Merge branch 'main' into python-db-models

2025-12-21 19:26:31 +01:00 · 2022-10-13 16:48:50 +02:00
parent fec3ab7e01 594812640e
commit c33dd8fd4b
349 changed files with 3168 additions and 1527 deletions
--- a/python/ql/lib/semmle/python/Frameworks.qll
+++ b/python/ql/lib/semmle/python/Frameworks.qll
@@ -39,6 +39,7 @@ private import semmle.python.frameworks.Phoenixdb
 private import semmle.python.frameworks.Psycopg2
 private import semmle.python.frameworks.Pycurl
 private import semmle.python.frameworks.Pydantic
+private import semmle.python.frameworks.Pymssql
 private import semmle.python.frameworks.PyMySQL
 private import semmle.python.frameworks.Pyodbc
 private import semmle.python.frameworks.Requests
@@ -54,6 +55,6 @@ private import semmle.python.frameworks.Tornado
 private import semmle.python.frameworks.Twisted
 private import semmle.python.frameworks.Ujson
 private import semmle.python.frameworks.Urllib3
+private import semmle.python.frameworks.Xmltodict
 private import semmle.python.frameworks.Yaml
 private import semmle.python.frameworks.Yarl
-private import semmle.python.frameworks.Xmltodict
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll
@@ -838,13 +838,13 @@ private module Stage1 implements StageSig {
   * by `revFlow`.
   */
  pragma[nomagic]
-  predicate revFlowIsReadAndStored(Content c, Configuration conf) {
+  additional predicate revFlowIsReadAndStored(Content c, Configuration conf) {
    revFlowConsCand(c, conf) and
    revFlowStore(c, _, _, conf)
  }

  pragma[nomagic]
-  predicate viableReturnPosOutNodeCandFwd1(
+  additional predicate viableReturnPosOutNodeCandFwd1(
    DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config
  ) {
    fwdFlowReturnPosition(pos, _, config) and
@@ -860,7 +860,7 @@ private module Stage1 implements StageSig {
  }

  pragma[nomagic]
-  predicate viableParamArgNodeCandFwd1(
+  additional predicate viableParamArgNodeCandFwd1(
    DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config
  ) {
    viableParamArgEx(call, p, arg) and
@@ -907,7 +907,7 @@ private module Stage1 implements StageSig {
    )
  }

-  predicate revFlowState(FlowState state, Configuration config) {
+  additional predicate revFlowState(FlowState state, Configuration config) {
    exists(NodeEx node |
      sinkNode(node, state, config) and
      revFlow(node, _, pragma[only_bind_into](config)) and
@@ -999,7 +999,7 @@ private module Stage1 implements StageSig {
    )
  }

-  predicate stats(
+  additional predicate stats(
    boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
  ) {
    fwd = true and
@@ -1260,7 +1260,7 @@ private module MkStage<StageSig PrevStage> {
     * argument.
     */
    pragma[nomagic]
-    predicate fwdFlow(
+    additional predicate fwdFlow(
      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
    ) {
      fwdFlow0(node, state, cc, argAp, ap, config) and
@@ -1484,7 +1484,7 @@ private module MkStage<StageSig PrevStage> {
     * the access path of the returned value.
     */
    pragma[nomagic]
-    predicate revFlow(
+    additional predicate revFlow(
      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
    ) {
      revFlow0(node, state, toReturn, returnAp, ap, config) and
@@ -1662,7 +1662,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate revFlow(NodeEx node, FlowState state, Configuration config) {
+    additional predicate revFlow(NodeEx node, FlowState state, Configuration config) {
      revFlow(node, state, _, _, _, config)
    }

@@ -1675,11 +1675,13 @@ private module MkStage<StageSig PrevStage> {

    // use an alias as a workaround for bad functionality-induced joins
    pragma[nomagic]
-    predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
+    additional predicate revFlowAlias(NodeEx node, Configuration config) {
+      revFlow(node, _, _, _, _, config)
+    }

    // use an alias as a workaround for bad functionality-induced joins
    pragma[nomagic]
-    predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) {
      revFlow(node, state, ap, config)
    }

@@ -1700,7 +1702,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate consCand(TypedContent tc, Ap ap, Configuration config) {
+    additional predicate consCand(TypedContent tc, Ap ap, Configuration config) {
      revConsCand(tc, ap, config) and
      validAp(ap, config)
    }
@@ -1742,7 +1744,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate stats(
+    additional predicate stats(
      boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
    ) {
      fwd = true and
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll
@@ -838,13 +838,13 @@ private module Stage1 implements StageSig {
   * by `revFlow`.
   */
  pragma[nomagic]
-  predicate revFlowIsReadAndStored(Content c, Configuration conf) {
+  additional predicate revFlowIsReadAndStored(Content c, Configuration conf) {
    revFlowConsCand(c, conf) and
    revFlowStore(c, _, _, conf)
  }

  pragma[nomagic]
-  predicate viableReturnPosOutNodeCandFwd1(
+  additional predicate viableReturnPosOutNodeCandFwd1(
    DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config
  ) {
    fwdFlowReturnPosition(pos, _, config) and
@@ -860,7 +860,7 @@ private module Stage1 implements StageSig {
  }

  pragma[nomagic]
-  predicate viableParamArgNodeCandFwd1(
+  additional predicate viableParamArgNodeCandFwd1(
    DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config
  ) {
    viableParamArgEx(call, p, arg) and
@@ -907,7 +907,7 @@ private module Stage1 implements StageSig {
    )
  }

-  predicate revFlowState(FlowState state, Configuration config) {
+  additional predicate revFlowState(FlowState state, Configuration config) {
    exists(NodeEx node |
      sinkNode(node, state, config) and
      revFlow(node, _, pragma[only_bind_into](config)) and
@@ -999,7 +999,7 @@ private module Stage1 implements StageSig {
    )
  }

-  predicate stats(
+  additional predicate stats(
    boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
  ) {
    fwd = true and
@@ -1260,7 +1260,7 @@ private module MkStage<StageSig PrevStage> {
     * argument.
     */
    pragma[nomagic]
-    predicate fwdFlow(
+    additional predicate fwdFlow(
      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
    ) {
      fwdFlow0(node, state, cc, argAp, ap, config) and
@@ -1484,7 +1484,7 @@ private module MkStage<StageSig PrevStage> {
     * the access path of the returned value.
     */
    pragma[nomagic]
-    predicate revFlow(
+    additional predicate revFlow(
      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
    ) {
      revFlow0(node, state, toReturn, returnAp, ap, config) and
@@ -1662,7 +1662,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate revFlow(NodeEx node, FlowState state, Configuration config) {
+    additional predicate revFlow(NodeEx node, FlowState state, Configuration config) {
      revFlow(node, state, _, _, _, config)
    }

@@ -1675,11 +1675,13 @@ private module MkStage<StageSig PrevStage> {

    // use an alias as a workaround for bad functionality-induced joins
    pragma[nomagic]
-    predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
+    additional predicate revFlowAlias(NodeEx node, Configuration config) {
+      revFlow(node, _, _, _, _, config)
+    }

    // use an alias as a workaround for bad functionality-induced joins
    pragma[nomagic]
-    predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) {
      revFlow(node, state, ap, config)
    }

@@ -1700,7 +1702,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate consCand(TypedContent tc, Ap ap, Configuration config) {
+    additional predicate consCand(TypedContent tc, Ap ap, Configuration config) {
      revConsCand(tc, ap, config) and
      validAp(ap, config)
    }
@@ -1742,7 +1744,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate stats(
+    additional predicate stats(
      boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
    ) {
      fwd = true and
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll
@@ -838,13 +838,13 @@ private module Stage1 implements StageSig {
   * by `revFlow`.
   */
  pragma[nomagic]
-  predicate revFlowIsReadAndStored(Content c, Configuration conf) {
+  additional predicate revFlowIsReadAndStored(Content c, Configuration conf) {
    revFlowConsCand(c, conf) and
    revFlowStore(c, _, _, conf)
  }

  pragma[nomagic]
-  predicate viableReturnPosOutNodeCandFwd1(
+  additional predicate viableReturnPosOutNodeCandFwd1(
    DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config
  ) {
    fwdFlowReturnPosition(pos, _, config) and
@@ -860,7 +860,7 @@ private module Stage1 implements StageSig {
  }

  pragma[nomagic]
-  predicate viableParamArgNodeCandFwd1(
+  additional predicate viableParamArgNodeCandFwd1(
    DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config
  ) {
    viableParamArgEx(call, p, arg) and
@@ -907,7 +907,7 @@ private module Stage1 implements StageSig {
    )
  }

-  predicate revFlowState(FlowState state, Configuration config) {
+  additional predicate revFlowState(FlowState state, Configuration config) {
    exists(NodeEx node |
      sinkNode(node, state, config) and
      revFlow(node, _, pragma[only_bind_into](config)) and
@@ -999,7 +999,7 @@ private module Stage1 implements StageSig {
    )
  }

-  predicate stats(
+  additional predicate stats(
    boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
  ) {
    fwd = true and
@@ -1260,7 +1260,7 @@ private module MkStage<StageSig PrevStage> {
     * argument.
     */
    pragma[nomagic]
-    predicate fwdFlow(
+    additional predicate fwdFlow(
      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
    ) {
      fwdFlow0(node, state, cc, argAp, ap, config) and
@@ -1484,7 +1484,7 @@ private module MkStage<StageSig PrevStage> {
     * the access path of the returned value.
     */
    pragma[nomagic]
-    predicate revFlow(
+    additional predicate revFlow(
      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
    ) {
      revFlow0(node, state, toReturn, returnAp, ap, config) and
@@ -1662,7 +1662,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate revFlow(NodeEx node, FlowState state, Configuration config) {
+    additional predicate revFlow(NodeEx node, FlowState state, Configuration config) {
      revFlow(node, state, _, _, _, config)
    }

@@ -1675,11 +1675,13 @@ private module MkStage<StageSig PrevStage> {

    // use an alias as a workaround for bad functionality-induced joins
    pragma[nomagic]
-    predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
+    additional predicate revFlowAlias(NodeEx node, Configuration config) {
+      revFlow(node, _, _, _, _, config)
+    }

    // use an alias as a workaround for bad functionality-induced joins
    pragma[nomagic]
-    predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) {
      revFlow(node, state, ap, config)
    }

@@ -1700,7 +1702,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate consCand(TypedContent tc, Ap ap, Configuration config) {
+    additional predicate consCand(TypedContent tc, Ap ap, Configuration config) {
      revConsCand(tc, ap, config) and
      validAp(ap, config)
    }
@@ -1742,7 +1744,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate stats(
+    additional predicate stats(
      boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
    ) {
      fwd = true and
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll
@@ -838,13 +838,13 @@ private module Stage1 implements StageSig {
   * by `revFlow`.
   */
  pragma[nomagic]
-  predicate revFlowIsReadAndStored(Content c, Configuration conf) {
+  additional predicate revFlowIsReadAndStored(Content c, Configuration conf) {
    revFlowConsCand(c, conf) and
    revFlowStore(c, _, _, conf)
  }

  pragma[nomagic]
-  predicate viableReturnPosOutNodeCandFwd1(
+  additional predicate viableReturnPosOutNodeCandFwd1(
    DataFlowCall call, ReturnPosition pos, NodeEx out, Configuration config
  ) {
    fwdFlowReturnPosition(pos, _, config) and
@@ -860,7 +860,7 @@ private module Stage1 implements StageSig {
  }

  pragma[nomagic]
-  predicate viableParamArgNodeCandFwd1(
+  additional predicate viableParamArgNodeCandFwd1(
    DataFlowCall call, ParamNodeEx p, ArgNodeEx arg, Configuration config
  ) {
    viableParamArgEx(call, p, arg) and
@@ -907,7 +907,7 @@ private module Stage1 implements StageSig {
    )
  }

-  predicate revFlowState(FlowState state, Configuration config) {
+  additional predicate revFlowState(FlowState state, Configuration config) {
    exists(NodeEx node |
      sinkNode(node, state, config) and
      revFlow(node, _, pragma[only_bind_into](config)) and
@@ -999,7 +999,7 @@ private module Stage1 implements StageSig {
    )
  }

-  predicate stats(
+  additional predicate stats(
    boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
  ) {
    fwd = true and
@@ -1260,7 +1260,7 @@ private module MkStage<StageSig PrevStage> {
     * argument.
     */
    pragma[nomagic]
-    predicate fwdFlow(
+    additional predicate fwdFlow(
      NodeEx node, FlowState state, Cc cc, ApOption argAp, Ap ap, Configuration config
    ) {
      fwdFlow0(node, state, cc, argAp, ap, config) and
@@ -1484,7 +1484,7 @@ private module MkStage<StageSig PrevStage> {
     * the access path of the returned value.
     */
    pragma[nomagic]
-    predicate revFlow(
+    additional predicate revFlow(
      NodeEx node, FlowState state, boolean toReturn, ApOption returnAp, Ap ap, Configuration config
    ) {
      revFlow0(node, state, toReturn, returnAp, ap, config) and
@@ -1662,7 +1662,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate revFlow(NodeEx node, FlowState state, Configuration config) {
+    additional predicate revFlow(NodeEx node, FlowState state, Configuration config) {
      revFlow(node, state, _, _, _, config)
    }

@@ -1675,11 +1675,13 @@ private module MkStage<StageSig PrevStage> {

    // use an alias as a workaround for bad functionality-induced joins
    pragma[nomagic]
-    predicate revFlowAlias(NodeEx node, Configuration config) { revFlow(node, _, _, _, _, config) }
+    additional predicate revFlowAlias(NodeEx node, Configuration config) {
+      revFlow(node, _, _, _, _, config)
+    }

    // use an alias as a workaround for bad functionality-induced joins
    pragma[nomagic]
-    predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) {
+    additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap, Configuration config) {
      revFlow(node, state, ap, config)
    }

@@ -1700,7 +1702,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate consCand(TypedContent tc, Ap ap, Configuration config) {
+    additional predicate consCand(TypedContent tc, Ap ap, Configuration config) {
      revConsCand(tc, ap, config) and
      validAp(ap, config)
    }
@@ -1742,7 +1744,7 @@ private module MkStage<StageSig PrevStage> {
      )
    }

-    predicate stats(
+    additional predicate stats(
      boolean fwd, int nodes, int fields, int conscand, int states, int tuples, Configuration config
    ) {
      fwd = true and
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll
@@ -186,7 +186,7 @@ private module Cached {
    jumpStep(nodeFrom, nodeTo) and
    summary = JumpStep()
    or
-    levelStep(nodeFrom, nodeTo) and
+    levelStepNoCall(nodeFrom, nodeTo) and
    summary = LevelStep()
    or
    exists(TypeTrackerContent content |
@@ -216,6 +216,9 @@ private module Cached {
    or
    returnStep(nodeFrom, nodeTo) and
    summary = ReturnStep()
+    or
+    levelStepCall(nodeFrom, nodeTo) and
+    summary = LevelStep()
  }
 }

--- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll
@@ -45,8 +45,11 @@ predicate simpleLocalFlowStep = DataFlowPrivate::simpleLocalFlowStepForTypetrack

 predicate jumpStep = DataFlowPrivate::jumpStepSharedWithTypeTracker/2;

-/** Holds if there is a level step from `pred` to `succ`. */
-predicate levelStep(Node pred, Node succ) { none() }
+/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which may depend on the call graph. */
+predicate levelStepCall(Node nodeFrom, Node nodeTo) { none() }
+
+/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which does not depend on the call graph. */
+predicate levelStepNoCall(Node nodeFrom, Node nodeTo) { none() }

 /**
 * Gets the name of a possible piece of content. For Python, this is currently only attribute names,
--- a/python/ql/lib/semmle/python/frameworks/Mysql.qll
+++ b/python/ql/lib/semmle/python/frameworks/Mysql.qll
@@ -21,17 +21,11 @@ private import semmle.python.frameworks.PEP249
 * - https://dev.mysql.com/doc/connector-python/en/connector-python-example-connecting.html
 */
 private module Mysql {
-  // ---------------------------------------------------------------------------
-  // mysql
-  // ---------------------------------------------------------------------------
-  /** Provides models for the `mysql` module. */
-  module MysqlMod {
-    /**
-     * The mysql.connector module
-     * See https://dev.mysql.com/doc/connector-python/en/connector-python-example-connecting.html
-     */
-    class MysqlConnector extends PEP249::PEP249ModuleApiNode {
-      MysqlConnector() { this = API::moduleImport("mysql").getMember("connector") }
-    }
+  /**
+   * The mysql.connector module
+   * See https://dev.mysql.com/doc/connector-python/en/connector-python-example-connecting.html
+   */
+  class MysqlConnector extends PEP249::PEP249ModuleApiNode {
+    MysqlConnector() { this = API::moduleImport("mysql").getMember("connector") }
  }
 }
--- a/python/ql/lib/semmle/python/frameworks/Pymssql.qll
+++ b/python/ql/lib/semmle/python/frameworks/Pymssql.qll
@@ -0,0 +1,25 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `pymssql` PyPI package.
+ * See https://pypi.org/project/pymssql/
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+private import semmle.python.frameworks.PEP249
+
+/**
+ * Provides models for the `pymssql` PyPI package.
+ * See https://pypi.org/project/pymssql/
+ */
+private module Pymssql {
+  /**
+   * A model of `pymssql` as a module that implements PEP 249, providing ways to execute SQL statements
+   * against a database.
+   */
+  class PymssqlPEP249 extends PEP249::PEP249ModuleApiNode {
+    PymssqlPEP249() { this = API::moduleImport("pymssql") }
+  }
+}
--- a/python/ql/lib/semmle/python/frameworks/internal/PEP249Impl.qll
+++ b/python/ql/lib/semmle/python/frameworks/internal/PEP249Impl.qll
@@ -146,7 +146,7 @@ module PEP249 {
   * Note: while `execute` method on a connection is not part of PEP249, if it is used, we
   * recognize it as an alias for constructing a cursor and calling `execute` on it.
   *
-   * See https://www.python.org/dev/peps/pep-0249/#id15.
+   * See https://peps.python.org/pep-0249/#execute.
   */
  private DataFlow::TypeTrackingNode execute(DataFlow::TypeTracker t) {
    t.startInAttr("execute") and
@@ -161,14 +161,44 @@ module PEP249 {
   * Note: while `execute` method on a connection is not part of PEP249, if it is used, we
   * recognize it as an alias for constructing a cursor and calling `execute` on it.
   *
-   * See https://www.python.org/dev/peps/pep-0249/#id15.
+   * See https://peps.python.org/pep-0249/#execute.
   */
  DataFlow::Node execute() { execute(DataFlow::TypeTracker::end()).flowsTo(result) }

-  /** A call to the `execute` method on a cursor (or on a connection). */
+  /**
+   * A call to the `execute` method on a cursor or a connection.
+   *
+   * See https://peps.python.org/pep-0249/#execute
+   *
+   * Note: While `execute` method on a connection is not part of PEP249, if it is used, we
+   * recognize it as an alias for constructing a cursor and calling `execute` on it.
+   */
  private class ExecuteCall extends SqlExecution::Range, DataFlow::CallCfgNode {
    ExecuteCall() { this.getFunction() = execute() }

    override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] }
  }
+
+  private DataFlow::TypeTrackingNode executemany(DataFlow::TypeTracker t) {
+    t.startInAttr("executemany") and
+    result in [Cursor::instance(), Connection::instance()]
+    or
+    exists(DataFlow::TypeTracker t2 | result = executemany(t2).track(t2, t))
+  }
+
+  private DataFlow::Node executemany() { executemany(DataFlow::TypeTracker::end()).flowsTo(result) }
+
+  /**
+   * A call to the `executemany` method on a cursor or a connection.
+   *
+   * See https://peps.python.org/pep-0249/#executemany
+   *
+   * Note: While `executemany` method on a connection is not part of PEP249, if it is used, we
+   * recognize it as an alias for constructing a cursor and calling `executemany` on it.
+   */
+  private class ExecutemanyCall extends SqlExecution::Range, DataFlow::CallCfgNode {
+    ExecutemanyCall() { this.getFunction() = executemany() }
+
+    override DataFlow::Node getSql() { result in [this.getArg(0), this.getArgByName("sql")] }
+  }
 }
--- a/python/ql/lib/semmle/python/security/regexp/NfaUtils.qll
+++ b/python/ql/lib/semmle/python/security/regexp/NfaUtils.qll
@@ -59,8 +59,8 @@ predicate matchesEpsilon(RegExpTerm t) {
 /**
 * A lookahead/lookbehind that matches the empty string.
 */
-class EmptyPositiveSubPatttern extends RegExpSubPattern {
-  EmptyPositiveSubPatttern() {
+class EmptyPositiveSubPattern extends RegExpSubPattern {
+  EmptyPositiveSubPattern() {
    (
      this instanceof RegExpPositiveLookahead
      or
@@ -70,6 +70,9 @@ class EmptyPositiveSubPatttern extends RegExpSubPattern {
  }
 }

+/** DEPRECATED: Use `EmptyPositiveSubPattern` instead. */
+deprecated class EmptyPositiveSubPatttern = EmptyPositiveSubPattern;
+
 /**
 * A branch in a disjunction that is the root node in a literal, or a literal
 * whose root node is not a disjunction.
@@ -133,7 +136,7 @@ private predicate isCanonicalTerm(RelevantRegExpTerm term, string str) {
 }

 /**
- * Gets a string reperesentation of the flags used with the regular expression.
+ * Gets a string representation of the flags used with the regular expression.
 * Only the flags that are relevant for the canonicalization are included.
 */
 string getCanonicalizationFlags(RegExpTerm root) {
@@ -334,7 +337,7 @@ private module CharacterClasses {
    )
  }

-  private string lowercaseLetter() { result = "abdcefghijklmnopqrstuvwxyz".charAt(_) }
+  private string lowercaseLetter() { result = "abcdefghijklmnopqrstuvwxyz".charAt(_) }

  private string upperCaseLetter() { result = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(_) }

@@ -697,9 +700,7 @@ predicate delta(State q1, EdgeLabel lbl, State q2) {
    lbl = Epsilon() and q2 = Accept(getRoot(dollar))
  )
  or
-  exists(EmptyPositiveSubPatttern empty | q1 = before(empty) |
-    lbl = Epsilon() and q2 = after(empty)
-  )
+  exists(EmptyPositiveSubPattern empty | q1 = before(empty) | lbl = Epsilon() and q2 = after(empty))
 }

 /**
@@ -1028,7 +1029,7 @@ module ReDoSPruning<isCandidateSig/2 isCandidate> {
   * as the suffix "X" will cause both the regular expressions to be rejected.
   *
   * The string `w` is repeated any number of times because it needs to be
-   * infinitely repeatedable for the attack to work.
+   * infinitely repeatable for the attack to work.
   * For the regular expression `/((ab)+)*abab/` the accepting state is not reachable from the fork
   * using epsilon transitions. But any attempt at repeating `w` will end in a state that accepts all suffixes.
   */
--- a/python/ql/lib/semmle/python/security/regexp/NfaUtilsSpecific.qll
+++ b/python/ql/lib/semmle/python/security/regexp/NfaUtilsSpecific.qll
@@ -6,7 +6,7 @@ import python
 import semmle.python.RegexTreeView

 /**
- * Holds if `term` is an ecape class representing e.g. `\d`.
+ * Holds if `term` is an escape class representing e.g. `\d`.
 * `clazz` is which character class it represents, e.g. "d" for `\d`.
 */
 predicate isEscapeClass(RegExpTerm term, string clazz) {
--- a/python/ql/src/Classes/MaybeUndefinedClassAttribute.ql
+++ b/python/ql/src/Classes/MaybeUndefinedClassAttribute.ql
@@ -39,5 +39,5 @@ where
  sa.getName() = a.getName()
 select a,
  "Attribute '" + a.getName() +
-    "' is not defined in the class body nor in the __init__() method, but it is defined $@", sa,
+    "' is not defined in the class body nor in the __init__() method, but it is defined $@.", sa,
  "here"
--- a/python/ql/src/Classes/SlotsInOldStyleClass.ql
+++ b/python/ql/src/Classes/SlotsInOldStyleClass.ql
@@ -15,4 +15,5 @@ import python

 from ClassObject c
 where not c.isNewStyle() and c.declaresAttribute("__slots__") and not c.failedInference()
-select c, "Using __slots__ in an old style class just creates a class attribute called '__slots__'"
+select c,
+  "Using '__slots__' in an old style class just creates a class attribute called '__slots__'."
--- a/python/ql/src/Classes/SubclassShadowing.ql
+++ b/python/ql/src/Classes/SubclassShadowing.ql
@@ -42,5 +42,5 @@ predicate shadowed_by_super_class(
 from ClassObject c, ClassObject supercls, Assign assign, FunctionObject shadowed
 where shadowed_by_super_class(c, supercls, assign, shadowed)
 select shadowed.getOrigin(),
-  "Method " + shadowed.getName() + " is shadowed by $@ in super class '" + supercls.getName() + "'.",
-  assign, "an attribute"
+  "Method " + shadowed.getName() + " is shadowed by an $@ in super class '" + supercls.getName() +
+    "'.", assign, "attribute"
--- a/python/ql/src/Classes/SuperInOldStyleClass.ql
+++ b/python/ql/src/Classes/SuperInOldStyleClass.ql
@@ -24,4 +24,4 @@ predicate uses_of_super_in_old_style_class(Call s) {

 from Call c
 where uses_of_super_in_old_style_class(c)
-select c, "super() will not work in old-style classes"
+select c, "'super()' will not work in old-style classes."
--- a/python/ql/src/Classes/UndefinedClassAttribute.ql
+++ b/python/ql/src/Classes/UndefinedClassAttribute.ql
@@ -30,4 +30,4 @@ predicate report_undefined_class_attribute(Attribute a, ClassObject c, string na

 from Attribute a, ClassObject c, string name
 where report_undefined_class_attribute(a, c, name)
-select a, "Attribute '" + name + "' is not defined in either the class body or in any method"
+select a, "Attribute '" + name + "' is not defined in either the class body or in any method."
--- a/python/ql/src/Exceptions/RaisingTuple.ql
+++ b/python/ql/src/Exceptions/RaisingTuple.ql
@@ -21,5 +21,5 @@ where
  major_version() = 2
 /* Raising a tuple is a type error in Python 3, so is handled by the IllegalRaise query. */
 select r,
-  "Raising $@ will result in the first element (recursively) being raised and all other elements being discarded.",
-  origin, "a tuple"
+  "Raising a $@ will result in the first element (recursively) being raised and all other elements being discarded.",
+  origin, "tuple"
--- a/python/ql/src/Exceptions/UnguardedNextInGenerator.ql
+++ b/python/ql/src/Exceptions/UnguardedNextInGenerator.ql
@@ -73,4 +73,4 @@ where
  // However, we do not know the minor version of the analyzed code (only of the extractor),
  // so we only alert on Python 2.
  major_version() = 2
-select call, "Call to next() in a generator"
+select call, "Call to 'next()' in a generator."
--- a/python/ql/src/Expressions/Comparisons/UselessComparisonTest.ql
+++ b/python/ql/src/Expressions/Comparisons/UselessComparisonTest.ql
@@ -48,4 +48,4 @@ private predicate useless_test_ast(AstNode comp, AstNode previous, boolean isTru
 from Expr test, Expr other, boolean isTrue
 where
  useless_test_ast(test, other, isTrue) and not useless_test_ast(test.getAChildNode+(), other, _)
-select test, "Test is always " + isTrue + ", because of $@", other, "this condition"
+select test, "Test is always " + isTrue + ", because of $@.", other, "this condition"
--- a/python/ql/src/Functions/DeprecatedSliceMethod.ql
+++ b/python/ql/src/Functions/DeprecatedSliceMethod.ql
@@ -21,4 +21,4 @@ where
  not f.isOverridingMethod() and
  slice_method_name(meth) and
  f.getName() = meth
-select f, meth + " method has been deprecated since Python 2.0"
+select f, meth + " method has been deprecated since Python 2.0."
--- a/python/ql/src/Functions/ModificationOfParameterWithDefault.ql
+++ b/python/ql/src/Functions/ModificationOfParameterWithDefault.ql
@@ -19,5 +19,5 @@ from
  ModificationOfParameterWithDefault::Configuration config, DataFlow::PathNode source,
  DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This expression mutates $@.", source.getNode(),
-  "a default value"
+select sink.getNode(), source, sink, "This expression mutates a $@.", source.getNode(),
+  "default value"
--- a/python/ql/src/Functions/UseImplicitNoneReturnValue.ql
+++ b/python/ql/src/Functions/UseImplicitNoneReturnValue.ql
@@ -35,4 +35,4 @@ where
  forall(FunctionValue callee | c.getFunc().pointsTo(callee) | callee.getScope().isProcedure()) and
  /* Mox return objects have an `AndReturn` method */
  not useOfMoxInModule(c.getEnclosingModule())
-select c, "The result of '$@' is used even though it is always None.", func, func.getQualifiedName()
+select c, "The result of $@ is used even though it is always None.", func, func.getQualifiedName()
--- a/python/ql/src/Imports/ImportShadowedByLoopVar.ql
+++ b/python/ql/src/Imports/ImportShadowedByLoopVar.ql
@@ -22,4 +22,4 @@ predicate shadowsImport(Variable l) {

 from Variable l, Name defn
 where shadowsImport(l) and defn.defines(l) and exists(For for | defn = for.getTarget())
-select defn, "Loop variable '" + l.getId() + "' shadows an import"
+select defn, "Loop variable '" + l.getId() + "' shadows an import."
--- a/python/ql/src/Imports/ImportStarUsed.ql
+++ b/python/ql/src/Imports/ImportStarUsed.ql
@@ -13,4 +13,4 @@
 import python

 from ImportStar i
-select i, "Using 'from ... import *' pollutes the namespace"
+select i, "Using 'from ... import *' pollutes the namespace."
--- a/python/ql/src/Imports/ImportandImportFrom.ql
+++ b/python/ql/src/Imports/ImportandImportFrom.ql
@@ -22,4 +22,4 @@ predicate import_and_import_from(Import i1, Import i2, Module m) {

 from Stmt i1, Stmt i2, Module m
 where import_and_import_from(i1, i2, m)
-select i1, "Module '" + m.getName() + "' is imported with both 'import' and 'import from'"
+select i1, "Module '" + m.getName() + "' is imported with both 'import' and 'import from'."
--- a/python/ql/src/Numerics/Pythagorean.ql
+++ b/python/ql/src/Numerics/Pythagorean.ql
@@ -36,4 +36,4 @@ where
  right.asExpr() = s.getRight() and
  left.getALocalSource() = square() and
  right.getALocalSource() = square()
-select c, "Pythagorean calculation with sub-optimal numerics"
+select c, "Pythagorean calculation with sub-optimal numerics."
--- a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
+++ b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
@@ -51,4 +51,5 @@ predicate unsafe_call_to_endswith(Call sanitizer, StrConst url) {

 from Expr sanitizer, StrConst url
 where incomplete_sanitization(sanitizer, url)
-select sanitizer, "'$@' may be at an arbitrary position in the sanitized URL.", url, url.getText()
+select sanitizer, "The string $@ may be at an arbitrary position in the sanitized URL.", url,
+  url.getText()
--- a/python/ql/src/Security/CWE-022/PathInjection.ql
+++ b/python/ql/src/Security/CWE-022/PathInjection.ql
@@ -22,5 +22,5 @@ import DataFlow::PathGraph

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This path depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Security/CWE-022/TarSlip.ql
+++ b/python/ql/src/Security/CWE-022/TarSlip.ql
@@ -18,5 +18,5 @@ import DataFlow::PathGraph

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This file extraction depends on $@", source.getNode(),
-  "a potentially untrusted source"
+select sink.getNode(), source, sink, "This file extraction depends on a $@.", source.getNode(),
+  "potentially untrusted source"
--- a/python/ql/src/Security/CWE-078/CommandInjection.ql
+++ b/python/ql/src/Security/CWE-078/CommandInjection.ql
@@ -20,5 +20,5 @@ import DataFlow::PathGraph

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This command line depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "This command line depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Security/CWE-079/ReflectedXss.ql
+++ b/python/ql/src/Security/CWE-079/ReflectedXss.ql
@@ -19,5 +19,5 @@ import DataFlow::PathGraph

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.",
-  source.getNode(), "a user-provided value"
+select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.",
+  source.getNode(), "user-provided value"
--- a/python/ql/src/Security/CWE-089/SqlInjection.ql
+++ b/python/ql/src/Security/CWE-089/SqlInjection.ql
@@ -17,5 +17,5 @@ import DataFlow::PathGraph

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This SQL query depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "This SQL query depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Security/CWE-090/LdapInjection.ql
+++ b/python/ql/src/Security/CWE-090/LdapInjection.ql
@@ -23,5 +23,6 @@ where
  or
  any(FilterConfiguration filterConfig).hasFlowPath(source, sink) and
  parameterName = "filter"
-select sink.getNode(), source, sink, "$@ depends on $@.", sink.getNode(),
-  "LDAP query parameter (" + parameterName + ")", source.getNode(), "a user-provided value"
+select sink.getNode(), source, sink,
+  "LDAP query parameter (" + parameterName + ") depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Security/CWE-094/CodeInjection.ql
+++ b/python/ql/src/Security/CWE-094/CodeInjection.ql
@@ -20,5 +20,5 @@ import DataFlow::PathGraph

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This code execution depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "This code execution depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Security/CWE-117/LogInjection.ql
+++ b/python/ql/src/Security/CWE-117/LogInjection.ql
@@ -17,5 +17,5 @@ import DataFlow::PathGraph

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This log entry depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "This log entry depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql
+++ b/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql
@@ -22,6 +22,6 @@ where
  // certificate validation, for example in `requests.get(..., verify=arg)`, `arg` would
  // be the `disablingNode`, and the `origin` would be the place were `arg` got its
  // value from.
-  if disablingNode = origin then ending = "." else ending = " by the value from $@."
-select request, "This request may run without certificate validation because it is $@" + ending,
-  disablingNode, "disabled here", origin, "here"
+  if disablingNode = origin then ending = "." else ending = " by $@."
+select request, "This request may run without certificate validation because $@" + ending,
+  disablingNode, "it is disabled", origin, "this value"
--- a/python/ql/src/Security/CWE-312/CleartextLogging.ql
+++ b/python/ql/src/Security/CWE-312/CleartextLogging.ql
@@ -22,5 +22,5 @@ from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, s
 where
  config.hasFlowPath(source, sink) and
  classification = source.getNode().(Source).getClassification()
-select sink.getNode(), source, sink, "$@ is logged here.", source.getNode(),
-  "Sensitive data (" + classification + ")"
+select sink.getNode(), source, sink, "This expression logs $@ as clear text.", source.getNode(),
+  "sensitive data (" + classification + ")"
--- a/python/ql/src/Security/CWE-312/CleartextStorage.ql
+++ b/python/ql/src/Security/CWE-312/CleartextStorage.ql
@@ -22,5 +22,5 @@ from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, s
 where
  config.hasFlowPath(source, sink) and
  classification = source.getNode().(Source).getClassification()
-select sink.getNode(), source, sink, "$@ is stored here.", source.getNode(),
-  "Sensitive data (" + classification + ")"
+select sink.getNode(), source, sink, "This expression stores $@ as clear text.", source.getNode(),
+  "sensitive data (" + classification + ")"
--- a/python/ql/src/Security/CWE-327/InsecureProtocol.ql
+++ b/python/ql/src/Security/CWE-327/InsecureProtocol.ql
@@ -79,5 +79,5 @@ where
  connectionCreation = protocolConfiguration and
  specific = true
 select connectionCreation,
-  "Insecure SSL/TLS protocol version " + insecure_version + " " + verb(specific) + " by $@ ",
+  "Insecure SSL/TLS protocol version " + insecure_version + " " + verb(specific) + " by $@.",
  protocolConfiguration, configName(protocolConfiguration)
--- a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql
+++ b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql
@@ -18,5 +18,5 @@ import DataFlow::PathGraph

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Unsafe deserialization depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Security/CWE-601/UrlRedirect.ql
+++ b/python/ql/src/Security/CWE-601/UrlRedirect.ql
@@ -18,5 +18,5 @@ import DataFlow::PathGraph

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Untrusted URL redirection depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Security/CWE-611/Xxe.qhelp
+++ b/python/ql/src/Security/CWE-611/Xxe.qhelp
@@ -38,7 +38,7 @@ default parser</a> from <code>lxml.etree</code> allows local external entities t
 <p>
 To guard against XXE attacks with the <code>lxml</code> library, you should create a
 parser with <code>resolve_entities</code> set to <code>false</code>. This means that no
-entity expansion is undertaken, althuogh standard predefined entities such as
+entity expansion is undertaken, although standard predefined entities such as
 <code>&amp;gt;</code>, for writing <code>&gt;</code> inside the text of an XML element,
 are still allowed.
 </p>
--- a/python/ql/src/Security/CWE-611/Xxe.ql
+++ b/python/ql/src/Security/CWE-611/Xxe.ql
@@ -19,5 +19,5 @@ import DataFlow::PathGraph
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
-  "XML parsing depends on $@ without guarding against external entity expansion.", source.getNode(),
-  "a user-provided value"
+  "XML parsing depends on a $@ without guarding against external entity expansion.",
+  source.getNode(), "user-provided value"
--- a/python/ql/src/Security/CWE-643/XpathInjection.ql
+++ b/python/ql/src/Security/CWE-643/XpathInjection.ql
@@ -17,5 +17,5 @@ import DataFlow::PathGraph

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "XPath expression depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Security/CWE-730/PolynomialReDoS.ql
+++ b/python/ql/src/Security/CWE-730/PolynomialReDoS.ql
@@ -30,6 +30,6 @@ where
 //     regexp.isAtEndLine()
 //   )
 select sinkNode.getHighlight(), source, sink,
-  "This $@ that depends on $@ may run slow on strings " + regexp.getPrefixMessage() +
+  "This $@ that depends on a $@ may run slow on strings " + regexp.getPrefixMessage() +
    "with many repetitions of '" + regexp.getPumpString() + "'.", regexp, "regular expression",
-  source.getNode(), "a user-provided value"
+  source.getNode(), "user-provided value"
--- a/python/ql/src/Security/CWE-730/RegexInjection.ql
+++ b/python/ql/src/Security/CWE-730/RegexInjection.ql
@@ -24,6 +24,6 @@ from
 where
  config.hasFlowPath(source, sink) and
  regexExecution = sink.getNode().(Sink).getRegexExecution()
-select sink.getNode(), source, sink, "$@ depends on $@ and executed by $@.", sink.getNode(),
-  "This regular expression", source.getNode(), "a user-provided value", regexExecution,
-  regexExecution.getName()
+select sink.getNode(), source, sink,
+  "This regular expression depends on a $@ and is executed by $@.", source.getNode(),
+  "user-provided value", regexExecution, regexExecution.getName()
--- a/python/ql/src/Security/CWE-776/XmlBomb.ql
+++ b/python/ql/src/Security/CWE-776/XmlBomb.ql
@@ -19,5 +19,5 @@ import DataFlow::PathGraph
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
-  "XML parsing depends on $@ without guarding against uncontrolled entity expansion.",
-  source.getNode(), "a user-provided value"
+  "XML parsing depends on a $@ without guarding against uncontrolled entity expansion.",
+  source.getNode(), "user-provided value"
--- a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql
+++ b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql
@@ -129,4 +129,5 @@ from HardcodedCredentialsConfiguration config, TaintedPathSource src, TaintedPat
 where
  config.hasFlowPath(src, sink) and
  not any(TestScope test).contains(src.getAstNode())
-select sink.getSink(), src, sink, "Use of $@.", src.getSource(), "hardcoded credentials"
+select src.getSource(), src, sink, "This hardcoded value is $@.", sink.getNode(),
+  "used as credentials"
--- a/python/ql/src/Security/CWE-918/FullServerSideRequestForgery.ql
+++ b/python/ql/src/Security/CWE-918/FullServerSideRequestForgery.ql
@@ -21,5 +21,5 @@ where
  request = sink.getNode().(Sink).getRequest() and
  fullConfig.hasFlowPath(source, sink) and
  fullyControlledRequest(request)
-select request, source, sink, "The full URL of this request depends on $@.", source.getNode(),
-  "a user-provided value"
+select request, source, sink, "The full URL of this request depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql
+++ b/python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql
@@ -21,5 +21,5 @@ where
  request = sink.getNode().(Sink).getRequest() and
  partialConfig.hasFlowPath(source, sink) and
  not fullyControlledRequest(request)
-select request, source, sink, "Part of the URL of this request depends on $@.", source.getNode(),
-  "a user-provided value"
+select request, source, sink, "Part of the URL of this request depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/Statements/DocStrings.ql
+++ b/python/ql/src/Statements/DocStrings.ql
@@ -48,4 +48,4 @@ string scope_type(Scope s) {

 from Scope s
 where needs_docstring(s) and not exists(s.getDocString())
-select s, scope_type(s) + " " + s.getName() + " does not have a docstring"
+select s, scope_type(s) + " " + s.getName() + " does not have a docstring."
--- a/python/ql/src/Statements/NonIteratorInForLoop.ql
+++ b/python/ql/src/Statements/NonIteratorInForLoop.ql
@@ -22,4 +22,5 @@ where
  not t.failedInference(_) and
  not v = Value::named("None") and
  not t.isDescriptorType()
-select loop, "$@ of class '$@' may be used in for-loop.", origin, "Non-iterable", t, t.getName()
+select loop, "This for-loop may attempt to iterate over a $@ of class $@.", origin,
+  "non-iterable instance", t, t.getName()
--- a/python/ql/src/Statements/SideEffectInAssert.ql
+++ b/python/ql/src/Statements/SideEffectInAssert.ql
@@ -42,4 +42,4 @@ predicate probable_side_effect(Expr e) {

 from Assert a, Expr e
 where probable_side_effect(e) and a.contains(e)
-select a, "This 'assert' statement contains $@ which may have side effects.", e, "an expression"
+select a, "This 'assert' statement contains an $@ which may have side effects.", e, "expression"
--- a/python/ql/src/Statements/UnusedExceptionObject.ql
+++ b/python/ql/src/Statements/UnusedExceptionObject.ql
@@ -17,4 +17,4 @@ where
  call.getFunc().pointsTo(ex) and
  ex.getASuperType() = ClassValue::exception() and
  exists(ExprStmt s | s.getValue() = call)
-select call, "Instantiating an exception, but not raising it, has no effect"
+select call, "Instantiating an exception, but not raising it, has no effect."
--- a/python/ql/src/Variables/Global.ql
+++ b/python/ql/src/Variables/Global.ql
@@ -13,4 +13,4 @@ import python

 from Global g
 where not g.getScope() instanceof Module
-select g, "Updating global variables except at module initialization is discouraged"
+select g, "Updating global variables except at module initialization is discouraged."
--- a/python/ql/src/Variables/LoopVariableCapture.ql
+++ b/python/ql/src/Variables/LoopVariableCapture.ql
@@ -44,4 +44,4 @@ predicate escaping_capturing_looping_construct(CallableExpr capturing, AstNode l

 from CallableExpr capturing, AstNode loop, Variable var
 where escaping_capturing_looping_construct(capturing, loop, var)
-select capturing, "Capture of loop variable '$@'", loop, var.getId()
+select capturing, "Capture of loop variable $@.", loop, var.getId()
--- a/python/ql/src/Variables/MultiplyDefined.ql
+++ b/python/ql/src/Variables/MultiplyDefined.ql
@@ -67,5 +67,5 @@ where
  forall(Name el | el = asgn1.getParentNode().(Tuple).getAnElt() | multiply_defined(el, _, _)) and
  not uninteresting_definition(asgn1)
 select asgn1,
-  "This assignment to '" + v.getId() +
-    "' is unnecessary as it is redefined $@ before this value is used.", asgn2 as t, "here"
+  "This assignment to '" + v.getId() + "' is unnecessary as it is $@ before this value is used.",
+  asgn2, "redefined"
--- a/python/ql/src/Variables/ShadowGlobal.ql
+++ b/python/ql/src/Variables/ShadowGlobal.ql
@@ -67,4 +67,4 @@ where
  def.defines(g) and
  not assigned_pytest_fixture(g) and
  not g.getId() = "_"
-select d, "Local variable '" + g.getId() + "' shadows a global variable defined $@.", def, "here"
+select d, "Local variable '" + g.getId() + "' shadows a $@.", def, "global variable"
--- a/python/ql/src/Variables/UndefinedPlaceHolder.ql
+++ b/python/ql/src/Variables/UndefinedPlaceHolder.ql
@@ -43,4 +43,4 @@ where
  not initialized_as_local(p) and
  not template_attribute(p) and
  not_a_global(p)
-select p, "This use of place-holder variable '" + p.getId() + "' may be undefined"
+select p, "This use of place-holder variable '" + p.getId() + "' may be undefined."
--- a/python/ql/src/Variables/UnusedLocalVariable.ql
+++ b/python/ql/src/Variables/UnusedLocalVariable.ql
@@ -43,4 +43,4 @@ where
  unused_local(unused, v) and
  // If unused is part of a tuple, count it as unused if all elements of that tuple are unused.
  forall(Name el | el = unused.getParentNode().(Tuple).getAnElt() | unused_local(el, _))
-select unused, "Variable " + v.getId() + " is not used"
+select unused, "Variable " + v.getId() + " is not used."
--- a/python/ql/src/change-notes/2022-10-07-alert-messages.md
+++ b/python/ql/src/change-notes/2022-10-07-alert-messages.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
--- a/python/ql/src/change-notes/2022-10-10-pep249-executemany-modeling.md
+++ b/python/ql/src/change-notes/2022-10-10-pep249-executemany-modeling.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added model of `executemany` calls on PEP-249 compliant database APIs, resulting in additional sinks for `py/sql-injection`.
--- a/python/ql/src/change-notes/2022-10-10-pymssql-modeling.md
+++ b/python/ql/src/change-notes/2022-10-10-pymssql-modeling.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added model of `pymssql` PyPI package as a SQL interface following PEP249, resulting in additional sinks for `py/sql-injection`.
--- a/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql
+++ b/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql
@@ -18,5 +18,6 @@ import DataFlow::PathGraph

 from ZipSlipConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Extraction of zipfile from $@", source.getNode(),
-  "a potentially untrusted source"
+select source.getNode(), source, sink,
+  "This unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(),
+  "file system operation"
--- a/python/ql/src/experimental/Security/CWE-091/Xslt.qhelp
+++ b/python/ql/src/experimental/Security/CWE-091/Xslt.qhelp
@@ -8,7 +8,7 @@
    <recommendation>
        <p>
            This vulnerability can be prevented by not allowing untrusted user input to be passed as an XSL stylesheet.
-            If the application logic necessiates processing untrusted XSL stylesheets, the input should be properly filtered and sanitized before use.
+            If the application logic necessitates processing untrusted XSL stylesheets, the input should be properly filtered and sanitized before use.
        </p>
    </recommendation>
    <example>
--- a/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql
+++ b/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql
@@ -17,5 +17,5 @@ import DataFlow::PathGraph

 from HeaderInjectionFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ HTTP header is constructed from a $@.", sink.getNode(),
-  "This", source.getNode(), "user-provided value"
+select sink.getNode(), source, sink, "This HTTP header is constructed from a $@.", source.getNode(),
+  "user-provided value"
--- a/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql
+++ b/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql
@@ -27,4 +27,4 @@ predicate authenticatesImproperly(LdapBind ldapBind) {

 from LdapBind ldapBind
 where authenticatesImproperly(ldapBind)
-select ldapBind, "The following LDAP bind operation is executed without authentication"
+select ldapBind, "The following LDAP bind operation is executed without authentication."
--- a/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql
+++ b/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql
@@ -16,5 +16,4 @@ import experimental.semmle.python.security.LDAPInsecureAuth

 from LdapInsecureAuthConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ is authenticated insecurely.", sink.getNode(),
-  "This LDAP host"
+select sink.getNode(), source, sink, "This LDAP host is authenticated insecurely."
--- a/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql
+++ b/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql
@@ -16,4 +16,4 @@ private import semmle.python.ApiGraphs
 from DataFlow::CallCfgNode call
 where
  call = API::moduleImport("xmlrpc").getMember("server").getMember("SimpleXMLRPCServer").getACall()
-select call, "SimpleXMLRPCServer is vulnerable to XML bombs"
+select call, "SimpleXMLRPCServer is vulnerable to XML bombs."
--- a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql
+++ b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql
@@ -15,5 +15,5 @@ import DataFlow::PathGraph

 from NoSqlInjection::Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink, source, sink, "$@ NoSQL query contains an unsanitized $@", sink, "This", source,
+select sink, source, sink, "This NoSQL query contains an unsanitized $@.", source,
  "user-provided value"
--- a/python/ql/test/2/query-tests/Classes/new-style/SlotsInOldStyleClass.expected
+++ b/python/ql/test/2/query-tests/Classes/new-style/SlotsInOldStyleClass.expected
@@ -1 +1 @@
-| newstyle_test.py:4:1:4:16 | class OldStyle1 | Using __slots__ in an old style class just creates a class attribute called '__slots__' |
+| newstyle_test.py:4:1:4:16 | class OldStyle1 | Using '__slots__' in an old style class just creates a class attribute called '__slots__'. |
--- a/python/ql/test/2/query-tests/Classes/new-style/SuperInOldStyleClass.expected
+++ b/python/ql/test/2/query-tests/Classes/new-style/SuperInOldStyleClass.expected
@@ -1 +1 @@
-| newstyle_test.py:15:9:15:15 | super() | super() will not work in old-style classes |
+| newstyle_test.py:15:9:15:15 | super() | 'super()' will not work in old-style classes. |
--- a/python/ql/test/2/query-tests/Exceptions/generators/UnguardedNextInGenerator.expected
+++ b/python/ql/test/2/query-tests/Exceptions/generators/UnguardedNextInGenerator.expected
@@ -1,2 +1,2 @@
-| test.py:5:15:5:22 | ControlFlowNode for next() | Call to next() in a generator |
-| test.py:10:20:10:27 | ControlFlowNode for next() | Call to next() in a generator |
+| test.py:5:15:5:22 | ControlFlowNode for next() | Call to 'next()' in a generator. |
+| test.py:10:20:10:27 | ControlFlowNode for next() | Call to 'next()' in a generator. |
--- a/python/ql/test/2/query-tests/Exceptions/raising/RaisingTuple.expected
+++ b/python/ql/test/2/query-tests/Exceptions/raising/RaisingTuple.expected
@@ -1,3 +1,3 @@
-| test.py:8:5:8:12 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:7:10:7:29 | ControlFlowNode for Tuple | a tuple |
-| test.py:11:5:11:32 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:11:12:11:31 | ControlFlowNode for Tuple | a tuple |
-| test.py:15:5:15:23 | Raise | Raising $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:14:10:14:19 | ControlFlowNode for Tuple | a tuple |
+| test.py:8:5:8:12 | Raise | Raising a $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:7:10:7:29 | ControlFlowNode for Tuple | tuple |
+| test.py:11:5:11:32 | Raise | Raising a $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:11:12:11:31 | ControlFlowNode for Tuple | tuple |
+| test.py:15:5:15:23 | Raise | Raising a $@ will result in the first element (recursively) being raised and all other elements being discarded. | test.py:14:10:14:19 | ControlFlowNode for Tuple | tuple |
--- a/python/ql/test/3/query-tests/Statements/iter/NonIteratorInForLoop.expected
+++ b/python/ql/test/3/query-tests/Statements/iter/NonIteratorInForLoop.expected
@@ -1,2 +1,2 @@
-| async_iterator.py:26:11:26:34 | For | $@ of class '$@' may be used in for-loop. | async_iterator.py:26:20:26:33 | ControlFlowNode for MissingAiter() | Non-iterable | async_iterator.py:13:1:13:19 | class MissingAiter | MissingAiter |
-| statements_test.py:34:5:34:19 | For | $@ of class '$@' may be used in for-loop. | statements_test.py:34:18:34:18 | ControlFlowNode for IntegerLiteral | Non-iterable | file://:0:0:0:0 | builtin-class int | int |
+| async_iterator.py:26:11:26:34 | For | This for-loop may attempt to iterate over a $@ of class $@. | async_iterator.py:26:20:26:33 | ControlFlowNode for MissingAiter() | non-iterable instance | async_iterator.py:13:1:13:19 | class MissingAiter | MissingAiter |
+| statements_test.py:34:5:34:19 | For | This for-loop may attempt to iterate over a $@ of class $@. | statements_test.py:34:18:34:18 | ControlFlowNode for IntegerLiteral | non-iterable instance | file://:0:0:0:0 | builtin-class int | int |
--- a/python/ql/test/experimental/library-tests/CallGraph/code/runtime_decision.py
+++ b/python/ql/test/experimental/library-tests/CallGraph/code/runtime_decision.py
@@ -1,7 +1,7 @@
 import sys
 import random

-# hmm, annoying that you have to keep names unique accross files :|
+# hmm, annoying that you have to keep names unique across files :|
 # since I like to use foo and bar ALL the time :D

 # name:rd_foo
--- a/python/ql/test/experimental/query-tests/Security/CWE-022/ZipSlip.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-022/ZipSlip.expected
@@ -27,8 +27,8 @@ nodes
 | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
 subpaths
 #select
-| zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | Extraction of zipfile from $@ | zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | a potentially untrusted source |
-| zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | Extraction of zipfile from $@ | zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | a potentially untrusted source |
-| zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | Extraction of zipfile from $@ | zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | a potentially untrusted source |
-| zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | Extraction of zipfile from $@ | zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | a potentially untrusted source |
-| zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | Extraction of zipfile from $@ | zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | a potentially untrusted source |
+| zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | This unsanitized archive entry, which may contain '..', is used in a $@. | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | file system operation |
+| zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | This unsanitized archive entry, which may contain '..', is used in a $@. | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | file system operation |
+| zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | This unsanitized archive entry, which may contain '..', is used in a $@. | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | file system operation |
+| zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | This unsanitized archive entry, which may contain '..', is used in a $@. | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | file system operation |
+| zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | This unsanitized archive entry, which may contain '..', is used in a $@. | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | file system operation |
--- a/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected
@@ -45,9 +45,9 @@ nodes
 | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 subpaths
 #select
-| django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | This | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | user-provided value |
-| django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | This | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | user-provided value |
-| flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | This | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | This | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | This | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | $@ HTTP header is constructed from a $@. | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | This | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
+| django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | user-provided value |
+| django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | user-provided value |
+| flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
+| flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
+| flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
+| flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
--- a/python/ql/test/experimental/query-tests/Security/CWE-287/ImproperLdapAuth.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-287/ImproperLdapAuth.expected
@@ -1,10 +1,10 @@
-| auth_bad_2.py:19:5:19:42 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication |
-| auth_bad_2.py:33:5:33:44 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication |
-| auth_bad_2.py:47:5:47:43 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication |
-| auth_bad_2.py:60:5:60:52 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication |
-| auth_bad_2.py:73:5:73:39 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication |
-| auth_bad_2.py:87:5:87:48 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication |
-| auth_bad_3.py:19:12:19:43 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication |
-| auth_bad_3.py:33:12:33:57 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication |
-| auth_bad_3.py:46:12:46:55 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication |
-| auth_bad_3.py:60:12:60:42 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication |
+| auth_bad_2.py:19:5:19:42 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. |
+| auth_bad_2.py:33:5:33:44 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. |
+| auth_bad_2.py:47:5:47:43 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. |
+| auth_bad_2.py:60:5:60:52 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. |
+| auth_bad_2.py:73:5:73:39 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. |
+| auth_bad_2.py:87:5:87:48 | ControlFlowNode for Attribute() | The following LDAP bind operation is executed without authentication. |
+| auth_bad_3.py:19:12:19:43 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication. |
+| auth_bad_3.py:33:12:33:57 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication. |
+| auth_bad_3.py:46:12:46:55 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication. |
+| auth_bad_3.py:60:12:60:42 | ControlFlowNode for Connection() | The following LDAP bind operation is executed without authentication. |
--- a/python/ql/test/experimental/query-tests/Security/CWE-522/LDAPInsecureAuth.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-522/LDAPInsecureAuth.expected
@@ -26,9 +26,9 @@ nodes
 | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | semmle.label | ControlFlowNode for host |
 subpaths
 #select
-| ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | $@ is authenticated insecurely. | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | This LDAP host |
-| ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | $@ is authenticated insecurely. | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | This LDAP host |
-| ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | ldap3_remote.py:101:12:101:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | $@ is authenticated insecurely. | ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | This LDAP host |
-| ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | ldap3_remote.py:114:12:114:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | $@ is authenticated insecurely. | ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | This LDAP host |
-| ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | ldap3_remote.py:126:12:126:31 | ControlFlowNode for BinaryExpr | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | $@ is authenticated insecurely. | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | This LDAP host |
-| ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | ldap3_remote.py:2:19:2:25 | ControlFlowNode for ImportMember | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | $@ is authenticated insecurely. | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | This LDAP host |
+| ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | This LDAP host is authenticated insecurely. |
+| ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | This LDAP host is authenticated insecurely. |
+| ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | ldap3_remote.py:101:12:101:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:102:18:102:21 | ControlFlowNode for host | This LDAP host is authenticated insecurely. |
+| ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | ldap3_remote.py:114:12:114:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:115:18:115:21 | ControlFlowNode for host | This LDAP host is authenticated insecurely. |
+| ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | ldap3_remote.py:126:12:126:31 | ControlFlowNode for BinaryExpr | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | This LDAP host is authenticated insecurely. |
+| ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | ldap3_remote.py:2:19:2:25 | ControlFlowNode for ImportMember | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | This LDAP host is authenticated insecurely. |
--- a/python/ql/test/experimental/query-tests/Security/CWE-611-SimpleXmlRpcServer/SimpleXmlRpcServer.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-611-SimpleXmlRpcServer/SimpleXmlRpcServer.expected
@@ -1 +1 @@
-| xmlrpc_server.py:7:10:7:48 | ControlFlowNode for SimpleXMLRPCServer() | SimpleXMLRPCServer is vulnerable to XML bombs |
+| xmlrpc_server.py:7:10:7:48 | ControlFlowNode for SimpleXMLRPCServer() | SimpleXMLRPCServer is vulnerable to XML bombs. |
--- a/python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjection.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjection.expected
@@ -162,15 +162,15 @@ nodes
 | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
 subpaths
 #select
-| flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | $@ NoSQL query contains an unsanitized $@ | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | This | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | This | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | This | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | This | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | This | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | This | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | $@ NoSQL query contains an unsanitized $@ | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | This | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | This NoSQL query contains an unsanitized $@. | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | This NoSQL query contains an unsanitized $@. | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
--- a/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected
+++ b/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected
@@ -94,8 +94,8 @@ nodes
 | testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 subpaths
 #select
-| testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | Cross-site scripting vulnerability due to $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | a user-provided value |
-| testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | a user-provided value |
-| testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | a user-provided value |
-| testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | Cross-site scripting vulnerability due to $@. | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | a user-provided value |
-| testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | Cross-site scripting vulnerability due to $@. | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | a user-provided value |
+| testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | user-provided value |
+| testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | user-provided value |
+| testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | user-provided value |
+| testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | user-provided value |
+| testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | user-provided value |
--- a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected
+++ b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected
@@ -30,7 +30,7 @@ subpaths
 #select
 | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test flow (naive): test_simple |
 | test.py:33:10:33:12 | ControlFlowNode for val | test.py:29:11:29:18 | ControlFlowNode for source() | test.py:33:10:33:12 | ControlFlowNode for val | test flow (naive): test_alias |
-| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (naive): test_accross_functions |
+| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (naive): test_across_functions |
 | test.py:54:10:54:12 | ControlFlowNode for val | test.py:70:11:70:18 | ControlFlowNode for source() | test.py:54:10:54:12 | ControlFlowNode for val | test flow (naive): test_deeply_nested |
 | test.py:79:10:79:12 | ControlFlowNode for val | test.py:83:11:83:18 | ControlFlowNode for source() | test.py:79:10:79:12 | ControlFlowNode for val | test flow (naive): test_pass_bound_method |
 | test.py:91:10:91:12 | ControlFlowNode for val | test.py:107:11:107:18 | ControlFlowNode for source() | test.py:91:10:91:12 | ControlFlowNode for val | test flow (naive): test_deeply_nested_bound_method |
--- a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected
+++ b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected
@@ -70,7 +70,7 @@ subpaths
 #select
 | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | test flow (proper): test_simple |
 | test.py:33:10:33:12 | ControlFlowNode for val | test.py:29:11:29:18 | ControlFlowNode for source() | test.py:33:10:33:12 | ControlFlowNode for val | test flow (proper): test_alias |
-| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (proper): test_accross_functions |
+| test.py:41:10:41:12 | ControlFlowNode for val | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:41:10:41:12 | ControlFlowNode for val | test flow (proper): test_across_functions |
 | test.py:54:10:54:12 | ControlFlowNode for val | test.py:70:11:70:18 | ControlFlowNode for source() | test.py:54:10:54:12 | ControlFlowNode for val | test flow (proper): test_deeply_nested |
 | test.py:79:10:79:12 | ControlFlowNode for val | test.py:83:11:83:18 | ControlFlowNode for source() | test.py:79:10:79:12 | ControlFlowNode for val | test flow (proper): test_pass_bound_method |
 | test.py:91:10:91:12 | ControlFlowNode for val | test.py:107:11:107:18 | ControlFlowNode for source() | test.py:91:10:91:12 | ControlFlowNode for val | test flow (proper): test_deeply_nested_bound_method |
--- a/python/ql/test/library-tests/frameworks/modeling-example/test.py
+++ b/python/ql/test/library-tests/frameworks/modeling-example/test.py
@@ -41,7 +41,7 @@ def sink_func(arg):
    sink(val)


-def test_accross_functions():
+def test_across_functions():
    src = source()
    sink_func(src)

--- a/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.expected
+++ b/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.expected
--- a/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.ql
+++ b/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.ql
@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest
--- a/python/ql/test/library-tests/frameworks/pymssql/pep249.py
+++ b/python/ql/test/library-tests/frameworks/pymssql/pep249.py
@@ -0,0 +1,6 @@
+import pymssql
+connection = pymssql.connect(host="localhost", user="user", password="passwd")
+
+cursor = connection.cursor()
+cursor.execute("some sql", (42,))  # $ getSql="some sql"
+cursor.executemany("some sql", [(42,)])  # $ getSql="some sql"
--- a/python/ql/test/library-tests/frameworks/pymysql/pep249.py
+++ b/python/ql/test/library-tests/frameworks/pymysql/pep249.py
@@ -3,3 +3,4 @@ connection = pymysql.connect(host="localhost", user="user", password="passwd")

 cursor = connection.cursor()
 cursor.execute("some sql", (42,))  # $ getSql="some sql"
+cursor.executemany("some sql", [(42,)])  # $ getSql="some sql"
--- a/python/ql/test/query-tests/Classes/subclass-shadowing/SubclassShadowing.expected
+++ b/python/ql/test/query-tests/Classes/subclass-shadowing/SubclassShadowing.expected
@@ -1 +1 @@
-| subclass_shadowing.py:10:5:10:21 | FunctionExpr | Method shadow is shadowed by $@ in super class 'Base'. | subclass_shadowing.py:6:9:6:23 | AssignStmt | an attribute |
+| subclass_shadowing.py:10:5:10:21 | FunctionExpr | Method shadow is shadowed by an $@ in super class 'Base'. | subclass_shadowing.py:6:9:6:23 | AssignStmt | attribute |
--- a/python/ql/test/query-tests/Classes/undefined-attribute/MaybeUndefinedClassAttribute.expected
+++ b/python/ql/test/query-tests/Classes/undefined-attribute/MaybeUndefinedClassAttribute.expected
@@ -1,4 +1,4 @@
-| undefined_attribute.py:27:16:27:29 | Attribute | Attribute 'may_exist' is not defined in the class body nor in the __init__() method, but it is defined $@ | undefined_attribute.py:11:9:11:22 | Attribute | here |
-| undefined_attribute.py:184:16:184:32 | Attribute | Attribute 'return_queue' is not defined in the class body nor in the __init__() method, but it is defined $@ | undefined_attribute.py:181:13:181:29 | Attribute | here |
-| undefined_attribute.py:257:16:257:31 | Attribute | Attribute 'glance_host' is not defined in the class body nor in the __init__() method, but it is defined $@ | undefined_attribute.py:262:13:262:28 | Attribute | here |
-| undefined_attribute.py:258:16:258:31 | Attribute | Attribute 'glance_port' is not defined in the class body nor in the __init__() method, but it is defined $@ | undefined_attribute.py:263:10:263:25 | Attribute | here |
+| undefined_attribute.py:27:16:27:29 | Attribute | Attribute 'may_exist' is not defined in the class body nor in the __init__() method, but it is defined $@. | undefined_attribute.py:11:9:11:22 | Attribute | here |
+| undefined_attribute.py:184:16:184:32 | Attribute | Attribute 'return_queue' is not defined in the class body nor in the __init__() method, but it is defined $@. | undefined_attribute.py:181:13:181:29 | Attribute | here |
+| undefined_attribute.py:257:16:257:31 | Attribute | Attribute 'glance_host' is not defined in the class body nor in the __init__() method, but it is defined $@. | undefined_attribute.py:262:13:262:28 | Attribute | here |
+| undefined_attribute.py:258:16:258:31 | Attribute | Attribute 'glance_port' is not defined in the class body nor in the __init__() method, but it is defined $@. | undefined_attribute.py:263:10:263:25 | Attribute | here |
--- a/python/ql/test/query-tests/Classes/undefined-attribute/UndefinedClassAttribute.expected
+++ b/python/ql/test/query-tests/Classes/undefined-attribute/UndefinedClassAttribute.expected
@@ -1,4 +1,4 @@
-| undefined_attribute.py:24:16:24:30 | Attribute | Attribute 'not_exists' is not defined in either the class body or in any method |
-| undefined_attribute.py:109:16:109:21 | Attribute | Attribute 'y' is not defined in either the class body or in any method |
-| undefined_attribute.py:250:16:250:31 | Attribute | Attribute 'glance_host' is not defined in either the class body or in any method |
-| undefined_attribute.py:251:16:251:31 | Attribute | Attribute 'glance_port' is not defined in either the class body or in any method |
+| undefined_attribute.py:24:16:24:30 | Attribute | Attribute 'not_exists' is not defined in either the class body or in any method. |
+| undefined_attribute.py:109:16:109:21 | Attribute | Attribute 'y' is not defined in either the class body or in any method. |
+| undefined_attribute.py:250:16:250:31 | Attribute | Attribute 'glance_host' is not defined in either the class body or in any method. |
+| undefined_attribute.py:251:16:251:31 | Attribute | Attribute 'glance_port' is not defined in either the class body or in any method. |
--- a/python/ql/test/query-tests/Expressions/comparisons/UselessComparisonTest.expected
+++ b/python/ql/test/query-tests/Expressions/comparisons/UselessComparisonTest.expected
@@ -1,10 +1,10 @@
-| test.py:6:8:6:13 | Compare | Test is always true, because of $@ | test.py:4:8:4:12 | Compare | this condition |
-| test.py:8:8:8:13 | Compare | Test is always true, because of $@ | test.py:4:17:4:21 | Compare | this condition |
-| test.py:13:16:13:22 | Compare | Test is always false, because of $@ | test.py:11:12:11:17 | Compare | this condition |
-| test.py:15:14:15:18 | Compare | Test is always true, because of $@ | test.py:11:12:11:17 | Compare | this condition |
-| test.py:27:8:27:13 | Compare | Test is always true, because of $@ | test.py:25:8:25:12 | Compare | this condition |
-| test.py:30:12:30:18 | Compare | Test is always false, because of $@ | test.py:25:17:25:23 | Compare | this condition |
-| test.py:49:8:49:12 | Compare | Test is always false, because of $@ | test.py:47:8:47:50 | Compare | this condition |
-| test.py:73:14:73:26 | Compare | Test is always true, because of $@ | test.py:71:8:71:19 | Compare | this condition |
-| test.py:79:14:79:46 | Compare | Test is always true, because of $@ | test.py:77:8:77:19 | Compare | this condition |
-| test.py:85:10:85:42 | Compare | Test is always true, because of $@ | test.py:83:8:83:19 | Compare | this condition |
+| test.py:6:8:6:13 | Compare | Test is always true, because of $@. | test.py:4:8:4:12 | Compare | this condition |
+| test.py:8:8:8:13 | Compare | Test is always true, because of $@. | test.py:4:17:4:21 | Compare | this condition |
+| test.py:13:16:13:22 | Compare | Test is always false, because of $@. | test.py:11:12:11:17 | Compare | this condition |
+| test.py:15:14:15:18 | Compare | Test is always true, because of $@. | test.py:11:12:11:17 | Compare | this condition |
+| test.py:27:8:27:13 | Compare | Test is always true, because of $@. | test.py:25:8:25:12 | Compare | this condition |
+| test.py:30:12:30:18 | Compare | Test is always false, because of $@. | test.py:25:17:25:23 | Compare | this condition |
+| test.py:49:8:49:12 | Compare | Test is always false, because of $@. | test.py:47:8:47:50 | Compare | this condition |
+| test.py:73:14:73:26 | Compare | Test is always true, because of $@. | test.py:71:8:71:19 | Compare | this condition |
+| test.py:79:14:79:46 | Compare | Test is always true, because of $@. | test.py:77:8:77:19 | Compare | this condition |
+| test.py:85:10:85:42 | Compare | Test is always true, because of $@. | test.py:83:8:83:19 | Compare | this condition |
--- a/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/ModificationOfParameterWithDefault.expected
+++ b/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/ModificationOfParameterWithDefault.expected
@@ -83,26 +83,26 @@ nodes
 | test.py:147:9:147:9 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
 subpaths
 #select
-| test.py:3:5:3:5 | ControlFlowNode for l | test.py:2:12:2:12 | ControlFlowNode for l | test.py:3:5:3:5 | ControlFlowNode for l | This expression mutates $@. | test.py:2:12:2:12 | ControlFlowNode for l | a default value |
-| test.py:8:5:8:5 | ControlFlowNode for l | test.py:7:11:7:11 | ControlFlowNode for l | test.py:8:5:8:5 | ControlFlowNode for l | This expression mutates $@. | test.py:7:11:7:11 | ControlFlowNode for l | a default value |
-| test.py:13:9:13:9 | ControlFlowNode for l | test.py:12:14:12:14 | ControlFlowNode for l | test.py:13:9:13:9 | ControlFlowNode for l | This expression mutates $@. | test.py:12:14:12:14 | ControlFlowNode for l | a default value |
-| test.py:18:5:18:5 | ControlFlowNode for l | test.py:17:15:17:15 | ControlFlowNode for l | test.py:18:5:18:5 | ControlFlowNode for l | This expression mutates $@. | test.py:17:15:17:15 | ControlFlowNode for l | a default value |
-| test.py:23:5:23:5 | ControlFlowNode for l | test.py:22:15:22:15 | ControlFlowNode for l | test.py:23:5:23:5 | ControlFlowNode for l | This expression mutates $@. | test.py:22:15:22:15 | ControlFlowNode for l | a default value |
-| test.py:28:5:28:5 | ControlFlowNode for l | test.py:27:12:27:12 | ControlFlowNode for l | test.py:28:5:28:5 | ControlFlowNode for l | This expression mutates $@. | test.py:27:12:27:12 | ControlFlowNode for l | a default value |
-| test.py:39:5:39:5 | ControlFlowNode for l | test.py:43:14:43:14 | ControlFlowNode for l | test.py:39:5:39:5 | ControlFlowNode for l | This expression mutates $@. | test.py:43:14:43:14 | ControlFlowNode for l | a default value |
-| test.py:49:5:49:5 | ControlFlowNode for l | test.py:48:14:48:14 | ControlFlowNode for l | test.py:49:5:49:5 | ControlFlowNode for l | This expression mutates $@. | test.py:48:14:48:14 | ControlFlowNode for l | a default value |
-| test.py:54:5:54:5 | ControlFlowNode for d | test.py:53:10:53:10 | ControlFlowNode for d | test.py:54:5:54:5 | ControlFlowNode for d | This expression mutates $@. | test.py:53:10:53:10 | ControlFlowNode for d | a default value |
-| test.py:59:5:59:5 | ControlFlowNode for d | test.py:58:19:58:19 | ControlFlowNode for d | test.py:59:5:59:5 | ControlFlowNode for d | This expression mutates $@. | test.py:58:19:58:19 | ControlFlowNode for d | a default value |
-| test.py:64:5:64:5 | ControlFlowNode for d | test.py:63:28:63:28 | ControlFlowNode for d | test.py:64:5:64:5 | ControlFlowNode for d | This expression mutates $@. | test.py:63:28:63:28 | ControlFlowNode for d | a default value |
-| test.py:68:5:68:5 | ControlFlowNode for d | test.py:72:19:72:19 | ControlFlowNode for d | test.py:68:5:68:5 | ControlFlowNode for d | This expression mutates $@. | test.py:72:19:72:19 | ControlFlowNode for d | a default value |
-| test.py:78:5:78:5 | ControlFlowNode for d | test.py:77:17:77:17 | ControlFlowNode for d | test.py:78:5:78:5 | ControlFlowNode for d | This expression mutates $@. | test.py:77:17:77:17 | ControlFlowNode for d | a default value |
-| test.py:83:5:83:5 | ControlFlowNode for d | test.py:82:26:82:26 | ControlFlowNode for d | test.py:83:5:83:5 | ControlFlowNode for d | This expression mutates $@. | test.py:82:26:82:26 | ControlFlowNode for d | a default value |
-| test.py:88:5:88:5 | ControlFlowNode for d | test.py:87:35:87:35 | ControlFlowNode for d | test.py:88:5:88:5 | ControlFlowNode for d | This expression mutates $@. | test.py:87:35:87:35 | ControlFlowNode for d | a default value |
-| test.py:92:5:92:5 | ControlFlowNode for d | test.py:96:26:96:26 | ControlFlowNode for d | test.py:92:5:92:5 | ControlFlowNode for d | This expression mutates $@. | test.py:96:26:96:26 | ControlFlowNode for d | a default value |
-| test.py:109:9:109:9 | ControlFlowNode for d | test.py:108:14:108:14 | ControlFlowNode for d | test.py:109:9:109:9 | ControlFlowNode for d | This expression mutates $@. | test.py:108:14:108:14 | ControlFlowNode for d | a default value |
-| test.py:115:5:115:5 | ControlFlowNode for d | test.py:113:20:113:20 | ControlFlowNode for d | test.py:115:5:115:5 | ControlFlowNode for d | This expression mutates $@. | test.py:113:20:113:20 | ControlFlowNode for d | a default value |
-| test.py:121:5:121:5 | ControlFlowNode for d | test.py:119:29:119:29 | ControlFlowNode for d | test.py:121:5:121:5 | ControlFlowNode for d | This expression mutates $@. | test.py:119:29:119:29 | ControlFlowNode for d | a default value |
-| test.py:128:9:128:9 | ControlFlowNode for l | test.py:124:15:124:15 | ControlFlowNode for l | test.py:128:9:128:9 | ControlFlowNode for l | This expression mutates $@. | test.py:124:15:124:15 | ControlFlowNode for l | a default value |
-| test.py:135:9:135:9 | ControlFlowNode for l | test.py:131:23:131:23 | ControlFlowNode for l | test.py:135:9:135:9 | ControlFlowNode for l | This expression mutates $@. | test.py:131:23:131:23 | ControlFlowNode for l | a default value |
-| test.py:140:9:140:9 | ControlFlowNode for l | test.py:138:15:138:15 | ControlFlowNode for l | test.py:140:9:140:9 | ControlFlowNode for l | This expression mutates $@. | test.py:138:15:138:15 | ControlFlowNode for l | a default value |
-| test.py:147:9:147:9 | ControlFlowNode for l | test.py:145:23:145:23 | ControlFlowNode for l | test.py:147:9:147:9 | ControlFlowNode for l | This expression mutates $@. | test.py:145:23:145:23 | ControlFlowNode for l | a default value |
+| test.py:3:5:3:5 | ControlFlowNode for l | test.py:2:12:2:12 | ControlFlowNode for l | test.py:3:5:3:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:2:12:2:12 | ControlFlowNode for l | default value |
+| test.py:8:5:8:5 | ControlFlowNode for l | test.py:7:11:7:11 | ControlFlowNode for l | test.py:8:5:8:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:7:11:7:11 | ControlFlowNode for l | default value |
+| test.py:13:9:13:9 | ControlFlowNode for l | test.py:12:14:12:14 | ControlFlowNode for l | test.py:13:9:13:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:12:14:12:14 | ControlFlowNode for l | default value |
+| test.py:18:5:18:5 | ControlFlowNode for l | test.py:17:15:17:15 | ControlFlowNode for l | test.py:18:5:18:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:17:15:17:15 | ControlFlowNode for l | default value |
+| test.py:23:5:23:5 | ControlFlowNode for l | test.py:22:15:22:15 | ControlFlowNode for l | test.py:23:5:23:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:22:15:22:15 | ControlFlowNode for l | default value |
+| test.py:28:5:28:5 | ControlFlowNode for l | test.py:27:12:27:12 | ControlFlowNode for l | test.py:28:5:28:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:27:12:27:12 | ControlFlowNode for l | default value |
+| test.py:39:5:39:5 | ControlFlowNode for l | test.py:43:14:43:14 | ControlFlowNode for l | test.py:39:5:39:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:43:14:43:14 | ControlFlowNode for l | default value |
+| test.py:49:5:49:5 | ControlFlowNode for l | test.py:48:14:48:14 | ControlFlowNode for l | test.py:49:5:49:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:48:14:48:14 | ControlFlowNode for l | default value |
+| test.py:54:5:54:5 | ControlFlowNode for d | test.py:53:10:53:10 | ControlFlowNode for d | test.py:54:5:54:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:53:10:53:10 | ControlFlowNode for d | default value |
+| test.py:59:5:59:5 | ControlFlowNode for d | test.py:58:19:58:19 | ControlFlowNode for d | test.py:59:5:59:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:58:19:58:19 | ControlFlowNode for d | default value |
+| test.py:64:5:64:5 | ControlFlowNode for d | test.py:63:28:63:28 | ControlFlowNode for d | test.py:64:5:64:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:63:28:63:28 | ControlFlowNode for d | default value |
+| test.py:68:5:68:5 | ControlFlowNode for d | test.py:72:19:72:19 | ControlFlowNode for d | test.py:68:5:68:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:72:19:72:19 | ControlFlowNode for d | default value |
+| test.py:78:5:78:5 | ControlFlowNode for d | test.py:77:17:77:17 | ControlFlowNode for d | test.py:78:5:78:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:77:17:77:17 | ControlFlowNode for d | default value |
+| test.py:83:5:83:5 | ControlFlowNode for d | test.py:82:26:82:26 | ControlFlowNode for d | test.py:83:5:83:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:82:26:82:26 | ControlFlowNode for d | default value |
+| test.py:88:5:88:5 | ControlFlowNode for d | test.py:87:35:87:35 | ControlFlowNode for d | test.py:88:5:88:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:87:35:87:35 | ControlFlowNode for d | default value |
+| test.py:92:5:92:5 | ControlFlowNode for d | test.py:96:26:96:26 | ControlFlowNode for d | test.py:92:5:92:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:96:26:96:26 | ControlFlowNode for d | default value |
+| test.py:109:9:109:9 | ControlFlowNode for d | test.py:108:14:108:14 | ControlFlowNode for d | test.py:109:9:109:9 | ControlFlowNode for d | This expression mutates a $@. | test.py:108:14:108:14 | ControlFlowNode for d | default value |
+| test.py:115:5:115:5 | ControlFlowNode for d | test.py:113:20:113:20 | ControlFlowNode for d | test.py:115:5:115:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:113:20:113:20 | ControlFlowNode for d | default value |
+| test.py:121:5:121:5 | ControlFlowNode for d | test.py:119:29:119:29 | ControlFlowNode for d | test.py:121:5:121:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:119:29:119:29 | ControlFlowNode for d | default value |
+| test.py:128:9:128:9 | ControlFlowNode for l | test.py:124:15:124:15 | ControlFlowNode for l | test.py:128:9:128:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:124:15:124:15 | ControlFlowNode for l | default value |
+| test.py:135:9:135:9 | ControlFlowNode for l | test.py:131:23:131:23 | ControlFlowNode for l | test.py:135:9:135:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:131:23:131:23 | ControlFlowNode for l | default value |
+| test.py:140:9:140:9 | ControlFlowNode for l | test.py:138:15:138:15 | ControlFlowNode for l | test.py:140:9:140:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:138:15:138:15 | ControlFlowNode for l | default value |
+| test.py:147:9:147:9 | ControlFlowNode for l | test.py:145:23:145:23 | ControlFlowNode for l | test.py:147:9:147:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:145:23:145:23 | ControlFlowNode for l | default value |
--- a/python/ql/test/query-tests/Functions/general/DeprecatedSliceMethod.expected
+++ b/python/ql/test/query-tests/Functions/general/DeprecatedSliceMethod.expected
@@ -1,3 +1,3 @@
-| functions_test.py:99:5:99:40 | Function DeprecatedSliceMethods.__getslice__ | __getslice__ method has been deprecated since Python 2.0 |
-| functions_test.py:102:5:102:47 | Function DeprecatedSliceMethods.__setslice__ | __setslice__ method has been deprecated since Python 2.0 |
-| functions_test.py:105:5:105:40 | Function DeprecatedSliceMethods.__delslice__ | __delslice__ method has been deprecated since Python 2.0 |
+| functions_test.py:99:5:99:40 | Function DeprecatedSliceMethods.__getslice__ | __getslice__ method has been deprecated since Python 2.0. |
+| functions_test.py:102:5:102:47 | Function DeprecatedSliceMethods.__setslice__ | __setslice__ method has been deprecated since Python 2.0. |
+| functions_test.py:105:5:105:40 | Function DeprecatedSliceMethods.__delslice__ | __delslice__ method has been deprecated since Python 2.0. |
--- a/python/ql/test/query-tests/Functions/general/ModificationOfParameterWithDefault.expected
+++ b/python/ql/test/query-tests/Functions/general/ModificationOfParameterWithDefault.expected
@@ -34,11 +34,11 @@ nodes
 | functions_test.py:196:28:196:28 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
 subpaths
 #select
-| functions_test.py:40:5:40:5 | ControlFlowNode for x | functions_test.py:39:9:39:9 | ControlFlowNode for x | functions_test.py:40:5:40:5 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:39:9:39:9 | ControlFlowNode for x | a default value |
-| functions_test.py:134:5:134:5 | ControlFlowNode for x | functions_test.py:133:15:133:15 | ControlFlowNode for x | functions_test.py:134:5:134:5 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:133:15:133:15 | ControlFlowNode for x | a default value |
-| functions_test.py:152:5:152:5 | ControlFlowNode for x | functions_test.py:157:27:157:27 | ControlFlowNode for y | functions_test.py:152:5:152:5 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:157:27:157:27 | ControlFlowNode for y | a default value |
-| functions_test.py:155:5:155:5 | ControlFlowNode for x | functions_test.py:157:27:157:27 | ControlFlowNode for y | functions_test.py:155:5:155:5 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:157:27:157:27 | ControlFlowNode for y | a default value |
-| functions_test.py:183:9:183:9 | ControlFlowNode for x | functions_test.py:192:18:192:18 | ControlFlowNode for x | functions_test.py:183:9:183:9 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:192:18:192:18 | ControlFlowNode for x | a default value |
-| functions_test.py:183:9:183:9 | ControlFlowNode for x | functions_test.py:195:18:195:18 | ControlFlowNode for x | functions_test.py:183:9:183:9 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:195:18:195:18 | ControlFlowNode for x | a default value |
-| functions_test.py:185:9:185:9 | ControlFlowNode for x | functions_test.py:192:18:192:18 | ControlFlowNode for x | functions_test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:192:18:192:18 | ControlFlowNode for x | a default value |
-| functions_test.py:185:9:185:9 | ControlFlowNode for x | functions_test.py:195:18:195:18 | ControlFlowNode for x | functions_test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates $@. | functions_test.py:195:18:195:18 | ControlFlowNode for x | a default value |
+| functions_test.py:40:5:40:5 | ControlFlowNode for x | functions_test.py:39:9:39:9 | ControlFlowNode for x | functions_test.py:40:5:40:5 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:39:9:39:9 | ControlFlowNode for x | default value |
+| functions_test.py:134:5:134:5 | ControlFlowNode for x | functions_test.py:133:15:133:15 | ControlFlowNode for x | functions_test.py:134:5:134:5 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:133:15:133:15 | ControlFlowNode for x | default value |
+| functions_test.py:152:5:152:5 | ControlFlowNode for x | functions_test.py:157:27:157:27 | ControlFlowNode for y | functions_test.py:152:5:152:5 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:157:27:157:27 | ControlFlowNode for y | default value |
+| functions_test.py:155:5:155:5 | ControlFlowNode for x | functions_test.py:157:27:157:27 | ControlFlowNode for y | functions_test.py:155:5:155:5 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:157:27:157:27 | ControlFlowNode for y | default value |
+| functions_test.py:183:9:183:9 | ControlFlowNode for x | functions_test.py:192:18:192:18 | ControlFlowNode for x | functions_test.py:183:9:183:9 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:192:18:192:18 | ControlFlowNode for x | default value |
+| functions_test.py:183:9:183:9 | ControlFlowNode for x | functions_test.py:195:18:195:18 | ControlFlowNode for x | functions_test.py:183:9:183:9 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:195:18:195:18 | ControlFlowNode for x | default value |
+| functions_test.py:185:9:185:9 | ControlFlowNode for x | functions_test.py:192:18:192:18 | ControlFlowNode for x | functions_test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:192:18:192:18 | ControlFlowNode for x | default value |
+| functions_test.py:185:9:185:9 | ControlFlowNode for x | functions_test.py:195:18:195:18 | ControlFlowNode for x | functions_test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates a $@. | functions_test.py:195:18:195:18 | ControlFlowNode for x | default value |
--- a/python/ql/test/query-tests/Functions/return_values/UseImplicitNoneReturnValue.expected
+++ b/python/ql/test/query-tests/Functions/return_values/UseImplicitNoneReturnValue.expected
@@ -1,2 +1,2 @@
-| functions_test.py:77:9:77:20 | do_nothing() | The result of '$@' is used even though it is always None. | functions_test.py:83:1:83:17 | Function do_nothing | do_nothing |
-| functions_test.py:234:16:234:27 | do_nothing() | The result of '$@' is used even though it is always None. | functions_test.py:83:1:83:17 | Function do_nothing | do_nothing |
+| functions_test.py:77:9:77:20 | do_nothing() | The result of $@ is used even though it is always None. | functions_test.py:83:1:83:17 | Function do_nothing | do_nothing |
+| functions_test.py:234:16:234:27 | do_nothing() | The result of $@ is used even though it is always None. | functions_test.py:83:1:83:17 | Function do_nothing | do_nothing |
--- a/python/ql/test/query-tests/Imports/PyCheckerTests/ImportandImportFrom.expected
+++ b/python/ql/test/query-tests/Imports/PyCheckerTests/ImportandImportFrom.expected
@@ -1,2 +1,2 @@
-| imports_test.py:4:1:4:19 | Import | Module 'test_module2' is imported with both 'import' and 'import from' |
-| pkg_notok/__init__.py:4:1:4:16 | Import | Module 'pkg_notok' is imported with both 'import' and 'import from' |
+| imports_test.py:4:1:4:19 | Import | Module 'test_module2' is imported with both 'import' and 'import from'. |
+| pkg_notok/__init__.py:4:1:4:16 | Import | Module 'pkg_notok' is imported with both 'import' and 'import from'. |
--- a/Show More
+++ b/Show More