C++: Update expected output.

2026-04-25 08:45:14 +02:00 · 2024-04-04 11:15:22 +02:00
parent fdfb4a1a18
commit c355737d30
19 changed files with 85 additions and 85 deletions
--- a/Bugs/Format/NonConstantFormat/NonConstantFormat.expected
+++ b/Bugs/Format/NonConstantFormat/NonConstantFormat.expected
@@ -1,6 +1,6 @@
 edges
 | NonConstantFormat.c:28:27:28:30 | **argv | NonConstantFormat.c:30:10:30:16 | *access to array | provenance |  |
-| NonConstantFormat.c:45:11:45:47 | *call to any_random_function | NonConstantFormat.c:45:9:45:48 | *call to gettext | provenance |  |
+| NonConstantFormat.c:45:11:45:47 | *call to any_random_function | NonConstantFormat.c:45:9:45:48 | *call to gettext | provenance | DataFlowFunction |
 | nested.cpp:19:29:19:32 | *fmt0 | nested.cpp:21:23:21:26 | *fmt0 | provenance |  |
 | nested.cpp:27:32:27:34 | *fmt | nested.cpp:28:16:28:18 | *fmt | provenance |  |
 | nested.cpp:28:16:28:18 | *fmt | nested.cpp:19:29:19:32 | *fmt0 | provenance |  |
@@ -9,9 +9,9 @@ edges
 | nested.cpp:42:24:42:34 | *call to ext_fmt_str | nested.cpp:34:37:34:39 | *fmt | provenance |  |
 | nested.cpp:86:19:86:46 | *call to __builtin_alloca | nested.cpp:87:18:87:20 | *fmt | provenance |  |
 | test.cpp:46:27:46:30 | **argv | test.cpp:130:20:130:26 | *access to array | provenance |  |
-| test.cpp:167:31:167:34 | *data | test.cpp:170:12:170:14 | *res | provenance |  |
+| test.cpp:167:31:167:34 | *data | test.cpp:170:12:170:14 | *res | provenance | DataFlowFunction |
 | test.cpp:193:32:193:34 | *str | test.cpp:195:31:195:33 | *str | provenance |  |
-| test.cpp:193:32:193:34 | *str | test.cpp:197:11:197:14 | *wstr | provenance |  |
+| test.cpp:193:32:193:34 | *str | test.cpp:197:11:197:14 | *wstr | provenance | TaintFunction |
 | test.cpp:204:25:204:36 | *call to get_string | test.cpp:205:12:205:20 | *... + ... | provenance |  |
 | test.cpp:204:25:204:36 | *call to get_string | test.cpp:206:12:206:16 | *hello | provenance |  |
 | test.cpp:209:25:209:36 | *call to get_string | test.cpp:211:12:211:16 | *hello | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
@@ -1,5 +1,5 @@
 edges
-| test.c:8:27:8:30 | **argv | test.c:17:11:17:18 | *fileName | provenance |  |
+| test.c:8:27:8:30 | **argv | test.c:17:11:17:18 | *fileName | provenance | TaintFunction |
 | test.c:8:27:8:30 | **argv | test.c:32:11:32:18 | *fileName | provenance |  |
 | test.c:8:27:8:30 | **argv | test.c:57:10:57:16 | *access to array | provenance |  |
 | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | *fileName | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
@@ -14,17 +14,17 @@ edges
 | test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | *filename | provenance |  |
 | test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | *path | provenance |  |
 | test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance |  |
-| test.cpp:106:20:106:38 | *call to getenv | test.cpp:107:33:107:36 | *path | provenance |  |
-| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | *call to c_str | provenance |  |
+| test.cpp:106:20:106:38 | *call to getenv | test.cpp:107:33:107:36 | *path | provenance | TaintFunction |
+| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | *call to c_str | provenance | TaintFunction |
 | test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance |  |
-| test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:19:114:22 | *path | provenance |  |
-| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance |  |
-| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance |  |
+| test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:19:114:22 | *path | provenance | TaintFunction |
+| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
+| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
 | test.cpp:114:17:114:17 | call to operator+ | test.cpp:114:10:114:23 | call to operator+ | provenance |  |
 | test.cpp:114:19:114:22 | *path | test.cpp:114:10:114:23 | call to operator+ | provenance |  |
 | test.cpp:114:19:114:22 | *path | test.cpp:114:17:114:17 | call to operator+ | provenance |  |
-| test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:19:120:22 | *path | provenance |  |
-| test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | *call to data | provenance |  |
+| test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:19:120:22 | *path | provenance | TaintFunction |
+| test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | *call to data | provenance | TaintFunction |
 | test.cpp:120:19:120:22 | *path | test.cpp:120:17:120:17 | call to operator+ | provenance |  |
 | test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | *str | provenance |  |
 | test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | *command | provenance |  |
@@ -34,31 +34,31 @@ edges
 | test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance |  |
 | test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance |  |
 | test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance |  |
-| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance |  |
+| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | TaintFunction |
 | test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance |  |
 | test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance |  |
 | test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance |  |
-| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance |  |
+| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | TaintFunction |
 | test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance |  |
 | test.cpp:180:22:180:29 | *filename | test.cpp:180:13:180:19 | strncat output argument | provenance |  |
 | test.cpp:186:47:186:54 | *filename | test.cpp:187:18:187:25 | *filename | provenance |  |
 | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance |  |
 | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance |  |
 | test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance |  |
-| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance |  |
+| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | TaintFunction |
 | test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance |  |
 | test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance |  |
 | test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance |  |
-| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance |  |
+| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | TaintFunction |
 | test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | *filename | provenance |  |
 | test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance |  |
 | test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance |  |
 | test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | provenance |  |
-| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance |  |
-| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance |  |
+| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction |
+| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction |
 | test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | *filename | provenance |  |
-| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance |  |
-| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance |  |
+| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
+| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
 | test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance |  |
 | test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance |  |
 | test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected
@@ -1,7 +1,7 @@
 edges
 | search.c:14:24:14:28 | *query | search.c:17:8:17:12 | *query | provenance |  |
 | search.c:22:24:22:28 | *query | search.c:23:39:23:43 | *query | provenance |  |
-| search.c:55:24:55:28 | *query | search.c:62:8:62:17 | *query_text | provenance |  |
+| search.c:55:24:55:28 | *query | search.c:62:8:62:17 | *query_text | provenance | TaintFunction |
 | search.c:67:21:67:26 | *call to getenv | search.c:71:17:71:25 | *raw_query | provenance |  |
 | search.c:67:21:67:26 | *call to getenv | search.c:73:17:73:25 | *raw_query | provenance |  |
 | search.c:67:21:67:26 | *call to getenv | search.c:77:17:77:25 | *raw_query | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected
@@ -1,8 +1,8 @@
 edges
-| test.c:14:27:14:30 | **argv | test.c:21:18:21:23 | *query1 | provenance |  |
+| test.c:14:27:14:30 | **argv | test.c:21:18:21:23 | *query1 | provenance | TaintFunction |
 | test.c:14:27:14:30 | **argv | test.c:35:16:35:23 | *userName | provenance |  |
 | test.c:35:16:35:23 | *userName | test.c:40:25:40:32 | *username | provenance |  |
-| test.c:38:7:38:20 | **globalUsername | test.c:51:18:51:23 | *query1 | provenance |  |
+| test.c:38:7:38:20 | **globalUsername | test.c:51:18:51:23 | *query1 | provenance | TaintFunction |
 | test.c:40:25:40:32 | *username | test.c:38:7:38:20 | **globalUsername | provenance |  |
 | test.c:75:8:75:16 | gets output argument | test.c:76:17:76:25 | *userInput | provenance |  |
 | test.c:75:8:75:16 | gets output argument | test.c:77:20:77:28 | *userInput | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
@@ -1,6 +1,6 @@
 edges
 | test.cpp:37:73:37:76 | *data | test.cpp:43:32:43:35 | *data | provenance |  |
-| test.cpp:64:30:64:35 | *call to getenv | test.cpp:73:24:73:27 | *data | provenance |  |
+| test.cpp:64:30:64:35 | *call to getenv | test.cpp:73:24:73:27 | *data | provenance | TaintFunction |
 | test.cpp:73:24:73:27 | *data | test.cpp:37:73:37:76 | *data | provenance |  |
 nodes
 | test.cpp:37:73:37:76 | *data | semmle.label | *data |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
@@ -1,5 +1,5 @@
 edges
-| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | provenance |  |
+| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | provenance | TaintFunction |
 nodes
 | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | semmle.label | fgets output argument |
 | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | semmle.label | data |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
@@ -1,7 +1,7 @@
 edges
-| test1.c:7:26:7:29 | **argv | test1.c:9:9:9:9 | i | provenance |  |
-| test1.c:7:26:7:29 | **argv | test1.c:11:9:11:9 | i | provenance |  |
-| test1.c:7:26:7:29 | **argv | test1.c:13:9:13:9 | i | provenance |  |
+| test1.c:7:26:7:29 | **argv | test1.c:9:9:9:9 | i | provenance | TaintFunction |
+| test1.c:7:26:7:29 | **argv | test1.c:11:9:11:9 | i | provenance | TaintFunction |
+| test1.c:7:26:7:29 | **argv | test1.c:13:9:13:9 | i | provenance | TaintFunction |
 | test1.c:9:9:9:9 | i | test1.c:16:16:16:16 | i | provenance |  |
 | test1.c:11:9:11:9 | i | test1.c:32:16:32:16 | i | provenance |  |
 | test1.c:13:9:13:9 | i | test1.c:48:16:48:16 | i | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected
@@ -1,7 +1,7 @@
 edges
 | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | provenance |  |
 | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | *data | provenance |  |
-| char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | *data | provenance |  |
+| char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | *data | provenance | TaintFunction |
 nodes
 | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | semmle.label | recv output argument |
 | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | semmle.label | *data |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected
@@ -11,20 +11,20 @@ edges
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:107:15:107:19 | *access to array | provenance |  |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:110:9:110:11 | ** ... | provenance |  |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:111:15:111:17 | ** ... | provenance |  |
-| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:116:9:116:10 | *i3 | provenance |  |
-| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:117:15:117:16 | *i3 | provenance |  |
-| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:117:15:117:16 | *i3 | provenance |  |
-| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:121:9:121:10 | *i4 | provenance |  |
-| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:122:15:122:16 | *i4 | provenance |  |
-| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:122:15:122:16 | *i4 | provenance |  |
+| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:116:9:116:10 | *i3 | provenance | DataFlowFunction |
+| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction |
+| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction |
+| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:121:9:121:10 | *i4 | provenance | DataFlowFunction |
+| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction |
+| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:127:9:127:10 | *i5 | provenance |  |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:128:15:128:16 | *i5 | provenance |  |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:128:15:128:16 | *i5 | provenance |  |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:131:9:131:14 | *... + ... | provenance |  |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:132:15:132:20 | *... + ... | provenance |  |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:132:15:132:20 | *... + ... | provenance |  |
-| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:135:9:135:12 | *... ++ | provenance |  |
-| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:136:15:136:18 | *-- ... | provenance |  |
+| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:135:9:135:12 | *... ++ | provenance | DataFlowFunction |
+| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:136:15:136:18 | *-- ... | provenance | DataFlowFunction |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:139:9:139:26 | *... ? ... : ... | provenance |  |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:140:15:140:32 | *... ? ... : ... | provenance |  |
 | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:144:9:144:10 | *i7 | provenance |  |
@@ -41,20 +41,20 @@ edges
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:107:15:107:19 | *access to array | provenance |  |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:110:9:110:11 | ** ... | provenance |  |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:111:15:111:17 | ** ... | provenance |  |
-| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:116:9:116:10 | *i3 | provenance |  |
-| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:117:15:117:16 | *i3 | provenance |  |
-| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:117:15:117:16 | *i3 | provenance |  |
-| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:121:9:121:10 | *i4 | provenance |  |
-| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance |  |
-| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance |  |
+| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:116:9:116:10 | *i3 | provenance | DataFlowFunction |
+| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction |
+| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction |
+| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:121:9:121:10 | *i4 | provenance | DataFlowFunction |
+| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction |
+| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:127:9:127:10 | *i5 | provenance |  |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:128:15:128:16 | *i5 | provenance |  |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:128:15:128:16 | *i5 | provenance |  |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:131:9:131:14 | *... + ... | provenance |  |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:132:15:132:20 | *... + ... | provenance |  |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:132:15:132:20 | *... + ... | provenance |  |
-| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:135:9:135:12 | *... ++ | provenance |  |
-| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:136:15:136:18 | *-- ... | provenance |  |
+| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:135:9:135:12 | *... ++ | provenance | DataFlowFunction |
+| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:136:15:136:18 | *-- ... | provenance | DataFlowFunction |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:139:9:139:26 | *... ? ... : ... | provenance |  |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:140:15:140:32 | *... ? ... : ... | provenance |  |
 | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:144:9:144:10 | *i7 | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
@@ -9,7 +9,7 @@ edges
 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:116:9:116:13 | *access to array | provenance |  |
 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:121:9:121:10 | *v8 | provenance |  |
 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:130:9:130:10 | *v9 | provenance |  |
-| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance |  |
+| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance | TaintFunction |
 | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:91:9:91:10 | *v2 | provenance |  |
 | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:116:9:116:13 | *access to array | provenance |  |
 | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:121:9:121:10 | *v8 | provenance |  |
@@ -19,7 +19,7 @@ edges
 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:116:9:116:13 | *access to array | provenance |  |
 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:121:9:121:10 | *v8 | provenance |  |
 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:130:9:130:10 | *v9 | provenance |  |
-| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance |  |
+| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance | TaintFunction |
 | consts.cpp:106:13:106:19 | *call to varFunc | consts.cpp:107:9:107:10 | *v5 | provenance |  |
 | consts.cpp:111:7:111:13 | *call to varFunc | consts.cpp:112:9:112:10 | *v6 | provenance |  |
 | consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | *v11 | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
@@ -1,28 +1,28 @@
 edges
-| test.cpp:39:27:39:30 | **argv | test.cpp:43:38:43:44 | tainted | provenance |  |
-| test.cpp:39:27:39:30 | **argv | test.cpp:44:38:44:63 | ... * ... | provenance |  |
-| test.cpp:39:27:39:30 | **argv | test.cpp:46:38:46:63 | ... + ... | provenance |  |
-| test.cpp:39:27:39:30 | **argv | test.cpp:49:32:49:35 | size | provenance |  |
-| test.cpp:39:27:39:30 | **argv | test.cpp:50:17:50:30 | size | provenance |  |
-| test.cpp:39:27:39:30 | **argv | test.cpp:53:35:53:60 | ... * ... | provenance |  |
-| test.cpp:124:18:124:31 | *call to getenv | test.cpp:128:24:128:41 | ... * ... | provenance |  |
-| test.cpp:133:19:133:32 | *call to getenv | test.cpp:135:10:135:27 | ... * ... | provenance |  |
-| test.cpp:148:20:148:33 | *call to getenv | test.cpp:152:11:152:28 | ... * ... | provenance |  |
+| test.cpp:39:27:39:30 | **argv | test.cpp:43:38:43:44 | tainted | provenance | TaintFunction |
+| test.cpp:39:27:39:30 | **argv | test.cpp:44:38:44:63 | ... * ... | provenance | TaintFunction |
+| test.cpp:39:27:39:30 | **argv | test.cpp:46:38:46:63 | ... + ... | provenance | TaintFunction |
+| test.cpp:39:27:39:30 | **argv | test.cpp:49:32:49:35 | size | provenance | TaintFunction |
+| test.cpp:39:27:39:30 | **argv | test.cpp:50:17:50:30 | size | provenance | TaintFunction |
+| test.cpp:39:27:39:30 | **argv | test.cpp:53:35:53:60 | ... * ... | provenance | TaintFunction |
+| test.cpp:124:18:124:31 | *call to getenv | test.cpp:128:24:128:41 | ... * ... | provenance | TaintFunction |
+| test.cpp:133:19:133:32 | *call to getenv | test.cpp:135:10:135:27 | ... * ... | provenance | TaintFunction |
+| test.cpp:148:20:148:33 | *call to getenv | test.cpp:152:11:152:28 | ... * ... | provenance | TaintFunction |
 | test.cpp:209:8:209:23 | *get_tainted_size | test.cpp:241:9:241:24 | call to get_tainted_size | provenance |  |
-| test.cpp:211:14:211:27 | *call to getenv | test.cpp:209:8:209:23 | *get_tainted_size | provenance |  |
+| test.cpp:211:14:211:27 | *call to getenv | test.cpp:209:8:209:23 | *get_tainted_size | provenance | TaintFunction |
 | test.cpp:230:21:230:21 | s | test.cpp:231:21:231:21 | s | provenance |  |
-| test.cpp:237:24:237:37 | *call to getenv | test.cpp:239:9:239:18 | local_size | provenance |  |
-| test.cpp:237:24:237:37 | *call to getenv | test.cpp:245:11:245:20 | local_size | provenance |  |
-| test.cpp:237:24:237:37 | *call to getenv | test.cpp:247:10:247:19 | local_size | provenance |  |
+| test.cpp:237:24:237:37 | *call to getenv | test.cpp:239:9:239:18 | local_size | provenance | TaintFunction |
+| test.cpp:237:24:237:37 | *call to getenv | test.cpp:245:11:245:20 | local_size | provenance | TaintFunction |
+| test.cpp:237:24:237:37 | *call to getenv | test.cpp:247:10:247:19 | local_size | provenance | TaintFunction |
 | test.cpp:247:10:247:19 | local_size | test.cpp:230:21:230:21 | s | provenance |  |
 | test.cpp:250:20:250:27 | *out_size | test.cpp:289:17:289:20 | get_size output argument | provenance |  |
 | test.cpp:250:20:250:27 | *out_size | test.cpp:305:18:305:21 | get_size output argument | provenance |  |
-| test.cpp:251:18:251:31 | *call to getenv | test.cpp:250:20:250:27 | *out_size | provenance |  |
-| test.cpp:259:20:259:33 | *call to getenv | test.cpp:263:11:263:29 | ... * ... | provenance |  |
+| test.cpp:251:18:251:31 | *call to getenv | test.cpp:250:20:250:27 | *out_size | provenance | TaintFunction |
+| test.cpp:259:20:259:33 | *call to getenv | test.cpp:263:11:263:29 | ... * ... | provenance | TaintFunction |
 | test.cpp:289:17:289:20 | get_size output argument | test.cpp:291:11:291:28 | ... * ... | provenance |  |
 | test.cpp:305:18:305:21 | get_size output argument | test.cpp:308:10:308:27 | ... * ... | provenance |  |
-| test.cpp:353:18:353:31 | *call to getenv | test.cpp:355:35:355:38 | size | provenance |  |
-| test.cpp:353:18:353:31 | *call to getenv | test.cpp:356:35:356:38 | size | provenance |  |
+| test.cpp:353:18:353:31 | *call to getenv | test.cpp:355:35:355:38 | size | provenance | TaintFunction |
+| test.cpp:353:18:353:31 | *call to getenv | test.cpp:356:35:356:38 | size | provenance | TaintFunction |
 nodes
 | test.cpp:39:27:39:30 | **argv | semmle.label | **argv |
 | test.cpp:43:38:43:44 | tainted | semmle.label | tainted |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected
@@ -2,18 +2,18 @@ edges
 | test2.cpp:12:21:12:21 | v | test2.cpp:14:11:14:11 | v | provenance |  |
 | test2.cpp:25:22:25:23 | fscanf output argument | test2.cpp:27:13:27:13 | v | provenance |  |
 | test2.cpp:27:13:27:13 | v | test2.cpp:12:21:12:21 | v | provenance |  |
-| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:39:9:39:11 | num | provenance |  |
-| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:40:3:40:5 | num | provenance |  |
-| test3.c:10:27:10:30 | **argv | test.c:14:15:14:28 | maxConnections | provenance |  |
-| test3.c:10:27:10:30 | **argv | test.c:44:7:44:10 | len2 | provenance |  |
-| test3.c:10:27:10:30 | **argv | test.c:54:7:54:10 | len3 | provenance |  |
+| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:39:9:39:11 | num | provenance | TaintFunction |
+| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:40:3:40:5 | num | provenance | TaintFunction |
+| test3.c:10:27:10:30 | **argv | test.c:14:15:14:28 | maxConnections | provenance | TaintFunction |
+| test3.c:10:27:10:30 | **argv | test.c:44:7:44:10 | len2 | provenance | TaintFunction |
+| test3.c:10:27:10:30 | **argv | test.c:54:7:54:10 | len3 | provenance | TaintFunction |
 | test5.cpp:5:5:5:17 | *getTaintedInt | test5.cpp:17:6:17:18 | call to getTaintedInt | provenance |  |
 | test5.cpp:5:5:5:17 | *getTaintedInt | test5.cpp:18:6:18:18 | call to getTaintedInt | provenance |  |
-| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | *getTaintedInt | provenance |  |
+| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | *getTaintedInt | provenance | TaintFunction |
 | test5.cpp:18:6:18:18 | call to getTaintedInt | test5.cpp:19:6:19:6 | y | provenance |  |
-| test.c:10:27:10:30 | **argv | test.c:14:15:14:28 | maxConnections | provenance |  |
-| test.c:10:27:10:30 | **argv | test.c:44:7:44:10 | len2 | provenance |  |
-| test.c:10:27:10:30 | **argv | test.c:54:7:54:10 | len3 | provenance |  |
+| test.c:10:27:10:30 | **argv | test.c:14:15:14:28 | maxConnections | provenance | TaintFunction |
+| test.c:10:27:10:30 | **argv | test.c:44:7:44:10 | len2 | provenance | TaintFunction |
+| test.c:10:27:10:30 | **argv | test.c:54:7:54:10 | len3 | provenance | TaintFunction |
 nodes
 | test2.cpp:12:21:12:21 | v | semmle.label | v |
 | test2.cpp:14:11:14:11 | v | semmle.label | v |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected
@@ -1,7 +1,7 @@
 edges
 | test2.cpp:62:18:62:25 | password | test2.cpp:65:31:65:34 | cpy1 | provenance |  |
-| test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | *buf | provenance |  |
-| test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | *buffer | provenance |  |
+| test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | *buf | provenance | DataFlowFunction |
+| test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | *buffer | provenance | TaintFunction |
 | test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword | provenance |  |
 | test.cpp:73:63:73:73 | thePassword | test.cpp:73:43:73:53 | thePassword | provenance |  |
 nodes
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
@@ -10,8 +10,8 @@ edges
 | test3.cpp:138:24:138:32 | password1 | test3.cpp:117:28:117:33 | buffer | provenance |  |
 | test3.cpp:138:24:138:32 | password1 | test3.cpp:138:21:138:22 | call to id | provenance |  |
 | test3.cpp:144:16:144:29 | call to get_global_str | test3.cpp:146:15:146:18 | data | provenance |  |
-| test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | *buffer | provenance |  |
-| test3.cpp:270:16:270:23 | password | test3.cpp:272:15:272:18 | *data | provenance |  |
+| test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | *buffer | provenance | TaintFunction |
+| test3.cpp:270:16:270:23 | password | test3.cpp:272:15:272:18 | *data | provenance | DataFlowFunction |
 | test3.cpp:278:20:278:23 | data | test3.cpp:280:14:280:17 | data | provenance |  |
 | test3.cpp:283:20:283:23 | data | test3.cpp:285:14:285:17 | data | provenance |  |
 | test3.cpp:288:20:288:23 | data | test3.cpp:290:14:290:17 | data | provenance |  |
@@ -25,10 +25,10 @@ edges
 | test3.cpp:322:16:322:24 | password2 | test3.cpp:325:11:325:14 | data | provenance |  |
 | test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data | provenance |  |
 | test3.cpp:325:11:325:14 | data | test3.cpp:298:20:298:23 | data | provenance |  |
-| test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | *buffer | provenance |  |
-| test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | *buffer | provenance |  |
-| test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | *buffer | provenance |  |
-| test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | *buffer | provenance |  |
+| test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | *buffer | provenance | TaintFunction |
+| test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | *buffer | provenance | TaintFunction |
+| test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | *buffer | provenance | TaintFunction |
+| test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | *buffer | provenance | TaintFunction |
 | test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str | provenance |  |
 | test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str | provenance |  |
 nodes
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
@@ -8,9 +8,9 @@ edges
 | test.cpp:38:11:38:15 | *url_g | test.cpp:11:26:11:28 | *url | provenance |  |
 | test.cpp:39:11:39:15 | *url_l | test.cpp:11:26:11:28 | *url | provenance |  |
 | test.cpp:40:11:40:17 | *access to array | test.cpp:11:26:11:28 | *url | provenance |  |
-| test.cpp:46:18:46:26 | *http:// | test.cpp:49:11:49:16 | *buffer | provenance |  |
+| test.cpp:46:18:46:26 | *http:// | test.cpp:49:11:49:16 | *buffer | provenance | DataFlowFunction |
 | test.cpp:49:11:49:16 | *buffer | test.cpp:11:26:11:28 | *url | provenance |  |
-| test.cpp:110:21:110:40 | *http://example.com | test.cpp:121:11:121:13 | *ptr | provenance |  |
+| test.cpp:110:21:110:40 | *http://example.com | test.cpp:121:11:121:13 | *ptr | provenance | TaintFunction |
 | test.cpp:121:11:121:13 | *ptr | test.cpp:11:26:11:28 | *url | provenance |  |
 nodes
 | test.cpp:11:26:11:28 | *url | semmle.label | *url |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
@@ -1,7 +1,7 @@
 edges
 | tests2.cpp:50:13:50:19 | **global1 | tests2.cpp:82:14:82:20 | *global1 | provenance |  |
 | tests2.cpp:50:23:50:43 | *call to mysql_get_client_info | tests2.cpp:50:13:50:19 | **global1 | provenance |  |
-| tests2.cpp:78:18:78:38 | *call to mysql_get_client_info | tests2.cpp:81:14:81:19 | *buffer | provenance |  |
+| tests2.cpp:78:18:78:38 | *call to mysql_get_client_info | tests2.cpp:81:14:81:19 | *buffer | provenance | DataFlowFunction |
 | tests2.cpp:91:42:91:45 | *str1 | tests2.cpp:93:14:93:17 | *str1 | provenance |  |
 | tests2.cpp:101:8:101:15 | *call to getpwuid | tests2.cpp:102:14:102:15 | *pw | provenance |  |
 | tests2.cpp:109:3:109:4 | *c1 [post update] [*ptr] | tests2.cpp:111:14:111:15 | *c1 [*ptr] | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
@@ -5,7 +5,7 @@ edges
 | tests.cpp:86:29:86:31 | *msg | tests.cpp:88:15:88:17 | *msg | provenance |  |
 | tests.cpp:97:13:97:34 | *call to getenv | tests.cpp:86:29:86:31 | *msg | provenance |  |
 | tests.cpp:107:30:107:32 | *msg | tests.cpp:111:15:111:17 | *tmp | provenance |  |
-| tests.cpp:114:30:114:32 | *msg | tests.cpp:119:7:119:12 | *buffer | provenance |  |
+| tests.cpp:114:30:114:32 | *msg | tests.cpp:119:7:119:12 | *buffer | provenance | TaintFunction |
 | tests.cpp:122:30:122:32 | *msg | tests.cpp:124:15:124:17 | *msg | provenance |  |
 | tests.cpp:131:14:131:35 | *call to getenv | tests.cpp:107:30:107:32 | *msg | provenance |  |
 | tests.cpp:132:14:132:35 | *call to getenv | tests.cpp:114:30:114:32 | *msg | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected
@@ -1,5 +1,5 @@
 edges
-| test.cpp:20:29:20:47 | *call to getenv | test.cpp:24:10:24:35 | ! ... | provenance |  |
+| test.cpp:20:29:20:47 | *call to getenv | test.cpp:24:10:24:35 | ! ... | provenance | TaintFunction |
 nodes
 | test.cpp:20:29:20:47 | *call to getenv | semmle.label | *call to getenv |
 | test.cpp:24:10:24:35 | ! ... | semmle.label | ! ... |