Merge pull request #12355 from geoffw0/splittest

Swift: Split the taint flow test.

swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected

@@ -0,0 +1,110 @@
+| simple.swift:12:13:12:13 | 1 | simple.swift:12:13:12:24 | ... .+(_:_:) ... |
+| simple.swift:12:17:12:24 | call to source() | simple.swift:12:13:12:24 | ... .+(_:_:) ... |
+| simple.swift:13:13:13:20 | call to source() | simple.swift:13:13:13:24 | ... .+(_:_:) ... |
+| simple.swift:13:24:13:24 | 1 | simple.swift:13:13:13:24 | ... .+(_:_:) ... |
+| simple.swift:14:13:14:13 | 1 | simple.swift:14:13:14:24 | ... .-(_:_:) ... |
+| simple.swift:14:17:14:24 | call to source() | simple.swift:14:13:14:24 | ... .-(_:_:) ... |
+| simple.swift:15:13:15:20 | call to source() | simple.swift:15:13:15:24 | ... .-(_:_:) ... |
+| simple.swift:15:24:15:24 | 1 | simple.swift:15:13:15:24 | ... .-(_:_:) ... |
+| simple.swift:16:13:16:13 | 2 | simple.swift:16:13:16:24 | ... .*(_:_:) ... |
+| simple.swift:16:17:16:24 | call to source() | simple.swift:16:13:16:24 | ... .*(_:_:) ... |
+| simple.swift:17:13:17:20 | call to source() | simple.swift:17:13:17:24 | ... .*(_:_:) ... |
+| simple.swift:17:24:17:24 | 2 | simple.swift:17:13:17:24 | ... .*(_:_:) ... |
+| simple.swift:18:13:18:13 | 100 | simple.swift:18:13:18:26 | ... ./(_:_:) ... |
+| simple.swift:18:19:18:26 | call to source() | simple.swift:18:13:18:26 | ... ./(_:_:) ... |
+| simple.swift:19:13:19:20 | call to source() | simple.swift:19:13:19:24 | ... ./(_:_:) ... |
+| simple.swift:19:24:19:24 | 100 | simple.swift:19:13:19:24 | ... ./(_:_:) ... |
+| simple.swift:20:13:20:13 | 100 | simple.swift:20:13:20:26 | ... .%(_:_:) ... |
+| simple.swift:20:19:20:26 | call to source() | simple.swift:20:13:20:26 | ... .%(_:_:) ... |
+| simple.swift:21:13:21:20 | call to source() | simple.swift:21:13:21:24 | ... .%(_:_:) ... |
+| simple.swift:21:24:21:24 | 100 | simple.swift:21:13:21:24 | ... .%(_:_:) ... |
+| simple.swift:23:14:23:21 | call to source() | simple.swift:23:13:23:21 | call to -(_:) |
+| simple.swift:36:7:36:7 | SSA def(a) | simple.swift:37:13:37:13 | a |
+| simple.swift:36:11:36:11 | 0 | simple.swift:36:7:36:7 | SSA def(a) |
+| simple.swift:37:13:37:13 | [post] a | simple.swift:38:3:38:3 | a |
+| simple.swift:37:13:37:13 | a | simple.swift:38:3:38:3 | a |
+| simple.swift:38:3:38:3 | &... | simple.swift:39:13:39:13 | a |
+| simple.swift:38:3:38:3 | [post] &... | simple.swift:39:13:39:13 | a |
+| simple.swift:38:3:38:3 | a | simple.swift:38:3:38:3 | &... |
+| simple.swift:38:8:38:8 | 1 | simple.swift:38:3:38:3 | &... |
+| simple.swift:39:13:39:13 | [post] a | simple.swift:40:3:40:3 | a |
+| simple.swift:39:13:39:13 | a | simple.swift:40:3:40:3 | a |
+| simple.swift:40:3:40:3 | &... | simple.swift:41:13:41:13 | a |
+| simple.swift:40:3:40:3 | [post] &... | simple.swift:41:13:41:13 | a |
+| simple.swift:40:3:40:3 | a | simple.swift:40:3:40:3 | &... |
+| simple.swift:40:8:40:15 | call to source() | simple.swift:40:3:40:3 | &... |
+| simple.swift:41:13:41:13 | [post] a | simple.swift:42:3:42:3 | a |
+| simple.swift:41:13:41:13 | a | simple.swift:42:3:42:3 | a |
+| simple.swift:42:3:42:3 | &... | simple.swift:43:13:43:13 | a |
+| simple.swift:42:3:42:3 | [post] &... | simple.swift:43:13:43:13 | a |
+| simple.swift:42:3:42:3 | a | simple.swift:42:3:42:3 | &... |
+| simple.swift:42:8:42:8 | 1 | simple.swift:42:3:42:3 | &... |
+| simple.swift:44:3:44:7 | SSA def(a) | simple.swift:45:13:45:13 | a |
+| simple.swift:44:7:44:7 | 0 | simple.swift:44:3:44:7 | SSA def(a) |
+| simple.swift:47:7:47:7 | SSA def(b) | simple.swift:48:3:48:3 | b |
+| simple.swift:47:11:47:11 | 128 | simple.swift:47:7:47:7 | SSA def(b) |
+| simple.swift:48:3:48:3 | &... | simple.swift:49:13:49:13 | b |
+| simple.swift:48:3:48:3 | [post] &... | simple.swift:49:13:49:13 | b |
+| simple.swift:48:3:48:3 | b | simple.swift:48:3:48:3 | &... |
+| simple.swift:48:8:48:15 | call to source() | simple.swift:48:3:48:3 | &... |
+| simple.swift:49:13:49:13 | [post] b | simple.swift:50:3:50:3 | b |
+| simple.swift:49:13:49:13 | b | simple.swift:50:3:50:3 | b |
+| simple.swift:50:3:50:3 | &... | simple.swift:51:13:51:13 | b |
+| simple.swift:50:3:50:3 | [post] &... | simple.swift:51:13:51:13 | b |
+| simple.swift:50:3:50:3 | b | simple.swift:50:3:50:3 | &... |
+| simple.swift:50:8:50:8 | 1 | simple.swift:50:3:50:3 | &... |
+| simple.swift:53:7:53:7 | SSA def(c) | simple.swift:54:3:54:3 | c |
+| simple.swift:53:11:53:11 | 10 | simple.swift:53:7:53:7 | SSA def(c) |
+| simple.swift:54:3:54:3 | &... | simple.swift:55:13:55:13 | c |
+| simple.swift:54:3:54:3 | [post] &... | simple.swift:55:13:55:13 | c |
+| simple.swift:54:3:54:3 | c | simple.swift:54:3:54:3 | &... |
+| simple.swift:54:8:54:15 | call to source() | simple.swift:54:3:54:3 | &... |
+| simple.swift:55:13:55:13 | [post] c | simple.swift:56:3:56:3 | c |
+| simple.swift:55:13:55:13 | c | simple.swift:56:3:56:3 | c |
+| simple.swift:56:3:56:3 | &... | simple.swift:57:13:57:13 | c |
+| simple.swift:56:3:56:3 | [post] &... | simple.swift:57:13:57:13 | c |
+| simple.swift:56:3:56:3 | c | simple.swift:56:3:56:3 | &... |
+| simple.swift:56:8:56:8 | 2 | simple.swift:56:3:56:3 | &... |
+| simple.swift:59:7:59:7 | SSA def(d) | simple.swift:60:3:60:3 | d |
+| simple.swift:59:11:59:11 | 100 | simple.swift:59:7:59:7 | SSA def(d) |
+| simple.swift:60:3:60:3 | &... | simple.swift:61:13:61:13 | d |
+| simple.swift:60:3:60:3 | [post] &... | simple.swift:61:13:61:13 | d |
+| simple.swift:60:3:60:3 | d | simple.swift:60:3:60:3 | &... |
+| simple.swift:60:8:60:15 | call to source() | simple.swift:60:3:60:3 | &... |
+| simple.swift:61:13:61:13 | [post] d | simple.swift:62:3:62:3 | d |
+| simple.swift:61:13:61:13 | d | simple.swift:62:3:62:3 | d |
+| simple.swift:62:3:62:3 | &... | simple.swift:63:13:63:13 | d |
+| simple.swift:62:3:62:3 | [post] &... | simple.swift:63:13:63:13 | d |
+| simple.swift:62:3:62:3 | d | simple.swift:62:3:62:3 | &... |
+| simple.swift:62:8:62:8 | 2 | simple.swift:62:3:62:3 | &... |
+| simple.swift:65:7:65:7 | SSA def(e) | simple.swift:66:3:66:3 | e |
+| simple.swift:65:11:65:11 | 1000 | simple.swift:65:7:65:7 | SSA def(e) |
+| simple.swift:66:3:66:3 | &... | simple.swift:67:13:67:13 | e |
+| simple.swift:66:3:66:3 | [post] &... | simple.swift:67:13:67:13 | e |
+| simple.swift:66:3:66:3 | e | simple.swift:66:3:66:3 | &... |
+| simple.swift:66:8:66:15 | call to source() | simple.swift:66:3:66:3 | &... |
+| simple.swift:67:13:67:13 | [post] e | simple.swift:68:3:68:3 | e |
+| simple.swift:67:13:67:13 | e | simple.swift:68:3:68:3 | e |
+| simple.swift:68:3:68:3 | &... | simple.swift:69:13:69:13 | e |
+| simple.swift:68:3:68:3 | [post] &... | simple.swift:69:13:69:13 | e |
+| simple.swift:68:3:68:3 | e | simple.swift:68:3:68:3 | &... |
+| simple.swift:68:8:68:8 | 100 | simple.swift:68:3:68:3 | &... |
+| subscript.swift:1:7:1:7 | SSA def(self) | subscript.swift:1:7:1:7 | self[return] |
+| subscript.swift:1:7:1:7 | SSA def(self) | subscript.swift:1:7:1:7 | self[return] |
+| subscript.swift:1:7:1:7 | self | subscript.swift:1:7:1:7 | SSA def(self) |
+| subscript.swift:1:7:1:7 | self | subscript.swift:1:7:1:7 | SSA def(self) |
+| subscript.swift:2:5:2:5 | self | subscript.swift:2:5:2:5 | SSA def(self) |
+| subscript.swift:3:9:3:9 | SSA def(self) | subscript.swift:3:9:3:25 | self[return] |
+| subscript.swift:3:9:3:9 | self | subscript.swift:3:9:3:9 | SSA def(self) |
+| subscript.swift:4:9:4:9 | SSA def(self) | subscript.swift:4:9:4:24 | self[return] |
+| subscript.swift:4:9:4:9 | self | subscript.swift:4:9:4:9 | SSA def(self) |
+| subscript.swift:13:15:13:22 | call to source() | subscript.swift:13:15:13:25 | ...[...] |
+| subscript.swift:14:15:14:23 | call to source2() | subscript.swift:14:15:14:26 | ...[...] |
+| try.swift:8:17:8:23 | call to clean() | try.swift:8:13:8:23 | try ... |
+| try.swift:9:17:9:24 | call to source() | try.swift:9:13:9:24 | try ... |
+| try.swift:14:17:14:23 | call to clean() | try.swift:14:12:14:23 | try! ... |
+| try.swift:15:17:15:24 | call to source() | try.swift:15:12:15:24 | try! ... |
+| try.swift:17:13:17:24 | try? ... | try.swift:17:12:17:26 | ...! |
+| try.swift:17:18:17:24 | call to clean() | try.swift:17:13:17:24 | try? ... |
+| try.swift:18:13:18:25 | try? ... | try.swift:18:12:18:27 | ...! |
+| try.swift:18:18:18:25 | call to source() | try.swift:18:13:18:25 | try? ... |

swift/ql/test/library-tests/dataflow/taint/core/Taint.expected

@@ -0,0 +1,103 @@
+edges
+| simple.swift:12:17:12:24 | call to source() :  | simple.swift:12:13:12:24 | ... .+(_:_:) ... |
+| simple.swift:13:13:13:20 | call to source() :  | simple.swift:13:13:13:24 | ... .+(_:_:) ... |
+| simple.swift:14:17:14:24 | call to source() :  | simple.swift:14:13:14:24 | ... .-(_:_:) ... |
+| simple.swift:15:13:15:20 | call to source() :  | simple.swift:15:13:15:24 | ... .-(_:_:) ... |
+| simple.swift:16:17:16:24 | call to source() :  | simple.swift:16:13:16:24 | ... .*(_:_:) ... |
+| simple.swift:17:13:17:20 | call to source() :  | simple.swift:17:13:17:24 | ... .*(_:_:) ... |
+| simple.swift:18:19:18:26 | call to source() :  | simple.swift:18:13:18:26 | ... ./(_:_:) ... |
+| simple.swift:19:13:19:20 | call to source() :  | simple.swift:19:13:19:24 | ... ./(_:_:) ... |
+| simple.swift:20:19:20:26 | call to source() :  | simple.swift:20:13:20:26 | ... .%(_:_:) ... |
+| simple.swift:21:13:21:20 | call to source() :  | simple.swift:21:13:21:24 | ... .%(_:_:) ... |
+| simple.swift:23:14:23:21 | call to source() :  | simple.swift:23:13:23:21 | call to -(_:) |
+| simple.swift:40:8:40:15 | call to source() :  | simple.swift:41:13:41:13 | a |
+| simple.swift:40:8:40:15 | call to source() :  | simple.swift:43:13:43:13 | a |
+| simple.swift:48:8:48:15 | call to source() :  | simple.swift:49:13:49:13 | b |
+| simple.swift:48:8:48:15 | call to source() :  | simple.swift:51:13:51:13 | b |
+| simple.swift:54:8:54:15 | call to source() :  | simple.swift:55:13:55:13 | c |
+| simple.swift:54:8:54:15 | call to source() :  | simple.swift:57:13:57:13 | c |
+| simple.swift:60:8:60:15 | call to source() :  | simple.swift:61:13:61:13 | d |
+| simple.swift:60:8:60:15 | call to source() :  | simple.swift:63:13:63:13 | d |
+| simple.swift:66:8:66:15 | call to source() :  | simple.swift:67:13:67:13 | e |
+| simple.swift:66:8:66:15 | call to source() :  | simple.swift:69:13:69:13 | e |
+| subscript.swift:13:15:13:22 | call to source() :  | subscript.swift:13:15:13:25 | ...[...] |
+| subscript.swift:14:15:14:23 | call to source2() :  | subscript.swift:14:15:14:26 | ...[...] |
+| try.swift:9:17:9:24 | call to source() :  | try.swift:9:13:9:24 | try ... |
+| try.swift:15:17:15:24 | call to source() :  | try.swift:15:12:15:24 | try! ... |
+| try.swift:18:18:18:25 | call to source() :  | try.swift:18:12:18:27 | ...! |
+nodes
+| simple.swift:12:13:12:24 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| simple.swift:12:17:12:24 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:13:13:13:20 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:13:13:13:24 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| simple.swift:14:13:14:24 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| simple.swift:14:17:14:24 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:15:13:15:20 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:15:13:15:24 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| simple.swift:16:13:16:24 | ... .*(_:_:) ... | semmle.label | ... .*(_:_:) ... |
+| simple.swift:16:17:16:24 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:17:13:17:20 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:17:13:17:24 | ... .*(_:_:) ... | semmle.label | ... .*(_:_:) ... |
+| simple.swift:18:13:18:26 | ... ./(_:_:) ... | semmle.label | ... ./(_:_:) ... |
+| simple.swift:18:19:18:26 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:19:13:19:20 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:19:13:19:24 | ... ./(_:_:) ... | semmle.label | ... ./(_:_:) ... |
+| simple.swift:20:13:20:26 | ... .%(_:_:) ... | semmle.label | ... .%(_:_:) ... |
+| simple.swift:20:19:20:26 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:21:13:21:20 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:21:13:21:24 | ... .%(_:_:) ... | semmle.label | ... .%(_:_:) ... |
+| simple.swift:23:13:23:21 | call to -(_:) | semmle.label | call to -(_:) |
+| simple.swift:23:14:23:21 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:40:8:40:15 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:41:13:41:13 | a | semmle.label | a |
+| simple.swift:43:13:43:13 | a | semmle.label | a |
+| simple.swift:48:8:48:15 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:49:13:49:13 | b | semmle.label | b |
+| simple.swift:51:13:51:13 | b | semmle.label | b |
+| simple.swift:54:8:54:15 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:55:13:55:13 | c | semmle.label | c |
+| simple.swift:57:13:57:13 | c | semmle.label | c |
+| simple.swift:60:8:60:15 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:61:13:61:13 | d | semmle.label | d |
+| simple.swift:63:13:63:13 | d | semmle.label | d |
+| simple.swift:66:8:66:15 | call to source() :  | semmle.label | call to source() :  |
+| simple.swift:67:13:67:13 | e | semmle.label | e |
+| simple.swift:69:13:69:13 | e | semmle.label | e |
+| subscript.swift:13:15:13:22 | call to source() :  | semmle.label | call to source() :  |
+| subscript.swift:13:15:13:25 | ...[...] | semmle.label | ...[...] |
+| subscript.swift:14:15:14:23 | call to source2() :  | semmle.label | call to source2() :  |
+| subscript.swift:14:15:14:26 | ...[...] | semmle.label | ...[...] |
+| try.swift:9:13:9:24 | try ... | semmle.label | try ... |
+| try.swift:9:17:9:24 | call to source() :  | semmle.label | call to source() :  |
+| try.swift:15:12:15:24 | try! ... | semmle.label | try! ... |
+| try.swift:15:17:15:24 | call to source() :  | semmle.label | call to source() :  |
+| try.swift:18:12:18:27 | ...! | semmle.label | ...! |
+| try.swift:18:18:18:25 | call to source() :  | semmle.label | call to source() :  |
+subpaths
+#select
+| simple.swift:12:13:12:24 | ... .+(_:_:) ... | simple.swift:12:17:12:24 | call to source() :  | simple.swift:12:13:12:24 | ... .+(_:_:) ... | result |
+| simple.swift:13:13:13:24 | ... .+(_:_:) ... | simple.swift:13:13:13:20 | call to source() :  | simple.swift:13:13:13:24 | ... .+(_:_:) ... | result |
+| simple.swift:14:13:14:24 | ... .-(_:_:) ... | simple.swift:14:17:14:24 | call to source() :  | simple.swift:14:13:14:24 | ... .-(_:_:) ... | result |
+| simple.swift:15:13:15:24 | ... .-(_:_:) ... | simple.swift:15:13:15:20 | call to source() :  | simple.swift:15:13:15:24 | ... .-(_:_:) ... | result |
+| simple.swift:16:13:16:24 | ... .*(_:_:) ... | simple.swift:16:17:16:24 | call to source() :  | simple.swift:16:13:16:24 | ... .*(_:_:) ... | result |
+| simple.swift:17:13:17:24 | ... .*(_:_:) ... | simple.swift:17:13:17:20 | call to source() :  | simple.swift:17:13:17:24 | ... .*(_:_:) ... | result |
+| simple.swift:18:13:18:26 | ... ./(_:_:) ... | simple.swift:18:19:18:26 | call to source() :  | simple.swift:18:13:18:26 | ... ./(_:_:) ... | result |
+| simple.swift:19:13:19:24 | ... ./(_:_:) ... | simple.swift:19:13:19:20 | call to source() :  | simple.swift:19:13:19:24 | ... ./(_:_:) ... | result |
+| simple.swift:20:13:20:26 | ... .%(_:_:) ... | simple.swift:20:19:20:26 | call to source() :  | simple.swift:20:13:20:26 | ... .%(_:_:) ... | result |
+| simple.swift:21:13:21:24 | ... .%(_:_:) ... | simple.swift:21:13:21:20 | call to source() :  | simple.swift:21:13:21:24 | ... .%(_:_:) ... | result |
+| simple.swift:23:13:23:21 | call to -(_:) | simple.swift:23:14:23:21 | call to source() :  | simple.swift:23:13:23:21 | call to -(_:) | result |
+| simple.swift:41:13:41:13 | a | simple.swift:40:8:40:15 | call to source() :  | simple.swift:41:13:41:13 | a | result |
+| simple.swift:43:13:43:13 | a | simple.swift:40:8:40:15 | call to source() :  | simple.swift:43:13:43:13 | a | result |
+| simple.swift:49:13:49:13 | b | simple.swift:48:8:48:15 | call to source() :  | simple.swift:49:13:49:13 | b | result |
+| simple.swift:51:13:51:13 | b | simple.swift:48:8:48:15 | call to source() :  | simple.swift:51:13:51:13 | b | result |
+| simple.swift:55:13:55:13 | c | simple.swift:54:8:54:15 | call to source() :  | simple.swift:55:13:55:13 | c | result |
+| simple.swift:57:13:57:13 | c | simple.swift:54:8:54:15 | call to source() :  | simple.swift:57:13:57:13 | c | result |
+| simple.swift:61:13:61:13 | d | simple.swift:60:8:60:15 | call to source() :  | simple.swift:61:13:61:13 | d | result |
+| simple.swift:63:13:63:13 | d | simple.swift:60:8:60:15 | call to source() :  | simple.swift:63:13:63:13 | d | result |
+| simple.swift:67:13:67:13 | e | simple.swift:66:8:66:15 | call to source() :  | simple.swift:67:13:67:13 | e | result |
+| simple.swift:69:13:69:13 | e | simple.swift:66:8:66:15 | call to source() :  | simple.swift:69:13:69:13 | e | result |
+| subscript.swift:13:15:13:25 | ...[...] | subscript.swift:13:15:13:22 | call to source() :  | subscript.swift:13:15:13:25 | ...[...] | result |
+| subscript.swift:14:15:14:26 | ...[...] | subscript.swift:14:15:14:23 | call to source2() :  | subscript.swift:14:15:14:26 | ...[...] | result |
+| try.swift:9:13:9:24 | try ... | try.swift:9:17:9:24 | call to source() :  | try.swift:9:13:9:24 | try ... | result |
+| try.swift:15:12:15:24 | try! ... | try.swift:15:17:15:24 | call to source() :  | try.swift:15:12:15:24 | try! ... | result |
+| try.swift:18:12:18:27 | ...! | try.swift:18:18:18:25 | call to source() :  | try.swift:18:12:18:27 | ...! | result |

swift/ql/test/library-tests/dataflow/taint/libraries/Taint.qll

@@ -0,0 +1,20 @@
+import swift
+import codeql.swift.dataflow.TaintTracking
+import codeql.swift.dataflow.DataFlow::DataFlow
+
+class TestConfiguration extends TaintTracking::Configuration {
+  TestConfiguration() { this = "TestConfiguration" }
+
+  override predicate isSource(Node src) {
+    src.asExpr().(CallExpr).getStaticTarget().getName().matches("source%")
+  }
+
+  override predicate isSink(Node sink) {
+    exists(CallExpr sinkCall |
+      sinkCall.getStaticTarget().getName().matches("sink%") and
+      sinkCall.getAnArgument().getExpr() = sink.asExpr()
+    )
+  }
+
+  override int explorationLimit() { result = 100 }
+}

swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.ql

@@ -0,0 +1,20 @@
+import swift
+import Taint
+import TestUtilities.InlineExpectationsTest
+
+class TaintTest extends InlineExpectationsTest {
+  TaintTest() { this = "TaintTest" }
+
+  override string getARelevantTag() { result = "tainted" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(TestConfiguration config, Node source, Node sink, Expr sinkExpr |
+      config.hasFlow(source, sink) and
+      sinkExpr = sink.asExpr() and
+      location = sinkExpr.getLocation() and
+      element = sinkExpr.toString() and
+      tag = "tainted" and
+      value = source.asExpr().getLocation().getStartLine().toString()
+    )
+  }
+}