Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11

2026-05-01 03:35:13 +02:00 · 2018-10-11 14:36:44 +02:00
parent 95abf557ac 68dae60927
commit b29b314f4e
321 changed files with 27787 additions and 3927 deletions
--- a/javascript/ql/test/library-tests/DataFlow/flowStep.expected
+++ b/javascript/ql/test/library-tests/DataFlow/flowStep.expected
@@ -76,6 +76,7 @@
 | tst.js:37:5:42:1 | o | tst.js:83:23:83:23 | o |
 | tst.js:37:5:42:1 | o | tst.js:85:23:85:23 | o |
 | tst.js:37:9:42:1 | {\\n  x:  ... ;\\n  }\\n} | tst.js:37:5:42:1 | o |
+| tst.js:39:4:39:3 | this | tst.js:40:5:40:8 | this |
 | tst.js:46:10:46:11 | "" | tst.js:46:1:46:11 | global = "" |
 | tst.js:49:1:54:1 | A | tst.js:55:1:55:1 | A |
 | tst.js:49:1:54:1 | class A ... `\\n  }\\n} | tst.js:49:1:54:1 | A |
--- a/javascript/ql/test/library-tests/DataFlow/sources.expected
+++ b/javascript/ql/test/library-tests/DataFlow/sources.expected
@@ -1,14 +1,20 @@
+| eval.js:1:1:1:0 | this |
+| eval.js:1:1:1:0 | this |
 | eval.js:1:1:5:1 | functio ... eval`\\n} |
 | eval.js:3:3:3:6 | eval |
 | eval.js:3:3:3:16 | eval("x = 23") |
+| sources.js:1:1:1:0 | this |
 | sources.js:1:1:1:12 | new (x => x) |
 | sources.js:1:6:1:6 | x |
 | sources.js:1:6:1:11 | x => x |
 | sources.js:3:1:5:6 | (functi ... \\n})(23) |
+| sources.js:3:2:3:1 | this |
 | sources.js:3:2:5:1 | functio ... x+19;\\n} |
 | sources.js:3:11:3:11 | x |
+| tst.js:1:1:1:0 | this |
 | tst.js:1:10:1:11 | fs |
 | tst.js:16:1:20:9 | (functi ... ("arg") |
+| tst.js:16:2:16:1 | this |
 | tst.js:16:2:20:1 | functio ... n "";\\n} |
 | tst.js:16:13:16:13 | a |
 | tst.js:17:7:17:10 | Math |
@@ -17,11 +23,12 @@
 | tst.js:22:7:22:18 | readFileSync |
 | tst.js:28:1:30:3 | (() =>\\n ... les\\n)() |
 | tst.js:28:2:29:3 | () =>\\n  x |
+| tst.js:32:1:32:0 | this |
 | tst.js:32:1:34:1 | functio ... ables\\n} |
 | tst.js:35:1:35:7 | g(true) |
 | tst.js:37:9:42:1 | {\\n  x:  ... ;\\n  }\\n} |
+| tst.js:39:4:39:3 | this |
 | tst.js:39:4:41:3 | () {\\n    this;\\n  } |
-| tst.js:40:5:40:8 | this |
 | tst.js:43:1:43:3 | o.x |
 | tst.js:44:1:44:3 | o.m |
 | tst.js:44:1:44:5 | o.m() |
@@ -29,18 +36,22 @@
 | tst.js:47:1:47:6 | global |
 | tst.js:49:1:54:1 | class A ... `\\n  }\\n} |
 | tst.js:49:17:49:17 | B |
+| tst.js:50:14:50:13 | this |
 | tst.js:50:14:53:3 | () {\\n   ... et`\\n  } |
 | tst.js:51:5:51:13 | super(42) |
 | tst.js:58:1:58:3 | tag |
 | tst.js:61:3:61:5 | o.m |
+| tst.js:64:1:64:0 | this |
 | tst.js:64:1:67:1 | functio ... lysed\\n} |
 | tst.js:68:12:68:14 | h() |
 | tst.js:69:1:69:9 | iter.next |
 | tst.js:69:1:69:13 | iter.next(23) |
+| tst.js:71:1:71:0 | this |
 | tst.js:71:1:73:1 | async f ... lysed\\n} |
 | tst.js:72:9:72:9 | p |
 | tst.js:72:9:72:11 | p() |
 | tst.js:87:1:96:2 | (functi ... r: 0\\n}) |
+| tst.js:87:2:87:1 | this |
 | tst.js:87:2:92:1 | functio ...  + z;\\n} |
 | tst.js:87:11:87:24 | { p: x, ...o } |
 | tst.js:87:13:87:16 | p: x |
@@ -49,6 +60,7 @@
 | tst.js:90:6:90:9 | r: z |
 | tst.js:92:4:96:1 | {\\n  p:  ...  r: 0\\n} |
 | tst.js:98:1:103:17 | (functi ... 3, 0 ]) |
+| tst.js:98:2:98:1 | this |
 | tst.js:98:2:103:1 | functio ...  + z;\\n} |
 | tst.js:98:11:98:24 | [ x, ...rest ] |
 | tst.js:98:13:98:13 | x |
@@ -56,7 +68,9 @@
 | tst.js:99:9:99:9 | y |
 | tst.js:101:7:101:7 | z |
 | tst.js:103:4:103:16 | [ 19, 23, 0 ] |
+| tst.ts:1:1:1:0 | this |
 | tst.ts:3:3:3:8 | setX() |
+| tst.ts:7:1:7:0 | this |
 | tst.ts:7:1:9:1 | functio ... = 23;\\n} |
 | tst.ts:8:3:8:5 | A.x |
 | tst.ts:11:11:11:13 | A.x |
@@ -65,3 +79,4 @@
 | tst.ts:13:39:13:38 | (...arg ... rgs); } |
 | tst.ts:13:39:13:38 | args |
 | tst.ts:13:39:13:38 | super(...args) |
+| tst.ts:13:39:13:38 | this |
--- a/javascript/ql/test/library-tests/Nodes/globalObjectRef.expected
+++ b/javascript/ql/test/library-tests/Nodes/globalObjectRef.expected
@@ -1,10 +1,10 @@
+| tst2.js:1:1:1:0 | this |
 | tst2.js:1:9:1:25 | require("global") |
 | tst2.js:3:1:3:24 | require ... indow") |
 | tst2.js:7:1:7:6 | global |
 | tst2.js:8:1:8:6 | global |
-| tst2.js:9:1:9:4 | this |
+| tst.js:1:1:1:0 | this |
 | tst.js:1:1:1:6 | window |
-| tst.js:2:1:2:4 | this |
 | tst.js:3:1:3:6 | window |
 | tst.js:4:1:4:6 | window |
 | tst.js:4:1:4:13 | window.window |
--- a/javascript/ql/test/library-tests/PropWrite/getAPropertyRead.expected
+++ b/javascript/ql/test/library-tests/PropWrite/getAPropertyRead.expected
@@ -1,8 +1,8 @@
+| tst.js:1:1:1:0 | this | tst.js:23:15:23:29 | this.someMethod |
+| tst.js:1:1:1:0 | this | tst.js:24:36:24:45 | this.state |
 | tst.js:14:5:14:11 | console | tst.js:14:5:14:15 | console.log |
 | tst.js:17:5:17:11 | console | tst.js:17:5:17:15 | console.log |
-| tst.js:23:15:23:18 | this | tst.js:23:15:23:29 | this.someMethod |
 | tst.js:23:15:23:29 | this.someMethod | tst.js:23:15:23:34 | this.someMethod.bind |
-| tst.js:24:36:24:39 | this | tst.js:24:36:24:45 | this.state |
 | tst.js:24:36:24:45 | this.state | tst.js:24:36:24:50 | this.state.name |
 | tst.js:34:6:34:7 | vv | tst.js:34:6:34:10 | vv.pp |
 | tst.js:35:6:35:8 | vvv | tst.js:35:6:35:12 | vvv.ppp |
--- a/javascript/ql/test/library-tests/PropWrite/getAPropertyRead2.expected
+++ b/javascript/ql/test/library-tests/PropWrite/getAPropertyRead2.expected
@@ -1,8 +1,8 @@
+| tst.js:1:1:1:0 | this | someMethod | tst.js:23:15:23:29 | this.someMethod |
+| tst.js:1:1:1:0 | this | state | tst.js:24:36:24:45 | this.state |
 | tst.js:14:5:14:11 | console | log | tst.js:14:5:14:15 | console.log |
 | tst.js:17:5:17:11 | console | log | tst.js:17:5:17:15 | console.log |
-| tst.js:23:15:23:18 | this | someMethod | tst.js:23:15:23:29 | this.someMethod |
 | tst.js:23:15:23:29 | this.someMethod | bind | tst.js:23:15:23:34 | this.someMethod.bind |
-| tst.js:24:36:24:39 | this | state | tst.js:24:36:24:45 | this.state |
 | tst.js:24:36:24:45 | this.state | name | tst.js:24:36:24:50 | this.state.name |
 | tst.js:34:6:34:7 | vv | pp | tst.js:34:6:34:10 | vv.pp |
 | tst.js:35:6:35:8 | vvv | ppp | tst.js:35:6:35:12 | vvv.ppp |
--- a/javascript/ql/test/library-tests/PropWrite/getAPropertyReference.expected
+++ b/javascript/ql/test/library-tests/PropWrite/getAPropertyReference.expected
@@ -1,3 +1,5 @@
+| tst.js:1:1:1:0 | this | tst.js:23:15:23:29 | this.someMethod |
+| tst.js:1:1:1:0 | this | tst.js:24:36:24:45 | this.state |
 | tst.js:2:11:10:1 | {\\n    x ...     }\\n} | tst.js:3:5:3:8 | x: 4 |
 | tst.js:2:11:10:1 | {\\n    x ...     }\\n} | tst.js:4:5:6:5 | func: f ... ;\\n    } |
 | tst.js:2:11:10:1 | {\\n    x ...     }\\n} | tst.js:7:5:9:5 | f() {\\n  ... ;\\n    } |
@@ -5,10 +7,8 @@
 | tst.js:14:5:14:11 | console | tst.js:14:5:14:15 | console.log |
 | tst.js:17:5:17:11 | console | tst.js:17:5:17:15 | console.log |
 | tst.js:21:1:21:1 | C | tst.js:21:1:21:6 | C.prop |
-| tst.js:23:15:23:18 | this | tst.js:23:15:23:29 | this.someMethod |
 | tst.js:23:15:23:29 | this.someMethod | tst.js:23:15:23:34 | this.someMethod.bind |
 | tst.js:24:8:24:57 | <div on ... }</div> | tst.js:24:13:24:27 | onClick={click} |
-| tst.js:24:36:24:39 | this | tst.js:24:36:24:45 | this.state |
 | tst.js:24:36:24:45 | this.state | tst.js:24:36:24:50 | this.state.name |
 | tst.js:26:2:29:1 | {\\n  get ... v) {}\\n} | tst.js:27:3:27:26 | get x() ... null; } |
 | tst.js:26:2:29:1 | {\\n  get ... v) {}\\n} | tst.js:28:3:28:13 | set y(v) {} |
--- a/javascript/ql/test/library-tests/PropWrite/getAPropertyReference2.expected
+++ b/javascript/ql/test/library-tests/PropWrite/getAPropertyReference2.expected
@@ -1,3 +1,5 @@
+| tst.js:1:1:1:0 | this | someMethod | tst.js:23:15:23:29 | this.someMethod |
+| tst.js:1:1:1:0 | this | state | tst.js:24:36:24:45 | this.state |
 | tst.js:2:11:10:1 | {\\n    x ...     }\\n} | f | tst.js:7:5:9:5 | f() {\\n  ... ;\\n    } |
 | tst.js:2:11:10:1 | {\\n    x ...     }\\n} | func | tst.js:4:5:6:5 | func: f ... ;\\n    } |
 | tst.js:2:11:10:1 | {\\n    x ...     }\\n} | x | tst.js:3:5:3:8 | x: 4 |
@@ -5,10 +7,8 @@
 | tst.js:14:5:14:11 | console | log | tst.js:14:5:14:15 | console.log |
 | tst.js:17:5:17:11 | console | log | tst.js:17:5:17:15 | console.log |
 | tst.js:21:1:21:1 | C | prop | tst.js:21:1:21:6 | C.prop |
-| tst.js:23:15:23:18 | this | someMethod | tst.js:23:15:23:29 | this.someMethod |
 | tst.js:23:15:23:29 | this.someMethod | bind | tst.js:23:15:23:34 | this.someMethod.bind |
 | tst.js:24:8:24:57 | <div on ... }</div> | onClick | tst.js:24:13:24:27 | onClick={click} |
-| tst.js:24:36:24:39 | this | state | tst.js:24:36:24:45 | this.state |
 | tst.js:24:36:24:45 | this.state | name | tst.js:24:36:24:50 | this.state.name |
 | tst.js:26:2:29:1 | {\\n  get ... v) {}\\n} | x | tst.js:27:3:27:26 | get x() ... null; } |
 | tst.js:26:2:29:1 | {\\n  get ... v) {}\\n} | y | tst.js:28:3:28:13 | set y(v) {} |
--- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
+++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
@@ -3,6 +3,8 @@
 | partialCalls.js:4:17:4:24 | source() | partialCalls.js:30:14:30:20 | x.value |
 | partialCalls.js:4:17:4:24 | source() | partialCalls.js:41:10:41:18 | id(taint) |
 | partialCalls.js:4:17:4:24 | source() | partialCalls.js:51:14:51:14 | x |
+| thisAssignments.js:4:17:4:24 | source() | thisAssignments.js:5:10:5:18 | obj.field |
+| thisAssignments.js:7:19:7:26 | source() | thisAssignments.js:8:10:8:20 | this.field2 |
 | tst.js:2:13:2:20 | source() | tst.js:4:10:4:10 | x |
 | tst.js:2:13:2:20 | source() | tst.js:5:10:5:22 | "/" + x + "!" |
 | tst.js:2:13:2:20 | source() | tst.js:14:10:14:17 | x.sort() |
--- a/javascript/ql/test/library-tests/TaintTracking/thisAssignments.js
+++ b/javascript/ql/test/library-tests/TaintTracking/thisAssignments.js
@@ -0,0 +1,10 @@
+class C {
+  foo() {
+    let obj = {};
+    obj.field = source();
+    sink(obj.field); // NOT OK - tainted
+    
+    this.field2 = source();
+    sink(this.field2); // NOT OK - tainted
+  }
+}
--- a/javascript/ql/test/library-tests/frameworks/ReactJS/ReactComponent_ref.expected
+++ b/javascript/ql/test/library-tests/frameworks/ReactJS/ReactComponent_ref.expected
@@ -1,18 +1,42 @@
 | es5.js:1:31:11:1 | {\\n  dis ... ;\\n  }\\n} | es5.js:1:31:11:1 | {\\n  dis ... ;\\n  }\\n} |
+| es5.js:1:31:11:1 | {\\n  dis ... ;\\n  }\\n} | es5.js:3:11:3:10 | this |
 | es5.js:1:31:11:1 | {\\n  dis ... ;\\n  }\\n} | es5.js:4:24:4:27 | this |
+| es5.js:1:31:11:1 | {\\n  dis ... ;\\n  }\\n} | es5.js:6:20:6:19 | this |
 | es5.js:18:33:22:1 | {\\n  ren ... ;\\n  }\\n} | es5.js:18:33:22:1 | {\\n  ren ... ;\\n  }\\n} |
+| es5.js:18:33:22:1 | {\\n  ren ... ;\\n  }\\n} | es5.js:19:11:19:10 | this |
 | es5.js:18:33:22:1 | {\\n  ren ... ;\\n  }\\n} | es5.js:20:24:20:27 | this |
+| es6.js:1:1:8:1 | class H ... ;\\n  }\\n} | es6.js:1:37:1:36 | this |
+| es6.js:1:1:8:1 | class H ... ;\\n  }\\n} | es6.js:2:9:2:8 | this |
 | es6.js:1:1:8:1 | class H ... ;\\n  }\\n} | es6.js:3:24:3:27 | this |
+| es6.js:1:1:8:1 | class H ... ;\\n  }\\n} | es6.js:5:14:5:13 | this |
+| es6.js:14:1:20:1 | class H ...     }\\n} | es6.js:15:16:15:15 | this |
 | es6.js:14:1:20:1 | class H ...     }\\n} | es6.js:16:9:16:12 | this |
 | es6.js:14:1:20:1 | class H ...     }\\n} | es6.js:17:9:17:12 | this |
 | es6.js:14:1:20:1 | class H ...     }\\n} | es6.js:18:9:18:12 | this |
+| namedImport.js:3:1:3:28 | class C ... nent {} | namedImport.js:3:27:3:26 | this |
+| namedImport.js:5:1:5:20 | class D extends C {} | namedImport.js:5:19:5:18 | this |
+| plainfn.js:1:1:3:1 | functio ... div>;\\n} | plainfn.js:1:1:1:0 | this |
+| plainfn.js:5:1:7:1 | functio ... iv");\\n} | plainfn.js:5:1:5:0 | this |
+| plainfn.js:9:1:12:1 | functio ... rn x;\\n} | plainfn.js:9:1:9:0 | this |
+| plainfn.js:20:1:24:1 | functio ... n 42;\\n} | plainfn.js:20:1:20:0 | this |
+| preact.js:1:1:7:1 | class H ...     }\\n} | preact.js:1:38:1:37 | this |
+| preact.js:1:1:7:1 | class H ...     }\\n} | preact.js:2:11:2:10 | this |
+| preact.js:9:1:11:1 | class H ... nt {\\n\\n} | preact.js:9:38:9:37 | this |
+| probably-a-component.js:1:1:6:1 | class H ...     }\\n} | probably-a-component.js:1:31:1:30 | this |
+| probably-a-component.js:1:1:6:1 | class H ...     }\\n} | probably-a-component.js:2:11:2:10 | this |
 | probably-a-component.js:1:1:6:1 | class H ...     }\\n} | probably-a-component.js:3:9:3:12 | this |
+| props.js:2:5:3:5 | class C ... {\\n    } | props.js:2:37:2:36 | this |
 | props.js:2:5:3:5 | class C ... {\\n    } | props.js:9:5:9:55 | new C({ ... ctor"}) |
 | props.js:13:31:17:5 | {\\n      ... }\\n    } | props.js:13:31:17:5 | {\\n      ... }\\n    } |
+| props.js:13:31:17:5 | {\\n      ... }\\n    } | props.js:14:24:14:23 | this |
+| props.js:26:5:28:5 | functio ... ;\\n    } | props.js:26:5:26:4 | this |
 | props.js:26:5:28:5 | functio ... ;\\n    } | props.js:34:5:34:55 | new C({ ... ctor"}) |
+| statePropertyReads.js:1:1:13:1 | class R ...     }\\n} | statePropertyReads.js:2:16:2:15 | this |
 | statePropertyReads.js:1:1:13:1 | class R ...     }\\n} | statePropertyReads.js:3:9:3:12 | this |
 | statePropertyReads.js:1:1:13:1 | class R ...     }\\n} | statePropertyReads.js:5:9:5:12 | this |
 | statePropertyReads.js:1:1:13:1 | class R ...     }\\n} | statePropertyReads.js:7:9:7:12 | this |
+| statePropertyReads.js:1:1:13:1 | class R ...     }\\n} | statePropertyReads.js:10:23:10:22 | this |
+| statePropertyWrites.js:1:1:34:1 | class W ...    };\\n} | statePropertyWrites.js:2:16:2:15 | this |
 | statePropertyWrites.js:1:1:34:1 | class W ...    };\\n} | statePropertyWrites.js:3:13:3:22 | cmp |
 | statePropertyWrites.js:1:1:34:1 | class W ...    };\\n} | statePropertyWrites.js:3:19:3:22 | this |
 | statePropertyWrites.js:1:1:34:1 | class W ...    };\\n} | statePropertyWrites.js:4:9:4:11 | cmp |
@@ -21,28 +45,45 @@
 | statePropertyWrites.js:1:1:34:1 | class W ...    };\\n} | statePropertyWrites.js:14:9:14:11 | cmp |
 | statePropertyWrites.js:1:1:34:1 | class W ...    };\\n} | statePropertyWrites.js:18:9:18:11 | cmp |
 | statePropertyWrites.js:1:1:34:1 | class W ...    };\\n} | statePropertyWrites.js:22:9:22:11 | cmp |
+| statePropertyWrites.js:1:1:34:1 | class W ...    };\\n} | statePropertyWrites.js:25:20:25:19 | this |
 | statePropertyWrites.js:36:19:45:1 | {\\n  ren ... ;\\n  }\\n} | statePropertyWrites.js:36:19:45:1 | {\\n  ren ... ;\\n  }\\n} |
+| statePropertyWrites.js:36:19:45:1 | {\\n  ren ... ;\\n  }\\n} | statePropertyWrites.js:37:11:37:10 | this |
 | statePropertyWrites.js:36:19:45:1 | {\\n  ren ... ;\\n  }\\n} | statePropertyWrites.js:38:24:38:27 | this |
+| statePropertyWrites.js:36:19:45:1 | {\\n  ren ... ;\\n  }\\n} | statePropertyWrites.js:40:20:40:19 | this |
+| thisAccesses.js:1:1:16:1 | class C ...     }\\n} | thisAccesses.js:2:17:2:16 | this |
 | thisAccesses.js:1:1:16:1 | class C ...     }\\n} | thisAccesses.js:3:9:3:12 | this |
 | thisAccesses.js:1:1:16:1 | class C ...     }\\n} | thisAccesses.js:5:13:5:22 | dis |
 | thisAccesses.js:1:1:16:1 | class C ...     }\\n} | thisAccesses.js:5:19:5:22 | this |
 | thisAccesses.js:1:1:16:1 | class C ...     }\\n} | thisAccesses.js:6:9:6:11 | dis |
+| thisAccesses.js:1:1:16:1 | class C ...     }\\n} | thisAccesses.js:8:10:8:9 | this |
 | thisAccesses.js:1:1:16:1 | class C ...     }\\n} | thisAccesses.js:9:13:9:16 | this |
 | thisAccesses.js:1:1:16:1 | class C ...     }\\n} | thisAccesses.js:10:17:10:20 | this |
+| thisAccesses.js:1:1:16:1 | class C ...     }\\n} | thisAccesses.js:13:23:13:22 | this |
 | thisAccesses.js:1:1:16:1 | class C ...     }\\n} | thisAccesses.js:14:9:14:12 | this |
 | thisAccesses.js:18:19:29:1 | {\\n    r ...     }\\n} | thisAccesses.js:18:19:29:1 | {\\n    r ...     }\\n} |
+| thisAccesses.js:18:19:29:1 | {\\n    r ...     }\\n} | thisAccesses.js:19:13:19:12 | this |
+| thisAccesses.js:18:19:29:1 | {\\n    r ...     }\\n} | thisAccesses.js:20:10:20:9 | this |
 | thisAccesses.js:18:19:29:1 | {\\n    r ...     }\\n} | thisAccesses.js:21:13:21:16 | this |
 | thisAccesses.js:18:19:29:1 | {\\n    r ...     }\\n} | thisAccesses.js:22:17:22:20 | this |
+| thisAccesses.js:18:19:29:1 | {\\n    r ...     }\\n} | thisAccesses.js:26:25:26:24 | this |
 | thisAccesses.js:18:19:29:1 | {\\n    r ...     }\\n} | thisAccesses.js:27:9:27:12 | this |
+| thisAccesses.js:31:2:36:1 | functio ... iv/>;\\n} | thisAccesses.js:31:2:31:1 | this |
+| thisAccesses.js:31:2:36:1 | functio ... iv/>;\\n} | thisAccesses.js:32:6:32:5 | this |
 | thisAccesses.js:31:2:36:1 | functio ... iv/>;\\n} | thisAccesses.js:33:9:33:12 | this |
 | thisAccesses.js:31:2:36:1 | functio ... iv/>;\\n} | thisAccesses.js:34:13:34:16 | this |
 | thisAccesses.js:38:19:45:1 | {\\n    r ...    },\\n} | thisAccesses.js:38:19:45:1 | {\\n    r ...    },\\n} |
+| thisAccesses.js:38:19:45:1 | {\\n    r ...    },\\n} | thisAccesses.js:39:13:39:12 | this |
+| thisAccesses.js:38:19:45:1 | {\\n    r ...    },\\n} | thisAccesses.js:40:38:40:37 | this |
 | thisAccesses.js:38:19:45:1 | {\\n    r ...    },\\n} | thisAccesses.js:41:13:41:16 | this |
 | thisAccesses.js:38:19:45:1 | {\\n    r ...    },\\n} | thisAccesses.js:42:12:42:15 | this |
+| thisAccesses.js:47:1:52:1 | class C ...     }\\n} | thisAccesses.js:48:17:48:16 | this |
 | thisAccesses.js:47:1:52:1 | class C ...     }\\n} | thisAccesses.js:49:9:49:12 | this |
 | thisAccesses.js:47:1:52:1 | class C ...     }\\n} | thisAccesses.js:50:9:50:12 | this |
 | thisAccesses_importedMappers.js:4:19:15:1 | {\\n    r ...    },\\n} | thisAccesses_importedMappers.js:4:19:15:1 | {\\n    r ...    },\\n} |
+| thisAccesses_importedMappers.js:4:19:15:1 | {\\n    r ...    },\\n} | thisAccesses_importedMappers.js:5:13:5:12 | this |
+| thisAccesses_importedMappers.js:4:19:15:1 | {\\n    r ...    },\\n} | thisAccesses_importedMappers.js:6:38:6:37 | this |
 | thisAccesses_importedMappers.js:4:19:15:1 | {\\n    r ...    },\\n} | thisAccesses_importedMappers.js:7:13:7:16 | this |
 | thisAccesses_importedMappers.js:4:19:15:1 | {\\n    r ...    },\\n} | thisAccesses_importedMappers.js:8:12:8:15 | this |
+| thisAccesses_importedMappers.js:4:19:15:1 | {\\n    r ...    },\\n} | thisAccesses_importedMappers.js:9:25:9:24 | this |
 | thisAccesses_importedMappers.js:4:19:15:1 | {\\n    r ...    },\\n} | thisAccesses_importedMappers.js:10:13:10:16 | this |
 | thisAccesses_importedMappers.js:4:19:15:1 | {\\n    r ...    },\\n} | thisAccesses_importedMappers.js:11:12:11:15 | this |
--- a/javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
@@ -1,3 +1,4 @@
+| addEventListener.js:2:20:2:29 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:1:43:1:47 | event | user-provided value |
 | jquery.js:4:5:4:11 | tainted | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:33 | document.location | user-provided value |
 | jquery.js:7:5:7:34 | "<div i ... + "\\">" | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:33 | document.location | user-provided value |
 | jquery.js:8:18:8:34 | "XSS: " + tainted | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:33 | document.location | user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-079/addEventListener.js
+++ b/javascript/ql/test/query-tests/Security/CWE-079/addEventListener.js
@@ -0,0 +1,3 @@
+this.addEventListener('message', function(event) {
+    document.write(event.data); // NOT OK
+})
--- a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected
@@ -1,8 +1,8 @@
-| bufferRead.js:12:22:12:43 | new Buf ... s.size) | $@ flows directly to Http request body | bufferRead.js:33:21:33:28 | postData | File access |
-| googlecompiler.js:44:54:44:57 | data | $@ flows directly to Http request body | googlecompiler.js:38:18:38:26 | post_data | File access |
-| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | $@ flows directly to Http request body | readFileSync.js:26:18:26:18 | s | File access |
-| readStreamRead.js:13:21:13:35 | readable.read() | $@ flows directly to Http request body | readStreamRead.js:30:19:30:23 | chunk | File access |
-| request.js:28:52:28:55 | data | $@ flows directly to Http request body | request.js:8:11:8:20 | {jsonData} | File access |
-| request.js:43:51:43:54 | data | $@ flows directly to Http request body | request.js:16:11:23:3 | {\\n    u ... ody\\n  } | File access |
-| sentAsHeaders.js:10:79:10:84 | buffer | $@ flows directly to Http request body | sentAsHeaders.js:14:20:19:9 | {\\n      ...       } | File access |
-| sentAsHeaders.js:10:79:10:84 | buffer | $@ flows directly to Http request body | sentAsHeaders.js:20:20:25:9 | {\\n      ...       } | File access |
+| bufferRead.js:33:21:33:28 | postData | $@ flows directly to outbound network request | bufferRead.js:12:22:12:43 | new Buf ... s.size) | File data |
+| googlecompiler.js:38:18:38:26 | post_data | $@ flows directly to outbound network request | googlecompiler.js:44:54:44:57 | data | File data |
+| readFileSync.js:26:18:26:18 | s | $@ flows directly to outbound network request | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | File data |
+| readStreamRead.js:30:19:30:23 | chunk | $@ flows directly to outbound network request | readStreamRead.js:13:21:13:35 | readable.read() | File data |
+| request.js:8:11:8:20 | {jsonData} | $@ flows directly to outbound network request | request.js:28:52:28:55 | data | File data |
+| request.js:16:11:23:3 | {\\n    u ... ody\\n  } | $@ flows directly to outbound network request | request.js:43:51:43:54 | data | File data |
+| sentAsHeaders.js:14:20:19:9 | {\\n      ...       } | $@ flows directly to outbound network request | sentAsHeaders.js:10:79:10:84 | buffer | File data |
+| sentAsHeaders.js:20:20:25:9 | {\\n      ...       } | $@ flows directly to outbound network request | sentAsHeaders.js:10:79:10:84 | buffer | File data |
--- a/javascript/ql/test/query-tests/Security/CWE-200/express-send-file.js
+++ b/javascript/ql/test/query-tests/Security/CWE-200/express-send-file.js
@@ -0,0 +1,6 @@
+var express = require('express'),
+    app = express();
+
+app.get('/getFooFile', function(req, res) {
+    res.sendFile("foo"); // OK (for now) since this is a server-side response
+});
--- a/javascript/ql/test/query-tests/Security/CWE-200/externs/fs.js
+++ b/javascript/ql/test/query-tests/Security/CWE-200/externs/fs.js
--- a/javascript/ql/test/query-tests/Security/CWE-200/fs-read-externs.js
+++ b/javascript/ql/test/query-tests/Security/CWE-200/fs-read-externs.js
@@ -0,0 +1,78 @@
+// Automatically generated from TypeScript type definitions provided by
+// DefinitelyTyped (https://github.com/DefinitelyTyped/DefinitelyTyped),
+// which is licensed under the MIT license; see file DefinitelyTyped-LICENSE
+// in parent directory.
+// Type definitions for Node.js 10.5.x
+// Project: http://nodejs.org/
+// Definitions by: Microsoft TypeScript <http://typescriptlang.org>
+//                 DefinitelyTyped <https://github.com/DefinitelyTyped/DefinitelyTyped>
+//                 Parambir Singh <https://github.com/parambirs>
+//                 Christian Vaagland Tellnes <https://github.com/tellnes>
+//                 Wilco Bakker <https://github.com/WilcoBakker>
+//                 Nicolas Voigt <https://github.com/octo-sniffle>
+//                 Chigozirim C. <https://github.com/smac89>
+//                 Flarna <https://github.com/Flarna>
+//                 Mariusz Wiktorczyk <https://github.com/mwiktorczyk>
+//                 wwwy3y3 <https://github.com/wwwy3y3>
+//                 Deividas Bakanas <https://github.com/DeividasBakanas>
+//                 Kelvin Jin <https://github.com/kjin>
+//                 Alvis HT Tang <https://github.com/alvis>
+//                 Sebastian Silbermann <https://github.com/eps1lon>
+//                 Hannes Magnusson <https://github.com/Hannes-Magnusson-CK>
+//                 Alberto Schiabel <https://github.com/jkomyno>
+//                 Klaus Meinhardt <https://github.com/ajafff>
+//                 Huw <https://github.com/hoo29>
+//                 Nicolas Even <https://github.com/n-e>
+//                 Bruno Scheufler <https://github.com/brunoscheufler>
+//                 Mohsen Azimi <https://github.com/mohsen1>
+//                 Hoàng Văn Khải <https://github.com/KSXGitHub>
+//                 Alexander T. <https://github.com/a-tarasyuk>
+//                 Lishude <https://github.com/islishude>
+//                 Andrew Makarov <https://github.com/r3nya>
+//                 Zane Hannan AU <https://github.com/ZaneHannanAU>
+// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
+
+/**
+ * @externs
+ * @fileoverview Definitions for module "fs"
+ */
+var fs = {};
+
+/**
+ * @param {number} fd
+ * @param {Buffer} buffer
+ * @param {number} offset
+ * @param {number} length
+ * @param {number} position
+ * @param {(function(NodeJS.ErrnoException, number, Buffer): void)=} callback
+ * @return {void}
+ */
+fs.read = function(fd, buffer, offset, length, position, callback) {};
+
+/**
+ * @param {string} filename
+ * @param {string} encoding
+ * @param {(function(NodeJS.ErrnoException, string): void)} callback
+ * @return {void}
+ */
+fs.readFile = function(filename, encoding, callback) {};
+/**
+ * @param {string} filename
+ * @param {{encoding: string, flag: string}} options
+ * @param {(function(NodeJS.ErrnoException, string): void)} callback
+ * @return {void}
+ */
+fs.readFile = function(filename, options, callback) {};
+/**
+ * @param {string} filename
+ * @param {{flag: string}} options
+ * @param {(function(NodeJS.ErrnoException, Buffer): void)} callback
+ * @return {void}
+ */
+fs.readFile = function(filename, options, callback) {};
+/**
+ * @param {string} filename
+ * @param {(function(NodeJS.ErrnoException, Buffer): void)} callback
+ * @return {void}
+ */
+fs.readFile = function(filename, callback) {};
--- a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected
@@ -1,3 +1,3 @@
-| tst.js:16:33:16:33 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
-| tst.js:19:25:19:25 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
-| tst.js:24:22:24:22 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
+| tst.js:16:33:16:33 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |
+| tst.js:19:25:19:25 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |
+| tst.js:24:22:24:22 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |
--- a/javascript/ql/test/query-tests/Security/CWE-912/externs/fs.js
+++ b/javascript/ql/test/query-tests/Security/CWE-912/externs/fs.js
--- a/javascript/ql/test/query-tests/Security/CWE-912/fs-writeFile-externs.js
+++ b/javascript/ql/test/query-tests/Security/CWE-912/fs-writeFile-externs.js
@@ -0,0 +1,62 @@
+// Automatically generated from TypeScript type definitions provided by
+// DefinitelyTyped (https://github.com/DefinitelyTyped/DefinitelyTyped),
+// which is licensed under the MIT license; see file DefinitelyTyped-LICENSE
+// in parent directory.
+// Type definitions for Node.js 10.5.x
+// Project: http://nodejs.org/
+// Definitions by: Microsoft TypeScript <http://typescriptlang.org>
+//                 DefinitelyTyped <https://github.com/DefinitelyTyped/DefinitelyTyped>
+//                 Parambir Singh <https://github.com/parambirs>
+//                 Christian Vaagland Tellnes <https://github.com/tellnes>
+//                 Wilco Bakker <https://github.com/WilcoBakker>
+//                 Nicolas Voigt <https://github.com/octo-sniffle>
+//                 Chigozirim C. <https://github.com/smac89>
+//                 Flarna <https://github.com/Flarna>
+//                 Mariusz Wiktorczyk <https://github.com/mwiktorczyk>
+//                 wwwy3y3 <https://github.com/wwwy3y3>
+//                 Deividas Bakanas <https://github.com/DeividasBakanas>
+//                 Kelvin Jin <https://github.com/kjin>
+//                 Alvis HT Tang <https://github.com/alvis>
+//                 Sebastian Silbermann <https://github.com/eps1lon>
+//                 Hannes Magnusson <https://github.com/Hannes-Magnusson-CK>
+//                 Alberto Schiabel <https://github.com/jkomyno>
+//                 Klaus Meinhardt <https://github.com/ajafff>
+//                 Huw <https://github.com/hoo29>
+//                 Nicolas Even <https://github.com/n-e>
+//                 Bruno Scheufler <https://github.com/brunoscheufler>
+//                 Mohsen Azimi <https://github.com/mohsen1>
+//                 Hoàng Văn Khải <https://github.com/KSXGitHub>
+//                 Alexander T. <https://github.com/a-tarasyuk>
+//                 Lishude <https://github.com/islishude>
+//                 Andrew Makarov <https://github.com/r3nya>
+//                 Zane Hannan AU <https://github.com/ZaneHannanAU>
+// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
+ /**
+ * @externs
+ * @fileoverview Definitions for module "fs"
+ */
+ var fs = {};
+
+/**
+ * @param {string} filename
+ * @param {*} data
+ * @param {(function(NodeJS.ErrnoException): void)=} callback
+ * @return {void}
+ */
+fs.writeFile = function(filename, data, callback) {};
+ /**
+ * @param {string} filename
+ * @param {*} data
+ * @param {{encoding: string, mode: number, flag: string}} options
+ * @param {(function(NodeJS.ErrnoException): void)=} callback
+ * @return {void}
+ */
+fs.writeFile = function(filename, data, options, callback) {};
+ /**
+ * @param {string} filename
+ * @param {*} data
+ * @param {{encoding: string, mode: string, flag: string}} options
+ * @param {(function(NodeJS.ErrnoException): void)=} callback
+ * @return {void}
+ */
+fs.writeFile = function(filename, data, options, callback) {};