client_ip | semmle.label | SSA variable client_ip | +| flask_bad.py:13:5:13:13 | ControlFlowNode for client_ip | semmle.label | ControlFlowNode for client_ip | | flask_bad.py:13:17:13:54 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | flask_bad.py:14:12:14:20 | ControlFlowNode for client_ip | semmle.label | ControlFlowNode for client_ip | -| flask_bad.py:20:5:20:13 | SSA variable client_ip | semmle.label | SSA variable client_ip | +| flask_bad.py:20:5:20:13 | ControlFlowNode for client_ip | semmle.label | ControlFlowNode for client_ip | | flask_bad.py:20:17:20:54 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | flask_bad.py:21:12:21:20 | ControlFlowNode for client_ip | semmle.label | ControlFlowNode for client_ip | -| tornado_bad.py:22:13:22:21 | SSA variable client_ip | semmle.label | SSA variable client_ip | +| tornado_bad.py:22:13:22:21 | ControlFlowNode for client_ip | semmle.label | ControlFlowNode for client_ip | | tornado_bad.py:22:25:22:69 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | tornado_bad.py:23:16:23:24 | ControlFlowNode for client_ip | semmle.label | ControlFlowNode for client_ip | subpaths diff --git a/python/ql/test/experimental/query-tests/Security/CWE-522/LdapInsecureAuth.expected b/python/ql/test/experimental/query-tests/Security/CWE-522/LdapInsecureAuth.expected index cef0ced9ee2..a4c97c8ead7 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-522/LdapInsecureAuth.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-522/LdapInsecureAuth.expected @@ -1,29 +1,29 @@ edges -| ldap3_remote.py:2:19:2:25 | ControlFlowNode for ImportMember | ldap3_remote.py:2:19:2:25 | GSSA Variable request | -| ldap3_remote.py:2:19:2:25 | GSSA Variable request | ldap3_remote.py:138:21:138:27 | ControlFlowNode for request | -| ldap3_remote.py:101:5:101:8 | SSA variable host | ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | -| ldap3_remote.py:101:12:101:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:101:5:101:8 | SSA variable host | -| ldap3_remote.py:114:5:114:8 | SSA variable host | ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | -| ldap3_remote.py:114:12:114:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:114:5:114:8 | SSA variable host | -| ldap3_remote.py:126:5:126:8 | SSA variable host | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | -| ldap3_remote.py:126:12:126:31 | ControlFlowNode for BinaryExpr | ldap3_remote.py:126:5:126:8 | SSA variable host | -| ldap3_remote.py:138:5:138:8 | SSA variable host | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | -| ldap3_remote.py:138:21:138:27 | ControlFlowNode for request | ldap3_remote.py:138:5:138:8 | SSA variable host | +| ldap3_remote.py:2:19:2:25 | ControlFlowNode for ImportMember | ldap3_remote.py:2:19:2:25 | ControlFlowNode for request | +| ldap3_remote.py:2:19:2:25 | ControlFlowNode for request | ldap3_remote.py:138:21:138:27 | ControlFlowNode for request | +| ldap3_remote.py:101:5:101:8 | ControlFlowNode for host | ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | +| ldap3_remote.py:101:12:101:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:101:5:101:8 | ControlFlowNode for host | +| ldap3_remote.py:114:5:114:8 | ControlFlowNode for host | ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | +| ldap3_remote.py:114:12:114:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:114:5:114:8 | ControlFlowNode for host | +| ldap3_remote.py:126:5:126:8 | ControlFlowNode for host | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | +| ldap3_remote.py:126:12:126:31 | ControlFlowNode for BinaryExpr | ldap3_remote.py:126:5:126:8 | ControlFlowNode for host | +| ldap3_remote.py:138:5:138:8 | ControlFlowNode for host | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | +| ldap3_remote.py:138:21:138:27 | ControlFlowNode for request | ldap3_remote.py:138:5:138:8 | ControlFlowNode for host | nodes | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | | ldap3_remote.py:2:19:2:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| ldap3_remote.py:2:19:2:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| ldap3_remote.py:101:5:101:8 | SSA variable host | semmle.label | SSA variable host | +| ldap3_remote.py:2:19:2:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| ldap3_remote.py:101:5:101:8 | ControlFlowNode for host | semmle.label | ControlFlowNode for host | | ldap3_remote.py:101:12:101:49 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | | ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | semmle.label | ControlFlowNode for host | -| ldap3_remote.py:114:5:114:8 | SSA variable host | semmle.label | SSA variable host | +| ldap3_remote.py:114:5:114:8 | ControlFlowNode for host | semmle.label | ControlFlowNode for host | | ldap3_remote.py:114:12:114:49 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | | ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | semmle.label | ControlFlowNode for host | -| ldap3_remote.py:126:5:126:8 | SSA variable host | semmle.label | SSA variable host | +| ldap3_remote.py:126:5:126:8 | ControlFlowNode for host | semmle.label | ControlFlowNode for host | | ldap3_remote.py:126:12:126:31 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | semmle.label | ControlFlowNode for host | -| ldap3_remote.py:138:5:138:8 | SSA variable host | semmle.label | SSA variable host | +| ldap3_remote.py:138:5:138:8 | ControlFlowNode for host | semmle.label | ControlFlowNode for host | | ldap3_remote.py:138:21:138:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | semmle.label | ControlFlowNode for host | subpaths diff --git a/python/ql/test/experimental/query-tests/Security/CWE-614/CookieInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-614/CookieInjection.expected index dbd4464cdb6..afc8302354e 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-614/CookieInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-614/CookieInjection.expected @@ -1,11 +1,11 @@ edges | django_bad.py:27:33:27:67 | ControlFlowNode for Attribute() | django_bad.py:27:30:27:124 | ControlFlowNode for Fstring | | django_bad.py:27:71:27:106 | ControlFlowNode for Attribute() | django_bad.py:27:30:27:124 | ControlFlowNode for Fstring | -| flask_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_bad.py:1:26:1:32 | GSSA Variable request | -| flask_bad.py:1:26:1:32 | GSSA Variable request | flask_bad.py:24:21:24:27 | ControlFlowNode for request | -| flask_bad.py:1:26:1:32 | GSSA Variable request | flask_bad.py:24:49:24:55 | ControlFlowNode for request | -| flask_bad.py:1:26:1:32 | GSSA Variable request | flask_bad.py:32:37:32:43 | ControlFlowNode for request | -| flask_bad.py:1:26:1:32 | GSSA Variable request | flask_bad.py:32:60:32:66 | ControlFlowNode for request | +| flask_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_bad.py:1:26:1:32 | ControlFlowNode for request | +| flask_bad.py:1:26:1:32 | ControlFlowNode for request | flask_bad.py:24:21:24:27 | ControlFlowNode for request | +| flask_bad.py:1:26:1:32 | ControlFlowNode for request | flask_bad.py:24:49:24:55 | ControlFlowNode for request | +| flask_bad.py:1:26:1:32 | ControlFlowNode for request | flask_bad.py:32:37:32:43 | ControlFlowNode for request | +| flask_bad.py:1:26:1:32 | ControlFlowNode for request | flask_bad.py:32:60:32:66 | ControlFlowNode for request | | flask_bad.py:24:21:24:27 | ControlFlowNode for request | flask_bad.py:24:21:24:40 | ControlFlowNode for Subscript | | flask_bad.py:24:21:24:27 | ControlFlowNode for request | flask_bad.py:24:49:24:69 | ControlFlowNode for Subscript | | flask_bad.py:24:49:24:55 | ControlFlowNode for request | flask_bad.py:24:49:24:69 | ControlFlowNode for Subscript | @@ -18,7 +18,7 @@ nodes | django_bad.py:27:33:27:67 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | django_bad.py:27:71:27:106 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | flask_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| flask_bad.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | +| flask_bad.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | flask_bad.py:24:21:24:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | flask_bad.py:24:21:24:40 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | flask_bad.py:24:49:24:55 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | diff --git a/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.expected b/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.expected index 96663031d9a..01991a85d9b 100644 --- a/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.expected +++ b/python/ql/test/library-tests/PointsTo/new/ImpliesDataflow.expected @@ -3,5 +3,22 @@ | code/l_calls.py:12:1:12:20 | ControlFlowNode for ClassExpr | code/l_calls.py:16:16:16:18 | ControlFlowNode for cls | | code/l_calls.py:12:1:12:20 | ControlFlowNode for ClassExpr | code/l_calls.py:24:13:24:22 | ControlFlowNode for Attribute() | | code/l_calls.py:12:1:12:20 | ControlFlowNode for ClassExpr | code/l_calls.py:25:16:25:16 | ControlFlowNode for a | +| code/n_nesting.py:0:0:0:0 | Entry node for Module code.n_nesting | code/i_imports.py:38:1:38:14 | ControlFlowNode for Attribute | +| code/package/module2.py:0:0:0:0 | Entry node for Module code.package.module2 | code/package/__init__.py:4:15:4:32 | ControlFlowNode for ImportMember | +| code/package/module2.py:0:0:0:0 | Entry node for Module code.package.module2 | code/package/__init__.py:7:15:7:32 | ControlFlowNode for ImportMember | +| code/package/module.py:0:0:0:0 | Entry node for Module code.package.module | code/package/__init__.py:1:6:1:12 | ControlFlowNode for ImportExpr | +| code/package/moduleX.py:0:0:0:0 | Entry node for Module code.package.moduleX | code/j_convoluted_imports.py:16:26:16:32 | ControlFlowNode for ImportMember | +| code/package/moduleX.py:0:0:0:0 | Entry node for Module code.package.moduleX | code/j_convoluted_imports.py:17:1:17:7 | ControlFlowNode for moduleX | +| code/package/moduleX.py:0:0:0:0 | Entry node for Module code.package.moduleX | code/package/__init__.py:8:26:8:32 | ControlFlowNode for ImportMember | +| code/package/x.py:0:0:0:0 | Entry node for Module code.package.x | code/i_imports.py:24:1:24:14 | ControlFlowNode for Attribute | +| code/package/x.py:0:0:0:0 | Entry node for Module code.package.x | code/j_convoluted_imports.py:6:8:6:8 | ControlFlowNode for ImportMember | +| code/package/x.py:0:0:0:0 | Entry node for Module code.package.x | code/j_convoluted_imports.py:14:34:14:34 | ControlFlowNode for ImportMember | | code/t_type.py:3:1:3:16 | ControlFlowNode for ClassExpr | code/t_type.py:6:1:6:9 | ControlFlowNode for type() | | code/t_type.py:3:1:3:16 | ControlFlowNode for ClassExpr | code/t_type.py:13:5:13:13 | ControlFlowNode for type() | +| code/test_package/module1.py:0:0:0:0 | Entry node for Module code.test_package.module1 | code/j_convoluted_imports.py:20:10:20:34 | ControlFlowNode for ImportExpr | +| code/test_package/module1.py:0:0:0:0 | Entry node for Module code.test_package.module1 | code/test_package/__init__.py:1:6:1:13 | ControlFlowNode for ImportExpr | +| code/test_package/module2.py:0:0:0:0 | Entry node for Module code.test_package.module2 | code/j_convoluted_imports.py:22:10:22:34 | ControlFlowNode for ImportExpr | +| code/test_package/module2.py:0:0:0:0 | Entry node for Module code.test_package.module2 | code/test_package/__init__.py:2:6:2:13 | ControlFlowNode for ImportExpr | +| code/xyz.py:0:0:0:0 | Entry node for Module code.xyz | code/i_imports.py:7:6:7:9 | ControlFlowNode for ImportExpr | +| code/xyz.py:0:0:0:0 | Entry node for Module code.xyz | code/i_imports.py:8:15:8:17 | ControlFlowNode for ImportMember | +| code/xyz.py:0:0:0:0 | Entry node for Module code.xyz | code/i_imports.py:9:1:9:3 | ControlFlowNode for xyz | diff --git a/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected b/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected index ed53df3589b..2c888521d47 100644 --- a/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected +++ b/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected @@ -12,41 +12,41 @@ edges | testapp/orm_security_tests.py:23:22:23:40 | ControlFlowNode for Subscript | testapp/orm_security_tests.py:23:9:23:14 | [post] ControlFlowNode for person [Attribute age] | | testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | | testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | -| testapp/orm_security_tests.py:42:13:42:18 | SSA variable person [Attribute age] | testapp/orm_security_tests.py:43:62:43:67 | ControlFlowNode for person [Attribute age] | -| testapp/orm_security_tests.py:42:13:42:18 | SSA variable person [Attribute name] | testapp/orm_security_tests.py:43:49:43:54 | ControlFlowNode for person [Attribute name] | -| testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute age] | testapp/orm_security_tests.py:42:13:42:18 | SSA variable person [Attribute age] | -| testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute name] | testapp/orm_security_tests.py:42:13:42:18 | SSA variable person [Attribute name] | -| testapp/orm_security_tests.py:43:13:43:21 | SSA variable resp_text | testapp/orm_security_tests.py:43:13:43:21 | SSA variable resp_text | -| testapp/orm_security_tests.py:43:13:43:21 | SSA variable resp_text | testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | +| testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:43:62:43:67 | ControlFlowNode for person [Attribute age] | +| testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:43:49:43:54 | ControlFlowNode for person [Attribute name] | +| testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute age] | testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute age] | +| testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute name] | testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute name] | +| testapp/orm_security_tests.py:43:13:43:21 | ControlFlowNode for resp_text | testapp/orm_security_tests.py:43:13:43:21 | ControlFlowNode for resp_text | +| testapp/orm_security_tests.py:43:13:43:21 | ControlFlowNode for resp_text | testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | | testapp/orm_security_tests.py:43:49:43:54 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:43:49:43:59 | ControlFlowNode for Attribute | -| testapp/orm_security_tests.py:43:49:43:59 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:43:13:43:21 | SSA variable resp_text | +| testapp/orm_security_tests.py:43:49:43:59 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:43:13:43:21 | ControlFlowNode for resp_text | | testapp/orm_security_tests.py:43:62:43:67 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:43:62:43:71 | ControlFlowNode for Attribute | -| testapp/orm_security_tests.py:43:62:43:71 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:43:13:43:21 | SSA variable resp_text | -| testapp/orm_security_tests.py:47:5:47:10 | SSA variable person [Attribute name] | testapp/orm_security_tests.py:48:46:48:51 | ControlFlowNode for person [Attribute name] | -| testapp/orm_security_tests.py:47:14:47:53 | ControlFlowNode for Attribute() [Attribute name] | testapp/orm_security_tests.py:47:5:47:10 | SSA variable person [Attribute name] | +| testapp/orm_security_tests.py:43:62:43:71 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:43:13:43:21 | ControlFlowNode for resp_text | +| testapp/orm_security_tests.py:47:5:47:10 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:48:46:48:51 | ControlFlowNode for person [Attribute name] | +| testapp/orm_security_tests.py:47:14:47:53 | ControlFlowNode for Attribute() [Attribute name] | testapp/orm_security_tests.py:47:5:47:10 | ControlFlowNode for person [Attribute name] | | testapp/orm_security_tests.py:48:46:48:51 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:48:46:48:56 | ControlFlowNode for Attribute | | testapp/orm_security_tests.py:48:46:48:56 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | -| testapp/orm_security_tests.py:51:5:51:10 | SSA variable person [Attribute age] | testapp/orm_security_tests.py:55:45:55:50 | ControlFlowNode for person [Attribute age] | -| testapp/orm_security_tests.py:51:14:51:53 | ControlFlowNode for Attribute() [Attribute age] | testapp/orm_security_tests.py:51:5:51:10 | SSA variable person [Attribute age] | +| testapp/orm_security_tests.py:51:5:51:10 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:55:45:55:50 | ControlFlowNode for person [Attribute age] | +| testapp/orm_security_tests.py:51:14:51:53 | ControlFlowNode for Attribute() [Attribute age] | testapp/orm_security_tests.py:51:5:51:10 | ControlFlowNode for person [Attribute age] | | testapp/orm_security_tests.py:55:45:55:50 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:55:45:55:54 | ControlFlowNode for Attribute | | testapp/orm_security_tests.py:55:45:55:54 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | | testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | testapp/orm_security_tests.py:101:15:101:52 | ControlFlowNode for Attribute() [Attribute text] | | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | testapp/orm_security_tests.py:96:44:96:63 | ControlFlowNode for Subscript | -| testapp/orm_security_tests.py:96:5:96:11 | SSA variable comment [Attribute text] | testapp/orm_security_tests.py:97:5:97:11 | ControlFlowNode for comment [Attribute text] | -| testapp/orm_security_tests.py:96:15:96:64 | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] | testapp/orm_security_tests.py:96:5:96:11 | SSA variable comment [Attribute text] | +| testapp/orm_security_tests.py:96:5:96:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:97:5:97:11 | ControlFlowNode for comment [Attribute text] | +| testapp/orm_security_tests.py:96:15:96:64 | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] | testapp/orm_security_tests.py:96:5:96:11 | ControlFlowNode for comment [Attribute text] | | testapp/orm_security_tests.py:96:44:96:63 | ControlFlowNode for Subscript | testapp/orm_security_tests.py:96:15:96:64 | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] | | testapp/orm_security_tests.py:97:5:97:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | -| testapp/orm_security_tests.py:101:5:101:11 | SSA variable comment [Attribute text] | testapp/orm_security_tests.py:102:25:102:31 | ControlFlowNode for comment [Attribute text] | -| testapp/orm_security_tests.py:101:15:101:52 | ControlFlowNode for Attribute() [Attribute text] | testapp/orm_security_tests.py:101:5:101:11 | SSA variable comment [Attribute text] | +| testapp/orm_security_tests.py:101:5:101:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:102:25:102:31 | ControlFlowNode for comment [Attribute text] | +| testapp/orm_security_tests.py:101:15:101:52 | ControlFlowNode for Attribute() [Attribute text] | testapp/orm_security_tests.py:101:5:101:11 | ControlFlowNode for comment [Attribute text] | | testapp/orm_security_tests.py:102:25:102:31 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | | testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | testapp/orm_security_tests.py:120:15:120:49 | ControlFlowNode for Attribute() [Attribute text] | | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | testapp/orm_security_tests.py:115:41:115:60 | ControlFlowNode for Subscript | -| testapp/orm_security_tests.py:115:5:115:11 | SSA variable comment [Attribute text] | testapp/orm_security_tests.py:117:5:117:11 | ControlFlowNode for comment [Attribute text] | -| testapp/orm_security_tests.py:115:15:115:61 | ControlFlowNode for CommentValidatorUsed() [Attribute text] | testapp/orm_security_tests.py:115:5:115:11 | SSA variable comment [Attribute text] | +| testapp/orm_security_tests.py:115:5:115:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:117:5:117:11 | ControlFlowNode for comment [Attribute text] | +| testapp/orm_security_tests.py:115:15:115:61 | ControlFlowNode for CommentValidatorUsed() [Attribute text] | testapp/orm_security_tests.py:115:5:115:11 | ControlFlowNode for comment [Attribute text] | | testapp/orm_security_tests.py:115:41:115:60 | ControlFlowNode for Subscript | testapp/orm_security_tests.py:115:15:115:61 | ControlFlowNode for CommentValidatorUsed() [Attribute text] | | testapp/orm_security_tests.py:117:5:117:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | -| testapp/orm_security_tests.py:120:5:120:11 | SSA variable comment [Attribute text] | testapp/orm_security_tests.py:121:25:121:31 | ControlFlowNode for comment [Attribute text] | -| testapp/orm_security_tests.py:120:15:120:49 | ControlFlowNode for Attribute() [Attribute text] | testapp/orm_security_tests.py:120:5:120:11 | SSA variable comment [Attribute text] | +| testapp/orm_security_tests.py:120:5:120:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:121:25:121:31 | ControlFlowNode for comment [Attribute text] | +| testapp/orm_security_tests.py:120:15:120:49 | ControlFlowNode for Attribute() [Attribute text] | testapp/orm_security_tests.py:120:5:120:11 | ControlFlowNode for comment [Attribute text] | | testapp/orm_security_tests.py:121:25:121:31 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | nodes | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | semmle.label | [orm-model] Class Person [Attribute age] | @@ -59,43 +59,43 @@ nodes | testapp/orm_security_tests.py:23:22:23:40 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute age] | semmle.label | ControlFlowNode for person [Attribute age] | | testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] | -| testapp/orm_security_tests.py:42:13:42:18 | SSA variable person [Attribute age] | semmle.label | SSA variable person [Attribute age] | -| testapp/orm_security_tests.py:42:13:42:18 | SSA variable person [Attribute name] | semmle.label | SSA variable person [Attribute name] | +| testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute age] | semmle.label | ControlFlowNode for person [Attribute age] | +| testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] | | testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute age] | semmle.label | ControlFlowNode for Attribute() [List element, Attribute age] | | testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute name] | semmle.label | ControlFlowNode for Attribute() [List element, Attribute name] | -| testapp/orm_security_tests.py:43:13:43:21 | SSA variable resp_text | semmle.label | SSA variable resp_text | +| testapp/orm_security_tests.py:43:13:43:21 | ControlFlowNode for resp_text | semmle.label | ControlFlowNode for resp_text | | testapp/orm_security_tests.py:43:49:43:54 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] | | testapp/orm_security_tests.py:43:49:43:59 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | testapp/orm_security_tests.py:43:62:43:67 | ControlFlowNode for person [Attribute age] | semmle.label | ControlFlowNode for person [Attribute age] | | testapp/orm_security_tests.py:43:62:43:71 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | semmle.label | ControlFlowNode for resp_text | -| testapp/orm_security_tests.py:47:5:47:10 | SSA variable person [Attribute name] | semmle.label | SSA variable person [Attribute name] | +| testapp/orm_security_tests.py:47:5:47:10 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] | | testapp/orm_security_tests.py:47:14:47:53 | ControlFlowNode for Attribute() [Attribute name] | semmle.label | ControlFlowNode for Attribute() [Attribute name] | | testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | testapp/orm_security_tests.py:48:46:48:51 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] | | testapp/orm_security_tests.py:48:46:48:56 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | -| testapp/orm_security_tests.py:51:5:51:10 | SSA variable person [Attribute age] | semmle.label | SSA variable person [Attribute age] | +| testapp/orm_security_tests.py:51:5:51:10 | ControlFlowNode for person [Attribute age] | semmle.label | ControlFlowNode for person [Attribute age] | | testapp/orm_security_tests.py:51:14:51:53 | ControlFlowNode for Attribute() [Attribute age] | semmle.label | ControlFlowNode for Attribute() [Attribute age] | | testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | testapp/orm_security_tests.py:55:45:55:50 | ControlFlowNode for person [Attribute age] | semmle.label | ControlFlowNode for person [Attribute age] | | testapp/orm_security_tests.py:55:45:55:54 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | semmle.label | [orm-model] Class CommentValidatorNotUsed [Attribute text] | | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| testapp/orm_security_tests.py:96:5:96:11 | SSA variable comment [Attribute text] | semmle.label | SSA variable comment [Attribute text] | +| testapp/orm_security_tests.py:96:5:96:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] | | testapp/orm_security_tests.py:96:15:96:64 | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] | semmle.label | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] | | testapp/orm_security_tests.py:96:44:96:63 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | testapp/orm_security_tests.py:97:5:97:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] | -| testapp/orm_security_tests.py:101:5:101:11 | SSA variable comment [Attribute text] | semmle.label | SSA variable comment [Attribute text] | +| testapp/orm_security_tests.py:101:5:101:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] | | testapp/orm_security_tests.py:101:15:101:52 | ControlFlowNode for Attribute() [Attribute text] | semmle.label | ControlFlowNode for Attribute() [Attribute text] | | testapp/orm_security_tests.py:102:25:102:31 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] | | testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | semmle.label | [orm-model] Class CommentValidatorUsed [Attribute text] | | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| testapp/orm_security_tests.py:115:5:115:11 | SSA variable comment [Attribute text] | semmle.label | SSA variable comment [Attribute text] | +| testapp/orm_security_tests.py:115:5:115:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] | | testapp/orm_security_tests.py:115:15:115:61 | ControlFlowNode for CommentValidatorUsed() [Attribute text] | semmle.label | ControlFlowNode for CommentValidatorUsed() [Attribute text] | | testapp/orm_security_tests.py:115:41:115:60 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | testapp/orm_security_tests.py:117:5:117:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] | -| testapp/orm_security_tests.py:120:5:120:11 | SSA variable comment [Attribute text] | semmle.label | SSA variable comment [Attribute text] | +| testapp/orm_security_tests.py:120:5:120:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] | | testapp/orm_security_tests.py:120:15:120:49 | ControlFlowNode for Attribute() [Attribute text] | semmle.label | ControlFlowNode for Attribute() [Attribute text] | | testapp/orm_security_tests.py:121:25:121:31 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] | | testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | diff --git a/python/ql/test/library-tests/frameworks/internal-ql-helpers/PoorMansFunctionResolutionTest.ql b/python/ql/test/library-tests/frameworks/internal-ql-helpers/PoorMansFunctionResolutionTest.ql index 338d6853a74..143f0dddc31 100644 --- a/python/ql/test/library-tests/frameworks/internal-ql-helpers/PoorMansFunctionResolutionTest.ql +++ b/python/ql/test/library-tests/frameworks/internal-ql-helpers/PoorMansFunctionResolutionTest.ql @@ -11,6 +11,10 @@ module InlinePoorMansFunctionResolutionTest implements TestSig { exists(Function func, DataFlow::Node ref | ref = poorMansFunctionTracker(func) and not ref.asExpr() instanceof FunctionExpr and + // exclude the name of a defined function + not exists(FunctionDef def | def.getDefinedFunction() = func | + ref.asExpr() = def.getATarget() + ) and // exclude things like `GSSA variable func` exists(ref.asExpr()) and // exclude decorator calls (which with our extractor rewrites does reference the diff --git a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected index ff1cecdaaa2..77d13352758 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected +++ b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected @@ -1,38 +1,38 @@ edges | test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | -| test.py:29:11:29:18 | ControlFlowNode for source() | test.py:32:5:32:7 | SSA variable val | -| test.py:32:5:32:7 | SSA variable val | test.py:33:10:33:12 | ControlFlowNode for val | -| test.py:40:5:40:7 | SSA variable val | test.py:41:10:41:12 | ControlFlowNode for val | -| test.py:40:11:40:25 | ControlFlowNode for Attribute() | test.py:40:5:40:7 | SSA variable val | +| test.py:29:11:29:18 | ControlFlowNode for source() | test.py:32:5:32:7 | ControlFlowNode for val | +| test.py:32:5:32:7 | ControlFlowNode for val | test.py:33:10:33:12 | ControlFlowNode for val | +| test.py:40:5:40:7 | ControlFlowNode for val | test.py:41:10:41:12 | ControlFlowNode for val | +| test.py:40:11:40:25 | ControlFlowNode for Attribute() | test.py:40:5:40:7 | ControlFlowNode for val | | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:40:11:40:25 | ControlFlowNode for Attribute() | -| test.py:53:5:53:7 | SSA variable val | test.py:54:10:54:12 | ControlFlowNode for val | -| test.py:53:11:53:25 | ControlFlowNode for Attribute() | test.py:53:5:53:7 | SSA variable val | +| test.py:53:5:53:7 | ControlFlowNode for val | test.py:54:10:54:12 | ControlFlowNode for val | +| test.py:53:11:53:25 | ControlFlowNode for Attribute() | test.py:53:5:53:7 | ControlFlowNode for val | | test.py:70:11:70:18 | ControlFlowNode for source() | test.py:53:11:53:25 | ControlFlowNode for Attribute() | -| test.py:78:5:78:7 | SSA variable val | test.py:79:10:79:12 | ControlFlowNode for val | -| test.py:78:11:78:14 | ControlFlowNode for bm() | test.py:78:5:78:7 | SSA variable val | +| test.py:78:5:78:7 | ControlFlowNode for val | test.py:79:10:79:12 | ControlFlowNode for val | +| test.py:78:11:78:14 | ControlFlowNode for bm() | test.py:78:5:78:7 | ControlFlowNode for val | | test.py:83:11:83:18 | ControlFlowNode for source() | test.py:78:11:78:14 | ControlFlowNode for bm() | -| test.py:90:5:90:7 | SSA variable val | test.py:91:10:91:12 | ControlFlowNode for val | -| test.py:90:11:90:14 | ControlFlowNode for bm() | test.py:90:5:90:7 | SSA variable val | +| test.py:90:5:90:7 | ControlFlowNode for val | test.py:91:10:91:12 | ControlFlowNode for val | +| test.py:90:11:90:14 | ControlFlowNode for bm() | test.py:90:5:90:7 | ControlFlowNode for val | | test.py:107:11:107:18 | ControlFlowNode for source() | test.py:90:11:90:14 | ControlFlowNode for bm() | nodes | test.py:21:11:21:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | | test.py:22:10:22:24 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:29:11:29:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:32:5:32:7 | SSA variable val | semmle.label | SSA variable val | +| test.py:32:5:32:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:33:10:33:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:40:5:40:7 | SSA variable val | semmle.label | SSA variable val | +| test.py:40:5:40:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:40:11:40:25 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:41:10:41:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:45:11:45:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:53:5:53:7 | SSA variable val | semmle.label | SSA variable val | +| test.py:53:5:53:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:53:11:53:25 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:54:10:54:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:70:11:70:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:78:5:78:7 | SSA variable val | semmle.label | SSA variable val | +| test.py:78:5:78:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:78:11:78:14 | ControlFlowNode for bm() | semmle.label | ControlFlowNode for bm() | | test.py:79:10:79:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:83:11:83:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:90:5:90:7 | SSA variable val | semmle.label | SSA variable val | +| test.py:90:5:90:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:90:11:90:14 | ControlFlowNode for bm() | semmle.label | ControlFlowNode for bm() | | test.py:91:10:91:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:107:11:107:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | diff --git a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected index 80c1c6516f0..004af2780c0 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected +++ b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected @@ -1,61 +1,61 @@ edges -| test.py:21:5:21:7 | SSA variable src | test.py:22:10:22:24 | ControlFlowNode for Attribute() | -| test.py:21:11:21:18 | ControlFlowNode for source() | test.py:21:5:21:7 | SSA variable src | -| test.py:29:5:29:7 | SSA variable src | test.py:30:5:30:7 | SSA variable foo | -| test.py:29:11:29:18 | ControlFlowNode for source() | test.py:29:5:29:7 | SSA variable src | -| test.py:30:5:30:7 | SSA variable foo | test.py:31:5:31:16 | SSA variable bound_method | -| test.py:31:5:31:16 | SSA variable bound_method | test.py:32:5:32:7 | SSA variable val | -| test.py:32:5:32:7 | SSA variable val | test.py:33:10:33:12 | ControlFlowNode for val | -| test.py:39:15:39:17 | ControlFlowNode for arg | test.py:40:5:40:7 | SSA variable val | -| test.py:40:5:40:7 | SSA variable val | test.py:41:10:41:12 | ControlFlowNode for val | -| test.py:45:5:45:7 | SSA variable src | test.py:46:15:46:17 | ControlFlowNode for src | -| test.py:45:11:45:18 | ControlFlowNode for source() | test.py:45:5:45:7 | SSA variable src | +| test.py:21:5:21:7 | ControlFlowNode for src | test.py:22:10:22:24 | ControlFlowNode for Attribute() | +| test.py:21:11:21:18 | ControlFlowNode for source() | test.py:21:5:21:7 | ControlFlowNode for src | +| test.py:29:5:29:7 | ControlFlowNode for src | test.py:30:5:30:7 | ControlFlowNode for foo | +| test.py:29:11:29:18 | ControlFlowNode for source() | test.py:29:5:29:7 | ControlFlowNode for src | +| test.py:30:5:30:7 | ControlFlowNode for foo | test.py:31:5:31:16 | ControlFlowNode for bound_method | +| test.py:31:5:31:16 | ControlFlowNode for bound_method | test.py:32:5:32:7 | ControlFlowNode for val | +| test.py:32:5:32:7 | ControlFlowNode for val | test.py:33:10:33:12 | ControlFlowNode for val | +| test.py:39:15:39:17 | ControlFlowNode for arg | test.py:40:5:40:7 | ControlFlowNode for val | +| test.py:40:5:40:7 | ControlFlowNode for val | test.py:41:10:41:12 | ControlFlowNode for val | +| test.py:45:5:45:7 | ControlFlowNode for src | test.py:46:15:46:17 | ControlFlowNode for src | +| test.py:45:11:45:18 | ControlFlowNode for source() | test.py:45:5:45:7 | ControlFlowNode for src | | test.py:46:15:46:17 | ControlFlowNode for src | test.py:39:15:39:17 | ControlFlowNode for arg | -| test.py:52:24:52:26 | ControlFlowNode for arg | test.py:53:5:53:7 | SSA variable val | -| test.py:53:5:53:7 | SSA variable val | test.py:54:10:54:12 | ControlFlowNode for val | +| test.py:52:24:52:26 | ControlFlowNode for arg | test.py:53:5:53:7 | ControlFlowNode for val | +| test.py:53:5:53:7 | ControlFlowNode for val | test.py:54:10:54:12 | ControlFlowNode for val | | test.py:57:33:57:35 | ControlFlowNode for arg | test.py:58:24:58:26 | ControlFlowNode for arg | | test.py:58:24:58:26 | ControlFlowNode for arg | test.py:52:24:52:26 | ControlFlowNode for arg | | test.py:61:33:61:35 | ControlFlowNode for arg | test.py:62:33:62:35 | ControlFlowNode for arg | | test.py:62:33:62:35 | ControlFlowNode for arg | test.py:57:33:57:35 | ControlFlowNode for arg | | test.py:65:33:65:35 | ControlFlowNode for arg | test.py:66:33:66:35 | ControlFlowNode for arg | | test.py:66:33:66:35 | ControlFlowNode for arg | test.py:61:33:61:35 | ControlFlowNode for arg | -| test.py:70:5:70:7 | SSA variable src | test.py:71:33:71:35 | ControlFlowNode for src | -| test.py:70:11:70:18 | ControlFlowNode for source() | test.py:70:5:70:7 | SSA variable src | +| test.py:70:5:70:7 | ControlFlowNode for src | test.py:71:33:71:35 | ControlFlowNode for src | +| test.py:70:11:70:18 | ControlFlowNode for source() | test.py:70:5:70:7 | ControlFlowNode for src | | test.py:71:33:71:35 | ControlFlowNode for src | test.py:65:33:65:35 | ControlFlowNode for arg | -| test.py:77:23:77:24 | ControlFlowNode for bm | test.py:78:5:78:7 | SSA variable val | -| test.py:78:5:78:7 | SSA variable val | test.py:79:10:79:12 | ControlFlowNode for val | -| test.py:83:5:83:7 | SSA variable src | test.py:84:23:84:35 | ControlFlowNode for Attribute | -| test.py:83:11:83:18 | ControlFlowNode for source() | test.py:83:5:83:7 | SSA variable src | +| test.py:77:23:77:24 | ControlFlowNode for bm | test.py:78:5:78:7 | ControlFlowNode for val | +| test.py:78:5:78:7 | ControlFlowNode for val | test.py:79:10:79:12 | ControlFlowNode for val | +| test.py:83:5:83:7 | ControlFlowNode for src | test.py:84:23:84:35 | ControlFlowNode for Attribute | +| test.py:83:11:83:18 | ControlFlowNode for source() | test.py:83:5:83:7 | ControlFlowNode for src | | test.py:84:23:84:35 | ControlFlowNode for Attribute | test.py:77:23:77:24 | ControlFlowNode for bm | -| test.py:89:37:89:38 | ControlFlowNode for bm | test.py:90:5:90:7 | SSA variable val | -| test.py:90:5:90:7 | SSA variable val | test.py:91:10:91:12 | ControlFlowNode for val | +| test.py:89:37:89:38 | ControlFlowNode for bm | test.py:90:5:90:7 | ControlFlowNode for val | +| test.py:90:5:90:7 | ControlFlowNode for val | test.py:91:10:91:12 | ControlFlowNode for val | | test.py:94:46:94:47 | ControlFlowNode for bm | test.py:95:37:95:38 | ControlFlowNode for bm | | test.py:95:37:95:38 | ControlFlowNode for bm | test.py:89:37:89:38 | ControlFlowNode for bm | | test.py:98:46:98:47 | ControlFlowNode for bm | test.py:99:46:99:47 | ControlFlowNode for bm | | test.py:99:46:99:47 | ControlFlowNode for bm | test.py:94:46:94:47 | ControlFlowNode for bm | | test.py:102:46:102:47 | ControlFlowNode for bm | test.py:103:46:103:47 | ControlFlowNode for bm | | test.py:103:46:103:47 | ControlFlowNode for bm | test.py:98:46:98:47 | ControlFlowNode for bm | -| test.py:107:5:107:7 | SSA variable src | test.py:108:46:108:58 | ControlFlowNode for Attribute | -| test.py:107:11:107:18 | ControlFlowNode for source() | test.py:107:5:107:7 | SSA variable src | +| test.py:107:5:107:7 | ControlFlowNode for src | test.py:108:46:108:58 | ControlFlowNode for Attribute | +| test.py:107:11:107:18 | ControlFlowNode for source() | test.py:107:5:107:7 | ControlFlowNode for src | | test.py:108:46:108:58 | ControlFlowNode for Attribute | test.py:102:46:102:47 | ControlFlowNode for bm | nodes -| test.py:21:5:21:7 | SSA variable src | semmle.label | SSA variable src | +| test.py:21:5:21:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | | test.py:21:11:21:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | | test.py:22:10:22:24 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:29:5:29:7 | SSA variable src | semmle.label | SSA variable src | +| test.py:29:5:29:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | | test.py:29:11:29:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:30:5:30:7 | SSA variable foo | semmle.label | SSA variable foo | -| test.py:31:5:31:16 | SSA variable bound_method | semmle.label | SSA variable bound_method | -| test.py:32:5:32:7 | SSA variable val | semmle.label | SSA variable val | +| test.py:30:5:30:7 | ControlFlowNode for foo | semmle.label | ControlFlowNode for foo | +| test.py:31:5:31:16 | ControlFlowNode for bound_method | semmle.label | ControlFlowNode for bound_method | +| test.py:32:5:32:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:33:10:33:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:39:15:39:17 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:40:5:40:7 | SSA variable val | semmle.label | SSA variable val | +| test.py:40:5:40:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:41:10:41:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:45:5:45:7 | SSA variable src | semmle.label | SSA variable src | +| test.py:45:5:45:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | | test.py:45:11:45:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | | test.py:46:15:46:17 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | | test.py:52:24:52:26 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:53:5:53:7 | SSA variable val | semmle.label | SSA variable val | +| test.py:53:5:53:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:54:10:54:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:57:33:57:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | | test.py:58:24:58:26 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | @@ -63,17 +63,17 @@ nodes | test.py:62:33:62:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | | test.py:65:33:65:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | | test.py:66:33:66:35 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:70:5:70:7 | SSA variable src | semmle.label | SSA variable src | +| test.py:70:5:70:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | | test.py:70:11:70:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | | test.py:71:33:71:35 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | | test.py:77:23:77:24 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:78:5:78:7 | SSA variable val | semmle.label | SSA variable val | +| test.py:78:5:78:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:79:10:79:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | -| test.py:83:5:83:7 | SSA variable src | semmle.label | SSA variable src | +| test.py:83:5:83:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | | test.py:83:11:83:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | | test.py:84:23:84:35 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:89:37:89:38 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:90:5:90:7 | SSA variable val | semmle.label | SSA variable val | +| test.py:90:5:90:7 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:91:10:91:12 | ControlFlowNode for val | semmle.label | ControlFlowNode for val | | test.py:94:46:94:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | | test.py:95:37:95:38 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | @@ -81,7 +81,7 @@ nodes | test.py:99:46:99:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | | test.py:102:46:102:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | | test.py:103:46:103:47 | ControlFlowNode for bm | semmle.label | ControlFlowNode for bm | -| test.py:107:5:107:7 | SSA variable src | semmle.label | SSA variable src | +| test.py:107:5:107:7 | ControlFlowNode for src | semmle.label | ControlFlowNode for src | | test.py:107:11:107:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | | test.py:108:46:108:58 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | subpaths diff --git a/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected b/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected index caa0f35dd15..0f63973da06 100644 --- a/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected +++ b/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected @@ -1,58 +1,58 @@ edges -| test.py:5:26:5:32 | ControlFlowNode for ImportMember | test.py:5:26:5:32 | GSSA Variable request | -| test.py:5:26:5:32 | GSSA Variable request | test.py:13:16:13:22 | ControlFlowNode for request | -| test.py:5:26:5:32 | GSSA Variable request | test.py:23:16:23:22 | ControlFlowNode for request | -| test.py:5:26:5:32 | GSSA Variable request | test.py:34:12:34:18 | ControlFlowNode for request | -| test.py:5:26:5:32 | GSSA Variable request | test.py:42:12:42:18 | ControlFlowNode for request | -| test.py:5:26:5:32 | GSSA Variable request | test.py:54:12:54:18 | ControlFlowNode for request | -| test.py:13:5:13:12 | SSA variable data_raw | test.py:14:5:14:8 | SSA variable data | +| test.py:5:26:5:32 | ControlFlowNode for ImportMember | test.py:5:26:5:32 | ControlFlowNode for request | +| test.py:5:26:5:32 | ControlFlowNode for request | test.py:13:16:13:22 | ControlFlowNode for request | +| test.py:5:26:5:32 | ControlFlowNode for request | test.py:23:16:23:22 | ControlFlowNode for request | +| test.py:5:26:5:32 | ControlFlowNode for request | test.py:34:12:34:18 | ControlFlowNode for request | +| test.py:5:26:5:32 | ControlFlowNode for request | test.py:42:12:42:18 | ControlFlowNode for request | +| test.py:5:26:5:32 | ControlFlowNode for request | test.py:54:12:54:18 | ControlFlowNode for request | +| test.py:13:5:13:12 | ControlFlowNode for data_raw | test.py:14:5:14:8 | ControlFlowNode for data | | test.py:13:16:13:22 | ControlFlowNode for request | test.py:13:16:13:27 | ControlFlowNode for Attribute | | test.py:13:16:13:27 | ControlFlowNode for Attribute | test.py:13:16:13:39 | ControlFlowNode for Attribute() | -| test.py:13:16:13:39 | ControlFlowNode for Attribute() | test.py:13:5:13:12 | SSA variable data_raw | -| test.py:14:5:14:8 | SSA variable data | test.py:15:36:15:39 | ControlFlowNode for data | -| test.py:23:5:23:12 | SSA variable data_raw | test.py:24:5:24:8 | SSA variable data | +| test.py:13:16:13:39 | ControlFlowNode for Attribute() | test.py:13:5:13:12 | ControlFlowNode for data_raw | +| test.py:14:5:14:8 | ControlFlowNode for data | test.py:15:36:15:39 | ControlFlowNode for data | +| test.py:23:5:23:12 | ControlFlowNode for data_raw | test.py:24:5:24:8 | ControlFlowNode for data | | test.py:23:16:23:22 | ControlFlowNode for request | test.py:23:16:23:27 | ControlFlowNode for Attribute | | test.py:23:16:23:27 | ControlFlowNode for Attribute | test.py:23:16:23:39 | ControlFlowNode for Attribute() | -| test.py:23:16:23:39 | ControlFlowNode for Attribute() | test.py:23:5:23:12 | SSA variable data_raw | -| test.py:24:5:24:8 | SSA variable data | test.py:25:44:25:47 | ControlFlowNode for data | -| test.py:34:5:34:8 | SSA variable data | test.py:35:10:35:13 | ControlFlowNode for data | -| test.py:34:5:34:8 | SSA variable data | test.py:36:13:36:16 | ControlFlowNode for data | +| test.py:23:16:23:39 | ControlFlowNode for Attribute() | test.py:23:5:23:12 | ControlFlowNode for data_raw | +| test.py:24:5:24:8 | ControlFlowNode for data | test.py:25:44:25:47 | ControlFlowNode for data | +| test.py:34:5:34:8 | ControlFlowNode for data | test.py:35:10:35:13 | ControlFlowNode for data | +| test.py:34:5:34:8 | ControlFlowNode for data | test.py:36:13:36:16 | ControlFlowNode for data | | test.py:34:12:34:18 | ControlFlowNode for request | test.py:34:12:34:23 | ControlFlowNode for Attribute | | test.py:34:12:34:23 | ControlFlowNode for Attribute | test.py:34:12:34:35 | ControlFlowNode for Attribute() | -| test.py:34:12:34:35 | ControlFlowNode for Attribute() | test.py:34:5:34:8 | SSA variable data | -| test.py:42:5:42:8 | SSA variable data | test.py:43:22:43:25 | ControlFlowNode for data | -| test.py:42:5:42:8 | SSA variable data | test.py:44:25:44:28 | ControlFlowNode for data | +| test.py:34:12:34:35 | ControlFlowNode for Attribute() | test.py:34:5:34:8 | ControlFlowNode for data | +| test.py:42:5:42:8 | ControlFlowNode for data | test.py:43:22:43:25 | ControlFlowNode for data | +| test.py:42:5:42:8 | ControlFlowNode for data | test.py:44:25:44:28 | ControlFlowNode for data | | test.py:42:12:42:18 | ControlFlowNode for request | test.py:42:12:42:23 | ControlFlowNode for Attribute | | test.py:42:12:42:23 | ControlFlowNode for Attribute | test.py:42:12:42:35 | ControlFlowNode for Attribute() | -| test.py:42:12:42:35 | ControlFlowNode for Attribute() | test.py:42:5:42:8 | SSA variable data | +| test.py:42:12:42:35 | ControlFlowNode for Attribute() | test.py:42:5:42:8 | ControlFlowNode for data | | test.py:47:17:47:19 | ControlFlowNode for arg | test.py:50:32:50:34 | ControlFlowNode for arg | -| test.py:54:5:54:8 | SSA variable data | test.py:55:17:55:20 | ControlFlowNode for data | +| test.py:54:5:54:8 | ControlFlowNode for data | test.py:55:17:55:20 | ControlFlowNode for data | | test.py:54:12:54:18 | ControlFlowNode for request | test.py:54:12:54:23 | ControlFlowNode for Attribute | | test.py:54:12:54:23 | ControlFlowNode for Attribute | test.py:54:12:54:35 | ControlFlowNode for Attribute() | -| test.py:54:12:54:35 | ControlFlowNode for Attribute() | test.py:54:5:54:8 | SSA variable data | +| test.py:54:12:54:35 | ControlFlowNode for Attribute() | test.py:54:5:54:8 | ControlFlowNode for data | | test.py:55:17:55:20 | ControlFlowNode for data | test.py:47:17:47:19 | ControlFlowNode for arg | nodes | test.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test.py:5:26:5:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| test.py:13:5:13:12 | SSA variable data_raw | semmle.label | SSA variable data_raw | +| test.py:5:26:5:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test.py:13:5:13:12 | ControlFlowNode for data_raw | semmle.label | ControlFlowNode for data_raw | | test.py:13:16:13:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:13:16:13:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:13:16:13:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:14:5:14:8 | SSA variable data | semmle.label | SSA variable data | +| test.py:14:5:14:8 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | | test.py:15:36:15:39 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | -| test.py:23:5:23:12 | SSA variable data_raw | semmle.label | SSA variable data_raw | +| test.py:23:5:23:12 | ControlFlowNode for data_raw | semmle.label | ControlFlowNode for data_raw | | test.py:23:16:23:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:23:16:23:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:23:16:23:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:24:5:24:8 | SSA variable data | semmle.label | SSA variable data | +| test.py:24:5:24:8 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | | test.py:25:44:25:47 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | -| test.py:34:5:34:8 | SSA variable data | semmle.label | SSA variable data | +| test.py:34:5:34:8 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | | test.py:34:12:34:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:34:12:34:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:34:12:34:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:35:10:35:13 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | | test.py:36:13:36:16 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | -| test.py:42:5:42:8 | SSA variable data | semmle.label | SSA variable data | +| test.py:42:5:42:8 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | | test.py:42:12:42:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:42:12:42:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:42:12:42:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | @@ -60,7 +60,7 @@ nodes | test.py:44:25:44:28 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | | test.py:47:17:47:19 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | | test.py:50:32:50:34 | ControlFlowNode for arg | semmle.label | ControlFlowNode for arg | -| test.py:54:5:54:8 | SSA variable data | semmle.label | SSA variable data | +| test.py:54:5:54:8 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | | test.py:54:12:54:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:54:12:54:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:54:12:54:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected b/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected index b8bcf46ec1e..2099e5e9d85 100644 --- a/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected @@ -1,102 +1,102 @@ edges -| flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_path_injection.py:1:26:1:32 | GSSA Variable request | -| flask_path_injection.py:1:26:1:32 | GSSA Variable request | flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | -| flask_path_injection.py:19:5:19:11 | SSA variable dirname | flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | +| flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_path_injection.py:1:26:1:32 | ControlFlowNode for request | +| flask_path_injection.py:1:26:1:32 | ControlFlowNode for request | flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | +| flask_path_injection.py:19:5:19:11 | ControlFlowNode for dirname | flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | | flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | | flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | flask_path_injection.py:19:15:19:45 | ControlFlowNode for Attribute() | -| flask_path_injection.py:19:15:19:45 | ControlFlowNode for Attribute() | flask_path_injection.py:19:5:19:11 | SSA variable dirname | -| path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:3:26:3:32 | GSSA Variable request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:12:16:12:22 | ControlFlowNode for request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:19:16:19:22 | ControlFlowNode for request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:27:16:27:22 | ControlFlowNode for request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:46:16:46:22 | ControlFlowNode for request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:63:16:63:22 | ControlFlowNode for request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:84:16:84:22 | ControlFlowNode for request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:107:16:107:22 | ControlFlowNode for request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:118:16:118:22 | ControlFlowNode for request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:129:16:129:22 | ControlFlowNode for request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:138:16:138:22 | ControlFlowNode for request | -| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:149:16:149:22 | ControlFlowNode for request | -| path_injection.py:12:5:12:12 | SSA variable filename | path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | +| flask_path_injection.py:19:15:19:45 | ControlFlowNode for Attribute() | flask_path_injection.py:19:5:19:11 | ControlFlowNode for dirname | +| path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:3:26:3:32 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:12:16:12:22 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:19:16:19:22 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:27:16:27:22 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:46:16:46:22 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:63:16:63:22 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:84:16:84:22 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:107:16:107:22 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:118:16:118:22 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:129:16:129:22 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:138:16:138:22 | ControlFlowNode for request | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:149:16:149:22 | ControlFlowNode for request | +| path_injection.py:12:5:12:12 | ControlFlowNode for filename | path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | | path_injection.py:12:16:12:22 | ControlFlowNode for request | path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | | path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | path_injection.py:12:16:12:47 | ControlFlowNode for Attribute() | -| path_injection.py:12:16:12:47 | ControlFlowNode for Attribute() | path_injection.py:12:5:12:12 | SSA variable filename | -| path_injection.py:19:5:19:12 | SSA variable filename | path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | +| path_injection.py:12:16:12:47 | ControlFlowNode for Attribute() | path_injection.py:12:5:12:12 | ControlFlowNode for filename | +| path_injection.py:19:5:19:12 | ControlFlowNode for filename | path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | | path_injection.py:19:16:19:22 | ControlFlowNode for request | path_injection.py:19:16:19:27 | ControlFlowNode for Attribute | | path_injection.py:19:16:19:27 | ControlFlowNode for Attribute | path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | -| path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | path_injection.py:19:5:19:12 | SSA variable filename | -| path_injection.py:20:5:20:9 | SSA variable npath | path_injection.py:21:14:21:18 | ControlFlowNode for npath | -| path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | path_injection.py:20:5:20:9 | SSA variable npath | +| path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | path_injection.py:19:5:19:12 | ControlFlowNode for filename | +| path_injection.py:20:5:20:9 | ControlFlowNode for npath | path_injection.py:21:14:21:18 | ControlFlowNode for npath | +| path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | path_injection.py:20:5:20:9 | ControlFlowNode for npath | | path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | -| path_injection.py:27:5:27:12 | SSA variable filename | path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | +| path_injection.py:27:5:27:12 | ControlFlowNode for filename | path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | | path_injection.py:27:16:27:22 | ControlFlowNode for request | path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | | path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | -| path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | path_injection.py:27:5:27:12 | SSA variable filename | -| path_injection.py:28:5:28:9 | SSA variable npath | path_injection.py:31:14:31:18 | ControlFlowNode for npath | -| path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | path_injection.py:28:5:28:9 | SSA variable npath | +| path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | path_injection.py:27:5:27:12 | ControlFlowNode for filename | +| path_injection.py:28:5:28:9 | ControlFlowNode for npath | path_injection.py:31:14:31:18 | ControlFlowNode for npath | +| path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | path_injection.py:28:5:28:9 | ControlFlowNode for npath | | path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | -| path_injection.py:46:5:46:12 | SSA variable filename | path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | +| path_injection.py:46:5:46:12 | ControlFlowNode for filename | path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | | path_injection.py:46:16:46:22 | ControlFlowNode for request | path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | | path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | -| path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | path_injection.py:46:5:46:12 | SSA variable filename | -| path_injection.py:47:5:47:9 | SSA variable npath | path_injection.py:48:14:48:18 | ControlFlowNode for npath | -| path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | path_injection.py:47:5:47:9 | SSA variable npath | +| path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | path_injection.py:46:5:46:12 | ControlFlowNode for filename | +| path_injection.py:47:5:47:9 | ControlFlowNode for npath | path_injection.py:48:14:48:18 | ControlFlowNode for npath | +| path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | path_injection.py:47:5:47:9 | ControlFlowNode for npath | | path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | -| path_injection.py:63:5:63:12 | SSA variable filename | path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | +| path_injection.py:63:5:63:12 | ControlFlowNode for filename | path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | | path_injection.py:63:16:63:22 | ControlFlowNode for request | path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | | path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | -| path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | path_injection.py:63:5:63:12 | SSA variable filename | -| path_injection.py:64:5:64:9 | SSA variable npath | path_injection.py:65:14:65:18 | ControlFlowNode for npath | -| path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | path_injection.py:64:5:64:9 | SSA variable npath | +| path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | path_injection.py:63:5:63:12 | ControlFlowNode for filename | +| path_injection.py:64:5:64:9 | ControlFlowNode for npath | path_injection.py:65:14:65:18 | ControlFlowNode for npath | +| path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | path_injection.py:64:5:64:9 | ControlFlowNode for npath | | path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | -| path_injection.py:84:5:84:12 | SSA variable filename | path_injection.py:85:5:85:24 | SSA variable possibly_unsafe_path | +| path_injection.py:84:5:84:12 | ControlFlowNode for filename | path_injection.py:85:5:85:24 | ControlFlowNode for possibly_unsafe_path | | path_injection.py:84:16:84:22 | ControlFlowNode for request | path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | | path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | -| path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | path_injection.py:84:5:84:12 | SSA variable filename | -| path_injection.py:85:5:85:24 | SSA variable possibly_unsafe_path | path_injection.py:86:24:86:43 | ControlFlowNode for possibly_unsafe_path | +| path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | path_injection.py:84:5:84:12 | ControlFlowNode for filename | +| path_injection.py:85:5:85:24 | ControlFlowNode for possibly_unsafe_path | path_injection.py:86:24:86:43 | ControlFlowNode for possibly_unsafe_path | | path_injection.py:86:24:86:43 | ControlFlowNode for possibly_unsafe_path | path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | -| path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | path_injection.py:93:5:93:8 | SSA variable path | -| path_injection.py:93:5:93:8 | SSA variable path | path_injection.py:94:14:94:17 | ControlFlowNode for path | -| path_injection.py:98:20:98:22 | ControlFlowNode for foo | path_injection.py:101:5:101:8 | SSA variable path | -| path_injection.py:101:5:101:8 | SSA variable path | path_injection.py:102:14:102:17 | ControlFlowNode for path | -| path_injection.py:107:5:107:12 | SSA variable filename | path_injection.py:108:5:108:8 | SSA variable path | +| path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | path_injection.py:93:5:93:8 | ControlFlowNode for path | +| path_injection.py:93:5:93:8 | ControlFlowNode for path | path_injection.py:94:14:94:17 | ControlFlowNode for path | +| path_injection.py:98:20:98:22 | ControlFlowNode for foo | path_injection.py:101:5:101:8 | ControlFlowNode for path | +| path_injection.py:101:5:101:8 | ControlFlowNode for path | path_injection.py:102:14:102:17 | ControlFlowNode for path | +| path_injection.py:107:5:107:12 | ControlFlowNode for filename | path_injection.py:108:5:108:8 | ControlFlowNode for path | | path_injection.py:107:16:107:22 | ControlFlowNode for request | path_injection.py:107:16:107:27 | ControlFlowNode for Attribute | | path_injection.py:107:16:107:27 | ControlFlowNode for Attribute | path_injection.py:107:16:107:47 | ControlFlowNode for Attribute() | -| path_injection.py:107:16:107:47 | ControlFlowNode for Attribute() | path_injection.py:107:5:107:12 | SSA variable filename | -| path_injection.py:108:5:108:8 | SSA variable path | path_injection.py:113:14:113:17 | ControlFlowNode for path | -| path_injection.py:118:5:118:12 | SSA variable filename | path_injection.py:119:5:119:8 | SSA variable path | +| path_injection.py:107:16:107:47 | ControlFlowNode for Attribute() | path_injection.py:107:5:107:12 | ControlFlowNode for filename | +| path_injection.py:108:5:108:8 | ControlFlowNode for path | path_injection.py:113:14:113:17 | ControlFlowNode for path | +| path_injection.py:118:5:118:12 | ControlFlowNode for filename | path_injection.py:119:5:119:8 | ControlFlowNode for path | | path_injection.py:118:16:118:22 | ControlFlowNode for request | path_injection.py:118:16:118:27 | ControlFlowNode for Attribute | | path_injection.py:118:16:118:27 | ControlFlowNode for Attribute | path_injection.py:118:16:118:47 | ControlFlowNode for Attribute() | -| path_injection.py:118:16:118:47 | ControlFlowNode for Attribute() | path_injection.py:118:5:118:12 | SSA variable filename | -| path_injection.py:119:5:119:8 | SSA variable path | path_injection.py:124:14:124:17 | ControlFlowNode for path | -| path_injection.py:129:5:129:12 | SSA variable filename | path_injection.py:130:5:130:8 | SSA variable path | +| path_injection.py:118:16:118:47 | ControlFlowNode for Attribute() | path_injection.py:118:5:118:12 | ControlFlowNode for filename | +| path_injection.py:119:5:119:8 | ControlFlowNode for path | path_injection.py:124:14:124:17 | ControlFlowNode for path | +| path_injection.py:129:5:129:12 | ControlFlowNode for filename | path_injection.py:130:5:130:8 | ControlFlowNode for path | | path_injection.py:129:16:129:22 | ControlFlowNode for request | path_injection.py:129:16:129:27 | ControlFlowNode for Attribute | | path_injection.py:129:16:129:27 | ControlFlowNode for Attribute | path_injection.py:129:16:129:47 | ControlFlowNode for Attribute() | -| path_injection.py:129:16:129:47 | ControlFlowNode for Attribute() | path_injection.py:129:5:129:12 | SSA variable filename | -| path_injection.py:130:5:130:8 | SSA variable path | path_injection.py:131:5:131:13 | SSA variable sanitized | -| path_injection.py:131:5:131:13 | SSA variable sanitized | path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | -| path_injection.py:138:5:138:12 | SSA variable filename | path_injection.py:139:5:139:8 | SSA variable path | +| path_injection.py:129:16:129:47 | ControlFlowNode for Attribute() | path_injection.py:129:5:129:12 | ControlFlowNode for filename | +| path_injection.py:130:5:130:8 | ControlFlowNode for path | path_injection.py:131:5:131:13 | ControlFlowNode for sanitized | +| path_injection.py:131:5:131:13 | ControlFlowNode for sanitized | path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | +| path_injection.py:138:5:138:12 | ControlFlowNode for filename | path_injection.py:139:5:139:8 | ControlFlowNode for path | | path_injection.py:138:16:138:22 | ControlFlowNode for request | path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | | path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | path_injection.py:138:16:138:47 | ControlFlowNode for Attribute() | -| path_injection.py:138:16:138:47 | ControlFlowNode for Attribute() | path_injection.py:138:5:138:12 | SSA variable filename | -| path_injection.py:139:5:139:8 | SSA variable path | path_injection.py:140:47:140:50 | ControlFlowNode for path | +| path_injection.py:138:16:138:47 | ControlFlowNode for Attribute() | path_injection.py:138:5:138:12 | ControlFlowNode for filename | +| path_injection.py:139:5:139:8 | ControlFlowNode for path | path_injection.py:140:47:140:50 | ControlFlowNode for path | | path_injection.py:140:47:140:50 | ControlFlowNode for path | path_injection.py:142:14:142:17 | ControlFlowNode for path | -| path_injection.py:149:5:149:12 | SSA variable filename | path_injection.py:151:9:151:12 | SSA variable path | +| path_injection.py:149:5:149:12 | ControlFlowNode for filename | path_injection.py:151:9:151:12 | ControlFlowNode for path | | path_injection.py:149:16:149:22 | ControlFlowNode for request | path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | | path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | path_injection.py:149:16:149:47 | ControlFlowNode for Attribute() | -| path_injection.py:149:16:149:47 | ControlFlowNode for Attribute() | path_injection.py:149:5:149:12 | SSA variable filename | -| path_injection.py:151:9:151:12 | SSA variable path | path_injection.py:152:18:152:21 | ControlFlowNode for path | -| pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | pathlib_use.py:3:26:3:32 | GSSA Variable request | -| pathlib_use.py:3:26:3:32 | GSSA Variable request | pathlib_use.py:12:16:12:22 | ControlFlowNode for request | -| pathlib_use.py:12:5:12:12 | SSA variable filename | pathlib_use.py:13:5:13:5 | SSA variable p | -| pathlib_use.py:12:5:12:12 | SSA variable filename | pathlib_use.py:16:5:16:6 | SSA variable p2 | +| path_injection.py:149:16:149:47 | ControlFlowNode for Attribute() | path_injection.py:149:5:149:12 | ControlFlowNode for filename | +| path_injection.py:151:9:151:12 | ControlFlowNode for path | path_injection.py:152:18:152:21 | ControlFlowNode for path | +| pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | pathlib_use.py:3:26:3:32 | ControlFlowNode for request | +| pathlib_use.py:3:26:3:32 | ControlFlowNode for request | pathlib_use.py:12:16:12:22 | ControlFlowNode for request | +| pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | pathlib_use.py:13:5:13:5 | ControlFlowNode for p | +| pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | pathlib_use.py:16:5:16:6 | ControlFlowNode for p2 | | pathlib_use.py:12:16:12:22 | ControlFlowNode for request | pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | | pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | pathlib_use.py:12:16:12:47 | ControlFlowNode for Attribute() | -| pathlib_use.py:12:16:12:47 | ControlFlowNode for Attribute() | pathlib_use.py:12:5:12:12 | SSA variable filename | -| pathlib_use.py:13:5:13:5 | SSA variable p | pathlib_use.py:14:5:14:5 | ControlFlowNode for p | -| pathlib_use.py:16:5:16:6 | SSA variable p2 | pathlib_use.py:17:5:17:6 | ControlFlowNode for p2 | -| test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:3:26:3:32 | GSSA Variable request | -| test.py:3:26:3:32 | GSSA Variable request | test.py:9:12:9:18 | ControlFlowNode for request | +| pathlib_use.py:12:16:12:47 | ControlFlowNode for Attribute() | pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | +| pathlib_use.py:13:5:13:5 | ControlFlowNode for p | pathlib_use.py:14:5:14:5 | ControlFlowNode for p | +| pathlib_use.py:16:5:16:6 | ControlFlowNode for p2 | pathlib_use.py:17:5:17:6 | ControlFlowNode for p2 | +| test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:3:26:3:32 | ControlFlowNode for request | +| test.py:3:26:3:32 | ControlFlowNode for request | test.py:9:12:9:18 | ControlFlowNode for request | | test.py:9:12:9:18 | ControlFlowNode for request | test.py:9:12:9:23 | ControlFlowNode for Attribute | | test.py:9:12:9:23 | ControlFlowNode for Attribute | test.py:9:12:9:39 | ControlFlowNode for Attribute() | | test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:18:9:18:16 | ControlFlowNode for source() | @@ -105,147 +105,147 @@ edges | test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:46:9:46:16 | ControlFlowNode for source() | | test.py:12:15:12:15 | ControlFlowNode for x | test.py:13:29:13:29 | ControlFlowNode for x | | test.py:13:29:13:29 | ControlFlowNode for x | test.py:13:12:13:30 | ControlFlowNode for Attribute() | -| test.py:18:5:18:5 | SSA variable x | test.py:19:10:19:10 | ControlFlowNode for x | -| test.py:18:9:18:16 | ControlFlowNode for source() | test.py:18:5:18:5 | SSA variable x | -| test.py:24:5:24:5 | SSA variable x | test.py:25:19:25:19 | ControlFlowNode for x | -| test.py:24:9:24:16 | ControlFlowNode for source() | test.py:24:5:24:5 | SSA variable x | -| test.py:25:5:25:5 | SSA variable y | test.py:26:10:26:10 | ControlFlowNode for y | -| test.py:25:9:25:20 | ControlFlowNode for normalize() | test.py:25:5:25:5 | SSA variable y | +| test.py:18:5:18:5 | ControlFlowNode for x | test.py:19:10:19:10 | ControlFlowNode for x | +| test.py:18:9:18:16 | ControlFlowNode for source() | test.py:18:5:18:5 | ControlFlowNode for x | +| test.py:24:5:24:5 | ControlFlowNode for x | test.py:25:19:25:19 | ControlFlowNode for x | +| test.py:24:9:24:16 | ControlFlowNode for source() | test.py:24:5:24:5 | ControlFlowNode for x | +| test.py:25:5:25:5 | ControlFlowNode for y | test.py:26:10:26:10 | ControlFlowNode for y | +| test.py:25:9:25:20 | ControlFlowNode for normalize() | test.py:25:5:25:5 | ControlFlowNode for y | | test.py:25:19:25:19 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x | | test.py:25:19:25:19 | ControlFlowNode for x | test.py:25:9:25:20 | ControlFlowNode for normalize() | -| test.py:31:5:31:5 | SSA variable x | test.py:33:14:33:14 | ControlFlowNode for x | -| test.py:31:9:31:16 | ControlFlowNode for source() | test.py:31:5:31:5 | SSA variable x | -| test.py:46:5:46:5 | SSA variable x | test.py:48:23:48:23 | ControlFlowNode for x | -| test.py:46:9:46:16 | ControlFlowNode for source() | test.py:46:5:46:5 | SSA variable x | -| test.py:48:9:48:9 | SSA variable y | test.py:49:14:49:14 | ControlFlowNode for y | -| test.py:48:13:48:24 | ControlFlowNode for normalize() | test.py:48:9:48:9 | SSA variable y | +| test.py:31:5:31:5 | ControlFlowNode for x | test.py:33:14:33:14 | ControlFlowNode for x | +| test.py:31:9:31:16 | ControlFlowNode for source() | test.py:31:5:31:5 | ControlFlowNode for x | +| test.py:46:5:46:5 | ControlFlowNode for x | test.py:48:23:48:23 | ControlFlowNode for x | +| test.py:46:9:46:16 | ControlFlowNode for source() | test.py:46:5:46:5 | ControlFlowNode for x | +| test.py:48:9:48:9 | ControlFlowNode for y | test.py:49:14:49:14 | ControlFlowNode for y | +| test.py:48:13:48:24 | ControlFlowNode for normalize() | test.py:48:9:48:9 | ControlFlowNode for y | | test.py:48:23:48:23 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x | | test.py:48:23:48:23 | ControlFlowNode for x | test.py:48:13:48:24 | ControlFlowNode for normalize() | nodes | flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| flask_path_injection.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| flask_path_injection.py:19:5:19:11 | SSA variable dirname | semmle.label | SSA variable dirname | +| flask_path_injection.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| flask_path_injection.py:19:5:19:11 | ControlFlowNode for dirname | semmle.label | ControlFlowNode for dirname | | flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | flask_path_injection.py:19:15:19:45 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | semmle.label | ControlFlowNode for dirname | | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| path_injection.py:3:26:3:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| path_injection.py:12:5:12:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| path_injection.py:12:5:12:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:12:16:12:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:12:16:12:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:19:5:19:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:19:5:19:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:19:16:19:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:19:16:19:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:20:5:20:9 | SSA variable npath | semmle.label | SSA variable npath | +| path_injection.py:20:5:20:9 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath | | path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | path_injection.py:21:14:21:18 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath | -| path_injection.py:27:5:27:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:27:5:27:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:27:16:27:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:28:5:28:9 | SSA variable npath | semmle.label | SSA variable npath | +| path_injection.py:28:5:28:9 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath | | path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | path_injection.py:31:14:31:18 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath | -| path_injection.py:46:5:46:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:46:5:46:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:46:16:46:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:47:5:47:9 | SSA variable npath | semmle.label | SSA variable npath | +| path_injection.py:47:5:47:9 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath | | path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | path_injection.py:48:14:48:18 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath | -| path_injection.py:63:5:63:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:63:5:63:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:63:16:63:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:64:5:64:9 | SSA variable npath | semmle.label | SSA variable npath | +| path_injection.py:64:5:64:9 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath | | path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | path_injection.py:65:14:65:18 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath | -| path_injection.py:84:5:84:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:84:5:84:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:84:16:84:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:85:5:85:24 | SSA variable possibly_unsafe_path | semmle.label | SSA variable possibly_unsafe_path | +| path_injection.py:85:5:85:24 | ControlFlowNode for possibly_unsafe_path | semmle.label | ControlFlowNode for possibly_unsafe_path | | path_injection.py:86:24:86:43 | ControlFlowNode for possibly_unsafe_path | semmle.label | ControlFlowNode for possibly_unsafe_path | | path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | semmle.label | ControlFlowNode for possibly_unsafe_path | | path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | semmle.label | ControlFlowNode for foo_id | -| path_injection.py:93:5:93:8 | SSA variable path | semmle.label | SSA variable path | +| path_injection.py:93:5:93:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | path_injection.py:94:14:94:17 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | path_injection.py:98:20:98:22 | ControlFlowNode for foo | semmle.label | ControlFlowNode for foo | -| path_injection.py:101:5:101:8 | SSA variable path | semmle.label | SSA variable path | +| path_injection.py:101:5:101:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | path_injection.py:102:14:102:17 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | -| path_injection.py:107:5:107:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:107:5:107:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:107:16:107:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:107:16:107:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:107:16:107:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:108:5:108:8 | SSA variable path | semmle.label | SSA variable path | +| path_injection.py:108:5:108:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | path_injection.py:113:14:113:17 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | -| path_injection.py:118:5:118:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:118:5:118:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:118:16:118:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:118:16:118:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:118:16:118:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:119:5:119:8 | SSA variable path | semmle.label | SSA variable path | +| path_injection.py:119:5:119:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | path_injection.py:124:14:124:17 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | -| path_injection.py:129:5:129:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:129:5:129:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:129:16:129:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:129:16:129:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:129:16:129:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:130:5:130:8 | SSA variable path | semmle.label | SSA variable path | -| path_injection.py:131:5:131:13 | SSA variable sanitized | semmle.label | SSA variable sanitized | +| path_injection.py:130:5:130:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | +| path_injection.py:131:5:131:13 | ControlFlowNode for sanitized | semmle.label | ControlFlowNode for sanitized | | path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | semmle.label | ControlFlowNode for sanitized | -| path_injection.py:138:5:138:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:138:5:138:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:138:16:138:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:138:16:138:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:139:5:139:8 | SSA variable path | semmle.label | SSA variable path | +| path_injection.py:139:5:139:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | path_injection.py:140:47:140:50 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | path_injection.py:142:14:142:17 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | -| path_injection.py:149:5:149:12 | SSA variable filename | semmle.label | SSA variable filename | +| path_injection.py:149:5:149:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | path_injection.py:149:16:149:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | path_injection.py:149:16:149:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| path_injection.py:151:9:151:12 | SSA variable path | semmle.label | SSA variable path | +| path_injection.py:151:9:151:12 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | path_injection.py:152:18:152:21 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| pathlib_use.py:3:26:3:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| pathlib_use.py:12:5:12:12 | SSA variable filename | semmle.label | SSA variable filename | +| pathlib_use.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename | | pathlib_use.py:12:16:12:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | pathlib_use.py:12:16:12:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| pathlib_use.py:13:5:13:5 | SSA variable p | semmle.label | SSA variable p | +| pathlib_use.py:13:5:13:5 | ControlFlowNode for p | semmle.label | ControlFlowNode for p | | pathlib_use.py:14:5:14:5 | ControlFlowNode for p | semmle.label | ControlFlowNode for p | -| pathlib_use.py:16:5:16:6 | SSA variable p2 | semmle.label | SSA variable p2 | +| pathlib_use.py:16:5:16:6 | ControlFlowNode for p2 | semmle.label | ControlFlowNode for p2 | | pathlib_use.py:17:5:17:6 | ControlFlowNode for p2 | semmle.label | ControlFlowNode for p2 | | test.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test.py:3:26:3:32 | GSSA Variable request | semmle.label | GSSA Variable request | +| test.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:9:12:9:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:9:12:9:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:9:12:9:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:12:15:12:15 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | | test.py:13:12:13:30 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:13:29:13:29 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | -| test.py:18:5:18:5 | SSA variable x | semmle.label | SSA variable x | +| test.py:18:5:18:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | | test.py:18:9:18:16 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | | test.py:19:10:19:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | -| test.py:24:5:24:5 | SSA variable x | semmle.label | SSA variable x | +| test.py:24:5:24:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | | test.py:24:9:24:16 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:25:5:25:5 | SSA variable y | semmle.label | SSA variable y | +| test.py:25:5:25:5 | ControlFlowNode for y | semmle.label | ControlFlowNode for y | | test.py:25:9:25:20 | ControlFlowNode for normalize() | semmle.label | ControlFlowNode for normalize() | | test.py:25:19:25:19 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | | test.py:26:10:26:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y | -| test.py:31:5:31:5 | SSA variable x | semmle.label | SSA variable x | +| test.py:31:5:31:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | | test.py:31:9:31:16 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | | test.py:33:14:33:14 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | -| test.py:46:5:46:5 | SSA variable x | semmle.label | SSA variable x | +| test.py:46:5:46:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | | test.py:46:9:46:16 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | -| test.py:48:9:48:9 | SSA variable y | semmle.label | SSA variable y | +| test.py:48:9:48:9 | ControlFlowNode for y | semmle.label | ControlFlowNode for y | | test.py:48:13:48:24 | ControlFlowNode for normalize() | semmle.label | ControlFlowNode for normalize() | | test.py:48:23:48:23 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | | test.py:49:14:49:14 | ControlFlowNode for y | semmle.label | ControlFlowNode for y | diff --git a/python/ql/test/query-tests/Security/CWE-022-TarSlip/TarSlip.expected b/python/ql/test/query-tests/Security/CWE-022-TarSlip/TarSlip.expected index 5041e7eee54..1024cd13a58 100644 --- a/python/ql/test/query-tests/Security/CWE-022-TarSlip/TarSlip.expected +++ b/python/ql/test/query-tests/Security/CWE-022-TarSlip/TarSlip.expected @@ -1,35 +1,35 @@ edges -| tarslip.py:14:1:14:3 | GSSA Variable tar | tarslip.py:15:1:15:3 | ControlFlowNode for tar | -| tarslip.py:14:7:14:39 | ControlFlowNode for Attribute() | tarslip.py:14:1:14:3 | GSSA Variable tar | -| tarslip.py:18:1:18:3 | GSSA Variable tar | tarslip.py:19:5:19:9 | GSSA Variable entry | -| tarslip.py:18:7:18:39 | ControlFlowNode for Attribute() | tarslip.py:18:1:18:3 | GSSA Variable tar | -| tarslip.py:19:5:19:9 | GSSA Variable entry | tarslip.py:20:17:20:21 | ControlFlowNode for entry | -| tarslip.py:35:1:35:3 | GSSA Variable tar | tarslip.py:36:5:36:9 | GSSA Variable entry | -| tarslip.py:35:7:35:39 | ControlFlowNode for Attribute() | tarslip.py:35:1:35:3 | GSSA Variable tar | -| tarslip.py:36:5:36:9 | GSSA Variable entry | tarslip.py:39:17:39:21 | ControlFlowNode for entry | -| tarslip.py:42:1:42:3 | GSSA Variable tar | tarslip.py:43:24:43:26 | ControlFlowNode for tar | -| tarslip.py:42:7:42:39 | ControlFlowNode for Attribute() | tarslip.py:42:1:42:3 | GSSA Variable tar | -| tarslip.py:58:1:58:3 | GSSA Variable tar | tarslip.py:59:5:59:9 | GSSA Variable entry | -| tarslip.py:58:7:58:39 | ControlFlowNode for Attribute() | tarslip.py:58:1:58:3 | GSSA Variable tar | -| tarslip.py:59:5:59:9 | GSSA Variable entry | tarslip.py:61:21:61:25 | ControlFlowNode for entry | +| tarslip.py:14:1:14:3 | ControlFlowNode for tar | tarslip.py:15:1:15:3 | ControlFlowNode for tar | +| tarslip.py:14:7:14:39 | ControlFlowNode for Attribute() | tarslip.py:14:1:14:3 | ControlFlowNode for tar | +| tarslip.py:18:1:18:3 | ControlFlowNode for tar | tarslip.py:19:5:19:9 | ControlFlowNode for entry | +| tarslip.py:18:7:18:39 | ControlFlowNode for Attribute() | tarslip.py:18:1:18:3 | ControlFlowNode for tar | +| tarslip.py:19:5:19:9 | ControlFlowNode for entry | tarslip.py:20:17:20:21 | ControlFlowNode for entry | +| tarslip.py:35:1:35:3 | ControlFlowNode for tar | tarslip.py:36:5:36:9 | ControlFlowNode for entry | +| tarslip.py:35:7:35:39 | ControlFlowNode for Attribute() | tarslip.py:35:1:35:3 | ControlFlowNode for tar | +| tarslip.py:36:5:36:9 | ControlFlowNode for entry | tarslip.py:39:17:39:21 | ControlFlowNode for entry | +| tarslip.py:42:1:42:3 | ControlFlowNode for tar | tarslip.py:43:24:43:26 | ControlFlowNode for tar | +| tarslip.py:42:7:42:39 | ControlFlowNode for Attribute() | tarslip.py:42:1:42:3 | ControlFlowNode for tar | +| tarslip.py:58:1:58:3 | ControlFlowNode for tar | tarslip.py:59:5:59:9 | ControlFlowNode for entry | +| tarslip.py:58:7:58:39 | ControlFlowNode for Attribute() | tarslip.py:58:1:58:3 | ControlFlowNode for tar | +| tarslip.py:59:5:59:9 | ControlFlowNode for entry | tarslip.py:61:21:61:25 | ControlFlowNode for entry | nodes -| tarslip.py:14:1:14:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| tarslip.py:14:1:14:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | tarslip.py:14:7:14:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | tarslip.py:15:1:15:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | -| tarslip.py:18:1:18:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| tarslip.py:18:1:18:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | tarslip.py:18:7:18:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| tarslip.py:19:5:19:9 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| tarslip.py:19:5:19:9 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | tarslip.py:20:17:20:21 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | -| tarslip.py:35:1:35:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| tarslip.py:35:1:35:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | tarslip.py:35:7:35:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| tarslip.py:36:5:36:9 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| tarslip.py:36:5:36:9 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | tarslip.py:39:17:39:21 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | -| tarslip.py:42:1:42:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| tarslip.py:42:1:42:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | tarslip.py:42:7:42:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | tarslip.py:43:24:43:26 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | -| tarslip.py:58:1:58:3 | GSSA Variable tar | semmle.label | GSSA Variable tar | +| tarslip.py:58:1:58:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | tarslip.py:58:7:58:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| tarslip.py:59:5:59:9 | GSSA Variable entry | semmle.label | GSSA Variable entry | +| tarslip.py:59:5:59:9 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | | tarslip.py:61:21:61:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry | subpaths #select diff --git a/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected b/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected index b7acd442f95..021f917ec0b 100644 --- a/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected @@ -1,22 +1,22 @@ edges -| command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:5:26:5:32 | GSSA Variable request | -| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:18:13:18:19 | ControlFlowNode for request | -| command_injection.py:18:5:18:9 | SSA variable files | command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr | -| command_injection.py:18:5:18:9 | SSA variable files | command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr | -| command_injection.py:18:5:18:9 | SSA variable files | command_injection.py:21:15:21:27 | ControlFlowNode for BinaryExpr | -| command_injection.py:18:5:18:9 | SSA variable files | command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | -| command_injection.py:18:5:18:9 | SSA variable files | command_injection.py:25:19:25:31 | ControlFlowNode for BinaryExpr | -| command_injection.py:18:5:18:9 | SSA variable files | command_injection.py:26:19:26:31 | ControlFlowNode for BinaryExpr | -| command_injection.py:18:5:18:9 | SSA variable files | command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr | -| command_injection.py:18:5:18:9 | SSA variable files | command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr | -| command_injection.py:18:5:18:9 | SSA variable files | command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | +| command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:5:26:5:32 | ControlFlowNode for request | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:18:13:18:19 | ControlFlowNode for request | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:21:15:21:27 | ControlFlowNode for BinaryExpr | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:23:20:23:32 | ControlFlowNode for BinaryExpr | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:25:19:25:31 | ControlFlowNode for BinaryExpr | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:26:19:26:31 | ControlFlowNode for BinaryExpr | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | | command_injection.py:18:13:18:19 | ControlFlowNode for request | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | -| command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | command_injection.py:18:5:18:9 | SSA variable files | +| command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | command_injection.py:18:5:18:9 | ControlFlowNode for files | nodes | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| command_injection.py:5:26:5:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| command_injection.py:18:5:18:9 | SSA variable files | semmle.label | SSA variable files | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | semmle.label | ControlFlowNode for files | | command_injection.py:18:13:18:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected index 9cb040f5a98..b968144d763 100644 --- a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected @@ -1,80 +1,80 @@ edges -| command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:5:26:5:32 | GSSA Variable request | -| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:11:13:11:19 | ControlFlowNode for request | -| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:18:13:18:19 | ControlFlowNode for request | -| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:25:11:25:17 | ControlFlowNode for request | -| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:31:13:31:19 | ControlFlowNode for request | -| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:38:15:38:21 | ControlFlowNode for request | -| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:54:15:54:21 | ControlFlowNode for request | -| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:71:12:71:18 | ControlFlowNode for request | -| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:78:12:78:18 | ControlFlowNode for request | -| command_injection.py:11:5:11:9 | SSA variable files | command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr | +| command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:5:26:5:32 | ControlFlowNode for request | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:11:13:11:19 | ControlFlowNode for request | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:18:13:18:19 | ControlFlowNode for request | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:25:11:25:17 | ControlFlowNode for request | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:31:13:31:19 | ControlFlowNode for request | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:38:15:38:21 | ControlFlowNode for request | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:54:15:54:21 | ControlFlowNode for request | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:71:12:71:18 | ControlFlowNode for request | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:78:12:78:18 | ControlFlowNode for request | +| command_injection.py:11:5:11:9 | ControlFlowNode for files | command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr | | command_injection.py:11:13:11:19 | ControlFlowNode for request | command_injection.py:11:13:11:24 | ControlFlowNode for Attribute | | command_injection.py:11:13:11:24 | ControlFlowNode for Attribute | command_injection.py:11:13:11:41 | ControlFlowNode for Attribute() | -| command_injection.py:11:13:11:41 | ControlFlowNode for Attribute() | command_injection.py:11:5:11:9 | SSA variable files | -| command_injection.py:18:5:18:9 | SSA variable files | command_injection.py:20:22:20:34 | ControlFlowNode for BinaryExpr | +| command_injection.py:11:13:11:41 | ControlFlowNode for Attribute() | command_injection.py:11:5:11:9 | ControlFlowNode for files | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:20:22:20:34 | ControlFlowNode for BinaryExpr | | command_injection.py:18:13:18:19 | ControlFlowNode for request | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | -| command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | command_injection.py:18:5:18:9 | SSA variable files | -| command_injection.py:25:5:25:7 | SSA variable cmd | command_injection.py:26:23:26:25 | ControlFlowNode for cmd | +| command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | command_injection.py:18:5:18:9 | ControlFlowNode for files | +| command_injection.py:25:5:25:7 | ControlFlowNode for cmd | command_injection.py:26:23:26:25 | ControlFlowNode for cmd | | command_injection.py:25:11:25:17 | ControlFlowNode for request | command_injection.py:25:11:25:22 | ControlFlowNode for Attribute | | command_injection.py:25:11:25:22 | ControlFlowNode for Attribute | command_injection.py:25:11:25:37 | ControlFlowNode for Attribute() | -| command_injection.py:25:11:25:37 | ControlFlowNode for Attribute() | command_injection.py:25:5:25:7 | SSA variable cmd | -| command_injection.py:31:5:31:9 | SSA variable files | command_injection.py:33:14:33:26 | ControlFlowNode for BinaryExpr | +| command_injection.py:25:11:25:37 | ControlFlowNode for Attribute() | command_injection.py:25:5:25:7 | ControlFlowNode for cmd | +| command_injection.py:31:5:31:9 | ControlFlowNode for files | command_injection.py:33:14:33:26 | ControlFlowNode for BinaryExpr | | command_injection.py:31:13:31:19 | ControlFlowNode for request | command_injection.py:31:13:31:24 | ControlFlowNode for Attribute | | command_injection.py:31:13:31:24 | ControlFlowNode for Attribute | command_injection.py:31:13:31:41 | ControlFlowNode for Attribute() | -| command_injection.py:31:13:31:41 | ControlFlowNode for Attribute() | command_injection.py:31:5:31:9 | SSA variable files | -| command_injection.py:38:5:38:11 | SSA variable command | command_injection.py:41:15:41:21 | ControlFlowNode for command | -| command_injection.py:38:5:38:11 | SSA variable command | command_injection.py:42:15:42:21 | ControlFlowNode for command | +| command_injection.py:31:13:31:41 | ControlFlowNode for Attribute() | command_injection.py:31:5:31:9 | ControlFlowNode for files | +| command_injection.py:38:5:38:11 | ControlFlowNode for command | command_injection.py:41:15:41:21 | ControlFlowNode for command | +| command_injection.py:38:5:38:11 | ControlFlowNode for command | command_injection.py:42:15:42:21 | ControlFlowNode for command | | command_injection.py:38:15:38:21 | ControlFlowNode for request | command_injection.py:38:15:38:26 | ControlFlowNode for Attribute | | command_injection.py:38:15:38:26 | ControlFlowNode for Attribute | command_injection.py:38:15:38:45 | ControlFlowNode for Attribute() | -| command_injection.py:38:15:38:45 | ControlFlowNode for Attribute() | command_injection.py:38:5:38:11 | SSA variable command | -| command_injection.py:54:5:54:11 | SSA variable command | command_injection.py:55:15:55:21 | ControlFlowNode for command | -| command_injection.py:54:5:54:11 | SSA variable command | command_injection.py:56:14:56:20 | ControlFlowNode for command | -| command_injection.py:54:5:54:11 | SSA variable command | command_injection.py:57:21:57:27 | ControlFlowNode for command | -| command_injection.py:54:5:54:11 | SSA variable command | command_injection.py:58:27:58:33 | ControlFlowNode for command | -| command_injection.py:54:5:54:11 | SSA variable command | command_injection.py:59:20:59:26 | ControlFlowNode for command | +| command_injection.py:38:15:38:45 | ControlFlowNode for Attribute() | command_injection.py:38:5:38:11 | ControlFlowNode for command | +| command_injection.py:54:5:54:11 | ControlFlowNode for command | command_injection.py:55:15:55:21 | ControlFlowNode for command | +| command_injection.py:54:5:54:11 | ControlFlowNode for command | command_injection.py:56:14:56:20 | ControlFlowNode for command | +| command_injection.py:54:5:54:11 | ControlFlowNode for command | command_injection.py:57:21:57:27 | ControlFlowNode for command | +| command_injection.py:54:5:54:11 | ControlFlowNode for command | command_injection.py:58:27:58:33 | ControlFlowNode for command | +| command_injection.py:54:5:54:11 | ControlFlowNode for command | command_injection.py:59:20:59:26 | ControlFlowNode for command | | command_injection.py:54:15:54:21 | ControlFlowNode for request | command_injection.py:54:15:54:26 | ControlFlowNode for Attribute | | command_injection.py:54:15:54:26 | ControlFlowNode for Attribute | command_injection.py:54:15:54:45 | ControlFlowNode for Attribute() | -| command_injection.py:54:15:54:45 | ControlFlowNode for Attribute() | command_injection.py:54:5:54:11 | SSA variable command | -| command_injection.py:71:5:71:8 | SSA variable path | command_injection.py:73:19:73:30 | ControlFlowNode for BinaryExpr | +| command_injection.py:54:15:54:45 | ControlFlowNode for Attribute() | command_injection.py:54:5:54:11 | ControlFlowNode for command | +| command_injection.py:71:5:71:8 | ControlFlowNode for path | command_injection.py:73:19:73:30 | ControlFlowNode for BinaryExpr | | command_injection.py:71:12:71:18 | ControlFlowNode for request | command_injection.py:71:12:71:23 | ControlFlowNode for Attribute | | command_injection.py:71:12:71:23 | ControlFlowNode for Attribute | command_injection.py:71:12:71:39 | ControlFlowNode for Attribute() | -| command_injection.py:71:12:71:39 | ControlFlowNode for Attribute() | command_injection.py:71:5:71:8 | SSA variable path | -| command_injection.py:78:5:78:8 | SSA variable path | command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | +| command_injection.py:71:12:71:39 | ControlFlowNode for Attribute() | command_injection.py:71:5:71:8 | ControlFlowNode for path | +| command_injection.py:78:5:78:8 | ControlFlowNode for path | command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | | command_injection.py:78:12:78:18 | ControlFlowNode for request | command_injection.py:78:12:78:23 | ControlFlowNode for Attribute | | command_injection.py:78:12:78:23 | ControlFlowNode for Attribute | command_injection.py:78:12:78:39 | ControlFlowNode for Attribute() | -| command_injection.py:78:12:78:39 | ControlFlowNode for Attribute() | command_injection.py:78:5:78:8 | SSA variable path | +| command_injection.py:78:12:78:39 | ControlFlowNode for Attribute() | command_injection.py:78:5:78:8 | ControlFlowNode for path | nodes | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| command_injection.py:5:26:5:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| command_injection.py:11:5:11:9 | SSA variable files | semmle.label | SSA variable files | +| command_injection.py:5:26:5:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| command_injection.py:11:5:11:9 | ControlFlowNode for files | semmle.label | ControlFlowNode for files | | command_injection.py:11:13:11:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | command_injection.py:11:13:11:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | command_injection.py:11:13:11:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| command_injection.py:18:5:18:9 | SSA variable files | semmle.label | SSA variable files | +| command_injection.py:18:5:18:9 | ControlFlowNode for files | semmle.label | ControlFlowNode for files | | command_injection.py:18:13:18:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | command_injection.py:20:22:20:34 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| command_injection.py:25:5:25:7 | SSA variable cmd | semmle.label | SSA variable cmd | +| command_injection.py:25:5:25:7 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd | | command_injection.py:25:11:25:17 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | command_injection.py:25:11:25:22 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | command_injection.py:25:11:25:37 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | command_injection.py:26:23:26:25 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd | -| command_injection.py:31:5:31:9 | SSA variable files | semmle.label | SSA variable files | +| command_injection.py:31:5:31:9 | ControlFlowNode for files | semmle.label | ControlFlowNode for files | | command_injection.py:31:13:31:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | command_injection.py:31:13:31:24 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | command_injection.py:31:13:31:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | command_injection.py:33:14:33:26 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| command_injection.py:38:5:38:11 | SSA variable command | semmle.label | SSA variable command | +| command_injection.py:38:5:38:11 | ControlFlowNode for command | semmle.label | ControlFlowNode for command | | command_injection.py:38:15:38:21 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | command_injection.py:38:15:38:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | command_injection.py:38:15:38:45 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | command_injection.py:41:15:41:21 | ControlFlowNode for command | semmle.label | ControlFlowNode for command | | command_injection.py:42:15:42:21 | ControlFlowNode for command | semmle.label | ControlFlowNode for command | -| command_injection.py:54:5:54:11 | SSA variable command | semmle.label | SSA variable command | +| command_injection.py:54:5:54:11 | ControlFlowNode for command | semmle.label | ControlFlowNode for command | | command_injection.py:54:15:54:21 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | command_injection.py:54:15:54:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | command_injection.py:54:15:54:45 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | @@ -83,12 +83,12 @@ nodes | command_injection.py:57:21:57:27 | ControlFlowNode for command | semmle.label | ControlFlowNode for command | | command_injection.py:58:27:58:33 | ControlFlowNode for command | semmle.label | ControlFlowNode for command | | command_injection.py:59:20:59:26 | ControlFlowNode for command | semmle.label | ControlFlowNode for command | -| command_injection.py:71:5:71:8 | SSA variable path | semmle.label | SSA variable path | +| command_injection.py:71:5:71:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | command_injection.py:71:12:71:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | command_injection.py:71:12:71:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | command_injection.py:71:12:71:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | command_injection.py:73:19:73:30 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| command_injection.py:78:5:78:8 | SSA variable path | semmle.label | SSA variable path | +| command_injection.py:78:5:78:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | command_injection.py:78:12:78:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | command_injection.py:78:12:78:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | command_injection.py:78:12:78:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected b/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected index 2e3ac4b17e4..a779dea257f 100644 --- a/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected +++ b/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected @@ -1,28 +1,28 @@ edges -| reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:2:26:2:32 | GSSA Variable request | -| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:9:18:9:24 | ControlFlowNode for request | -| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:21:23:21:29 | ControlFlowNode for request | -| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:27:23:27:29 | ControlFlowNode for request | -| reflected_xss.py:9:5:9:14 | SSA variable first_name | reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr | +| reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:2:26:2:32 | ControlFlowNode for request | +| reflected_xss.py:2:26:2:32 | ControlFlowNode for request | reflected_xss.py:9:18:9:24 | ControlFlowNode for request | +| reflected_xss.py:2:26:2:32 | ControlFlowNode for request | reflected_xss.py:21:23:21:29 | ControlFlowNode for request | +| reflected_xss.py:2:26:2:32 | ControlFlowNode for request | reflected_xss.py:27:23:27:29 | ControlFlowNode for request | +| reflected_xss.py:9:5:9:14 | ControlFlowNode for first_name | reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr | | reflected_xss.py:9:18:9:24 | ControlFlowNode for request | reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute | | reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute | reflected_xss.py:9:18:9:45 | ControlFlowNode for Attribute() | -| reflected_xss.py:9:18:9:45 | ControlFlowNode for Attribute() | reflected_xss.py:9:5:9:14 | SSA variable first_name | -| reflected_xss.py:21:5:21:8 | SSA variable data | reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | -| reflected_xss.py:21:23:21:29 | ControlFlowNode for request | reflected_xss.py:21:5:21:8 | SSA variable data | -| reflected_xss.py:27:5:27:8 | SSA variable data | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | -| reflected_xss.py:27:23:27:29 | ControlFlowNode for request | reflected_xss.py:27:5:27:8 | SSA variable data | +| reflected_xss.py:9:18:9:45 | ControlFlowNode for Attribute() | reflected_xss.py:9:5:9:14 | ControlFlowNode for first_name | +| reflected_xss.py:21:5:21:8 | ControlFlowNode for data | reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | +| reflected_xss.py:21:23:21:29 | ControlFlowNode for request | reflected_xss.py:21:5:21:8 | ControlFlowNode for data | +| reflected_xss.py:27:5:27:8 | ControlFlowNode for data | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | +| reflected_xss.py:27:23:27:29 | ControlFlowNode for request | reflected_xss.py:27:5:27:8 | ControlFlowNode for data | nodes | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| reflected_xss.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| reflected_xss.py:9:5:9:14 | SSA variable first_name | semmle.label | SSA variable first_name | +| reflected_xss.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| reflected_xss.py:9:5:9:14 | ControlFlowNode for first_name | semmle.label | ControlFlowNode for first_name | | reflected_xss.py:9:18:9:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | reflected_xss.py:9:18:9:45 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| reflected_xss.py:21:5:21:8 | SSA variable data | semmle.label | SSA variable data | +| reflected_xss.py:21:5:21:8 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | | reflected_xss.py:21:23:21:29 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| reflected_xss.py:27:5:27:8 | SSA variable data | semmle.label | SSA variable data | +| reflected_xss.py:27:5:27:8 | ControlFlowNode for data | semmle.label | ControlFlowNode for data | | reflected_xss.py:27:23:27:29 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | subpaths diff --git a/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected b/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected index c5bc0bab554..3461b853756 100644 --- a/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected @@ -1,110 +1,110 @@ edges -| ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:1:19:1:25 | GSSA Variable request | -| ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:1:19:1:25 | GSSA Variable request | -| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | -| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | -| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:14:21:14:27 | ControlFlowNode for request | -| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | -| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | -| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:31:21:31:27 | ControlFlowNode for request | -| ldap3_bad.py:13:5:13:13 | SSA variable unsafe_dc | ldap3_bad.py:16:5:16:6 | SSA variable dn | -| ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | ldap3_bad.py:13:5:13:13 | SSA variable unsafe_dc | -| ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | ldap3_bad.py:14:5:14:17 | SSA variable unsafe_filter | -| ldap3_bad.py:14:5:14:17 | SSA variable unsafe_filter | ldap3_bad.py:17:5:17:17 | SSA variable search_filter | -| ldap3_bad.py:14:21:14:27 | ControlFlowNode for request | ldap3_bad.py:14:5:14:17 | SSA variable unsafe_filter | -| ldap3_bad.py:16:5:16:6 | SSA variable dn | ldap3_bad.py:21:17:21:18 | ControlFlowNode for dn | -| ldap3_bad.py:17:5:17:17 | SSA variable search_filter | ldap3_bad.py:21:21:21:33 | ControlFlowNode for search_filter | -| ldap3_bad.py:30:5:30:13 | SSA variable unsafe_dc | ldap3_bad.py:33:5:33:6 | SSA variable dn | -| ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | ldap3_bad.py:30:5:30:13 | SSA variable unsafe_dc | -| ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | ldap3_bad.py:31:5:31:17 | SSA variable unsafe_filter | -| ldap3_bad.py:31:5:31:17 | SSA variable unsafe_filter | ldap3_bad.py:34:5:34:17 | SSA variable search_filter | -| ldap3_bad.py:31:21:31:27 | ControlFlowNode for request | ldap3_bad.py:31:5:31:17 | SSA variable unsafe_filter | -| ldap3_bad.py:33:5:33:6 | SSA variable dn | ldap3_bad.py:38:9:38:10 | ControlFlowNode for dn | -| ldap3_bad.py:34:5:34:17 | SSA variable search_filter | ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter | -| ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:1:19:1:25 | GSSA Variable request | -| ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:1:19:1:25 | GSSA Variable request | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:13:17:13:23 | ControlFlowNode for request | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:13:17:13:23 | ControlFlowNode for request | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:14:21:14:27 | ControlFlowNode for request | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:30:17:30:23 | ControlFlowNode for request | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:30:17:30:23 | ControlFlowNode for request | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:31:21:31:27 | ControlFlowNode for request | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:47:17:47:23 | ControlFlowNode for request | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:47:17:47:23 | ControlFlowNode for request | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:48:21:48:27 | ControlFlowNode for request | -| ldap_bad.py:13:5:13:13 | SSA variable unsafe_dc | ldap_bad.py:16:5:16:6 | SSA variable dn | -| ldap_bad.py:13:17:13:23 | ControlFlowNode for request | ldap_bad.py:13:5:13:13 | SSA variable unsafe_dc | -| ldap_bad.py:13:17:13:23 | ControlFlowNode for request | ldap_bad.py:14:5:14:17 | SSA variable unsafe_filter | -| ldap_bad.py:14:5:14:17 | SSA variable unsafe_filter | ldap_bad.py:17:5:17:17 | SSA variable search_filter | -| ldap_bad.py:14:21:14:27 | ControlFlowNode for request | ldap_bad.py:14:5:14:17 | SSA variable unsafe_filter | -| ldap_bad.py:16:5:16:6 | SSA variable dn | ldap_bad.py:21:9:21:10 | ControlFlowNode for dn | -| ldap_bad.py:17:5:17:17 | SSA variable search_filter | ldap_bad.py:21:33:21:45 | ControlFlowNode for search_filter | -| ldap_bad.py:30:5:30:13 | SSA variable unsafe_dc | ldap_bad.py:33:5:33:6 | SSA variable dn | -| ldap_bad.py:30:17:30:23 | ControlFlowNode for request | ldap_bad.py:30:5:30:13 | SSA variable unsafe_dc | -| ldap_bad.py:30:17:30:23 | ControlFlowNode for request | ldap_bad.py:31:5:31:17 | SSA variable unsafe_filter | -| ldap_bad.py:31:5:31:17 | SSA variable unsafe_filter | ldap_bad.py:34:5:34:17 | SSA variable search_filter | -| ldap_bad.py:31:21:31:27 | ControlFlowNode for request | ldap_bad.py:31:5:31:17 | SSA variable unsafe_filter | -| ldap_bad.py:33:5:33:6 | SSA variable dn | ldap_bad.py:37:9:37:10 | ControlFlowNode for dn | -| ldap_bad.py:34:5:34:17 | SSA variable search_filter | ldap_bad.py:37:33:37:45 | ControlFlowNode for search_filter | -| ldap_bad.py:47:5:47:13 | SSA variable unsafe_dc | ldap_bad.py:50:5:50:6 | SSA variable dn | -| ldap_bad.py:47:17:47:23 | ControlFlowNode for request | ldap_bad.py:47:5:47:13 | SSA variable unsafe_dc | -| ldap_bad.py:47:17:47:23 | ControlFlowNode for request | ldap_bad.py:48:5:48:17 | SSA variable unsafe_filter | -| ldap_bad.py:48:5:48:17 | SSA variable unsafe_filter | ldap_bad.py:51:5:51:17 | SSA variable search_filter | -| ldap_bad.py:48:21:48:27 | ControlFlowNode for request | ldap_bad.py:48:5:48:17 | SSA variable unsafe_filter | -| ldap_bad.py:50:5:50:6 | SSA variable dn | ldap_bad.py:55:9:55:10 | ControlFlowNode for dn | -| ldap_bad.py:51:5:51:17 | SSA variable search_filter | ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter | +| ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | +| ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | +| ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | +| ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | +| ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | ldap3_bad.py:14:21:14:27 | ControlFlowNode for request | +| ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | +| ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | +| ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | ldap3_bad.py:31:21:31:27 | ControlFlowNode for request | +| ldap3_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | ldap3_bad.py:16:5:16:6 | ControlFlowNode for dn | +| ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | ldap3_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | +| ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | ldap3_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | +| ldap3_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | ldap3_bad.py:17:5:17:17 | ControlFlowNode for search_filter | +| ldap3_bad.py:14:21:14:27 | ControlFlowNode for request | ldap3_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | +| ldap3_bad.py:16:5:16:6 | ControlFlowNode for dn | ldap3_bad.py:21:17:21:18 | ControlFlowNode for dn | +| ldap3_bad.py:17:5:17:17 | ControlFlowNode for search_filter | ldap3_bad.py:21:21:21:33 | ControlFlowNode for search_filter | +| ldap3_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | ldap3_bad.py:33:5:33:6 | ControlFlowNode for dn | +| ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | ldap3_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | +| ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | ldap3_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | +| ldap3_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | ldap3_bad.py:34:5:34:17 | ControlFlowNode for search_filter | +| ldap3_bad.py:31:21:31:27 | ControlFlowNode for request | ldap3_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | +| ldap3_bad.py:33:5:33:6 | ControlFlowNode for dn | ldap3_bad.py:38:9:38:10 | ControlFlowNode for dn | +| ldap3_bad.py:34:5:34:17 | ControlFlowNode for search_filter | ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:1:19:1:25 | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:1:19:1:25 | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:13:17:13:23 | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:13:17:13:23 | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:14:21:14:27 | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:30:17:30:23 | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:30:17:30:23 | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:31:21:31:27 | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:47:17:47:23 | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:47:17:47:23 | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:48:21:48:27 | ControlFlowNode for request | +| ldap_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | ldap_bad.py:16:5:16:6 | ControlFlowNode for dn | +| ldap_bad.py:13:17:13:23 | ControlFlowNode for request | ldap_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | +| ldap_bad.py:13:17:13:23 | ControlFlowNode for request | ldap_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | +| ldap_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | ldap_bad.py:17:5:17:17 | ControlFlowNode for search_filter | +| ldap_bad.py:14:21:14:27 | ControlFlowNode for request | ldap_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | +| ldap_bad.py:16:5:16:6 | ControlFlowNode for dn | ldap_bad.py:21:9:21:10 | ControlFlowNode for dn | +| ldap_bad.py:17:5:17:17 | ControlFlowNode for search_filter | ldap_bad.py:21:33:21:45 | ControlFlowNode for search_filter | +| ldap_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | ldap_bad.py:33:5:33:6 | ControlFlowNode for dn | +| ldap_bad.py:30:17:30:23 | ControlFlowNode for request | ldap_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | +| ldap_bad.py:30:17:30:23 | ControlFlowNode for request | ldap_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | +| ldap_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | ldap_bad.py:34:5:34:17 | ControlFlowNode for search_filter | +| ldap_bad.py:31:21:31:27 | ControlFlowNode for request | ldap_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | +| ldap_bad.py:33:5:33:6 | ControlFlowNode for dn | ldap_bad.py:37:9:37:10 | ControlFlowNode for dn | +| ldap_bad.py:34:5:34:17 | ControlFlowNode for search_filter | ldap_bad.py:37:33:37:45 | ControlFlowNode for search_filter | +| ldap_bad.py:47:5:47:13 | ControlFlowNode for unsafe_dc | ldap_bad.py:50:5:50:6 | ControlFlowNode for dn | +| ldap_bad.py:47:17:47:23 | ControlFlowNode for request | ldap_bad.py:47:5:47:13 | ControlFlowNode for unsafe_dc | +| ldap_bad.py:47:17:47:23 | ControlFlowNode for request | ldap_bad.py:48:5:48:17 | ControlFlowNode for unsafe_filter | +| ldap_bad.py:48:5:48:17 | ControlFlowNode for unsafe_filter | ldap_bad.py:51:5:51:17 | ControlFlowNode for search_filter | +| ldap_bad.py:48:21:48:27 | ControlFlowNode for request | ldap_bad.py:48:5:48:17 | ControlFlowNode for unsafe_filter | +| ldap_bad.py:50:5:50:6 | ControlFlowNode for dn | ldap_bad.py:55:9:55:10 | ControlFlowNode for dn | +| ldap_bad.py:51:5:51:17 | ControlFlowNode for search_filter | ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter | nodes | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| ldap3_bad.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| ldap3_bad.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| ldap3_bad.py:13:5:13:13 | SSA variable unsafe_dc | semmle.label | SSA variable unsafe_dc | +| ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| ldap3_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | semmle.label | ControlFlowNode for unsafe_dc | | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| ldap3_bad.py:14:5:14:17 | SSA variable unsafe_filter | semmle.label | SSA variable unsafe_filter | +| ldap3_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | semmle.label | ControlFlowNode for unsafe_filter | | ldap3_bad.py:14:21:14:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| ldap3_bad.py:16:5:16:6 | SSA variable dn | semmle.label | SSA variable dn | -| ldap3_bad.py:17:5:17:17 | SSA variable search_filter | semmle.label | SSA variable search_filter | +| ldap3_bad.py:16:5:16:6 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn | +| ldap3_bad.py:17:5:17:17 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | | ldap3_bad.py:21:17:21:18 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn | | ldap3_bad.py:21:21:21:33 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | -| ldap3_bad.py:30:5:30:13 | SSA variable unsafe_dc | semmle.label | SSA variable unsafe_dc | +| ldap3_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | semmle.label | ControlFlowNode for unsafe_dc | | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| ldap3_bad.py:31:5:31:17 | SSA variable unsafe_filter | semmle.label | SSA variable unsafe_filter | +| ldap3_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | semmle.label | ControlFlowNode for unsafe_filter | | ldap3_bad.py:31:21:31:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| ldap3_bad.py:33:5:33:6 | SSA variable dn | semmle.label | SSA variable dn | -| ldap3_bad.py:34:5:34:17 | SSA variable search_filter | semmle.label | SSA variable search_filter | +| ldap3_bad.py:33:5:33:6 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn | +| ldap3_bad.py:34:5:34:17 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | | ldap3_bad.py:38:9:38:10 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn | | ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| ldap_bad.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| ldap_bad.py:13:5:13:13 | SSA variable unsafe_dc | semmle.label | SSA variable unsafe_dc | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| ldap_bad.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| ldap_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | semmle.label | ControlFlowNode for unsafe_dc | | ldap_bad.py:13:17:13:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | ldap_bad.py:13:17:13:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| ldap_bad.py:14:5:14:17 | SSA variable unsafe_filter | semmle.label | SSA variable unsafe_filter | +| ldap_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | semmle.label | ControlFlowNode for unsafe_filter | | ldap_bad.py:14:21:14:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| ldap_bad.py:16:5:16:6 | SSA variable dn | semmle.label | SSA variable dn | -| ldap_bad.py:17:5:17:17 | SSA variable search_filter | semmle.label | SSA variable search_filter | +| ldap_bad.py:16:5:16:6 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn | +| ldap_bad.py:17:5:17:17 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | | ldap_bad.py:21:9:21:10 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn | | ldap_bad.py:21:33:21:45 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | -| ldap_bad.py:30:5:30:13 | SSA variable unsafe_dc | semmle.label | SSA variable unsafe_dc | +| ldap_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | semmle.label | ControlFlowNode for unsafe_dc | | ldap_bad.py:30:17:30:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | ldap_bad.py:30:17:30:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| ldap_bad.py:31:5:31:17 | SSA variable unsafe_filter | semmle.label | SSA variable unsafe_filter | +| ldap_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | semmle.label | ControlFlowNode for unsafe_filter | | ldap_bad.py:31:21:31:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| ldap_bad.py:33:5:33:6 | SSA variable dn | semmle.label | SSA variable dn | -| ldap_bad.py:34:5:34:17 | SSA variable search_filter | semmle.label | SSA variable search_filter | +| ldap_bad.py:33:5:33:6 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn | +| ldap_bad.py:34:5:34:17 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | | ldap_bad.py:37:9:37:10 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn | | ldap_bad.py:37:33:37:45 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | -| ldap_bad.py:47:5:47:13 | SSA variable unsafe_dc | semmle.label | SSA variable unsafe_dc | +| ldap_bad.py:47:5:47:13 | ControlFlowNode for unsafe_dc | semmle.label | ControlFlowNode for unsafe_dc | | ldap_bad.py:47:17:47:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | ldap_bad.py:47:17:47:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| ldap_bad.py:48:5:48:17 | SSA variable unsafe_filter | semmle.label | SSA variable unsafe_filter | +| ldap_bad.py:48:5:48:17 | ControlFlowNode for unsafe_filter | semmle.label | ControlFlowNode for unsafe_filter | | ldap_bad.py:48:21:48:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| ldap_bad.py:50:5:50:6 | SSA variable dn | semmle.label | SSA variable dn | -| ldap_bad.py:51:5:51:17 | SSA variable search_filter | semmle.label | SSA variable search_filter | +| ldap_bad.py:50:5:50:6 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn | +| ldap_bad.py:51:5:51:17 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | | ldap_bad.py:55:9:55:10 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn | | ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter | subpaths diff --git a/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected b/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected index bfdbc7c37f5..2de776c3b28 100644 --- a/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected @@ -1,30 +1,30 @@ edges -| code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:1:26:1:32 | GSSA Variable request | -| code_injection.py:1:26:1:32 | GSSA Variable request | code_injection.py:6:12:6:18 | ControlFlowNode for request | -| code_injection.py:1:26:1:32 | GSSA Variable request | code_injection.py:18:16:18:22 | ControlFlowNode for request | -| code_injection.py:6:5:6:8 | SSA variable code | code_injection.py:7:10:7:13 | ControlFlowNode for code | -| code_injection.py:6:5:6:8 | SSA variable code | code_injection.py:8:10:8:13 | ControlFlowNode for code | -| code_injection.py:6:5:6:8 | SSA variable code | code_injection.py:9:5:9:7 | SSA variable cmd | +| code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:1:26:1:32 | ControlFlowNode for request | +| code_injection.py:1:26:1:32 | ControlFlowNode for request | code_injection.py:6:12:6:18 | ControlFlowNode for request | +| code_injection.py:1:26:1:32 | ControlFlowNode for request | code_injection.py:18:16:18:22 | ControlFlowNode for request | +| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:7:10:7:13 | ControlFlowNode for code | +| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:8:10:8:13 | ControlFlowNode for code | +| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:9:5:9:7 | ControlFlowNode for cmd | | code_injection.py:6:12:6:18 | ControlFlowNode for request | code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | | code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | -| code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | code_injection.py:6:5:6:8 | SSA variable code | -| code_injection.py:9:5:9:7 | SSA variable cmd | code_injection.py:10:10:10:12 | ControlFlowNode for cmd | -| code_injection.py:18:5:18:12 | SSA variable obj_name | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | +| code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | code_injection.py:6:5:6:8 | ControlFlowNode for code | +| code_injection.py:9:5:9:7 | ControlFlowNode for cmd | code_injection.py:10:10:10:12 | ControlFlowNode for cmd | +| code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | | code_injection.py:18:16:18:22 | ControlFlowNode for request | code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | | code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | -| code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | code_injection.py:18:5:18:12 | SSA variable obj_name | +| code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | nodes | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| code_injection.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| code_injection.py:6:5:6:8 | SSA variable code | semmle.label | SSA variable code | +| code_injection.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| code_injection.py:6:5:6:8 | ControlFlowNode for code | semmle.label | ControlFlowNode for code | | code_injection.py:6:12:6:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | code_injection.py:7:10:7:13 | ControlFlowNode for code | semmle.label | ControlFlowNode for code | | code_injection.py:8:10:8:13 | ControlFlowNode for code | semmle.label | ControlFlowNode for code | -| code_injection.py:9:5:9:7 | SSA variable cmd | semmle.label | SSA variable cmd | +| code_injection.py:9:5:9:7 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd | | code_injection.py:10:10:10:12 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd | -| code_injection.py:18:5:18:12 | SSA variable obj_name | semmle.label | SSA variable obj_name | +| code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | semmle.label | ControlFlowNode for obj_name | | code_injection.py:18:16:18:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected b/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected index 41912469ccf..1d8c78d35b7 100644 --- a/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected @@ -1,44 +1,44 @@ edges -| LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | LogInjectionBad.py:7:19:7:25 | GSSA Variable request | -| LogInjectionBad.py:7:19:7:25 | GSSA Variable request | LogInjectionBad.py:17:12:17:18 | ControlFlowNode for request | -| LogInjectionBad.py:7:19:7:25 | GSSA Variable request | LogInjectionBad.py:23:12:23:18 | ControlFlowNode for request | -| LogInjectionBad.py:7:19:7:25 | GSSA Variable request | LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | -| LogInjectionBad.py:7:19:7:25 | GSSA Variable request | LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | -| LogInjectionBad.py:17:5:17:8 | SSA variable name | LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | +| LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for request | +| LogInjectionBad.py:7:19:7:25 | ControlFlowNode for request | LogInjectionBad.py:17:12:17:18 | ControlFlowNode for request | +| LogInjectionBad.py:7:19:7:25 | ControlFlowNode for request | LogInjectionBad.py:23:12:23:18 | ControlFlowNode for request | +| LogInjectionBad.py:7:19:7:25 | ControlFlowNode for request | LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | +| LogInjectionBad.py:7:19:7:25 | ControlFlowNode for request | LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | +| LogInjectionBad.py:17:5:17:8 | ControlFlowNode for name | LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | | LogInjectionBad.py:17:12:17:18 | ControlFlowNode for request | LogInjectionBad.py:17:12:17:23 | ControlFlowNode for Attribute | | LogInjectionBad.py:17:12:17:23 | ControlFlowNode for Attribute | LogInjectionBad.py:17:12:17:35 | ControlFlowNode for Attribute() | -| LogInjectionBad.py:17:12:17:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:17:5:17:8 | SSA variable name | -| LogInjectionBad.py:23:5:23:8 | SSA variable name | LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | +| LogInjectionBad.py:17:12:17:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:17:5:17:8 | ControlFlowNode for name | +| LogInjectionBad.py:23:5:23:8 | ControlFlowNode for name | LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | | LogInjectionBad.py:23:12:23:18 | ControlFlowNode for request | LogInjectionBad.py:23:12:23:23 | ControlFlowNode for Attribute | | LogInjectionBad.py:23:12:23:23 | ControlFlowNode for Attribute | LogInjectionBad.py:23:12:23:35 | ControlFlowNode for Attribute() | -| LogInjectionBad.py:23:12:23:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:23:5:23:8 | SSA variable name | -| LogInjectionBad.py:29:5:29:8 | SSA variable name | LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | +| LogInjectionBad.py:23:12:23:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:23:5:23:8 | ControlFlowNode for name | +| LogInjectionBad.py:29:5:29:8 | ControlFlowNode for name | LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | | LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | LogInjectionBad.py:29:12:29:23 | ControlFlowNode for Attribute | | LogInjectionBad.py:29:12:29:23 | ControlFlowNode for Attribute | LogInjectionBad.py:29:12:29:35 | ControlFlowNode for Attribute() | -| LogInjectionBad.py:29:12:29:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:29:5:29:8 | SSA variable name | -| LogInjectionBad.py:35:5:35:8 | SSA variable name | LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | +| LogInjectionBad.py:29:12:29:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:29:5:29:8 | ControlFlowNode for name | +| LogInjectionBad.py:35:5:35:8 | ControlFlowNode for name | LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | | LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | LogInjectionBad.py:35:12:35:23 | ControlFlowNode for Attribute | | LogInjectionBad.py:35:12:35:23 | ControlFlowNode for Attribute | LogInjectionBad.py:35:12:35:35 | ControlFlowNode for Attribute() | -| LogInjectionBad.py:35:12:35:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:35:5:35:8 | SSA variable name | +| LogInjectionBad.py:35:12:35:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:35:5:35:8 | ControlFlowNode for name | nodes | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| LogInjectionBad.py:7:19:7:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| LogInjectionBad.py:17:5:17:8 | SSA variable name | semmle.label | SSA variable name | +| LogInjectionBad.py:7:19:7:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| LogInjectionBad.py:17:5:17:8 | ControlFlowNode for name | semmle.label | ControlFlowNode for name | | LogInjectionBad.py:17:12:17:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | LogInjectionBad.py:17:12:17:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | LogInjectionBad.py:17:12:17:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| LogInjectionBad.py:23:5:23:8 | SSA variable name | semmle.label | SSA variable name | +| LogInjectionBad.py:23:5:23:8 | ControlFlowNode for name | semmle.label | ControlFlowNode for name | | LogInjectionBad.py:23:12:23:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | LogInjectionBad.py:23:12:23:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | LogInjectionBad.py:23:12:23:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| LogInjectionBad.py:29:5:29:8 | SSA variable name | semmle.label | SSA variable name | +| LogInjectionBad.py:29:5:29:8 | ControlFlowNode for name | semmle.label | ControlFlowNode for name | | LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | LogInjectionBad.py:29:12:29:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | LogInjectionBad.py:29:12:29:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| LogInjectionBad.py:35:5:35:8 | SSA variable name | semmle.label | SSA variable name | +| LogInjectionBad.py:35:5:35:8 | ControlFlowNode for name | semmle.label | ControlFlowNode for name | | LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | LogInjectionBad.py:35:12:35:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | LogInjectionBad.py:35:12:35:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected index 90b58f8e319..20857567c49 100644 --- a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected +++ b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected @@ -1,33 +1,33 @@ edges -| test.py:23:25:23:25 | SSA variable e | test.py:24:16:24:16 | ControlFlowNode for e | -| test.py:31:25:31:25 | SSA variable e | test.py:32:16:32:16 | ControlFlowNode for e | +| test.py:23:25:23:25 | ControlFlowNode for e | test.py:24:16:24:16 | ControlFlowNode for e | +| test.py:31:25:31:25 | ControlFlowNode for e | test.py:32:16:32:16 | ControlFlowNode for e | | test.py:32:16:32:16 | ControlFlowNode for e | test.py:32:16:32:30 | ControlFlowNode for Attribute | -| test.py:49:9:49:11 | SSA variable err | test.py:50:29:50:31 | ControlFlowNode for err | -| test.py:49:15:49:36 | ControlFlowNode for Attribute() | test.py:49:9:49:11 | SSA variable err | +| test.py:49:9:49:11 | ControlFlowNode for err | test.py:50:29:50:31 | ControlFlowNode for err | +| test.py:49:15:49:36 | ControlFlowNode for Attribute() | test.py:49:9:49:11 | ControlFlowNode for err | | test.py:50:29:50:31 | ControlFlowNode for err | test.py:50:16:50:32 | ControlFlowNode for format_error() | | test.py:50:29:50:31 | ControlFlowNode for err | test.py:52:18:52:20 | ControlFlowNode for msg | | test.py:52:18:52:20 | ControlFlowNode for msg | test.py:53:12:53:27 | ControlFlowNode for BinaryExpr | -| test.py:65:25:65:25 | SSA variable e | test.py:66:24:66:40 | ControlFlowNode for Dict | +| test.py:65:25:65:25 | ControlFlowNode for e | test.py:66:24:66:40 | ControlFlowNode for Dict | nodes | test.py:16:16:16:37 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:23:25:23:25 | SSA variable e | semmle.label | SSA variable e | +| test.py:23:25:23:25 | ControlFlowNode for e | semmle.label | ControlFlowNode for e | | test.py:24:16:24:16 | ControlFlowNode for e | semmle.label | ControlFlowNode for e | -| test.py:31:25:31:25 | SSA variable e | semmle.label | SSA variable e | +| test.py:31:25:31:25 | ControlFlowNode for e | semmle.label | ControlFlowNode for e | | test.py:32:16:32:16 | ControlFlowNode for e | semmle.label | ControlFlowNode for e | | test.py:32:16:32:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | -| test.py:49:9:49:11 | SSA variable err | semmle.label | SSA variable err | +| test.py:49:9:49:11 | ControlFlowNode for err | semmle.label | ControlFlowNode for err | | test.py:49:15:49:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:50:16:50:32 | ControlFlowNode for format_error() | semmle.label | ControlFlowNode for format_error() | | test.py:50:29:50:31 | ControlFlowNode for err | semmle.label | ControlFlowNode for err | | test.py:52:18:52:20 | ControlFlowNode for msg | semmle.label | ControlFlowNode for msg | | test.py:53:12:53:27 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| test.py:65:25:65:25 | SSA variable e | semmle.label | SSA variable e | +| test.py:65:25:65:25 | ControlFlowNode for e | semmle.label | ControlFlowNode for e | | test.py:66:24:66:40 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | subpaths | test.py:50:29:50:31 | ControlFlowNode for err | test.py:52:18:52:20 | ControlFlowNode for msg | test.py:53:12:53:27 | ControlFlowNode for BinaryExpr | test.py:50:16:50:32 | ControlFlowNode for format_error() | #select | test.py:16:16:16:37 | ControlFlowNode for Attribute() | test.py:16:16:16:37 | ControlFlowNode for Attribute() | test.py:16:16:16:37 | ControlFlowNode for Attribute() | $@ flows to this location and may be exposed to an external user. | test.py:16:16:16:37 | ControlFlowNode for Attribute() | Stack trace information | -| test.py:24:16:24:16 | ControlFlowNode for e | test.py:23:25:23:25 | SSA variable e | test.py:24:16:24:16 | ControlFlowNode for e | $@ flows to this location and may be exposed to an external user. | test.py:23:25:23:25 | SSA variable e | Stack trace information | -| test.py:32:16:32:30 | ControlFlowNode for Attribute | test.py:31:25:31:25 | SSA variable e | test.py:32:16:32:30 | ControlFlowNode for Attribute | $@ flows to this location and may be exposed to an external user. | test.py:31:25:31:25 | SSA variable e | Stack trace information | +| test.py:24:16:24:16 | ControlFlowNode for e | test.py:23:25:23:25 | ControlFlowNode for e | test.py:24:16:24:16 | ControlFlowNode for e | $@ flows to this location and may be exposed to an external user. | test.py:23:25:23:25 | ControlFlowNode for e | Stack trace information | +| test.py:32:16:32:30 | ControlFlowNode for Attribute | test.py:31:25:31:25 | ControlFlowNode for e | test.py:32:16:32:30 | ControlFlowNode for Attribute | $@ flows to this location and may be exposed to an external user. | test.py:31:25:31:25 | ControlFlowNode for e | Stack trace information | | test.py:50:16:50:32 | ControlFlowNode for format_error() | test.py:49:15:49:36 | ControlFlowNode for Attribute() | test.py:50:16:50:32 | ControlFlowNode for format_error() | $@ flows to this location and may be exposed to an external user. | test.py:49:15:49:36 | ControlFlowNode for Attribute() | Stack trace information | -| test.py:66:24:66:40 | ControlFlowNode for Dict | test.py:65:25:65:25 | SSA variable e | test.py:66:24:66:40 | ControlFlowNode for Dict | $@ flows to this location and may be exposed to an external user. | test.py:65:25:65:25 | SSA variable e | Stack trace information | +| test.py:66:24:66:40 | ControlFlowNode for Dict | test.py:65:25:65:25 | ControlFlowNode for e | test.py:66:24:66:40 | ControlFlowNode for Dict | $@ flows to this location and may be exposed to an external user. | test.py:65:25:65:25 | ControlFlowNode for e | Stack trace information | diff --git a/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected b/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected index 9379464e1c1..8f69b8c32e3 100644 --- a/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected +++ b/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected @@ -1,17 +1,17 @@ edges -| pam_test.py:4:26:4:32 | ControlFlowNode for ImportMember | pam_test.py:4:26:4:32 | GSSA Variable request | -| pam_test.py:4:26:4:32 | GSSA Variable request | pam_test.py:71:16:71:22 | ControlFlowNode for request | -| pam_test.py:71:5:71:12 | SSA variable username | pam_test.py:74:33:74:40 | ControlFlowNode for username | +| pam_test.py:4:26:4:32 | ControlFlowNode for ImportMember | pam_test.py:4:26:4:32 | ControlFlowNode for request | +| pam_test.py:4:26:4:32 | ControlFlowNode for request | pam_test.py:71:16:71:22 | ControlFlowNode for request | +| pam_test.py:71:5:71:12 | ControlFlowNode for username | pam_test.py:74:33:74:40 | ControlFlowNode for username | | pam_test.py:71:16:71:22 | ControlFlowNode for request | pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | | pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | pam_test.py:71:16:71:47 | ControlFlowNode for Attribute() | -| pam_test.py:71:16:71:47 | ControlFlowNode for Attribute() | pam_test.py:71:5:71:12 | SSA variable username | +| pam_test.py:71:16:71:47 | ControlFlowNode for Attribute() | pam_test.py:71:5:71:12 | ControlFlowNode for username | | pam_test.py:74:33:74:40 | ControlFlowNode for username | pam_test.py:74:62:74:67 | ControlFlowNode for handle | | pam_test.py:74:62:74:67 | ControlFlowNode for handle | pam_test.py:76:31:76:36 | ControlFlowNode for handle | | pam_test.py:76:31:76:36 | ControlFlowNode for handle | pam_test.py:76:14:76:40 | ControlFlowNode for pam_authenticate() | nodes | pam_test.py:4:26:4:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| pam_test.py:4:26:4:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| pam_test.py:71:5:71:12 | SSA variable username | semmle.label | SSA variable username | +| pam_test.py:4:26:4:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| pam_test.py:71:5:71:12 | ControlFlowNode for username | semmle.label | ControlFlowNode for username | | pam_test.py:71:16:71:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | pam_test.py:71:16:71:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected b/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected index 058a2faaf55..f579afece00 100644 --- a/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected +++ b/python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected @@ -1,16 +1,16 @@ edges -| test.py:19:5:19:12 | SSA variable password | test.py:20:48:20:55 | ControlFlowNode for password | -| test.py:19:5:19:12 | SSA variable password | test.py:22:58:22:65 | ControlFlowNode for password | -| test.py:19:5:19:12 | SSA variable password | test.py:23:58:23:65 | ControlFlowNode for password | -| test.py:19:5:19:12 | SSA variable password | test.py:27:40:27:47 | ControlFlowNode for password | -| test.py:19:5:19:12 | SSA variable password | test.py:30:58:30:65 | ControlFlowNode for password | -| test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:19:5:19:12 | SSA variable password | -| test.py:44:5:44:5 | SSA variable x | test.py:45:11:45:11 | ControlFlowNode for x | -| test.py:44:9:44:25 | ControlFlowNode for Attribute() | test.py:44:5:44:5 | SSA variable x | -| test.py:70:5:70:10 | SSA variable config | test.py:74:11:74:31 | ControlFlowNode for Subscript | -| test.py:72:21:72:37 | ControlFlowNode for Attribute | test.py:70:5:70:10 | SSA variable config | +| test.py:19:5:19:12 | ControlFlowNode for password | test.py:20:48:20:55 | ControlFlowNode for password | +| test.py:19:5:19:12 | ControlFlowNode for password | test.py:22:58:22:65 | ControlFlowNode for password | +| test.py:19:5:19:12 | ControlFlowNode for password | test.py:23:58:23:65 | ControlFlowNode for password | +| test.py:19:5:19:12 | ControlFlowNode for password | test.py:27:40:27:47 | ControlFlowNode for password | +| test.py:19:5:19:12 | ControlFlowNode for password | test.py:30:58:30:65 | ControlFlowNode for password | +| test.py:19:16:19:29 | ControlFlowNode for get_password() | test.py:19:5:19:12 | ControlFlowNode for password | +| test.py:44:5:44:5 | ControlFlowNode for x | test.py:45:11:45:11 | ControlFlowNode for x | +| test.py:44:9:44:25 | ControlFlowNode for Attribute() | test.py:44:5:44:5 | ControlFlowNode for x | +| test.py:70:5:70:10 | ControlFlowNode for config | test.py:74:11:74:31 | ControlFlowNode for Subscript | +| test.py:72:21:72:37 | ControlFlowNode for Attribute | test.py:70:5:70:10 | ControlFlowNode for config | nodes -| test.py:19:5:19:12 | SSA variable password | semmle.label | SSA variable password | +| test.py:19:5:19:12 | ControlFlowNode for password | semmle.label | ControlFlowNode for password | | test.py:19:16:19:29 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() | | test.py:20:48:20:55 | ControlFlowNode for password | semmle.label | ControlFlowNode for password | | test.py:22:58:22:65 | ControlFlowNode for password | semmle.label | ControlFlowNode for password | @@ -21,10 +21,10 @@ nodes | test.py:37:11:37:24 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() | | test.py:39:22:39:35 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() | | test.py:40:22:40:35 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() | -| test.py:44:5:44:5 | SSA variable x | semmle.label | SSA variable x | +| test.py:44:5:44:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | | test.py:44:9:44:25 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:45:11:45:11 | ControlFlowNode for x | semmle.label | ControlFlowNode for x | -| test.py:70:5:70:10 | SSA variable config | semmle.label | SSA variable config | +| test.py:70:5:70:10 | ControlFlowNode for config | semmle.label | ControlFlowNode for config | | test.py:72:21:72:37 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:74:11:74:31 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | subpaths diff --git a/python/ql/test/query-tests/Security/CWE-312-CleartextStorage-py3/CleartextStorage.expected b/python/ql/test/query-tests/Security/CWE-312-CleartextStorage-py3/CleartextStorage.expected index cfd969bf3df..03ff729bf7d 100644 --- a/python/ql/test/query-tests/Security/CWE-312-CleartextStorage-py3/CleartextStorage.expected +++ b/python/ql/test/query-tests/Security/CWE-312-CleartextStorage-py3/CleartextStorage.expected @@ -1,10 +1,10 @@ edges -| test.py:9:5:9:8 | SSA variable cert | test.py:12:21:12:24 | ControlFlowNode for cert | -| test.py:9:5:9:8 | SSA variable cert | test.py:13:22:13:41 | ControlFlowNode for Attribute() | -| test.py:9:5:9:8 | SSA variable cert | test.py:15:26:15:29 | ControlFlowNode for cert | -| test.py:9:12:9:21 | ControlFlowNode for get_cert() | test.py:9:5:9:8 | SSA variable cert | +| test.py:9:5:9:8 | ControlFlowNode for cert | test.py:12:21:12:24 | ControlFlowNode for cert | +| test.py:9:5:9:8 | ControlFlowNode for cert | test.py:13:22:13:41 | ControlFlowNode for Attribute() | +| test.py:9:5:9:8 | ControlFlowNode for cert | test.py:15:26:15:29 | ControlFlowNode for cert | +| test.py:9:12:9:21 | ControlFlowNode for get_cert() | test.py:9:5:9:8 | ControlFlowNode for cert | nodes -| test.py:9:5:9:8 | SSA variable cert | semmle.label | SSA variable cert | +| test.py:9:5:9:8 | ControlFlowNode for cert | semmle.label | ControlFlowNode for cert | | test.py:9:12:9:21 | ControlFlowNode for get_cert() | semmle.label | ControlFlowNode for get_cert() | | test.py:12:21:12:24 | ControlFlowNode for cert | semmle.label | ControlFlowNode for cert | | test.py:13:22:13:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected b/python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected index 08e475e7070..0afd9a578b0 100644 --- a/python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected +++ b/python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected @@ -1,23 +1,23 @@ edges -| password_in_cookie.py:7:5:7:12 | SSA variable password | password_in_cookie.py:9:33:9:40 | ControlFlowNode for password | -| password_in_cookie.py:7:16:7:43 | ControlFlowNode for Attribute() | password_in_cookie.py:7:5:7:12 | SSA variable password | -| password_in_cookie.py:14:5:14:12 | SSA variable password | password_in_cookie.py:16:33:16:40 | ControlFlowNode for password | -| password_in_cookie.py:14:16:14:43 | ControlFlowNode for Attribute() | password_in_cookie.py:14:5:14:12 | SSA variable password | -| test.py:6:5:6:8 | SSA variable cert | test.py:8:20:8:23 | ControlFlowNode for cert | -| test.py:6:5:6:8 | SSA variable cert | test.py:9:9:9:13 | SSA variable lines | -| test.py:6:12:6:21 | ControlFlowNode for get_cert() | test.py:6:5:6:8 | SSA variable cert | -| test.py:9:9:9:13 | SSA variable lines | test.py:10:25:10:29 | ControlFlowNode for lines | +| password_in_cookie.py:7:5:7:12 | ControlFlowNode for password | password_in_cookie.py:9:33:9:40 | ControlFlowNode for password | +| password_in_cookie.py:7:16:7:43 | ControlFlowNode for Attribute() | password_in_cookie.py:7:5:7:12 | ControlFlowNode for password | +| password_in_cookie.py:14:5:14:12 | ControlFlowNode for password | password_in_cookie.py:16:33:16:40 | ControlFlowNode for password | +| password_in_cookie.py:14:16:14:43 | ControlFlowNode for Attribute() | password_in_cookie.py:14:5:14:12 | ControlFlowNode for password | +| test.py:6:5:6:8 | ControlFlowNode for cert | test.py:8:20:8:23 | ControlFlowNode for cert | +| test.py:6:5:6:8 | ControlFlowNode for cert | test.py:9:9:9:13 | ControlFlowNode for lines | +| test.py:6:12:6:21 | ControlFlowNode for get_cert() | test.py:6:5:6:8 | ControlFlowNode for cert | +| test.py:9:9:9:13 | ControlFlowNode for lines | test.py:10:25:10:29 | ControlFlowNode for lines | nodes -| password_in_cookie.py:7:5:7:12 | SSA variable password | semmle.label | SSA variable password | +| password_in_cookie.py:7:5:7:12 | ControlFlowNode for password | semmle.label | ControlFlowNode for password | | password_in_cookie.py:7:16:7:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | password_in_cookie.py:9:33:9:40 | ControlFlowNode for password | semmle.label | ControlFlowNode for password | -| password_in_cookie.py:14:5:14:12 | SSA variable password | semmle.label | SSA variable password | +| password_in_cookie.py:14:5:14:12 | ControlFlowNode for password | semmle.label | ControlFlowNode for password | | password_in_cookie.py:14:16:14:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | password_in_cookie.py:16:33:16:40 | ControlFlowNode for password | semmle.label | ControlFlowNode for password | -| test.py:6:5:6:8 | SSA variable cert | semmle.label | SSA variable cert | +| test.py:6:5:6:8 | ControlFlowNode for cert | semmle.label | ControlFlowNode for cert | | test.py:6:12:6:21 | ControlFlowNode for get_cert() | semmle.label | ControlFlowNode for get_cert() | | test.py:8:20:8:23 | ControlFlowNode for cert | semmle.label | ControlFlowNode for cert | -| test.py:9:9:9:13 | SSA variable lines | semmle.label | SSA variable lines | +| test.py:9:9:9:13 | ControlFlowNode for lines | semmle.label | ControlFlowNode for lines | | test.py:10:25:10:29 | ControlFlowNode for lines | semmle.label | ControlFlowNode for lines | subpaths #select diff --git a/python/ql/test/query-tests/Security/CWE-327-WeakSensitiveDataHashing/WeakSensitiveDataHashing.expected b/python/ql/test/query-tests/Security/CWE-327-WeakSensitiveDataHashing/WeakSensitiveDataHashing.expected index 6be594dae63..dd3a65bc8fa 100644 --- a/python/ql/test/query-tests/Security/CWE-327-WeakSensitiveDataHashing/WeakSensitiveDataHashing.expected +++ b/python/ql/test/query-tests/Security/CWE-327-WeakSensitiveDataHashing/WeakSensitiveDataHashing.expected @@ -1,62 +1,62 @@ edges -| test_cryptodome.py:2:23:2:34 | ControlFlowNode for ImportMember | test_cryptodome.py:2:23:2:34 | GSSA Variable get_password | -| test_cryptodome.py:2:23:2:34 | GSSA Variable get_password | test_cryptodome.py:13:17:13:28 | ControlFlowNode for get_password | -| test_cryptodome.py:2:23:2:34 | GSSA Variable get_password | test_cryptodome.py:20:17:20:28 | ControlFlowNode for get_password | -| test_cryptodome.py:2:37:2:51 | ControlFlowNode for ImportMember | test_cryptodome.py:2:37:2:51 | GSSA Variable get_certificate | -| test_cryptodome.py:2:37:2:51 | GSSA Variable get_certificate | test_cryptodome.py:6:17:6:31 | ControlFlowNode for get_certificate | -| test_cryptodome.py:6:5:6:13 | SSA variable dangerous | test_cryptodome.py:8:19:8:27 | ControlFlowNode for dangerous | +| test_cryptodome.py:2:23:2:34 | ControlFlowNode for ImportMember | test_cryptodome.py:2:23:2:34 | ControlFlowNode for get_password | +| test_cryptodome.py:2:23:2:34 | ControlFlowNode for get_password | test_cryptodome.py:13:17:13:28 | ControlFlowNode for get_password | +| test_cryptodome.py:2:23:2:34 | ControlFlowNode for get_password | test_cryptodome.py:20:17:20:28 | ControlFlowNode for get_password | +| test_cryptodome.py:2:37:2:51 | ControlFlowNode for ImportMember | test_cryptodome.py:2:37:2:51 | ControlFlowNode for get_certificate | +| test_cryptodome.py:2:37:2:51 | ControlFlowNode for get_certificate | test_cryptodome.py:6:17:6:31 | ControlFlowNode for get_certificate | +| test_cryptodome.py:6:5:6:13 | ControlFlowNode for dangerous | test_cryptodome.py:8:19:8:27 | ControlFlowNode for dangerous | | test_cryptodome.py:6:17:6:31 | ControlFlowNode for get_certificate | test_cryptodome.py:6:17:6:33 | ControlFlowNode for get_certificate() | -| test_cryptodome.py:6:17:6:33 | ControlFlowNode for get_certificate() | test_cryptodome.py:6:5:6:13 | SSA variable dangerous | -| test_cryptodome.py:13:5:13:13 | SSA variable dangerous | test_cryptodome.py:15:19:15:27 | ControlFlowNode for dangerous | +| test_cryptodome.py:6:17:6:33 | ControlFlowNode for get_certificate() | test_cryptodome.py:6:5:6:13 | ControlFlowNode for dangerous | +| test_cryptodome.py:13:5:13:13 | ControlFlowNode for dangerous | test_cryptodome.py:15:19:15:27 | ControlFlowNode for dangerous | | test_cryptodome.py:13:17:13:28 | ControlFlowNode for get_password | test_cryptodome.py:13:17:13:30 | ControlFlowNode for get_password() | -| test_cryptodome.py:13:17:13:30 | ControlFlowNode for get_password() | test_cryptodome.py:13:5:13:13 | SSA variable dangerous | -| test_cryptodome.py:20:5:20:13 | SSA variable dangerous | test_cryptodome.py:24:19:24:27 | ControlFlowNode for dangerous | +| test_cryptodome.py:13:17:13:30 | ControlFlowNode for get_password() | test_cryptodome.py:13:5:13:13 | ControlFlowNode for dangerous | +| test_cryptodome.py:20:5:20:13 | ControlFlowNode for dangerous | test_cryptodome.py:24:19:24:27 | ControlFlowNode for dangerous | | test_cryptodome.py:20:17:20:28 | ControlFlowNode for get_password | test_cryptodome.py:20:17:20:30 | ControlFlowNode for get_password() | -| test_cryptodome.py:20:17:20:30 | ControlFlowNode for get_password() | test_cryptodome.py:20:5:20:13 | SSA variable dangerous | -| test_cryptography.py:3:23:3:34 | ControlFlowNode for ImportMember | test_cryptography.py:3:23:3:34 | GSSA Variable get_password | -| test_cryptography.py:3:23:3:34 | GSSA Variable get_password | test_cryptography.py:15:17:15:28 | ControlFlowNode for get_password | -| test_cryptography.py:3:23:3:34 | GSSA Variable get_password | test_cryptography.py:23:17:23:28 | ControlFlowNode for get_password | -| test_cryptography.py:3:37:3:51 | ControlFlowNode for ImportMember | test_cryptography.py:3:37:3:51 | GSSA Variable get_certificate | -| test_cryptography.py:3:37:3:51 | GSSA Variable get_certificate | test_cryptography.py:7:17:7:31 | ControlFlowNode for get_certificate | -| test_cryptography.py:7:5:7:13 | SSA variable dangerous | test_cryptography.py:9:19:9:27 | ControlFlowNode for dangerous | +| test_cryptodome.py:20:17:20:30 | ControlFlowNode for get_password() | test_cryptodome.py:20:5:20:13 | ControlFlowNode for dangerous | +| test_cryptography.py:3:23:3:34 | ControlFlowNode for ImportMember | test_cryptography.py:3:23:3:34 | ControlFlowNode for get_password | +| test_cryptography.py:3:23:3:34 | ControlFlowNode for get_password | test_cryptography.py:15:17:15:28 | ControlFlowNode for get_password | +| test_cryptography.py:3:23:3:34 | ControlFlowNode for get_password | test_cryptography.py:23:17:23:28 | ControlFlowNode for get_password | +| test_cryptography.py:3:37:3:51 | ControlFlowNode for ImportMember | test_cryptography.py:3:37:3:51 | ControlFlowNode for get_certificate | +| test_cryptography.py:3:37:3:51 | ControlFlowNode for get_certificate | test_cryptography.py:7:17:7:31 | ControlFlowNode for get_certificate | +| test_cryptography.py:7:5:7:13 | ControlFlowNode for dangerous | test_cryptography.py:9:19:9:27 | ControlFlowNode for dangerous | | test_cryptography.py:7:17:7:31 | ControlFlowNode for get_certificate | test_cryptography.py:7:17:7:33 | ControlFlowNode for get_certificate() | -| test_cryptography.py:7:17:7:33 | ControlFlowNode for get_certificate() | test_cryptography.py:7:5:7:13 | SSA variable dangerous | -| test_cryptography.py:15:5:15:13 | SSA variable dangerous | test_cryptography.py:17:19:17:27 | ControlFlowNode for dangerous | +| test_cryptography.py:7:17:7:33 | ControlFlowNode for get_certificate() | test_cryptography.py:7:5:7:13 | ControlFlowNode for dangerous | +| test_cryptography.py:15:5:15:13 | ControlFlowNode for dangerous | test_cryptography.py:17:19:17:27 | ControlFlowNode for dangerous | | test_cryptography.py:15:17:15:28 | ControlFlowNode for get_password | test_cryptography.py:15:17:15:30 | ControlFlowNode for get_password() | -| test_cryptography.py:15:17:15:30 | ControlFlowNode for get_password() | test_cryptography.py:15:5:15:13 | SSA variable dangerous | -| test_cryptography.py:23:5:23:13 | SSA variable dangerous | test_cryptography.py:27:19:27:27 | ControlFlowNode for dangerous | +| test_cryptography.py:15:17:15:30 | ControlFlowNode for get_password() | test_cryptography.py:15:5:15:13 | ControlFlowNode for dangerous | +| test_cryptography.py:23:5:23:13 | ControlFlowNode for dangerous | test_cryptography.py:27:19:27:27 | ControlFlowNode for dangerous | | test_cryptography.py:23:17:23:28 | ControlFlowNode for get_password | test_cryptography.py:23:17:23:30 | ControlFlowNode for get_password() | -| test_cryptography.py:23:17:23:30 | ControlFlowNode for get_password() | test_cryptography.py:23:5:23:13 | SSA variable dangerous | +| test_cryptography.py:23:17:23:30 | ControlFlowNode for get_password() | test_cryptography.py:23:5:23:13 | ControlFlowNode for dangerous | nodes | test_cryptodome.py:2:23:2:34 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_cryptodome.py:2:23:2:34 | GSSA Variable get_password | semmle.label | GSSA Variable get_password | +| test_cryptodome.py:2:23:2:34 | ControlFlowNode for get_password | semmle.label | ControlFlowNode for get_password | | test_cryptodome.py:2:37:2:51 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_cryptodome.py:2:37:2:51 | GSSA Variable get_certificate | semmle.label | GSSA Variable get_certificate | -| test_cryptodome.py:6:5:6:13 | SSA variable dangerous | semmle.label | SSA variable dangerous | +| test_cryptodome.py:2:37:2:51 | ControlFlowNode for get_certificate | semmle.label | ControlFlowNode for get_certificate | +| test_cryptodome.py:6:5:6:13 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | | test_cryptodome.py:6:17:6:31 | ControlFlowNode for get_certificate | semmle.label | ControlFlowNode for get_certificate | | test_cryptodome.py:6:17:6:33 | ControlFlowNode for get_certificate() | semmle.label | ControlFlowNode for get_certificate() | | test_cryptodome.py:8:19:8:27 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | -| test_cryptodome.py:13:5:13:13 | SSA variable dangerous | semmle.label | SSA variable dangerous | +| test_cryptodome.py:13:5:13:13 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | | test_cryptodome.py:13:17:13:28 | ControlFlowNode for get_password | semmle.label | ControlFlowNode for get_password | | test_cryptodome.py:13:17:13:30 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() | | test_cryptodome.py:15:19:15:27 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | -| test_cryptodome.py:20:5:20:13 | SSA variable dangerous | semmle.label | SSA variable dangerous | +| test_cryptodome.py:20:5:20:13 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | | test_cryptodome.py:20:17:20:28 | ControlFlowNode for get_password | semmle.label | ControlFlowNode for get_password | | test_cryptodome.py:20:17:20:30 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() | | test_cryptodome.py:24:19:24:27 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | | test_cryptography.py:3:23:3:34 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_cryptography.py:3:23:3:34 | GSSA Variable get_password | semmle.label | GSSA Variable get_password | +| test_cryptography.py:3:23:3:34 | ControlFlowNode for get_password | semmle.label | ControlFlowNode for get_password | | test_cryptography.py:3:37:3:51 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_cryptography.py:3:37:3:51 | GSSA Variable get_certificate | semmle.label | GSSA Variable get_certificate | -| test_cryptography.py:7:5:7:13 | SSA variable dangerous | semmle.label | SSA variable dangerous | +| test_cryptography.py:3:37:3:51 | ControlFlowNode for get_certificate | semmle.label | ControlFlowNode for get_certificate | +| test_cryptography.py:7:5:7:13 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | | test_cryptography.py:7:17:7:31 | ControlFlowNode for get_certificate | semmle.label | ControlFlowNode for get_certificate | | test_cryptography.py:7:17:7:33 | ControlFlowNode for get_certificate() | semmle.label | ControlFlowNode for get_certificate() | | test_cryptography.py:9:19:9:27 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | -| test_cryptography.py:15:5:15:13 | SSA variable dangerous | semmle.label | SSA variable dangerous | +| test_cryptography.py:15:5:15:13 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | | test_cryptography.py:15:17:15:28 | ControlFlowNode for get_password | semmle.label | ControlFlowNode for get_password | | test_cryptography.py:15:17:15:30 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() | | test_cryptography.py:17:19:17:27 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | -| test_cryptography.py:23:5:23:13 | SSA variable dangerous | semmle.label | SSA variable dangerous | +| test_cryptography.py:23:5:23:13 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | | test_cryptography.py:23:17:23:28 | ControlFlowNode for get_password | semmle.label | ControlFlowNode for get_password | | test_cryptography.py:23:17:23:30 | ControlFlowNode for get_password() | semmle.label | ControlFlowNode for get_password() | | test_cryptography.py:27:19:27:27 | ControlFlowNode for dangerous | semmle.label | ControlFlowNode for dangerous | diff --git a/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected b/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected index e9eabc49a24..2980b6fbb1b 100644 --- a/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected +++ b/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected @@ -1,18 +1,18 @@ edges -| unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | unsafe_deserialization.py:8:26:8:32 | GSSA Variable request | -| unsafe_deserialization.py:8:26:8:32 | GSSA Variable request | unsafe_deserialization.py:14:15:14:21 | ControlFlowNode for request | -| unsafe_deserialization.py:14:5:14:11 | SSA variable payload | unsafe_deserialization.py:15:18:15:24 | ControlFlowNode for payload | -| unsafe_deserialization.py:14:5:14:11 | SSA variable payload | unsafe_deserialization.py:16:15:16:21 | ControlFlowNode for payload | -| unsafe_deserialization.py:14:5:14:11 | SSA variable payload | unsafe_deserialization.py:18:19:18:25 | ControlFlowNode for payload | -| unsafe_deserialization.py:14:5:14:11 | SSA variable payload | unsafe_deserialization.py:21:16:21:22 | ControlFlowNode for payload | -| unsafe_deserialization.py:14:5:14:11 | SSA variable payload | unsafe_deserialization.py:24:24:24:30 | ControlFlowNode for payload | +| unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for request | +| unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for request | unsafe_deserialization.py:14:15:14:21 | ControlFlowNode for request | +| unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | unsafe_deserialization.py:15:18:15:24 | ControlFlowNode for payload | +| unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | unsafe_deserialization.py:16:15:16:21 | ControlFlowNode for payload | +| unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | unsafe_deserialization.py:18:19:18:25 | ControlFlowNode for payload | +| unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | unsafe_deserialization.py:21:16:21:22 | ControlFlowNode for payload | +| unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | unsafe_deserialization.py:24:24:24:30 | ControlFlowNode for payload | | unsafe_deserialization.py:14:15:14:21 | ControlFlowNode for request | unsafe_deserialization.py:14:15:14:26 | ControlFlowNode for Attribute | | unsafe_deserialization.py:14:15:14:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:14:15:14:41 | ControlFlowNode for Attribute() | -| unsafe_deserialization.py:14:15:14:41 | ControlFlowNode for Attribute() | unsafe_deserialization.py:14:5:14:11 | SSA variable payload | +| unsafe_deserialization.py:14:15:14:41 | ControlFlowNode for Attribute() | unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | nodes | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| unsafe_deserialization.py:8:26:8:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| unsafe_deserialization.py:14:5:14:11 | SSA variable payload | semmle.label | SSA variable payload | +| unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | semmle.label | ControlFlowNode for payload | | unsafe_deserialization.py:14:15:14:21 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | unsafe_deserialization.py:14:15:14:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | unsafe_deserialization.py:14:15:14:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected b/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected index ea47807a211..6f826b48f1b 100644 --- a/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected +++ b/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected @@ -1,108 +1,108 @@ edges -| test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:1:26:1:32 | GSSA Variable request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:7:14:7:20 | ControlFlowNode for request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:30:17:30:23 | ControlFlowNode for request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:37:17:37:23 | ControlFlowNode for request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:44:17:44:23 | ControlFlowNode for request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:60:17:60:23 | ControlFlowNode for request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:67:17:67:23 | ControlFlowNode for request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:74:17:74:23 | ControlFlowNode for request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:81:17:81:23 | ControlFlowNode for request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:90:17:90:23 | ControlFlowNode for request | -| test.py:7:5:7:10 | SSA variable target | test.py:8:21:8:26 | ControlFlowNode for target | +| test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:1:26:1:32 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:7:14:7:20 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:30:17:30:23 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:37:17:37:23 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:44:17:44:23 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:60:17:60:23 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:67:17:67:23 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:74:17:74:23 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:81:17:81:23 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:90:17:90:23 | ControlFlowNode for request | +| test.py:7:5:7:10 | ControlFlowNode for target | test.py:8:21:8:26 | ControlFlowNode for target | | test.py:7:14:7:20 | ControlFlowNode for request | test.py:7:14:7:25 | ControlFlowNode for Attribute | | test.py:7:14:7:25 | ControlFlowNode for Attribute | test.py:7:14:7:43 | ControlFlowNode for Attribute() | -| test.py:7:14:7:43 | ControlFlowNode for Attribute() | test.py:7:5:7:10 | SSA variable target | -| test.py:30:5:30:13 | SSA variable untrusted | test.py:31:5:31:8 | SSA variable safe | +| test.py:7:14:7:43 | ControlFlowNode for Attribute() | test.py:7:5:7:10 | ControlFlowNode for target | +| test.py:30:5:30:13 | ControlFlowNode for untrusted | test.py:31:5:31:8 | ControlFlowNode for safe | | test.py:30:17:30:23 | ControlFlowNode for request | test.py:30:17:30:28 | ControlFlowNode for Attribute | | test.py:30:17:30:28 | ControlFlowNode for Attribute | test.py:30:17:30:46 | ControlFlowNode for Attribute() | -| test.py:30:17:30:46 | ControlFlowNode for Attribute() | test.py:30:5:30:13 | SSA variable untrusted | -| test.py:31:5:31:8 | SSA variable safe | test.py:32:21:32:24 | ControlFlowNode for safe | -| test.py:37:5:37:13 | SSA variable untrusted | test.py:38:5:38:8 | SSA variable safe | +| test.py:30:17:30:46 | ControlFlowNode for Attribute() | test.py:30:5:30:13 | ControlFlowNode for untrusted | +| test.py:31:5:31:8 | ControlFlowNode for safe | test.py:32:21:32:24 | ControlFlowNode for safe | +| test.py:37:5:37:13 | ControlFlowNode for untrusted | test.py:38:5:38:8 | ControlFlowNode for safe | | test.py:37:17:37:23 | ControlFlowNode for request | test.py:37:17:37:28 | ControlFlowNode for Attribute | | test.py:37:17:37:28 | ControlFlowNode for Attribute | test.py:37:17:37:46 | ControlFlowNode for Attribute() | -| test.py:37:17:37:46 | ControlFlowNode for Attribute() | test.py:37:5:37:13 | SSA variable untrusted | -| test.py:38:5:38:8 | SSA variable safe | test.py:39:21:39:24 | ControlFlowNode for safe | -| test.py:44:5:44:13 | SSA variable untrusted | test.py:45:5:45:8 | SSA variable safe | +| test.py:37:17:37:46 | ControlFlowNode for Attribute() | test.py:37:5:37:13 | ControlFlowNode for untrusted | +| test.py:38:5:38:8 | ControlFlowNode for safe | test.py:39:21:39:24 | ControlFlowNode for safe | +| test.py:44:5:44:13 | ControlFlowNode for untrusted | test.py:45:5:45:8 | ControlFlowNode for safe | | test.py:44:17:44:23 | ControlFlowNode for request | test.py:44:17:44:28 | ControlFlowNode for Attribute | | test.py:44:17:44:28 | ControlFlowNode for Attribute | test.py:44:17:44:46 | ControlFlowNode for Attribute() | -| test.py:44:17:44:46 | ControlFlowNode for Attribute() | test.py:44:5:44:13 | SSA variable untrusted | -| test.py:45:5:45:8 | SSA variable safe | test.py:46:21:46:24 | ControlFlowNode for safe | -| test.py:60:5:60:13 | SSA variable untrusted | test.py:61:5:61:10 | SSA variable unsafe | +| test.py:44:17:44:46 | ControlFlowNode for Attribute() | test.py:44:5:44:13 | ControlFlowNode for untrusted | +| test.py:45:5:45:8 | ControlFlowNode for safe | test.py:46:21:46:24 | ControlFlowNode for safe | +| test.py:60:5:60:13 | ControlFlowNode for untrusted | test.py:61:5:61:10 | ControlFlowNode for unsafe | | test.py:60:17:60:23 | ControlFlowNode for request | test.py:60:17:60:28 | ControlFlowNode for Attribute | | test.py:60:17:60:28 | ControlFlowNode for Attribute | test.py:60:17:60:46 | ControlFlowNode for Attribute() | -| test.py:60:17:60:46 | ControlFlowNode for Attribute() | test.py:60:5:60:13 | SSA variable untrusted | -| test.py:61:5:61:10 | SSA variable unsafe | test.py:62:21:62:26 | ControlFlowNode for unsafe | -| test.py:67:5:67:13 | SSA variable untrusted | test.py:68:5:68:10 | SSA variable unsafe | +| test.py:60:17:60:46 | ControlFlowNode for Attribute() | test.py:60:5:60:13 | ControlFlowNode for untrusted | +| test.py:61:5:61:10 | ControlFlowNode for unsafe | test.py:62:21:62:26 | ControlFlowNode for unsafe | +| test.py:67:5:67:13 | ControlFlowNode for untrusted | test.py:68:5:68:10 | ControlFlowNode for unsafe | | test.py:67:17:67:23 | ControlFlowNode for request | test.py:67:17:67:28 | ControlFlowNode for Attribute | | test.py:67:17:67:28 | ControlFlowNode for Attribute | test.py:67:17:67:46 | ControlFlowNode for Attribute() | -| test.py:67:17:67:46 | ControlFlowNode for Attribute() | test.py:67:5:67:13 | SSA variable untrusted | -| test.py:68:5:68:10 | SSA variable unsafe | test.py:69:21:69:26 | ControlFlowNode for unsafe | -| test.py:74:5:74:13 | SSA variable untrusted | test.py:75:5:75:10 | SSA variable unsafe | +| test.py:67:17:67:46 | ControlFlowNode for Attribute() | test.py:67:5:67:13 | ControlFlowNode for untrusted | +| test.py:68:5:68:10 | ControlFlowNode for unsafe | test.py:69:21:69:26 | ControlFlowNode for unsafe | +| test.py:74:5:74:13 | ControlFlowNode for untrusted | test.py:75:5:75:10 | ControlFlowNode for unsafe | | test.py:74:17:74:23 | ControlFlowNode for request | test.py:74:17:74:28 | ControlFlowNode for Attribute | | test.py:74:17:74:28 | ControlFlowNode for Attribute | test.py:74:17:74:46 | ControlFlowNode for Attribute() | -| test.py:74:17:74:46 | ControlFlowNode for Attribute() | test.py:74:5:74:13 | SSA variable untrusted | -| test.py:75:5:75:10 | SSA variable unsafe | test.py:76:21:76:26 | ControlFlowNode for unsafe | -| test.py:81:5:81:13 | SSA variable untrusted | test.py:82:5:82:10 | SSA variable unsafe | +| test.py:74:17:74:46 | ControlFlowNode for Attribute() | test.py:74:5:74:13 | ControlFlowNode for untrusted | +| test.py:75:5:75:10 | ControlFlowNode for unsafe | test.py:76:21:76:26 | ControlFlowNode for unsafe | +| test.py:81:5:81:13 | ControlFlowNode for untrusted | test.py:82:5:82:10 | ControlFlowNode for unsafe | | test.py:81:17:81:23 | ControlFlowNode for request | test.py:81:17:81:28 | ControlFlowNode for Attribute | | test.py:81:17:81:28 | ControlFlowNode for Attribute | test.py:81:17:81:46 | ControlFlowNode for Attribute() | -| test.py:81:17:81:46 | ControlFlowNode for Attribute() | test.py:81:5:81:13 | SSA variable untrusted | -| test.py:82:5:82:10 | SSA variable unsafe | test.py:83:21:83:26 | ControlFlowNode for unsafe | -| test.py:90:5:90:13 | SSA variable untrusted | test.py:93:18:93:26 | ControlFlowNode for untrusted | +| test.py:81:17:81:46 | ControlFlowNode for Attribute() | test.py:81:5:81:13 | ControlFlowNode for untrusted | +| test.py:82:5:82:10 | ControlFlowNode for unsafe | test.py:83:21:83:26 | ControlFlowNode for unsafe | +| test.py:90:5:90:13 | ControlFlowNode for untrusted | test.py:93:18:93:26 | ControlFlowNode for untrusted | | test.py:90:17:90:23 | ControlFlowNode for request | test.py:90:17:90:28 | ControlFlowNode for Attribute | | test.py:90:17:90:28 | ControlFlowNode for Attribute | test.py:90:17:90:46 | ControlFlowNode for Attribute() | -| test.py:90:17:90:46 | ControlFlowNode for Attribute() | test.py:90:5:90:13 | SSA variable untrusted | +| test.py:90:17:90:46 | ControlFlowNode for Attribute() | test.py:90:5:90:13 | ControlFlowNode for untrusted | nodes | test.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| test.py:7:5:7:10 | SSA variable target | semmle.label | SSA variable target | +| test.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test.py:7:5:7:10 | ControlFlowNode for target | semmle.label | ControlFlowNode for target | | test.py:7:14:7:20 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:7:14:7:25 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:7:14:7:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | test.py:8:21:8:26 | ControlFlowNode for target | semmle.label | ControlFlowNode for target | -| test.py:30:5:30:13 | SSA variable untrusted | semmle.label | SSA variable untrusted | +| test.py:30:5:30:13 | ControlFlowNode for untrusted | semmle.label | ControlFlowNode for untrusted | | test.py:30:17:30:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:30:17:30:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:30:17:30:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:31:5:31:8 | SSA variable safe | semmle.label | SSA variable safe | +| test.py:31:5:31:8 | ControlFlowNode for safe | semmle.label | ControlFlowNode for safe | | test.py:32:21:32:24 | ControlFlowNode for safe | semmle.label | ControlFlowNode for safe | -| test.py:37:5:37:13 | SSA variable untrusted | semmle.label | SSA variable untrusted | +| test.py:37:5:37:13 | ControlFlowNode for untrusted | semmle.label | ControlFlowNode for untrusted | | test.py:37:17:37:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:37:17:37:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:37:17:37:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:38:5:38:8 | SSA variable safe | semmle.label | SSA variable safe | +| test.py:38:5:38:8 | ControlFlowNode for safe | semmle.label | ControlFlowNode for safe | | test.py:39:21:39:24 | ControlFlowNode for safe | semmle.label | ControlFlowNode for safe | -| test.py:44:5:44:13 | SSA variable untrusted | semmle.label | SSA variable untrusted | +| test.py:44:5:44:13 | ControlFlowNode for untrusted | semmle.label | ControlFlowNode for untrusted | | test.py:44:17:44:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:44:17:44:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:44:17:44:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:45:5:45:8 | SSA variable safe | semmle.label | SSA variable safe | +| test.py:45:5:45:8 | ControlFlowNode for safe | semmle.label | ControlFlowNode for safe | | test.py:46:21:46:24 | ControlFlowNode for safe | semmle.label | ControlFlowNode for safe | -| test.py:60:5:60:13 | SSA variable untrusted | semmle.label | SSA variable untrusted | +| test.py:60:5:60:13 | ControlFlowNode for untrusted | semmle.label | ControlFlowNode for untrusted | | test.py:60:17:60:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:60:17:60:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:60:17:60:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:61:5:61:10 | SSA variable unsafe | semmle.label | SSA variable unsafe | +| test.py:61:5:61:10 | ControlFlowNode for unsafe | semmle.label | ControlFlowNode for unsafe | | test.py:62:21:62:26 | ControlFlowNode for unsafe | semmle.label | ControlFlowNode for unsafe | -| test.py:67:5:67:13 | SSA variable untrusted | semmle.label | SSA variable untrusted | +| test.py:67:5:67:13 | ControlFlowNode for untrusted | semmle.label | ControlFlowNode for untrusted | | test.py:67:17:67:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:67:17:67:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:67:17:67:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:68:5:68:10 | SSA variable unsafe | semmle.label | SSA variable unsafe | +| test.py:68:5:68:10 | ControlFlowNode for unsafe | semmle.label | ControlFlowNode for unsafe | | test.py:69:21:69:26 | ControlFlowNode for unsafe | semmle.label | ControlFlowNode for unsafe | -| test.py:74:5:74:13 | SSA variable untrusted | semmle.label | SSA variable untrusted | +| test.py:74:5:74:13 | ControlFlowNode for untrusted | semmle.label | ControlFlowNode for untrusted | | test.py:74:17:74:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:74:17:74:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:74:17:74:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:75:5:75:10 | SSA variable unsafe | semmle.label | SSA variable unsafe | +| test.py:75:5:75:10 | ControlFlowNode for unsafe | semmle.label | ControlFlowNode for unsafe | | test.py:76:21:76:26 | ControlFlowNode for unsafe | semmle.label | ControlFlowNode for unsafe | -| test.py:81:5:81:13 | SSA variable untrusted | semmle.label | SSA variable untrusted | +| test.py:81:5:81:13 | ControlFlowNode for untrusted | semmle.label | ControlFlowNode for untrusted | | test.py:81:17:81:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:81:17:81:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:81:17:81:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | -| test.py:82:5:82:10 | SSA variable unsafe | semmle.label | SSA variable unsafe | +| test.py:82:5:82:10 | ControlFlowNode for unsafe | semmle.label | ControlFlowNode for unsafe | | test.py:83:21:83:26 | ControlFlowNode for unsafe | semmle.label | ControlFlowNode for unsafe | -| test.py:90:5:90:13 | SSA variable untrusted | semmle.label | SSA variable untrusted | +| test.py:90:5:90:13 | ControlFlowNode for untrusted | semmle.label | ControlFlowNode for untrusted | | test.py:90:17:90:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:90:17:90:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:90:17:90:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected b/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected index 44d12bc20ba..6d1b03c5c37 100644 --- a/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected +++ b/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected @@ -1,18 +1,18 @@ edges -| test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:1:26:1:32 | GSSA Variable request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:9:19:9:25 | ControlFlowNode for request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:20:19:20:25 | ControlFlowNode for request | -| test.py:9:5:9:15 | SSA variable xml_content | test.py:10:34:10:44 | ControlFlowNode for xml_content | -| test.py:9:19:9:25 | ControlFlowNode for request | test.py:9:5:9:15 | SSA variable xml_content | -| test.py:20:5:20:15 | SSA variable xml_content | test.py:31:34:31:44 | ControlFlowNode for xml_content | -| test.py:20:19:20:25 | ControlFlowNode for request | test.py:20:5:20:15 | SSA variable xml_content | +| test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:1:26:1:32 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:9:19:9:25 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:20:19:20:25 | ControlFlowNode for request | +| test.py:9:5:9:15 | ControlFlowNode for xml_content | test.py:10:34:10:44 | ControlFlowNode for xml_content | +| test.py:9:19:9:25 | ControlFlowNode for request | test.py:9:5:9:15 | ControlFlowNode for xml_content | +| test.py:20:5:20:15 | ControlFlowNode for xml_content | test.py:31:34:31:44 | ControlFlowNode for xml_content | +| test.py:20:19:20:25 | ControlFlowNode for request | test.py:20:5:20:15 | ControlFlowNode for xml_content | nodes | test.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| test.py:9:5:9:15 | SSA variable xml_content | semmle.label | SSA variable xml_content | +| test.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test.py:9:5:9:15 | ControlFlowNode for xml_content | semmle.label | ControlFlowNode for xml_content | | test.py:9:19:9:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:10:34:10:44 | ControlFlowNode for xml_content | semmle.label | ControlFlowNode for xml_content | -| test.py:20:5:20:15 | SSA variable xml_content | semmle.label | SSA variable xml_content | +| test.py:20:5:20:15 | ControlFlowNode for xml_content | semmle.label | ControlFlowNode for xml_content | | test.py:20:19:20:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:31:34:31:44 | ControlFlowNode for xml_content | semmle.label | ControlFlowNode for xml_content | subpaths diff --git a/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected b/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected index d359052c87d..0e8e826b7a7 100644 --- a/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected @@ -1,59 +1,59 @@ edges -| xpathBad.py:9:7:9:13 | ControlFlowNode for request | xpathBad.py:10:5:10:9 | SSA variable value | -| xpathBad.py:10:5:10:9 | SSA variable value | xpathBad.py:13:20:13:43 | ControlFlowNode for BinaryExpr | -| xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:2:26:2:32 | GSSA Variable request | -| xpathFlow.py:2:26:2:32 | GSSA Variable request | xpathFlow.py:11:18:11:24 | ControlFlowNode for request | -| xpathFlow.py:2:26:2:32 | GSSA Variable request | xpathFlow.py:20:18:20:24 | ControlFlowNode for request | -| xpathFlow.py:2:26:2:32 | GSSA Variable request | xpathFlow.py:30:18:30:24 | ControlFlowNode for request | -| xpathFlow.py:2:26:2:32 | GSSA Variable request | xpathFlow.py:39:18:39:24 | ControlFlowNode for request | -| xpathFlow.py:2:26:2:32 | GSSA Variable request | xpathFlow.py:47:18:47:24 | ControlFlowNode for request | -| xpathFlow.py:11:5:11:14 | SSA variable xpathQuery | xpathFlow.py:14:20:14:29 | ControlFlowNode for xpathQuery | +| xpathBad.py:9:7:9:13 | ControlFlowNode for request | xpathBad.py:10:5:10:9 | ControlFlowNode for value | +| xpathBad.py:10:5:10:9 | ControlFlowNode for value | xpathBad.py:13:20:13:43 | ControlFlowNode for BinaryExpr | +| xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:2:26:2:32 | ControlFlowNode for request | +| xpathFlow.py:2:26:2:32 | ControlFlowNode for request | xpathFlow.py:11:18:11:24 | ControlFlowNode for request | +| xpathFlow.py:2:26:2:32 | ControlFlowNode for request | xpathFlow.py:20:18:20:24 | ControlFlowNode for request | +| xpathFlow.py:2:26:2:32 | ControlFlowNode for request | xpathFlow.py:30:18:30:24 | ControlFlowNode for request | +| xpathFlow.py:2:26:2:32 | ControlFlowNode for request | xpathFlow.py:39:18:39:24 | ControlFlowNode for request | +| xpathFlow.py:2:26:2:32 | ControlFlowNode for request | xpathFlow.py:47:18:47:24 | ControlFlowNode for request | +| xpathFlow.py:11:5:11:14 | ControlFlowNode for xpathQuery | xpathFlow.py:14:20:14:29 | ControlFlowNode for xpathQuery | | xpathFlow.py:11:18:11:24 | ControlFlowNode for request | xpathFlow.py:11:18:11:29 | ControlFlowNode for Attribute | | xpathFlow.py:11:18:11:29 | ControlFlowNode for Attribute | xpathFlow.py:11:18:11:44 | ControlFlowNode for Attribute() | -| xpathFlow.py:11:18:11:44 | ControlFlowNode for Attribute() | xpathFlow.py:11:5:11:14 | SSA variable xpathQuery | -| xpathFlow.py:20:5:20:14 | SSA variable xpathQuery | xpathFlow.py:23:29:23:38 | ControlFlowNode for xpathQuery | +| xpathFlow.py:11:18:11:44 | ControlFlowNode for Attribute() | xpathFlow.py:11:5:11:14 | ControlFlowNode for xpathQuery | +| xpathFlow.py:20:5:20:14 | ControlFlowNode for xpathQuery | xpathFlow.py:23:29:23:38 | ControlFlowNode for xpathQuery | | xpathFlow.py:20:18:20:24 | ControlFlowNode for request | xpathFlow.py:20:18:20:29 | ControlFlowNode for Attribute | | xpathFlow.py:20:18:20:29 | ControlFlowNode for Attribute | xpathFlow.py:20:18:20:44 | ControlFlowNode for Attribute() | -| xpathFlow.py:20:18:20:44 | ControlFlowNode for Attribute() | xpathFlow.py:20:5:20:14 | SSA variable xpathQuery | -| xpathFlow.py:30:5:30:14 | SSA variable xpathQuery | xpathFlow.py:32:29:32:38 | ControlFlowNode for xpathQuery | +| xpathFlow.py:20:18:20:44 | ControlFlowNode for Attribute() | xpathFlow.py:20:5:20:14 | ControlFlowNode for xpathQuery | +| xpathFlow.py:30:5:30:14 | ControlFlowNode for xpathQuery | xpathFlow.py:32:29:32:38 | ControlFlowNode for xpathQuery | | xpathFlow.py:30:18:30:24 | ControlFlowNode for request | xpathFlow.py:30:18:30:29 | ControlFlowNode for Attribute | | xpathFlow.py:30:18:30:29 | ControlFlowNode for Attribute | xpathFlow.py:30:18:30:44 | ControlFlowNode for Attribute() | -| xpathFlow.py:30:18:30:44 | ControlFlowNode for Attribute() | xpathFlow.py:30:5:30:14 | SSA variable xpathQuery | -| xpathFlow.py:39:5:39:14 | SSA variable xpathQuery | xpathFlow.py:41:31:41:40 | ControlFlowNode for xpathQuery | +| xpathFlow.py:30:18:30:44 | ControlFlowNode for Attribute() | xpathFlow.py:30:5:30:14 | ControlFlowNode for xpathQuery | +| xpathFlow.py:39:5:39:14 | ControlFlowNode for xpathQuery | xpathFlow.py:41:31:41:40 | ControlFlowNode for xpathQuery | | xpathFlow.py:39:18:39:24 | ControlFlowNode for request | xpathFlow.py:39:18:39:29 | ControlFlowNode for Attribute | | xpathFlow.py:39:18:39:29 | ControlFlowNode for Attribute | xpathFlow.py:39:18:39:44 | ControlFlowNode for Attribute() | -| xpathFlow.py:39:18:39:44 | ControlFlowNode for Attribute() | xpathFlow.py:39:5:39:14 | SSA variable xpathQuery | -| xpathFlow.py:47:5:47:14 | SSA variable xpathQuery | xpathFlow.py:49:29:49:38 | ControlFlowNode for xpathQuery | +| xpathFlow.py:39:18:39:44 | ControlFlowNode for Attribute() | xpathFlow.py:39:5:39:14 | ControlFlowNode for xpathQuery | +| xpathFlow.py:47:5:47:14 | ControlFlowNode for xpathQuery | xpathFlow.py:49:29:49:38 | ControlFlowNode for xpathQuery | | xpathFlow.py:47:18:47:24 | ControlFlowNode for request | xpathFlow.py:47:18:47:29 | ControlFlowNode for Attribute | | xpathFlow.py:47:18:47:29 | ControlFlowNode for Attribute | xpathFlow.py:47:18:47:44 | ControlFlowNode for Attribute() | -| xpathFlow.py:47:18:47:44 | ControlFlowNode for Attribute() | xpathFlow.py:47:5:47:14 | SSA variable xpathQuery | +| xpathFlow.py:47:18:47:44 | ControlFlowNode for Attribute() | xpathFlow.py:47:5:47:14 | ControlFlowNode for xpathQuery | nodes | xpathBad.py:9:7:9:13 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| xpathBad.py:10:5:10:9 | SSA variable value | semmle.label | SSA variable value | +| xpathBad.py:10:5:10:9 | ControlFlowNode for value | semmle.label | ControlFlowNode for value | | xpathBad.py:13:20:13:43 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| xpathFlow.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| xpathFlow.py:11:5:11:14 | SSA variable xpathQuery | semmle.label | SSA variable xpathQuery | +| xpathFlow.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| xpathFlow.py:11:5:11:14 | ControlFlowNode for xpathQuery | semmle.label | ControlFlowNode for xpathQuery | | xpathFlow.py:11:18:11:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xpathFlow.py:11:18:11:29 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xpathFlow.py:11:18:11:44 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | xpathFlow.py:14:20:14:29 | ControlFlowNode for xpathQuery | semmle.label | ControlFlowNode for xpathQuery | -| xpathFlow.py:20:5:20:14 | SSA variable xpathQuery | semmle.label | SSA variable xpathQuery | +| xpathFlow.py:20:5:20:14 | ControlFlowNode for xpathQuery | semmle.label | ControlFlowNode for xpathQuery | | xpathFlow.py:20:18:20:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xpathFlow.py:20:18:20:29 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xpathFlow.py:20:18:20:44 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | xpathFlow.py:23:29:23:38 | ControlFlowNode for xpathQuery | semmle.label | ControlFlowNode for xpathQuery | -| xpathFlow.py:30:5:30:14 | SSA variable xpathQuery | semmle.label | SSA variable xpathQuery | +| xpathFlow.py:30:5:30:14 | ControlFlowNode for xpathQuery | semmle.label | ControlFlowNode for xpathQuery | | xpathFlow.py:30:18:30:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xpathFlow.py:30:18:30:29 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xpathFlow.py:30:18:30:44 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | xpathFlow.py:32:29:32:38 | ControlFlowNode for xpathQuery | semmle.label | ControlFlowNode for xpathQuery | -| xpathFlow.py:39:5:39:14 | SSA variable xpathQuery | semmle.label | SSA variable xpathQuery | +| xpathFlow.py:39:5:39:14 | ControlFlowNode for xpathQuery | semmle.label | ControlFlowNode for xpathQuery | | xpathFlow.py:39:18:39:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xpathFlow.py:39:18:39:29 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xpathFlow.py:39:18:39:44 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | xpathFlow.py:41:31:41:40 | ControlFlowNode for xpathQuery | semmle.label | ControlFlowNode for xpathQuery | -| xpathFlow.py:47:5:47:14 | SSA variable xpathQuery | semmle.label | SSA variable xpathQuery | +| xpathFlow.py:47:5:47:14 | ControlFlowNode for xpathQuery | semmle.label | ControlFlowNode for xpathQuery | | xpathFlow.py:47:18:47:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | xpathFlow.py:47:18:47:29 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | xpathFlow.py:47:18:47:44 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected index 4fccccf4f00..d26a768c1a6 100644 --- a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected +++ b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected @@ -1,20 +1,20 @@ edges -| test.py:2:26:2:32 | ControlFlowNode for ImportMember | test.py:2:26:2:32 | GSSA Variable request | -| test.py:2:26:2:32 | GSSA Variable request | test.py:7:12:7:18 | ControlFlowNode for request | -| test.py:7:5:7:8 | SSA variable text | test.py:8:30:8:33 | ControlFlowNode for text | -| test.py:7:5:7:8 | SSA variable text | test.py:9:32:9:35 | ControlFlowNode for text | -| test.py:7:5:7:8 | SSA variable text | test.py:12:17:12:20 | ControlFlowNode for text | -| test.py:7:5:7:8 | SSA variable text | test.py:18:28:18:31 | ControlFlowNode for text | -| test.py:7:5:7:8 | SSA variable text | test.py:21:18:21:21 | ControlFlowNode for text | +| test.py:2:26:2:32 | ControlFlowNode for ImportMember | test.py:2:26:2:32 | ControlFlowNode for request | +| test.py:2:26:2:32 | ControlFlowNode for request | test.py:7:12:7:18 | ControlFlowNode for request | +| test.py:7:5:7:8 | ControlFlowNode for text | test.py:8:30:8:33 | ControlFlowNode for text | +| test.py:7:5:7:8 | ControlFlowNode for text | test.py:9:32:9:35 | ControlFlowNode for text | +| test.py:7:5:7:8 | ControlFlowNode for text | test.py:12:17:12:20 | ControlFlowNode for text | +| test.py:7:5:7:8 | ControlFlowNode for text | test.py:18:28:18:31 | ControlFlowNode for text | +| test.py:7:5:7:8 | ControlFlowNode for text | test.py:21:18:21:21 | ControlFlowNode for text | | test.py:7:12:7:18 | ControlFlowNode for request | test.py:7:12:7:23 | ControlFlowNode for Attribute | | test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:7:12:7:35 | ControlFlowNode for Attribute() | -| test.py:7:12:7:35 | ControlFlowNode for Attribute() | test.py:7:5:7:8 | SSA variable text | +| test.py:7:12:7:35 | ControlFlowNode for Attribute() | test.py:7:5:7:8 | ControlFlowNode for text | | test.py:14:33:14:39 | ControlFlowNode for my_text | test.py:16:24:16:30 | ControlFlowNode for my_text | | test.py:18:28:18:31 | ControlFlowNode for text | test.py:14:33:14:39 | ControlFlowNode for my_text | nodes | test.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| test.py:7:5:7:8 | SSA variable text | semmle.label | SSA variable text | +| test.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test.py:7:5:7:8 | ControlFlowNode for text | semmle.label | ControlFlowNode for text | | test.py:7:12:7:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:7:12:7:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute | | test.py:7:12:7:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected b/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected index 354a6ac0992..12913198622 100644 --- a/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected @@ -1,24 +1,24 @@ edges -| re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | re_bad.py:1:19:1:25 | GSSA Variable request | -| re_bad.py:1:19:1:25 | GSSA Variable request | re_bad.py:13:22:13:28 | ControlFlowNode for request | -| re_bad.py:1:19:1:25 | GSSA Variable request | re_bad.py:24:22:24:28 | ControlFlowNode for request | -| re_bad.py:1:19:1:25 | GSSA Variable request | re_bad.py:36:22:36:28 | ControlFlowNode for request | -| re_bad.py:13:5:13:18 | SSA variable unsafe_pattern | re_bad.py:14:15:14:28 | ControlFlowNode for unsafe_pattern | -| re_bad.py:13:22:13:28 | ControlFlowNode for request | re_bad.py:13:5:13:18 | SSA variable unsafe_pattern | -| re_bad.py:24:5:24:18 | SSA variable unsafe_pattern | re_bad.py:25:35:25:48 | ControlFlowNode for unsafe_pattern | -| re_bad.py:24:22:24:28 | ControlFlowNode for request | re_bad.py:24:5:24:18 | SSA variable unsafe_pattern | -| re_bad.py:36:5:36:18 | SSA variable unsafe_pattern | re_bad.py:37:16:37:29 | ControlFlowNode for unsafe_pattern | -| re_bad.py:36:22:36:28 | ControlFlowNode for request | re_bad.py:36:5:36:18 | SSA variable unsafe_pattern | +| re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | re_bad.py:1:19:1:25 | ControlFlowNode for request | +| re_bad.py:1:19:1:25 | ControlFlowNode for request | re_bad.py:13:22:13:28 | ControlFlowNode for request | +| re_bad.py:1:19:1:25 | ControlFlowNode for request | re_bad.py:24:22:24:28 | ControlFlowNode for request | +| re_bad.py:1:19:1:25 | ControlFlowNode for request | re_bad.py:36:22:36:28 | ControlFlowNode for request | +| re_bad.py:13:5:13:18 | ControlFlowNode for unsafe_pattern | re_bad.py:14:15:14:28 | ControlFlowNode for unsafe_pattern | +| re_bad.py:13:22:13:28 | ControlFlowNode for request | re_bad.py:13:5:13:18 | ControlFlowNode for unsafe_pattern | +| re_bad.py:24:5:24:18 | ControlFlowNode for unsafe_pattern | re_bad.py:25:35:25:48 | ControlFlowNode for unsafe_pattern | +| re_bad.py:24:22:24:28 | ControlFlowNode for request | re_bad.py:24:5:24:18 | ControlFlowNode for unsafe_pattern | +| re_bad.py:36:5:36:18 | ControlFlowNode for unsafe_pattern | re_bad.py:37:16:37:29 | ControlFlowNode for unsafe_pattern | +| re_bad.py:36:22:36:28 | ControlFlowNode for request | re_bad.py:36:5:36:18 | ControlFlowNode for unsafe_pattern | nodes | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| re_bad.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| re_bad.py:13:5:13:18 | SSA variable unsafe_pattern | semmle.label | SSA variable unsafe_pattern | +| re_bad.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| re_bad.py:13:5:13:18 | ControlFlowNode for unsafe_pattern | semmle.label | ControlFlowNode for unsafe_pattern | | re_bad.py:13:22:13:28 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | re_bad.py:14:15:14:28 | ControlFlowNode for unsafe_pattern | semmle.label | ControlFlowNode for unsafe_pattern | -| re_bad.py:24:5:24:18 | SSA variable unsafe_pattern | semmle.label | SSA variable unsafe_pattern | +| re_bad.py:24:5:24:18 | ControlFlowNode for unsafe_pattern | semmle.label | ControlFlowNode for unsafe_pattern | | re_bad.py:24:22:24:28 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | re_bad.py:25:35:25:48 | ControlFlowNode for unsafe_pattern | semmle.label | ControlFlowNode for unsafe_pattern | -| re_bad.py:36:5:36:18 | SSA variable unsafe_pattern | semmle.label | SSA variable unsafe_pattern | +| re_bad.py:36:5:36:18 | ControlFlowNode for unsafe_pattern | semmle.label | ControlFlowNode for unsafe_pattern | | re_bad.py:36:22:36:28 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | re_bad.py:37:16:37:29 | ControlFlowNode for unsafe_pattern | semmle.label | ControlFlowNode for unsafe_pattern | subpaths diff --git a/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected b/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected index 9ab143fbfb6..59a175e8ae6 100644 --- a/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected +++ b/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected @@ -1,12 +1,12 @@ edges -| test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:1:26:1:32 | GSSA Variable request | -| test.py:1:26:1:32 | GSSA Variable request | test.py:19:19:19:25 | ControlFlowNode for request | -| test.py:19:5:19:15 | SSA variable xml_content | test.py:30:34:30:44 | ControlFlowNode for xml_content | -| test.py:19:19:19:25 | ControlFlowNode for request | test.py:19:5:19:15 | SSA variable xml_content | +| test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:1:26:1:32 | ControlFlowNode for request | +| test.py:1:26:1:32 | ControlFlowNode for request | test.py:19:19:19:25 | ControlFlowNode for request | +| test.py:19:5:19:15 | ControlFlowNode for xml_content | test.py:30:34:30:44 | ControlFlowNode for xml_content | +| test.py:19:19:19:25 | ControlFlowNode for request | test.py:19:5:19:15 | ControlFlowNode for xml_content | nodes | test.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| test.py:19:5:19:15 | SSA variable xml_content | semmle.label | SSA variable xml_content | +| test.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test.py:19:5:19:15 | ControlFlowNode for xml_content | semmle.label | ControlFlowNode for xml_content | | test.py:19:19:19:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test.py:30:34:30:44 | ControlFlowNode for xml_content | semmle.label | ControlFlowNode for xml_content | subpaths diff --git a/python/ql/test/query-tests/Security/CWE-798-HardcodedCredentials/HardcodedCredentials.expected b/python/ql/test/query-tests/Security/CWE-798-HardcodedCredentials/HardcodedCredentials.expected index 61251a633e2..78ebc9bd049 100644 --- a/python/ql/test/query-tests/Security/CWE-798-HardcodedCredentials/HardcodedCredentials.expected +++ b/python/ql/test/query-tests/Security/CWE-798-HardcodedCredentials/HardcodedCredentials.expected @@ -1,12 +1,12 @@ edges -| test.py:5:1:5:8 | GSSA Variable USERNAME | test.py:14:18:14:25 | ControlFlowNode for USERNAME | -| test.py:5:12:5:24 | ControlFlowNode for Str | test.py:5:1:5:8 | GSSA Variable USERNAME | -| test.py:6:1:6:8 | GSSA Variable PASSWORD | test.py:15:18:15:25 | ControlFlowNode for PASSWORD | -| test.py:6:12:6:25 | ControlFlowNode for Str | test.py:6:1:6:8 | GSSA Variable PASSWORD | +| test.py:5:1:5:8 | ControlFlowNode for USERNAME | test.py:14:18:14:25 | ControlFlowNode for USERNAME | +| test.py:5:12:5:24 | ControlFlowNode for Str | test.py:5:1:5:8 | ControlFlowNode for USERNAME | +| test.py:6:1:6:8 | ControlFlowNode for PASSWORD | test.py:15:18:15:25 | ControlFlowNode for PASSWORD | +| test.py:6:12:6:25 | ControlFlowNode for Str | test.py:6:1:6:8 | ControlFlowNode for PASSWORD | nodes -| test.py:5:1:5:8 | GSSA Variable USERNAME | semmle.label | GSSA Variable USERNAME | +| test.py:5:1:5:8 | ControlFlowNode for USERNAME | semmle.label | ControlFlowNode for USERNAME | | test.py:5:12:5:24 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str | -| test.py:6:1:6:8 | GSSA Variable PASSWORD | semmle.label | GSSA Variable PASSWORD | +| test.py:6:1:6:8 | ControlFlowNode for PASSWORD | semmle.label | ControlFlowNode for PASSWORD | | test.py:6:12:6:25 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str | | test.py:14:18:14:25 | ControlFlowNode for USERNAME | semmle.label | ControlFlowNode for USERNAME | | test.py:15:18:15:25 | ControlFlowNode for PASSWORD | semmle.label | ControlFlowNode for PASSWORD | diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected index 3db6c82b96c..c6b1c77d40e 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected @@ -1,99 +1,99 @@ edges -| full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:1:19:1:25 | GSSA Variable request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:37:18:37:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:57:18:57:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:71:18:71:24 | ControlFlowNode for request | -| full_partial_test.py:7:5:7:14 | SSA variable user_input | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | -| full_partial_test.py:7:5:7:14 | SSA variable user_input | full_partial_test.py:12:5:12:7 | SSA variable url | -| full_partial_test.py:7:5:7:14 | SSA variable user_input | full_partial_test.py:18:5:18:7 | SSA variable url | -| full_partial_test.py:7:5:7:14 | SSA variable user_input | full_partial_test.py:22:5:22:7 | SSA variable url | -| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:7:5:7:14 | SSA variable user_input | -| full_partial_test.py:12:5:12:7 | SSA variable url | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | -| full_partial_test.py:18:5:18:7 | SSA variable url | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | -| full_partial_test.py:22:5:22:7 | SSA variable url | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | full_partial_test.py:41:5:41:7 | SSA variable url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | full_partial_test.py:44:5:44:7 | SSA variable url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | full_partial_test.py:47:5:47:7 | SSA variable url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | full_partial_test.py:50:5:50:7 | SSA variable url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | full_partial_test.py:53:5:53:7 | SSA variable url | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:37:5:37:14 | SSA variable user_input | -| full_partial_test.py:41:5:41:7 | SSA variable url | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | -| full_partial_test.py:44:5:44:7 | SSA variable url | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | -| full_partial_test.py:47:5:47:7 | SSA variable url | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | -| full_partial_test.py:50:5:50:7 | SSA variable url | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | -| full_partial_test.py:53:5:53:7 | SSA variable url | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | -| full_partial_test.py:57:5:57:14 | SSA variable user_input | full_partial_test.py:61:5:61:7 | SSA variable url | -| full_partial_test.py:57:5:57:14 | SSA variable user_input | full_partial_test.py:64:5:64:7 | SSA variable url | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:57:5:57:14 | SSA variable user_input | -| full_partial_test.py:61:5:61:7 | SSA variable url | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | -| full_partial_test.py:64:5:64:7 | SSA variable url | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | -| full_partial_test.py:71:5:71:14 | SSA variable user_input | full_partial_test.py:75:5:75:7 | SSA variable url | -| full_partial_test.py:71:5:71:14 | SSA variable user_input | full_partial_test.py:78:5:78:7 | SSA variable url | -| full_partial_test.py:71:5:71:14 | SSA variable user_input | full_partial_test.py:81:5:81:7 | SSA variable url | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:71:5:71:14 | SSA variable user_input | -| full_partial_test.py:75:5:75:7 | SSA variable url | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | -| full_partial_test.py:78:5:78:7 | SSA variable url | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | -| full_partial_test.py:81:5:81:7 | SSA variable url | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | -| test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:1:26:1:32 | GSSA Variable request | -| test_http_client.py:1:26:1:32 | GSSA Variable request | test_http_client.py:9:19:9:25 | ControlFlowNode for request | -| test_http_client.py:1:26:1:32 | GSSA Variable request | test_http_client.py:10:19:10:25 | ControlFlowNode for request | -| test_http_client.py:9:5:9:15 | SSA variable unsafe_host | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | -| test_http_client.py:9:5:9:15 | SSA variable unsafe_host | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | -| test_http_client.py:9:5:9:15 | SSA variable unsafe_host | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | -| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:9:5:9:15 | SSA variable unsafe_host | -| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | SSA variable unsafe_path | -| test_http_client.py:10:5:10:15 | SSA variable unsafe_path | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | -| test_http_client.py:10:5:10:15 | SSA variable unsafe_path | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | -| test_http_client.py:10:5:10:15 | SSA variable unsafe_path | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | -| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | SSA variable unsafe_path | -| test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:1:19:1:25 | GSSA Variable request | -| test_requests.py:1:19:1:25 | GSSA Variable request | test_requests.py:6:18:6:24 | ControlFlowNode for request | -| test_requests.py:6:5:6:14 | SSA variable user_input | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | -| test_requests.py:6:18:6:24 | ControlFlowNode for request | test_requests.py:6:5:6:14 | SSA variable user_input | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:37:18:37:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:57:18:57:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:71:18:71:24 | ControlFlowNode for request | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:12:5:12:7 | ControlFlowNode for url | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:18:5:18:7 | ControlFlowNode for url | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | +| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | +| full_partial_test.py:12:5:12:7 | ControlFlowNode for url | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | +| full_partial_test.py:18:5:18:7 | ControlFlowNode for url | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | +| full_partial_test.py:22:5:22:7 | ControlFlowNode for url | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:41:5:41:7 | ControlFlowNode for url | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:44:5:44:7 | ControlFlowNode for url | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:50:5:50:7 | ControlFlowNode for url | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | +| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | +| full_partial_test.py:41:5:41:7 | ControlFlowNode for url | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | +| full_partial_test.py:44:5:44:7 | ControlFlowNode for url | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | +| full_partial_test.py:47:5:47:7 | ControlFlowNode for url | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | +| full_partial_test.py:50:5:50:7 | ControlFlowNode for url | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | +| full_partial_test.py:53:5:53:7 | ControlFlowNode for url | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | +| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | +| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:64:5:64:7 | ControlFlowNode for url | +| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | +| full_partial_test.py:61:5:61:7 | ControlFlowNode for url | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | +| full_partial_test.py:64:5:64:7 | ControlFlowNode for url | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | +| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:75:5:75:7 | ControlFlowNode for url | +| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | +| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | +| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | +| full_partial_test.py:75:5:75:7 | ControlFlowNode for url | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | +| full_partial_test.py:78:5:78:7 | ControlFlowNode for url | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | +| full_partial_test.py:81:5:81:7 | ControlFlowNode for url | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | +| test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:1:26:1:32 | ControlFlowNode for request | +| test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:9:19:9:25 | ControlFlowNode for request | +| test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:10:19:10:25 | ControlFlowNode for request | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | +| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | +| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | +| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | +| test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:1:19:1:25 | ControlFlowNode for request | +| test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:6:18:6:24 | ControlFlowNode for request | +| test_requests.py:6:5:6:14 | ControlFlowNode for user_input | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | +| test_requests.py:6:18:6:24 | ControlFlowNode for request | test_requests.py:6:5:6:14 | ControlFlowNode for user_input | nodes | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| full_partial_test.py:7:5:7:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:12:5:12:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:12:5:12:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:18:5:18:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:18:5:18:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:22:5:22:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:22:5:22:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:37:18:37:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:41:5:41:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:41:5:41:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:44:5:44:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:44:5:44:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:47:5:47:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:47:5:47:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:50:5:50:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:50:5:50:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:53:5:53:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:53:5:53:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:57:5:57:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:57:18:57:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:61:5:61:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:61:5:61:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:64:5:64:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:64:5:64:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:71:5:71:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:71:18:71:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:75:5:75:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:75:5:75:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:78:5:78:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:78:5:78:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:81:5:81:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:81:5:81:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_http_client.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| test_http_client.py:9:5:9:15 | SSA variable unsafe_host | semmle.label | SSA variable unsafe_host | +| test_http_client.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | | test_http_client.py:9:19:9:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_http_client.py:10:5:10:15 | SSA variable unsafe_path | semmle.label | SSA variable unsafe_path | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | | test_http_client.py:10:19:10:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | @@ -102,8 +102,8 @@ nodes | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_requests.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| test_requests.py:6:5:6:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| test_requests.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_requests.py:6:5:6:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | test_requests.py:6:18:6:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | subpaths diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected index aa983e62e01..1960ec4b80d 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected @@ -1,185 +1,185 @@ edges -| full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:1:19:1:25 | GSSA Variable request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:8:17:8:23 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:37:18:37:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:38:17:38:23 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:57:18:57:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:58:17:58:23 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:71:18:71:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:72:17:72:23 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:86:18:86:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:92:18:92:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:98:18:98:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:104:18:104:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:110:18:110:24 | ControlFlowNode for request | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | full_partial_test.py:119:18:119:24 | ControlFlowNode for request | -| full_partial_test.py:7:5:7:14 | SSA variable user_input | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | -| full_partial_test.py:7:5:7:14 | SSA variable user_input | full_partial_test.py:12:5:12:7 | SSA variable url | -| full_partial_test.py:7:5:7:14 | SSA variable user_input | full_partial_test.py:18:5:18:7 | SSA variable url | -| full_partial_test.py:7:5:7:14 | SSA variable user_input | full_partial_test.py:22:5:22:7 | SSA variable url | -| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:7:5:7:14 | SSA variable user_input | -| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:8:5:8:13 | SSA variable query_val | -| full_partial_test.py:8:5:8:13 | SSA variable query_val | full_partial_test.py:22:5:22:7 | SSA variable url | -| full_partial_test.py:8:17:8:23 | ControlFlowNode for request | full_partial_test.py:8:5:8:13 | SSA variable query_val | -| full_partial_test.py:12:5:12:7 | SSA variable url | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | -| full_partial_test.py:18:5:18:7 | SSA variable url | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | -| full_partial_test.py:22:5:22:7 | SSA variable url | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | full_partial_test.py:41:5:41:7 | SSA variable url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | full_partial_test.py:44:5:44:7 | SSA variable url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | full_partial_test.py:47:5:47:7 | SSA variable url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | full_partial_test.py:50:5:50:7 | SSA variable url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | full_partial_test.py:53:5:53:7 | SSA variable url | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:37:5:37:14 | SSA variable user_input | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:38:5:38:13 | SSA variable query_val | -| full_partial_test.py:38:5:38:13 | SSA variable query_val | full_partial_test.py:47:5:47:7 | SSA variable url | -| full_partial_test.py:38:17:38:23 | ControlFlowNode for request | full_partial_test.py:38:5:38:13 | SSA variable query_val | -| full_partial_test.py:41:5:41:7 | SSA variable url | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | -| full_partial_test.py:44:5:44:7 | SSA variable url | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | -| full_partial_test.py:47:5:47:7 | SSA variable url | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | -| full_partial_test.py:50:5:50:7 | SSA variable url | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | -| full_partial_test.py:53:5:53:7 | SSA variable url | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | -| full_partial_test.py:57:5:57:14 | SSA variable user_input | full_partial_test.py:61:5:61:7 | SSA variable url | -| full_partial_test.py:57:5:57:14 | SSA variable user_input | full_partial_test.py:64:5:64:7 | SSA variable url | -| full_partial_test.py:57:5:57:14 | SSA variable user_input | full_partial_test.py:67:5:67:7 | SSA variable url | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:57:5:57:14 | SSA variable user_input | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:58:5:58:13 | SSA variable query_val | -| full_partial_test.py:58:5:58:13 | SSA variable query_val | full_partial_test.py:67:5:67:7 | SSA variable url | -| full_partial_test.py:58:17:58:23 | ControlFlowNode for request | full_partial_test.py:58:5:58:13 | SSA variable query_val | -| full_partial_test.py:61:5:61:7 | SSA variable url | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | -| full_partial_test.py:64:5:64:7 | SSA variable url | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | -| full_partial_test.py:67:5:67:7 | SSA variable url | full_partial_test.py:68:18:68:20 | ControlFlowNode for url | -| full_partial_test.py:71:5:71:14 | SSA variable user_input | full_partial_test.py:75:5:75:7 | SSA variable url | -| full_partial_test.py:71:5:71:14 | SSA variable user_input | full_partial_test.py:78:5:78:7 | SSA variable url | -| full_partial_test.py:71:5:71:14 | SSA variable user_input | full_partial_test.py:81:5:81:7 | SSA variable url | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:71:5:71:14 | SSA variable user_input | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:72:5:72:13 | SSA variable query_val | -| full_partial_test.py:72:5:72:13 | SSA variable query_val | full_partial_test.py:81:5:81:7 | SSA variable url | -| full_partial_test.py:72:17:72:23 | ControlFlowNode for request | full_partial_test.py:72:5:72:13 | SSA variable query_val | -| full_partial_test.py:75:5:75:7 | SSA variable url | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | -| full_partial_test.py:78:5:78:7 | SSA variable url | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | -| full_partial_test.py:81:5:81:7 | SSA variable url | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | -| full_partial_test.py:86:5:86:14 | SSA variable user_input | full_partial_test.py:88:5:88:7 | SSA variable url | -| full_partial_test.py:86:18:86:24 | ControlFlowNode for request | full_partial_test.py:86:5:86:14 | SSA variable user_input | -| full_partial_test.py:88:5:88:7 | SSA variable url | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | -| full_partial_test.py:92:5:92:14 | SSA variable user_input | full_partial_test.py:94:5:94:7 | SSA variable url | -| full_partial_test.py:92:18:92:24 | ControlFlowNode for request | full_partial_test.py:92:5:92:14 | SSA variable user_input | -| full_partial_test.py:94:5:94:7 | SSA variable url | full_partial_test.py:95:18:95:20 | ControlFlowNode for url | -| full_partial_test.py:98:5:98:14 | SSA variable user_input | full_partial_test.py:100:5:100:7 | SSA variable url | -| full_partial_test.py:98:18:98:24 | ControlFlowNode for request | full_partial_test.py:98:5:98:14 | SSA variable user_input | -| full_partial_test.py:100:5:100:7 | SSA variable url | full_partial_test.py:101:18:101:20 | ControlFlowNode for url | -| full_partial_test.py:104:5:104:14 | SSA variable user_input | full_partial_test.py:106:5:106:7 | SSA variable url | -| full_partial_test.py:104:18:104:24 | ControlFlowNode for request | full_partial_test.py:104:5:104:14 | SSA variable user_input | -| full_partial_test.py:106:5:106:7 | SSA variable url | full_partial_test.py:107:18:107:20 | ControlFlowNode for url | -| full_partial_test.py:110:5:110:14 | SSA variable user_input | full_partial_test.py:115:5:115:7 | SSA variable url | -| full_partial_test.py:110:18:110:24 | ControlFlowNode for request | full_partial_test.py:110:5:110:14 | SSA variable user_input | -| full_partial_test.py:115:5:115:7 | SSA variable url | full_partial_test.py:116:18:116:20 | ControlFlowNode for url | -| full_partial_test.py:119:5:119:14 | SSA variable user_input | full_partial_test.py:121:5:121:7 | SSA variable url | -| full_partial_test.py:119:18:119:24 | ControlFlowNode for request | full_partial_test.py:119:5:119:14 | SSA variable user_input | -| full_partial_test.py:121:5:121:7 | SSA variable url | full_partial_test.py:122:18:122:20 | ControlFlowNode for url | -| test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:1:26:1:32 | GSSA Variable request | -| test_http_client.py:1:26:1:32 | GSSA Variable request | test_http_client.py:9:19:9:25 | ControlFlowNode for request | -| test_http_client.py:1:26:1:32 | GSSA Variable request | test_http_client.py:10:19:10:25 | ControlFlowNode for request | -| test_http_client.py:1:26:1:32 | GSSA Variable request | test_http_client.py:11:18:11:24 | ControlFlowNode for request | -| test_http_client.py:9:5:9:15 | SSA variable unsafe_host | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | -| test_http_client.py:9:5:9:15 | SSA variable unsafe_host | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | -| test_http_client.py:9:5:9:15 | SSA variable unsafe_host | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | -| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:9:5:9:15 | SSA variable unsafe_host | -| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | SSA variable unsafe_path | -| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | SSA variable user_input | -| test_http_client.py:10:5:10:15 | SSA variable unsafe_path | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | -| test_http_client.py:10:5:10:15 | SSA variable unsafe_path | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | -| test_http_client.py:10:5:10:15 | SSA variable unsafe_path | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | -| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | SSA variable unsafe_path | -| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | SSA variable user_input | -| test_http_client.py:11:5:11:14 | SSA variable user_input | test_http_client.py:31:5:31:8 | SSA variable path | -| test_http_client.py:11:5:11:14 | SSA variable user_input | test_http_client.py:35:5:35:8 | SSA variable path | -| test_http_client.py:11:18:11:24 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | SSA variable user_input | -| test_http_client.py:31:5:31:8 | SSA variable path | test_http_client.py:33:25:33:28 | ControlFlowNode for path | -| test_http_client.py:35:5:35:8 | SSA variable path | test_http_client.py:37:25:37:28 | ControlFlowNode for path | -| test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:1:19:1:25 | GSSA Variable request | -| test_requests.py:1:19:1:25 | GSSA Variable request | test_requests.py:6:18:6:24 | ControlFlowNode for request | -| test_requests.py:6:5:6:14 | SSA variable user_input | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | -| test_requests.py:6:18:6:24 | ControlFlowNode for request | test_requests.py:6:5:6:14 | SSA variable user_input | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:8:17:8:23 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:37:18:37:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:38:17:38:23 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:57:18:57:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:58:17:58:23 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:71:18:71:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:72:17:72:23 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:86:18:86:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:92:18:92:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:98:18:98:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:104:18:104:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:110:18:110:24 | ControlFlowNode for request | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:119:18:119:24 | ControlFlowNode for request | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:12:5:12:7 | ControlFlowNode for url | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:18:5:18:7 | ControlFlowNode for url | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | +| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | +| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | +| full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | +| full_partial_test.py:8:17:8:23 | ControlFlowNode for request | full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | +| full_partial_test.py:12:5:12:7 | ControlFlowNode for url | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | +| full_partial_test.py:18:5:18:7 | ControlFlowNode for url | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | +| full_partial_test.py:22:5:22:7 | ControlFlowNode for url | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:41:5:41:7 | ControlFlowNode for url | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:44:5:44:7 | ControlFlowNode for url | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:50:5:50:7 | ControlFlowNode for url | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | +| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | +| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | +| full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | +| full_partial_test.py:38:17:38:23 | ControlFlowNode for request | full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | +| full_partial_test.py:41:5:41:7 | ControlFlowNode for url | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | +| full_partial_test.py:44:5:44:7 | ControlFlowNode for url | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | +| full_partial_test.py:47:5:47:7 | ControlFlowNode for url | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | +| full_partial_test.py:50:5:50:7 | ControlFlowNode for url | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | +| full_partial_test.py:53:5:53:7 | ControlFlowNode for url | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | +| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | +| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:64:5:64:7 | ControlFlowNode for url | +| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:67:5:67:7 | ControlFlowNode for url | +| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | +| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | +| full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | full_partial_test.py:67:5:67:7 | ControlFlowNode for url | +| full_partial_test.py:58:17:58:23 | ControlFlowNode for request | full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | +| full_partial_test.py:61:5:61:7 | ControlFlowNode for url | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | +| full_partial_test.py:64:5:64:7 | ControlFlowNode for url | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | +| full_partial_test.py:67:5:67:7 | ControlFlowNode for url | full_partial_test.py:68:18:68:20 | ControlFlowNode for url | +| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:75:5:75:7 | ControlFlowNode for url | +| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | +| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | +| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | +| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | +| full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | +| full_partial_test.py:72:17:72:23 | ControlFlowNode for request | full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | +| full_partial_test.py:75:5:75:7 | ControlFlowNode for url | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | +| full_partial_test.py:78:5:78:7 | ControlFlowNode for url | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | +| full_partial_test.py:81:5:81:7 | ControlFlowNode for url | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | +| full_partial_test.py:86:5:86:14 | ControlFlowNode for user_input | full_partial_test.py:88:5:88:7 | ControlFlowNode for url | +| full_partial_test.py:86:18:86:24 | ControlFlowNode for request | full_partial_test.py:86:5:86:14 | ControlFlowNode for user_input | +| full_partial_test.py:88:5:88:7 | ControlFlowNode for url | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | +| full_partial_test.py:92:5:92:14 | ControlFlowNode for user_input | full_partial_test.py:94:5:94:7 | ControlFlowNode for url | +| full_partial_test.py:92:18:92:24 | ControlFlowNode for request | full_partial_test.py:92:5:92:14 | ControlFlowNode for user_input | +| full_partial_test.py:94:5:94:7 | ControlFlowNode for url | full_partial_test.py:95:18:95:20 | ControlFlowNode for url | +| full_partial_test.py:98:5:98:14 | ControlFlowNode for user_input | full_partial_test.py:100:5:100:7 | ControlFlowNode for url | +| full_partial_test.py:98:18:98:24 | ControlFlowNode for request | full_partial_test.py:98:5:98:14 | ControlFlowNode for user_input | +| full_partial_test.py:100:5:100:7 | ControlFlowNode for url | full_partial_test.py:101:18:101:20 | ControlFlowNode for url | +| full_partial_test.py:104:5:104:14 | ControlFlowNode for user_input | full_partial_test.py:106:5:106:7 | ControlFlowNode for url | +| full_partial_test.py:104:18:104:24 | ControlFlowNode for request | full_partial_test.py:104:5:104:14 | ControlFlowNode for user_input | +| full_partial_test.py:106:5:106:7 | ControlFlowNode for url | full_partial_test.py:107:18:107:20 | ControlFlowNode for url | +| full_partial_test.py:110:5:110:14 | ControlFlowNode for user_input | full_partial_test.py:115:5:115:7 | ControlFlowNode for url | +| full_partial_test.py:110:18:110:24 | ControlFlowNode for request | full_partial_test.py:110:5:110:14 | ControlFlowNode for user_input | +| full_partial_test.py:115:5:115:7 | ControlFlowNode for url | full_partial_test.py:116:18:116:20 | ControlFlowNode for url | +| full_partial_test.py:119:5:119:14 | ControlFlowNode for user_input | full_partial_test.py:121:5:121:7 | ControlFlowNode for url | +| full_partial_test.py:119:18:119:24 | ControlFlowNode for request | full_partial_test.py:119:5:119:14 | ControlFlowNode for user_input | +| full_partial_test.py:121:5:121:7 | ControlFlowNode for url | full_partial_test.py:122:18:122:20 | ControlFlowNode for url | +| test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:1:26:1:32 | ControlFlowNode for request | +| test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:9:19:9:25 | ControlFlowNode for request | +| test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:10:19:10:25 | ControlFlowNode for request | +| test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:11:18:11:24 | ControlFlowNode for request | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | +| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | +| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | +| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | +| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | +| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | +| test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | test_http_client.py:31:5:31:8 | ControlFlowNode for path | +| test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | test_http_client.py:35:5:35:8 | ControlFlowNode for path | +| test_http_client.py:11:18:11:24 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | +| test_http_client.py:31:5:31:8 | ControlFlowNode for path | test_http_client.py:33:25:33:28 | ControlFlowNode for path | +| test_http_client.py:35:5:35:8 | ControlFlowNode for path | test_http_client.py:37:25:37:28 | ControlFlowNode for path | +| test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:1:19:1:25 | ControlFlowNode for request | +| test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:6:18:6:24 | ControlFlowNode for request | +| test_requests.py:6:5:6:14 | ControlFlowNode for user_input | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | +| test_requests.py:6:18:6:24 | ControlFlowNode for request | test_requests.py:6:5:6:14 | ControlFlowNode for user_input | nodes | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| full_partial_test.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| full_partial_test.py:7:5:7:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:8:5:8:13 | SSA variable query_val | semmle.label | SSA variable query_val | +| full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | | full_partial_test.py:8:17:8:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:12:5:12:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:12:5:12:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:18:5:18:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:18:5:18:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:22:5:22:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:22:5:22:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:37:5:37:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:37:18:37:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:38:5:38:13 | SSA variable query_val | semmle.label | SSA variable query_val | +| full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | | full_partial_test.py:38:17:38:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:41:5:41:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:41:5:41:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:44:5:44:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:44:5:44:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:47:5:47:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:47:5:47:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:50:5:50:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:50:5:50:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:53:5:53:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:53:5:53:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:57:5:57:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:57:18:57:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:58:5:58:13 | SSA variable query_val | semmle.label | SSA variable query_val | +| full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | | full_partial_test.py:58:17:58:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:61:5:61:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:61:5:61:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:64:5:64:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:64:5:64:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:67:5:67:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:67:5:67:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:68:18:68:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:71:5:71:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:71:18:71:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:72:5:72:13 | SSA variable query_val | semmle.label | SSA variable query_val | +| full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | | full_partial_test.py:72:17:72:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:75:5:75:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:75:5:75:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:78:5:78:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:78:5:78:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:81:5:81:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:81:5:81:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:86:5:86:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:86:5:86:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:86:18:86:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:88:5:88:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:88:5:88:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:92:5:92:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:92:5:92:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:92:18:92:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:94:5:94:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:94:5:94:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:95:18:95:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:98:5:98:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:98:5:98:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:98:18:98:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:100:5:100:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:100:5:100:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:101:18:101:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:104:5:104:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:104:5:104:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:104:18:104:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:106:5:106:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:106:5:106:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:107:18:107:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:110:5:110:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:110:5:110:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:110:18:110:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:115:5:115:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:115:5:115:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:116:18:116:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:119:5:119:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| full_partial_test.py:119:5:119:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:119:18:119:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:121:5:121:7 | SSA variable url | semmle.label | SSA variable url | +| full_partial_test.py:121:5:121:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:122:18:122:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_http_client.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| test_http_client.py:9:5:9:15 | SSA variable unsafe_host | semmle.label | SSA variable unsafe_host | +| test_http_client.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | | test_http_client.py:9:19:9:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_http_client.py:10:5:10:15 | SSA variable unsafe_path | semmle.label | SSA variable unsafe_path | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | | test_http_client.py:10:19:10:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_http_client.py:11:5:11:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | test_http_client.py:11:18:11:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | @@ -187,13 +187,13 @@ nodes | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | -| test_http_client.py:31:5:31:8 | SSA variable path | semmle.label | SSA variable path | +| test_http_client.py:31:5:31:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | test_http_client.py:33:25:33:28 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | -| test_http_client.py:35:5:35:8 | SSA variable path | semmle.label | SSA variable path | +| test_http_client.py:35:5:35:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | test_http_client.py:37:25:37:28 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_requests.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request | -| test_requests.py:6:5:6:14 | SSA variable user_input | semmle.label | SSA variable user_input | +| test_requests.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_requests.py:6:5:6:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | test_requests.py:6:18:6:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | subpaths diff --git a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected index c1b5889d02b..e10f3312dd2 100644 --- a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected @@ -1,238 +1,238 @@ edges -| PoC/server.py:1:26:1:32 | ControlFlowNode for ImportMember | PoC/server.py:1:26:1:32 | GSSA Variable request | -| PoC/server.py:1:26:1:32 | GSSA Variable request | PoC/server.py:26:21:26:27 | ControlFlowNode for request | -| PoC/server.py:1:26:1:32 | GSSA Variable request | PoC/server.py:43:14:43:20 | ControlFlowNode for request | -| PoC/server.py:1:26:1:32 | GSSA Variable request | PoC/server.py:52:14:52:20 | ControlFlowNode for request | -| PoC/server.py:1:26:1:32 | GSSA Variable request | PoC/server.py:77:14:77:20 | ControlFlowNode for request | -| PoC/server.py:1:26:1:32 | GSSA Variable request | PoC/server.py:98:14:98:20 | ControlFlowNode for request | -| PoC/server.py:26:5:26:17 | SSA variable author_string | PoC/server.py:27:25:27:37 | ControlFlowNode for author_string | -| PoC/server.py:26:21:26:27 | ControlFlowNode for request | PoC/server.py:26:5:26:17 | SSA variable author_string | -| PoC/server.py:27:5:27:10 | SSA variable author | PoC/server.py:30:27:30:44 | ControlFlowNode for Dict | -| PoC/server.py:27:5:27:10 | SSA variable author | PoC/server.py:31:34:31:51 | ControlFlowNode for Dict | -| PoC/server.py:27:14:27:38 | ControlFlowNode for Attribute() | PoC/server.py:27:5:27:10 | SSA variable author | +| PoC/server.py:1:26:1:32 | ControlFlowNode for ImportMember | PoC/server.py:1:26:1:32 | ControlFlowNode for request | +| PoC/server.py:1:26:1:32 | ControlFlowNode for request | PoC/server.py:26:21:26:27 | ControlFlowNode for request | +| PoC/server.py:1:26:1:32 | ControlFlowNode for request | PoC/server.py:43:14:43:20 | ControlFlowNode for request | +| PoC/server.py:1:26:1:32 | ControlFlowNode for request | PoC/server.py:52:14:52:20 | ControlFlowNode for request | +| PoC/server.py:1:26:1:32 | ControlFlowNode for request | PoC/server.py:77:14:77:20 | ControlFlowNode for request | +| PoC/server.py:1:26:1:32 | ControlFlowNode for request | PoC/server.py:98:14:98:20 | ControlFlowNode for request | +| PoC/server.py:26:5:26:17 | ControlFlowNode for author_string | PoC/server.py:27:25:27:37 | ControlFlowNode for author_string | +| PoC/server.py:26:21:26:27 | ControlFlowNode for request | PoC/server.py:26:5:26:17 | ControlFlowNode for author_string | +| PoC/server.py:27:5:27:10 | ControlFlowNode for author | PoC/server.py:30:27:30:44 | ControlFlowNode for Dict | +| PoC/server.py:27:5:27:10 | ControlFlowNode for author | PoC/server.py:31:34:31:51 | ControlFlowNode for Dict | +| PoC/server.py:27:14:27:38 | ControlFlowNode for Attribute() | PoC/server.py:27:5:27:10 | ControlFlowNode for author | | PoC/server.py:27:25:27:37 | ControlFlowNode for author_string | PoC/server.py:27:14:27:38 | ControlFlowNode for Attribute() | -| PoC/server.py:43:5:43:10 | SSA variable author | PoC/server.py:47:38:47:67 | ControlFlowNode for BinaryExpr | -| PoC/server.py:43:14:43:20 | ControlFlowNode for request | PoC/server.py:43:5:43:10 | SSA variable author | +| PoC/server.py:43:5:43:10 | ControlFlowNode for author | PoC/server.py:47:38:47:67 | ControlFlowNode for BinaryExpr | +| PoC/server.py:43:14:43:20 | ControlFlowNode for request | PoC/server.py:43:5:43:10 | ControlFlowNode for author | | PoC/server.py:47:38:47:67 | ControlFlowNode for BinaryExpr | PoC/server.py:47:27:47:68 | ControlFlowNode for Dict | -| PoC/server.py:52:5:52:10 | SSA variable author | PoC/server.py:54:17:54:70 | ControlFlowNode for BinaryExpr | -| PoC/server.py:52:14:52:20 | ControlFlowNode for request | PoC/server.py:52:5:52:10 | SSA variable author | -| PoC/server.py:53:5:53:10 | SSA variable search | PoC/server.py:61:27:61:58 | ControlFlowNode for Dict | -| PoC/server.py:53:14:57:5 | ControlFlowNode for Dict | PoC/server.py:53:5:53:10 | SSA variable search | +| PoC/server.py:52:5:52:10 | ControlFlowNode for author | PoC/server.py:54:17:54:70 | ControlFlowNode for BinaryExpr | +| PoC/server.py:52:14:52:20 | ControlFlowNode for request | PoC/server.py:52:5:52:10 | ControlFlowNode for author | +| PoC/server.py:53:5:53:10 | ControlFlowNode for search | PoC/server.py:61:27:61:58 | ControlFlowNode for Dict | +| PoC/server.py:53:14:57:5 | ControlFlowNode for Dict | PoC/server.py:53:5:53:10 | ControlFlowNode for search | | PoC/server.py:54:17:54:70 | ControlFlowNode for BinaryExpr | PoC/server.py:53:14:57:5 | ControlFlowNode for Dict | -| PoC/server.py:77:5:77:10 | SSA variable author | PoC/server.py:80:23:80:101 | ControlFlowNode for BinaryExpr | -| PoC/server.py:77:14:77:20 | ControlFlowNode for request | PoC/server.py:77:5:77:10 | SSA variable author | -| PoC/server.py:78:5:78:15 | SSA variable accumulator | PoC/server.py:84:5:84:9 | SSA variable group | -| PoC/server.py:78:19:83:5 | ControlFlowNode for Dict | PoC/server.py:78:5:78:15 | SSA variable accumulator | +| PoC/server.py:77:5:77:10 | ControlFlowNode for author | PoC/server.py:80:23:80:101 | ControlFlowNode for BinaryExpr | +| PoC/server.py:77:14:77:20 | ControlFlowNode for request | PoC/server.py:77:5:77:10 | ControlFlowNode for author | +| PoC/server.py:78:5:78:15 | ControlFlowNode for accumulator | PoC/server.py:84:5:84:9 | ControlFlowNode for group | +| PoC/server.py:78:19:83:5 | ControlFlowNode for Dict | PoC/server.py:78:5:78:15 | ControlFlowNode for accumulator | | PoC/server.py:80:23:80:101 | ControlFlowNode for BinaryExpr | PoC/server.py:78:19:83:5 | ControlFlowNode for Dict | -| PoC/server.py:84:5:84:9 | SSA variable group | PoC/server.py:91:29:91:47 | ControlFlowNode for Dict | -| PoC/server.py:84:5:84:9 | SSA variable group | PoC/server.py:92:38:92:56 | ControlFlowNode for Dict | -| PoC/server.py:98:5:98:10 | SSA variable author | PoC/server.py:99:5:99:10 | SSA variable mapper | -| PoC/server.py:98:14:98:20 | ControlFlowNode for request | PoC/server.py:98:5:98:10 | SSA variable author | -| PoC/server.py:99:5:99:10 | SSA variable mapper | PoC/server.py:102:9:102:14 | ControlFlowNode for mapper | -| flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:1:26:1:32 | GSSA Variable request | -| flask_mongoengine_bad.py:1:26:1:32 | GSSA Variable request | flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | -| flask_mongoengine_bad.py:1:26:1:32 | GSSA Variable request | flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | -| flask_mongoengine_bad.py:19:5:19:17 | SSA variable unsafe_search | flask_mongoengine_bad.py:20:30:20:42 | ControlFlowNode for unsafe_search | -| flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_bad.py:19:5:19:17 | SSA variable unsafe_search | -| flask_mongoengine_bad.py:20:5:20:15 | SSA variable json_search | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | -| flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:20:5:20:15 | SSA variable json_search | +| PoC/server.py:84:5:84:9 | ControlFlowNode for group | PoC/server.py:91:29:91:47 | ControlFlowNode for Dict | +| PoC/server.py:84:5:84:9 | ControlFlowNode for group | PoC/server.py:92:38:92:56 | ControlFlowNode for Dict | +| PoC/server.py:98:5:98:10 | ControlFlowNode for author | PoC/server.py:99:5:99:10 | ControlFlowNode for mapper | +| PoC/server.py:98:14:98:20 | ControlFlowNode for request | PoC/server.py:98:5:98:10 | ControlFlowNode for author | +| PoC/server.py:99:5:99:10 | ControlFlowNode for mapper | PoC/server.py:102:9:102:14 | ControlFlowNode for mapper | +| flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | +| flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | +| flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | +| flask_mongoengine_bad.py:19:5:19:17 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:20:30:20:42 | ControlFlowNode for unsafe_search | +| flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_bad.py:19:5:19:17 | ControlFlowNode for unsafe_search | +| flask_mongoengine_bad.py:20:5:20:15 | ControlFlowNode for json_search | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | +| flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:20:5:20:15 | ControlFlowNode for json_search | | flask_mongoengine_bad.py:20:30:20:42 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | -| flask_mongoengine_bad.py:26:5:26:17 | SSA variable unsafe_search | flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | -| flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | flask_mongoengine_bad.py:26:5:26:17 | SSA variable unsafe_search | -| flask_mongoengine_bad.py:27:5:27:15 | SSA variable json_search | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | -| flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:27:5:27:15 | SSA variable json_search | +| flask_mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | +| flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | flask_mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | +| flask_mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | +| flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | | flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | -| flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_pymongo_bad.py:1:26:1:32 | GSSA Variable request | -| flask_pymongo_bad.py:1:26:1:32 | GSSA Variable request | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | -| flask_pymongo_bad.py:11:5:11:17 | SSA variable unsafe_search | flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | -| flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | flask_pymongo_bad.py:11:5:11:17 | SSA variable unsafe_search | -| flask_pymongo_bad.py:12:5:12:15 | SSA variable json_search | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | -| flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | flask_pymongo_bad.py:12:5:12:15 | SSA variable json_search | +| flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for request | +| flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for request | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | +| flask_pymongo_bad.py:11:5:11:17 | ControlFlowNode for unsafe_search | flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | +| flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | flask_pymongo_bad.py:11:5:11:17 | ControlFlowNode for unsafe_search | +| flask_pymongo_bad.py:12:5:12:15 | ControlFlowNode for json_search | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | +| flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | flask_pymongo_bad.py:12:5:12:15 | ControlFlowNode for json_search | | flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | -| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:1:26:1:32 | GSSA Variable request | -| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | -| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | -| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | -| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | -| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | -| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | -| mongoengine_bad.py:18:5:18:17 | SSA variable unsafe_search | mongoengine_bad.py:19:30:19:42 | ControlFlowNode for unsafe_search | -| mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_bad.py:18:5:18:17 | SSA variable unsafe_search | -| mongoengine_bad.py:19:5:19:15 | SSA variable json_search | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | -| mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:19:5:19:15 | SSA variable json_search | +| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | +| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | +| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | +| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | +| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | +| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | +| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | +| mongoengine_bad.py:18:5:18:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:19:30:19:42 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_bad.py:18:5:18:17 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:19:5:19:15 | ControlFlowNode for json_search | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | +| mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:19:5:19:15 | ControlFlowNode for json_search | | mongoengine_bad.py:19:30:19:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | -| mongoengine_bad.py:26:5:26:17 | SSA variable unsafe_search | mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | -| mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | mongoengine_bad.py:26:5:26:17 | SSA variable unsafe_search | -| mongoengine_bad.py:27:5:27:15 | SSA variable json_search | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | -| mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:27:5:27:15 | SSA variable json_search | +| mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | +| mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | | mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | -| mongoengine_bad.py:34:5:34:17 | SSA variable unsafe_search | mongoengine_bad.py:35:30:35:42 | ControlFlowNode for unsafe_search | -| mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | mongoengine_bad.py:34:5:34:17 | SSA variable unsafe_search | -| mongoengine_bad.py:35:5:35:15 | SSA variable json_search | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | -| mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:35:5:35:15 | SSA variable json_search | +| mongoengine_bad.py:34:5:34:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:35:30:35:42 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | mongoengine_bad.py:34:5:34:17 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:35:5:35:15 | ControlFlowNode for json_search | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | +| mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:35:5:35:15 | ControlFlowNode for json_search | | mongoengine_bad.py:35:30:35:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | -| mongoengine_bad.py:42:5:42:17 | SSA variable unsafe_search | mongoengine_bad.py:43:30:43:42 | ControlFlowNode for unsafe_search | -| mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | mongoengine_bad.py:42:5:42:17 | SSA variable unsafe_search | -| mongoengine_bad.py:43:5:43:15 | SSA variable json_search | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | -| mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:43:5:43:15 | SSA variable json_search | +| mongoengine_bad.py:42:5:42:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:43:30:43:42 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | mongoengine_bad.py:42:5:42:17 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:43:5:43:15 | ControlFlowNode for json_search | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | +| mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:43:5:43:15 | ControlFlowNode for json_search | | mongoengine_bad.py:43:30:43:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | -| mongoengine_bad.py:50:5:50:17 | SSA variable unsafe_search | mongoengine_bad.py:51:30:51:42 | ControlFlowNode for unsafe_search | -| mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | mongoengine_bad.py:50:5:50:17 | SSA variable unsafe_search | -| mongoengine_bad.py:51:5:51:15 | SSA variable json_search | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | -| mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:51:5:51:15 | SSA variable json_search | +| mongoengine_bad.py:50:5:50:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:51:30:51:42 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | mongoengine_bad.py:50:5:50:17 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:51:5:51:15 | ControlFlowNode for json_search | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | +| mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:51:5:51:15 | ControlFlowNode for json_search | | mongoengine_bad.py:51:30:51:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | -| mongoengine_bad.py:57:5:57:17 | SSA variable unsafe_search | mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | -| mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | mongoengine_bad.py:57:5:57:17 | SSA variable unsafe_search | -| mongoengine_bad.py:58:5:58:15 | SSA variable json_search | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | -| mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:58:5:58:15 | SSA variable json_search | +| mongoengine_bad.py:57:5:57:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | mongoengine_bad.py:57:5:57:17 | ControlFlowNode for unsafe_search | +| mongoengine_bad.py:58:5:58:15 | ControlFlowNode for json_search | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | +| mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:58:5:58:15 | ControlFlowNode for json_search | | mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | -| pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:1:26:1:32 | GSSA Variable request | -| pymongo_test.py:1:26:1:32 | GSSA Variable request | pymongo_test.py:12:21:12:27 | ControlFlowNode for request | -| pymongo_test.py:1:26:1:32 | GSSA Variable request | pymongo_test.py:29:27:29:33 | ControlFlowNode for request | -| pymongo_test.py:1:26:1:32 | GSSA Variable request | pymongo_test.py:39:27:39:33 | ControlFlowNode for request | -| pymongo_test.py:1:26:1:32 | GSSA Variable request | pymongo_test.py:52:26:52:32 | ControlFlowNode for request | -| pymongo_test.py:12:5:12:17 | SSA variable unsafe_search | pymongo_test.py:13:30:13:42 | ControlFlowNode for unsafe_search | -| pymongo_test.py:12:21:12:27 | ControlFlowNode for request | pymongo_test.py:12:5:12:17 | SSA variable unsafe_search | -| pymongo_test.py:13:5:13:15 | SSA variable json_search | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | -| pymongo_test.py:13:19:13:43 | ControlFlowNode for Attribute() | pymongo_test.py:13:5:13:15 | SSA variable json_search | +| pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:1:26:1:32 | ControlFlowNode for request | +| pymongo_test.py:1:26:1:32 | ControlFlowNode for request | pymongo_test.py:12:21:12:27 | ControlFlowNode for request | +| pymongo_test.py:1:26:1:32 | ControlFlowNode for request | pymongo_test.py:29:27:29:33 | ControlFlowNode for request | +| pymongo_test.py:1:26:1:32 | ControlFlowNode for request | pymongo_test.py:39:27:39:33 | ControlFlowNode for request | +| pymongo_test.py:1:26:1:32 | ControlFlowNode for request | pymongo_test.py:52:26:52:32 | ControlFlowNode for request | +| pymongo_test.py:12:5:12:17 | ControlFlowNode for unsafe_search | pymongo_test.py:13:30:13:42 | ControlFlowNode for unsafe_search | +| pymongo_test.py:12:21:12:27 | ControlFlowNode for request | pymongo_test.py:12:5:12:17 | ControlFlowNode for unsafe_search | +| pymongo_test.py:13:5:13:15 | ControlFlowNode for json_search | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | +| pymongo_test.py:13:19:13:43 | ControlFlowNode for Attribute() | pymongo_test.py:13:5:13:15 | ControlFlowNode for json_search | | pymongo_test.py:13:30:13:42 | ControlFlowNode for unsafe_search | pymongo_test.py:13:19:13:43 | ControlFlowNode for Attribute() | -| pymongo_test.py:29:5:29:12 | SSA variable event_id | pymongo_test.py:33:45:33:72 | ControlFlowNode for Fstring | -| pymongo_test.py:29:16:29:51 | ControlFlowNode for Attribute() | pymongo_test.py:29:5:29:12 | SSA variable event_id | +| pymongo_test.py:29:5:29:12 | ControlFlowNode for event_id | pymongo_test.py:33:45:33:72 | ControlFlowNode for Fstring | +| pymongo_test.py:29:16:29:51 | ControlFlowNode for Attribute() | pymongo_test.py:29:5:29:12 | ControlFlowNode for event_id | | pymongo_test.py:29:27:29:33 | ControlFlowNode for request | pymongo_test.py:29:27:29:50 | ControlFlowNode for Subscript | | pymongo_test.py:29:27:29:50 | ControlFlowNode for Subscript | pymongo_test.py:29:16:29:51 | ControlFlowNode for Attribute() | | pymongo_test.py:33:45:33:72 | ControlFlowNode for Fstring | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | -| pymongo_test.py:39:5:39:12 | SSA variable event_id | pymongo_test.py:43:45:43:72 | ControlFlowNode for Fstring | -| pymongo_test.py:39:16:39:51 | ControlFlowNode for Attribute() | pymongo_test.py:39:5:39:12 | SSA variable event_id | +| pymongo_test.py:39:5:39:12 | ControlFlowNode for event_id | pymongo_test.py:43:45:43:72 | ControlFlowNode for Fstring | +| pymongo_test.py:39:16:39:51 | ControlFlowNode for Attribute() | pymongo_test.py:39:5:39:12 | ControlFlowNode for event_id | | pymongo_test.py:39:27:39:33 | ControlFlowNode for request | pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript | | pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript | pymongo_test.py:39:16:39:51 | ControlFlowNode for Attribute() | | pymongo_test.py:43:45:43:72 | ControlFlowNode for Fstring | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | -| pymongo_test.py:52:5:52:11 | SSA variable decoded | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | -| pymongo_test.py:52:15:52:50 | ControlFlowNode for Attribute() | pymongo_test.py:52:5:52:11 | SSA variable decoded | +| pymongo_test.py:52:5:52:11 | ControlFlowNode for decoded | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | +| pymongo_test.py:52:15:52:50 | ControlFlowNode for Attribute() | pymongo_test.py:52:5:52:11 | ControlFlowNode for decoded | | pymongo_test.py:52:26:52:32 | ControlFlowNode for request | pymongo_test.py:52:26:52:49 | ControlFlowNode for Subscript | | pymongo_test.py:52:26:52:49 | ControlFlowNode for Subscript | pymongo_test.py:52:15:52:50 | ControlFlowNode for Attribute() | -| pymongo_test.py:54:5:54:10 | SSA variable search | pymongo_test.py:59:25:59:56 | ControlFlowNode for Dict | -| pymongo_test.py:54:14:58:5 | ControlFlowNode for Dict | pymongo_test.py:54:5:54:10 | SSA variable search | +| pymongo_test.py:54:5:54:10 | ControlFlowNode for search | pymongo_test.py:59:25:59:56 | ControlFlowNode for Dict | +| pymongo_test.py:54:14:58:5 | ControlFlowNode for Dict | pymongo_test.py:54:5:54:10 | ControlFlowNode for search | | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | pymongo_test.py:54:14:58:5 | ControlFlowNode for Dict | | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | pymongo_test.py:61:25:61:57 | ControlFlowNode for Dict | | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | pymongo_test.py:62:25:62:42 | ControlFlowNode for Dict | | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | pymongo_test.py:63:25:63:31 | ControlFlowNode for decoded | nodes | PoC/server.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| PoC/server.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| PoC/server.py:26:5:26:17 | SSA variable author_string | semmle.label | SSA variable author_string | +| PoC/server.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| PoC/server.py:26:5:26:17 | ControlFlowNode for author_string | semmle.label | ControlFlowNode for author_string | | PoC/server.py:26:21:26:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| PoC/server.py:27:5:27:10 | SSA variable author | semmle.label | SSA variable author | +| PoC/server.py:27:5:27:10 | ControlFlowNode for author | semmle.label | ControlFlowNode for author | | PoC/server.py:27:14:27:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | PoC/server.py:27:25:27:37 | ControlFlowNode for author_string | semmle.label | ControlFlowNode for author_string | | PoC/server.py:30:27:30:44 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | PoC/server.py:31:34:31:51 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | -| PoC/server.py:43:5:43:10 | SSA variable author | semmle.label | SSA variable author | +| PoC/server.py:43:5:43:10 | ControlFlowNode for author | semmle.label | ControlFlowNode for author | | PoC/server.py:43:14:43:20 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | PoC/server.py:47:27:47:68 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | PoC/server.py:47:38:47:67 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| PoC/server.py:52:5:52:10 | SSA variable author | semmle.label | SSA variable author | +| PoC/server.py:52:5:52:10 | ControlFlowNode for author | semmle.label | ControlFlowNode for author | | PoC/server.py:52:14:52:20 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| PoC/server.py:53:5:53:10 | SSA variable search | semmle.label | SSA variable search | +| PoC/server.py:53:5:53:10 | ControlFlowNode for search | semmle.label | ControlFlowNode for search | | PoC/server.py:53:14:57:5 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | PoC/server.py:54:17:54:70 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | | PoC/server.py:61:27:61:58 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | -| PoC/server.py:77:5:77:10 | SSA variable author | semmle.label | SSA variable author | +| PoC/server.py:77:5:77:10 | ControlFlowNode for author | semmle.label | ControlFlowNode for author | | PoC/server.py:77:14:77:20 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| PoC/server.py:78:5:78:15 | SSA variable accumulator | semmle.label | SSA variable accumulator | +| PoC/server.py:78:5:78:15 | ControlFlowNode for accumulator | semmle.label | ControlFlowNode for accumulator | | PoC/server.py:78:19:83:5 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | PoC/server.py:80:23:80:101 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | -| PoC/server.py:84:5:84:9 | SSA variable group | semmle.label | SSA variable group | +| PoC/server.py:84:5:84:9 | ControlFlowNode for group | semmle.label | ControlFlowNode for group | | PoC/server.py:91:29:91:47 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | PoC/server.py:92:38:92:56 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | -| PoC/server.py:98:5:98:10 | SSA variable author | semmle.label | SSA variable author | +| PoC/server.py:98:5:98:10 | ControlFlowNode for author | semmle.label | ControlFlowNode for author | | PoC/server.py:98:14:98:20 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| PoC/server.py:99:5:99:10 | SSA variable mapper | semmle.label | SSA variable mapper | +| PoC/server.py:99:5:99:10 | ControlFlowNode for mapper | semmle.label | ControlFlowNode for mapper | | PoC/server.py:102:9:102:14 | ControlFlowNode for mapper | semmle.label | ControlFlowNode for mapper | | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| flask_mongoengine_bad.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| flask_mongoengine_bad.py:19:5:19:17 | SSA variable unsafe_search | semmle.label | SSA variable unsafe_search | +| flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| flask_mongoengine_bad.py:19:5:19:17 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| flask_mongoengine_bad.py:20:5:20:15 | SSA variable json_search | semmle.label | SSA variable json_search | +| flask_mongoengine_bad.py:20:5:20:15 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | | flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | flask_mongoengine_bad.py:20:30:20:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | -| flask_mongoengine_bad.py:26:5:26:17 | SSA variable unsafe_search | semmle.label | SSA variable unsafe_search | +| flask_mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| flask_mongoengine_bad.py:27:5:27:15 | SSA variable json_search | semmle.label | SSA variable json_search | +| flask_mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | | flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| flask_pymongo_bad.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| flask_pymongo_bad.py:11:5:11:17 | SSA variable unsafe_search | semmle.label | SSA variable unsafe_search | +| flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| flask_pymongo_bad.py:11:5:11:17 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| flask_pymongo_bad.py:12:5:12:15 | SSA variable json_search | semmle.label | SSA variable json_search | +| flask_pymongo_bad.py:12:5:12:15 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | | flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| mongoengine_bad.py:18:5:18:17 | SSA variable unsafe_search | semmle.label | SSA variable unsafe_search | +| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| mongoengine_bad.py:18:5:18:17 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| mongoengine_bad.py:19:5:19:15 | SSA variable json_search | semmle.label | SSA variable json_search | +| mongoengine_bad.py:19:5:19:15 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | | mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | mongoengine_bad.py:19:30:19:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | -| mongoengine_bad.py:26:5:26:17 | SSA variable unsafe_search | semmle.label | SSA variable unsafe_search | +| mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| mongoengine_bad.py:27:5:27:15 | SSA variable json_search | semmle.label | SSA variable json_search | +| mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | | mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | -| mongoengine_bad.py:34:5:34:17 | SSA variable unsafe_search | semmle.label | SSA variable unsafe_search | +| mongoengine_bad.py:34:5:34:17 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| mongoengine_bad.py:35:5:35:15 | SSA variable json_search | semmle.label | SSA variable json_search | +| mongoengine_bad.py:35:5:35:15 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | | mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | mongoengine_bad.py:35:30:35:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | -| mongoengine_bad.py:42:5:42:17 | SSA variable unsafe_search | semmle.label | SSA variable unsafe_search | +| mongoengine_bad.py:42:5:42:17 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| mongoengine_bad.py:43:5:43:15 | SSA variable json_search | semmle.label | SSA variable json_search | +| mongoengine_bad.py:43:5:43:15 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | | mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | mongoengine_bad.py:43:30:43:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | -| mongoengine_bad.py:50:5:50:17 | SSA variable unsafe_search | semmle.label | SSA variable unsafe_search | +| mongoengine_bad.py:50:5:50:17 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| mongoengine_bad.py:51:5:51:15 | SSA variable json_search | semmle.label | SSA variable json_search | +| mongoengine_bad.py:51:5:51:15 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | | mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | mongoengine_bad.py:51:30:51:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | -| mongoengine_bad.py:57:5:57:17 | SSA variable unsafe_search | semmle.label | SSA variable unsafe_search | +| mongoengine_bad.py:57:5:57:17 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| mongoengine_bad.py:58:5:58:15 | SSA variable json_search | semmle.label | SSA variable json_search | +| mongoengine_bad.py:58:5:58:15 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | | mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| pymongo_test.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request | -| pymongo_test.py:12:5:12:17 | SSA variable unsafe_search | semmle.label | SSA variable unsafe_search | +| pymongo_test.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| pymongo_test.py:12:5:12:17 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | pymongo_test.py:12:21:12:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| pymongo_test.py:13:5:13:15 | SSA variable json_search | semmle.label | SSA variable json_search | +| pymongo_test.py:13:5:13:15 | ControlFlowNode for json_search | semmle.label | ControlFlowNode for json_search | | pymongo_test.py:13:19:13:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | pymongo_test.py:13:30:13:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search | | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | -| pymongo_test.py:29:5:29:12 | SSA variable event_id | semmle.label | SSA variable event_id | +| pymongo_test.py:29:5:29:12 | ControlFlowNode for event_id | semmle.label | ControlFlowNode for event_id | | pymongo_test.py:29:16:29:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | pymongo_test.py:29:27:29:33 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | pymongo_test.py:29:27:29:50 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | pymongo_test.py:33:45:33:72 | ControlFlowNode for Fstring | semmle.label | ControlFlowNode for Fstring | -| pymongo_test.py:39:5:39:12 | SSA variable event_id | semmle.label | SSA variable event_id | +| pymongo_test.py:39:5:39:12 | ControlFlowNode for event_id | semmle.label | ControlFlowNode for event_id | | pymongo_test.py:39:16:39:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | pymongo_test.py:39:27:39:33 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | pymongo_test.py:43:45:43:72 | ControlFlowNode for Fstring | semmle.label | ControlFlowNode for Fstring | -| pymongo_test.py:52:5:52:11 | SSA variable decoded | semmle.label | SSA variable decoded | +| pymongo_test.py:52:5:52:11 | ControlFlowNode for decoded | semmle.label | ControlFlowNode for decoded | | pymongo_test.py:52:15:52:50 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | pymongo_test.py:52:26:52:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | pymongo_test.py:52:26:52:49 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript | -| pymongo_test.py:54:5:54:10 | SSA variable search | semmle.label | SSA variable search | +| pymongo_test.py:54:5:54:10 | ControlFlowNode for search | semmle.label | ControlFlowNode for search | | pymongo_test.py:54:14:58:5 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | semmle.label | ControlFlowNode for decoded | | pymongo_test.py:59:25:59:56 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict | From 421d4f3497dcefaf77ad11dcf8d3ab191069cf48 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Mon, 20 Nov 2023 16:56:19 +0100 Subject: [PATCH 2/6] Python: filter more sinks in stdlib Rename variable to reflect larger scope We had test results inside `os.py`, I suppose we have found a little extra flow. --- .../security/dataflow/PathInjectionCustomizations.qll | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll index 929419745d6..cda71df2f90 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll @@ -71,11 +71,11 @@ module PathInjection { // ``` // // The same approach is used in the command injection query. - not exists(Module pathlib | - pathlib.getName() = "pathlib" and - this.getScope().getEnclosingModule() = pathlib and - // do allow this call if we're analyzing pathlib.py as part of CPython though - not exists(pathlib.getFile().getRelativePath()) + not exists(Module inStdlib | + inStdlib.getName() in ["pathlib", "os"] and + this.getScope().getEnclosingModule() = inStdlib and + // do allow this call if we're analyzing, say, pathlib.py as part of CPython though + not exists(inStdlib.getFile().getRelativePath()) ) } } From c8b87f71c5a98d752a07297108af513e4eb4e135 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Mon, 20 Nov 2023 21:44:16 +0100 Subject: [PATCH 3/6] Python: add change note --- .../2023-11-20-remove-essa-nodes-from-dataflow-graph.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md diff --git a/python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md b/python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md new file mode 100644 index 00000000000..e35eca34679 --- /dev/null +++ b/python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md @@ -0,0 +1,5 @@ +--- +category: fix +--- + +- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected. From 47850480764038582480afbb00b30116d486a3e2 Mon Sep 17 00:00:00 2001 From: yoff Date: Wed, 22 Nov 2023 09:29:07 +0100 Subject: [PATCH 4/6] Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen --- .../test/experimental/dataflow/coverage/argumentRoutingTest.ql | 2 -- 1 file changed, 2 deletions(-) diff --git a/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql b/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql index 3e79c8581ce..8024558e493 100644 --- a/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql +++ b/python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql @@ -67,12 +67,10 @@ class Argument1ExtraRoutingConfig extends DataFlow::Configuration { override predicate isSource(DataFlow::Node node) { exists(AssignmentDefinition def, DataFlow::CallCfgNode call | - // def.getVariable() = node.(DataFlow::EssaNode).getVar() and def.getDefiningNode() = node.(DataFlow::CfgNode).getNode() and def.getValue() = call.getNode() and call.getFunction().asCfgNode().(NameNode).getId().matches("With\\_%") ) and - // node.(DataFlow::EssaNode).getVar().getName().matches("with\\_%") node.(DataFlow::CfgNode).getNode().(NameNode).getId().matches("with\\_%") } From f5c176bd12f37f29ebf6e92cf25e96d495f3ecff Mon Sep 17 00:00:00 2001 From: yoff Date: Mon, 4 Dec 2023 17:41:00 +0100 Subject: [PATCH 5/6] Apply suggestions from code review Co-authored-by: Taus --- .../experimental/dataflow/strange-essaflow/testFlow.ql | 10 ---------- .../test/experimental/dataflow/typetracking/tracked.ql | 1 - 2 files changed, 11 deletions(-) diff --git a/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql b/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql index 74cf109114a..0e279ebba8a 100644 --- a/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql +++ b/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql @@ -4,16 +4,6 @@ private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPr /** Gets the EssaNode that holds the module imported by the fully qualified module name `name` */ DataFlow::CfgNode module_import(string name) { - // exists(Variable var, Import imp, Alias alias | - // alias = imp.getAName() and - // alias.getAsname() = var.getAStore() and - // ( - // name = alias.getValue().(ImportMember).getImportedModuleName() - // or - // name = alias.getValue().(ImportExpr).getImportedModuleName() - // ) and - // result.getVar().(AssignmentDefinition).getSourceVariable() = var - // ) exists(Variable var, AssignmentDefinition def, Import imp, Alias alias | var = def.getSourceVariable() and result.getNode() = def.getDefiningNode() and diff --git a/python/ql/test/experimental/dataflow/typetracking/tracked.ql b/python/ql/test/experimental/dataflow/typetracking/tracked.ql index e9bbb6d43b6..d6adbf5d7ab 100644 --- a/python/ql/test/experimental/dataflow/typetracking/tracked.ql +++ b/python/ql/test/experimental/dataflow/typetracking/tracked.ql @@ -26,7 +26,6 @@ module TrackedTest implements TestSig { not e.getLocation().getStartLine() = 0 and // We do not wish to annotate scope entry definitions, // as they do not appear in the source code. - // not e.asVar() instanceof ScopeEntryDefinition and not e.asCfgNode() = any(ScopeEntryDefinition def).getDefiningNode() and tag = "tracked" and location = e.getLocation() and From 9e1c818db6af9bd0f0dc95b112e58dd0fbaf4150 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Mon, 4 Dec 2023 17:49:26 +0100 Subject: [PATCH 6/6] Python: address review comments --- .../ql/test/experimental/dataflow/strange-essaflow/testFlow.ql | 2 +- .../internal-ql-helpers/PoorMansFunctionResolutionTest.ql | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql b/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql index 0e279ebba8a..056e6ae815a 100644 --- a/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql +++ b/python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql @@ -2,7 +2,7 @@ import python import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate -/** Gets the EssaNode that holds the module imported by the fully qualified module name `name` */ +/** Gets the `CfgNode` that holds the module imported by the fully qualified module name `name`. */ DataFlow::CfgNode module_import(string name) { exists(Variable var, AssignmentDefinition def, Import imp, Alias alias | var = def.getSourceVariable() and diff --git a/python/ql/test/library-tests/frameworks/internal-ql-helpers/PoorMansFunctionResolutionTest.ql b/python/ql/test/library-tests/frameworks/internal-ql-helpers/PoorMansFunctionResolutionTest.ql index 143f0dddc31..499743869b0 100644 --- a/python/ql/test/library-tests/frameworks/internal-ql-helpers/PoorMansFunctionResolutionTest.ql +++ b/python/ql/test/library-tests/frameworks/internal-ql-helpers/PoorMansFunctionResolutionTest.ql @@ -15,8 +15,6 @@ module InlinePoorMansFunctionResolutionTest implements TestSig { not exists(FunctionDef def | def.getDefinedFunction() = func | ref.asExpr() = def.getATarget() ) and - // exclude things like `GSSA variable func` - exists(ref.asExpr()) and // exclude decorator calls (which with our extractor rewrites does reference the // function) not ref.asExpr() = func.getDefinition().(FunctionExpr).getADecoratorCall()