Expected changes in test output

go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected

@@ -1,90 +1,54 @@
 edges
 | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | provenance |  |
@@ -93,20 +57,12 @@ edges
 | CookieWithoutHttpOnly.go:55:9:55:13 | false | CookieWithoutHttpOnly.go:59:13:59:15 | val | provenance |  |
 | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | provenance |  |
@@ -115,20 +71,12 @@ edges
 | CookieWithoutHttpOnly.go:65:9:65:12 | true | CookieWithoutHttpOnly.go:69:13:69:15 | val | provenance |  |
 | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | provenance |  |
@@ -137,20 +85,12 @@ edges
 | CookieWithoutHttpOnly.go:75:9:75:12 | true | CookieWithoutHttpOnly.go:80:15:80:17 | val | provenance |  |
 | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | provenance |  |
@@ -159,51 +99,31 @@ edges
 | CookieWithoutHttpOnly.go:85:9:85:13 | false | CookieWithoutHttpOnly.go:90:15:90:17 | val | provenance |  |
 | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:104:10:104:18 | "session" | CookieWithoutHttpOnly.go:106:10:106:13 | name | provenance |  |
 | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:106:10:106:13 | name | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | provenance |  |
@@ -211,20 +131,12 @@ edges
 | CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" | CookieWithoutHttpOnly.go:116:10:116:16 | session | provenance |  |
 | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | provenance |  |
@@ -235,226 +147,90 @@ edges
 | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
 | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
 | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance |  |
 | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance |  |
 | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | CookieWithoutHttpOnly.go:129:2:129:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance |  |
 | CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance |  |
 | CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance |  |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance |  |
 | CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config |
 | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config |
 | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config |
 | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance |  |
 | CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | Config |
 | CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | Config |
 | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance |  |
 | CookieWithoutHttpOnly.go:157:14:157:17 | true | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance |  |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance |  |
 | CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config |
 | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config |
 | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config |
 | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance |  |
 | CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance |  |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
 | CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance |  |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config |
 | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config |
 | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config |
 | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | Config |
 | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | CookieWithoutHttpOnly.go:191:19:191:25 | session | provenance |  |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
 | CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance |  |
 | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | CookieWithoutHttpOnly.go:202:19:202:25 | session | provenance |  |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance |  |
 | CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | provenance | Config |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance |  |
-| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
-| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance |  |
 nodes
 | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | semmle.label | struct literal |
 | CookieWithoutHttpOnly.go:12:10:12:18 | "session" | semmle.label | "session" |
 | CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:15:21:15:21 | c | semmle.label | c |
 | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | semmle.label | struct literal |
@@ -463,8 +239,6 @@ nodes
 | CookieWithoutHttpOnly.go:22:13:22:17 | false | semmle.label | false |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:24:21:24:21 | c | semmle.label | c |
@@ -475,8 +249,6 @@ nodes
 | CookieWithoutHttpOnly.go:31:13:31:16 | true | semmle.label | true |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:33:21:33:21 | c | semmle.label | c |
@@ -487,8 +259,6 @@ nodes
 | CookieWithoutHttpOnly.go:41:15:41:18 | true | semmle.label | true |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:42:21:42:21 | c | semmle.label | c |
@@ -499,8 +269,6 @@ nodes
 | CookieWithoutHttpOnly.go:50:15:50:19 | false | semmle.label | false |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:51:21:51:21 | c | semmle.label | c |
@@ -513,8 +281,6 @@ nodes
 | CookieWithoutHttpOnly.go:59:13:59:15 | val | semmle.label | val |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:61:21:61:21 | c | semmle.label | c |
@@ -527,8 +293,6 @@ nodes
 | CookieWithoutHttpOnly.go:69:13:69:15 | val | semmle.label | val |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:71:21:71:21 | c | semmle.label | c |
@@ -541,8 +305,6 @@ nodes
 | CookieWithoutHttpOnly.go:80:15:80:17 | val | semmle.label | val |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:81:21:81:21 | c | semmle.label | c |
@@ -555,8 +317,6 @@ nodes
 | CookieWithoutHttpOnly.go:90:15:90:17 | val | semmle.label | val |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:91:21:91:21 | c | semmle.label | c |
@@ -564,7 +324,6 @@ nodes
 | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | semmle.label | struct literal |
 | CookieWithoutHttpOnly.go:99:15:99:19 | false | semmle.label | false |
 | CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:100:21:100:21 | c | semmle.label | c |
 | CookieWithoutHttpOnly.go:104:10:104:18 | "session" | semmle.label | "session" |
@@ -574,8 +333,6 @@ nodes
 | CookieWithoutHttpOnly.go:109:15:109:19 | false | semmle.label | false |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:110:21:110:21 | c | semmle.label | c |
@@ -587,8 +344,6 @@ nodes
 | CookieWithoutHttpOnly.go:119:15:119:19 | false | semmle.label | false |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
-| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] |
 | CookieWithoutHttpOnly.go:120:21:120:21 | c | semmle.label | c |
@@ -599,20 +354,14 @@ nodes
 | CookieWithoutHttpOnly.go:129:2:129:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | semmle.label | definition of httpOnly |
 | CookieWithoutHttpOnly.go:133:14:133:18 | false | semmle.label | false |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
-| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
 | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | CookieWithoutHttpOnly.go:134:16:134:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | semmle.label | implicit dereference |
-| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | semmle.label | implicit dereference |
-| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | semmle.label | session [pointer] |
-| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | semmle.label | session [pointer] |
 | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference |
 | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference |
 | CookieWithoutHttpOnly.go:137:2:137:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:137:2:137:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | semmle.label | session [pointer] |
-| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
+| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
 | CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | semmle.label | struct literal |
@@ -621,34 +370,25 @@ nodes
 | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
 | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | CookieWithoutHttpOnly.go:146:16:146:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | semmle.label | implicit dereference |
-| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | semmle.label | session [pointer] |
 | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | semmle.label | implicit dereference |
 | CookieWithoutHttpOnly.go:149:2:149:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
 | CookieWithoutHttpOnly.go:149:20:151:2 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | semmle.label | struct literal |
 | CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | semmle.label | definition of httpOnly |
 | CookieWithoutHttpOnly.go:157:14:157:17 | true | semmle.label | true |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
-| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
 | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | CookieWithoutHttpOnly.go:158:16:158:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | semmle.label | implicit dereference |
-| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | semmle.label | implicit dereference |
-| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | semmle.label | session [pointer] |
-| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | semmle.label | session [pointer] |
 | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference |
 | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference |
 | CookieWithoutHttpOnly.go:161:2:161:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:161:2:161:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | semmle.label | session [pointer] |
-| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
+| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
 | CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | semmle.label | struct literal |
@@ -659,20 +399,14 @@ nodes
 | CookieWithoutHttpOnly.go:166:2:166:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | semmle.label | argument corresponding to httpOnly |
 | CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | semmle.label | definition of httpOnly |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
-| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
 | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | CookieWithoutHttpOnly.go:170:16:170:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | semmle.label | implicit dereference |
-| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | semmle.label | implicit dereference |
-| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | semmle.label | session [pointer] |
-| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | semmle.label | session [pointer] |
 | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference |
 | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference |
 | CookieWithoutHttpOnly.go:173:2:173:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:173:2:173:8 | session | semmle.label | session |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | semmle.label | session [pointer] |
-| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | semmle.label | session [pointer] |
+| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
+| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
 | CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... |
 | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | semmle.label | struct literal |
@@ -683,11 +417,9 @@ nodes
 | CookieWithoutHttpOnly.go:178:2:178:8 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | CookieWithoutHttpOnly.go:183:16:183:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:191:2:191:6 | store | semmle.label | store |
 | CookieWithoutHttpOnly.go:191:19:191:25 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | CookieWithoutHttpOnly.go:195:16:195:20 | store | semmle.label | store |
-| CookieWithoutHttpOnly.go:202:2:202:6 | store | semmle.label | store |
 | CookieWithoutHttpOnly.go:202:19:202:25 | session | semmle.label | session |
 | CookieWithoutHttpOnly.go:214:66:214:70 | false | semmle.label | false |
 subpaths

go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected

@@ -1,16 +1,12 @@
 edges
 | go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance |  |
-| go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance |  |
 | go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:13:14:13:34 | type conversion | provenance |  |
-| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:24:32:24:37 | JwtKey | provenance |  |
-| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:24:32:24:37 | JwtKey | provenance |  |
 | golang-jwt-v5.go:19:15:19:35 | type conversion | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | provenance |  |
 | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:19:15:19:35 | type conversion | provenance |  |
 nodes
 | go-jose.v3.go:13:14:13:34 | type conversion | semmle.label | type conversion |
 | go-jose.v3.go:13:21:13:33 | "AllYourBase" | semmle.label | "AllYourBase" |
 | go-jose.v3.go:24:32:24:37 | JwtKey | semmle.label | JwtKey |
-| go-jose.v3.go:24:32:24:37 | JwtKey | semmle.label | JwtKey |
 | golang-jwt-v5.go:19:15:19:35 | type conversion | semmle.label | type conversion |
 | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | semmle.label | "AllYourBase" |
 | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | semmle.label | JwtKey1 |

go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected

@@ -7,17 +7,14 @@ edges
 | Dsn.go:28:11:28:110 | call to Sprintf | Dsn.go:29:29:29:33 | dbDSN | provenance |  |
 | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | []type{args} [array] | provenance |  |
 | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | call to Sprintf | provenance | FunctionModel |
-| Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:63:9:63:11 | cfg [pointer] | provenance |  |
-| Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance |  |
-| Dsn.go:63:9:63:11 | cfg [pointer] | Dsn.go:63:9:63:11 | implicit dereference | provenance |  |
-| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:62:2:62:4 | definition of cfg [pointer] | provenance |  |
-| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance |  |
+| Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance |  |
+| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | provenance |  |
+| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | Dsn.go:67:102:67:108 | selection of dsn | provenance |  |
 | Dsn.go:63:19:63:25 | selection of Args | Dsn.go:63:19:63:29 | slice expression | provenance | Src:MaD:1  |
-| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference | provenance | FunctionModel |
+| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference [postupdate] | provenance | FunctionModel |
 | Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | MaD:2 |
 | Dsn.go:67:11:67:109 | call to Sprintf | Dsn.go:68:29:68:33 | dbDSN | provenance |  |
 | Dsn.go:67:102:67:104 | cfg [pointer] | Dsn.go:67:102:67:104 | implicit dereference | provenance |  |
-| Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | provenance |  |
 | Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance |  |
 | Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | []type{args} [array] | provenance |  |
 | Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | call to Sprintf | provenance | FunctionModel |
@@ -30,9 +27,8 @@ nodes
 | Dsn.go:28:11:28:110 | call to Sprintf | semmle.label | call to Sprintf |
 | Dsn.go:28:102:28:109 | index expression | semmle.label | index expression |
 | Dsn.go:29:29:29:33 | dbDSN | semmle.label | dbDSN |
-| Dsn.go:62:2:62:4 | definition of cfg [pointer] | semmle.label | definition of cfg [pointer] |
-| Dsn.go:63:9:63:11 | cfg [pointer] | semmle.label | cfg [pointer] |
-| Dsn.go:63:9:63:11 | implicit dereference | semmle.label | implicit dereference |
+| Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | semmle.label | cfg [postupdate] [pointer] |
+| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
 | Dsn.go:63:19:63:25 | selection of Args | semmle.label | selection of Args |
 | Dsn.go:63:19:63:29 | slice expression | semmle.label | slice expression |
 | Dsn.go:67:11:67:109 | []type{args} [array] | semmle.label | []type{args} [array] |

go/ql/test/experimental/CWE-918/SSRF.expected

@@ -4,9 +4,9 @@
 | builtin.go:102:13:102:40 | call to DialConfig | builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | The URL of this request depends on a user-provided value. |
 | builtin.go:114:3:114:39 | call to Dial | builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | The URL of this request depends on a user-provided value. |
 | builtin.go:132:3:132:62 | call to DialContext | builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | The URL of this request depends on a user-provided value. |
-| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
-| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
-| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. |
+| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
+| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
+| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. |
 | new-tests.go:47:2:47:47 | call to Get | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | The URL of this request depends on a user-provided value. |
 | new-tests.go:50:2:50:47 | call to Get | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | The URL of this request depends on a user-provided value. |
 | new-tests.go:68:2:68:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:68:11:68:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
@@ -22,9 +22,9 @@ edges
 | builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:8  |
 | builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:8  |
 | builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:8  |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3  |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3  |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3  |
+| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3  |
+| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3  |
+| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3  |
 | new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:11 |
 | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | []type{args} [array] | provenance |  |
 | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | FunctionModel |
@@ -38,10 +38,10 @@ edges
 | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:2  |
 | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance |  |
 | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:12 |
-| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:10 |
-| new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word | provenance |  |
-| new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe | provenance |  |
-| new-tests.go:63:26:63:30 | &... | new-tests.go:74:49:74:57 | selection of word | provenance |  |
+| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... [postupdate] | provenance | MaD:10 |
+| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:68:48:68:56 | selection of word | provenance |  |
+| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:69:48:69:56 | selection of safe | provenance |  |
+| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:74:49:74:57 | selection of word | provenance |  |
 | new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:11 |
 | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | []type{args} [array] | provenance |  |
 | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf | provenance | FunctionModel |
@@ -86,7 +86,7 @@ nodes
 | builtin.go:114:15:114:28 | untrustedInput | semmle.label | untrustedInput |
 | builtin.go:129:21:129:31 | call to Referer | semmle.label | call to Referer |
 | builtin.go:132:38:132:51 | untrustedInput | semmle.label | untrustedInput |
-| new-tests.go:26:26:26:30 | &... | semmle.label | &... |
+| new-tests.go:26:26:26:30 | &... [postupdate] | semmle.label | &... [postupdate] |
 | new-tests.go:31:11:31:57 | []type{args} [array] | semmle.label | []type{args} [array] |
 | new-tests.go:31:11:31:57 | call to Sprintf | semmle.label | call to Sprintf |
 | new-tests.go:31:48:31:56 | selection of word | semmle.label | selection of word |
@@ -103,7 +103,7 @@ nodes
 | new-tests.go:62:2:62:39 | ... := ...[0] | semmle.label | ... := ...[0] |
 | new-tests.go:62:31:62:38 | selection of Body | semmle.label | selection of Body |
 | new-tests.go:63:17:63:23 | reqBody | semmle.label | reqBody |
-| new-tests.go:63:26:63:30 | &... | semmle.label | &... |
+| new-tests.go:63:26:63:30 | &... [postupdate] | semmle.label | &... [postupdate] |
 | new-tests.go:68:11:68:57 | []type{args} [array] | semmle.label | []type{args} [array] |
 | new-tests.go:68:11:68:57 | call to Sprintf | semmle.label | call to Sprintf |
 | new-tests.go:68:48:68:56 | selection of word | semmle.label | selection of word |

go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected

@@ -4,27 +4,27 @@ models
 | 3 | Summary: io; Reader; true; Read; ; ; Argument[receiver]; Argument[0]; taint; manual |
 | 4 | Summary: os; File; true; Read; ; ; Argument[receiver]; Argument[0]; taint; manual |
 edges
-| Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance |  |
-| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:2 |
-| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:3 |
-| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:4 |
-| Builtin.go:12:2:12:2 | definition of b | Builtin.go:17:9:17:17 | type conversion | provenance |  |
-| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:2 |
-| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:3 |
-| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:4 |
-| Builtin.go:21:2:21:2 | definition of b | Builtin.go:24:10:24:18 | type conversion | provenance |  |
-| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:2 |
-| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:3 |
-| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:4 |
+| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 |
+| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 |
+| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 |
+| Builtin.go:7:22:7:22 | b [postupdate] | Builtin.go:8:9:8:17 | type conversion | provenance |  |
+| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 |
+| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 |
+| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 |
+| Builtin.go:13:22:13:22 | b [postupdate] | Builtin.go:17:9:17:17 | type conversion | provenance |  |
+| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 |
+| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 |
+| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 |
+| Builtin.go:22:22:22:22 | b [postupdate] | Builtin.go:24:10:24:18 | type conversion | provenance |  |
 nodes
-| Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b |
 | Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body |
+| Builtin.go:7:22:7:22 | b [postupdate] | semmle.label | b [postupdate] |
 | Builtin.go:8:9:8:17 | type conversion | semmle.label | type conversion |
-| Builtin.go:12:2:12:2 | definition of b | semmle.label | definition of b |
 | Builtin.go:13:2:13:15 | selection of Body | semmle.label | selection of Body |
+| Builtin.go:13:22:13:22 | b [postupdate] | semmle.label | b [postupdate] |
 | Builtin.go:17:9:17:17 | type conversion | semmle.label | type conversion |
-| Builtin.go:21:2:21:2 | definition of b | semmle.label | definition of b |
 | Builtin.go:22:2:22:15 | selection of Body | semmle.label | selection of Body |
+| Builtin.go:22:22:22:22 | b [postupdate] | semmle.label | b [postupdate] |
 | Builtin.go:24:10:24:18 | type conversion | semmle.label | type conversion |
 subpaths
 #select

go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected

@@ -1,6 +1,5 @@
 invalidModelRow
 #select
-| test.go:10:6:10:8 | definition of arg | qltest-arg |
 | test.go:39:8:39:15 | call to Src1 | qltest |
 | test.go:40:8:40:15 | call to Src2 | qltest |
 | test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes |
@@ -8,6 +7,7 @@ invalidModelRow
 | test.go:42:2:42:21 | ... = ...[0] | qltest |
 | test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes |
 | test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes |
+| test.go:44:11:44:13 | arg [postupdate] | qltest-arg |
 | test.go:59:9:59:16 | call to Src1 | qltest |
 | test.go:102:46:102:53 | call to Src1 | qltest |
 | test.go:112:35:112:42 | call to Src1 | qltest |

go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected

@@ -2,18 +2,18 @@ invalidModelRow
 #select
 | test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes |
 | test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] |
-| test.go:19:15:19:17 | arg | test.go:11:6:11:9 | definition of arg1 |
-| test.go:21:16:21:18 | arg | test.go:13:6:13:6 | definition of t |
+| test.go:19:15:19:17 | arg | test.go:19:20:19:23 | arg1 [postupdate] |
+| test.go:21:16:21:18 | arg | test.go:21:2:21:2 | t [postupdate] |
 | test.go:22:10:22:10 | t | test.go:22:10:22:24 | call to StepQualRes |
-| test.go:23:2:23:2 | t | test.go:10:6:10:8 | definition of arg |
+| test.go:23:2:23:2 | t | test.go:23:16:23:18 | arg [postupdate] |
 | test.go:24:32:24:34 | arg | test.go:24:10:24:35 | call to StepArgResNoQual |
 | test.go:61:25:61:27 | src | test.go:61:12:61:28 | call to StepArgRes |
 | test.go:64:29:64:31 | src | test.go:64:2:64:32 | ... := ...[1] |
-| test.go:68:15:68:17 | src | test.go:67:6:67:11 | definition of taint3 |
-| test.go:76:21:76:23 | src | test.go:75:6:75:11 | definition of taint4 |
+| test.go:68:15:68:17 | src | test.go:68:20:68:25 | taint3 [postupdate] |
+| test.go:76:21:76:23 | src | test.go:76:2:76:7 | taint4 [postupdate] |
 | test.go:79:13:79:25 | type assertion | test.go:79:12:79:40 | call to StepQualRes |
-| test.go:83:3:83:15 | type assertion | test.go:82:6:82:11 | definition of taint6 |
+| test.go:83:3:83:15 | type assertion | test.go:83:30:83:35 | taint6 [postupdate] |
 | test.go:86:34:86:36 | src | test.go:86:12:86:37 | call to StepArgResNoQual |
 | test.go:149:10:149:27 | []type{args} | test.go:149:10:149:27 | call to append |
 | test.go:149:17:149:21 | slice | test.go:149:10:149:27 | call to append |
-| test.go:155:15:155:20 | slice1 | test.go:154:2:154:7 | definition of slice2 |
+| test.go:155:15:155:20 | slice1 | test.go:155:7:155:12 | slice2 [postupdate] |

go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected

@@ -1,6 +1,5 @@
 invalidModelRow
 #select
-| test.go:10:6:10:8 | definition of arg | qltest-arg |
 | test.go:39:8:39:15 | call to Src1 | qltest |
 | test.go:40:8:40:15 | call to Src2 | qltest |
 | test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes |
@@ -8,6 +7,7 @@ invalidModelRow
 | test.go:42:2:42:21 | ... = ...[0] | qltest |
 | test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes |
 | test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes |
+| test.go:44:11:44:13 | arg [postupdate] | qltest-arg |
 | test.go:59:9:59:16 | call to Src1 | qltest |
 | test.go:102:46:102:53 | call to Src1 | qltest |
 | test.go:112:35:112:42 | call to Src1 | qltest |

go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected

@@ -2,17 +2,17 @@ invalidModelRow
 #select
 | test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes |
 | test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] |
-| test.go:19:15:19:17 | arg | test.go:11:6:11:9 | definition of arg1 |
-| test.go:21:16:21:18 | arg | test.go:13:6:13:6 | definition of t |
+| test.go:19:15:19:17 | arg | test.go:19:20:19:23 | arg1 [postupdate] |
+| test.go:21:16:21:18 | arg | test.go:21:2:21:2 | t [postupdate] |
 | test.go:22:10:22:10 | t | test.go:22:10:22:24 | call to StepQualRes |
-| test.go:23:2:23:2 | t | test.go:10:6:10:8 | definition of arg |
+| test.go:23:2:23:2 | t | test.go:23:16:23:18 | arg [postupdate] |
 | test.go:24:32:24:34 | arg | test.go:24:10:24:35 | call to StepArgResNoQual |
 | test.go:61:25:61:27 | src | test.go:61:12:61:28 | call to StepArgRes |
 | test.go:64:29:64:31 | src | test.go:64:2:64:32 | ... := ...[1] |
-| test.go:68:15:68:17 | src | test.go:67:6:67:11 | definition of taint3 |
-| test.go:76:21:76:23 | src | test.go:75:6:75:11 | definition of taint4 |
+| test.go:68:15:68:17 | src | test.go:68:20:68:25 | taint3 [postupdate] |
+| test.go:76:21:76:23 | src | test.go:76:2:76:7 | taint4 [postupdate] |
 | test.go:79:13:79:25 | type assertion | test.go:79:12:79:40 | call to StepQualRes |
-| test.go:83:3:83:15 | type assertion | test.go:82:6:82:11 | definition of taint6 |
+| test.go:83:3:83:15 | type assertion | test.go:83:30:83:35 | taint6 [postupdate] |
 | test.go:86:34:86:36 | src | test.go:86:12:86:37 | call to StepArgResNoQual |
 | test.go:202:14:202:19 | srcInt | test.go:202:10:202:26 | call to max |
 | test.go:202:22:202:22 | 0 | test.go:202:10:202:26 | call to max |

go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected

@@ -1,13 +1,13 @@
 | main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[0] |
 | main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[1] |
-| main.go:38:13:38:13 | 1 | main.go:38:7:38:20 | slice literal |
-| main.go:38:16:38:16 | 2 | main.go:38:7:38:20 | slice literal |
-| main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | slice literal |
+| main.go:38:13:38:13 | 1 | main.go:38:7:38:20 | slice literal [postupdate] |
+| main.go:38:16:38:16 | 2 | main.go:38:7:38:20 | slice literal [postupdate] |
+| main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | slice literal [postupdate] |
 | main.go:39:8:39:25 | []type{args} | main.go:39:8:39:25 | call to append |
 | main.go:39:15:39:15 | s | main.go:39:8:39:25 | call to append |
 | main.go:40:15:40:15 | s | main.go:40:8:40:23 | call to append |
 | main.go:40:18:40:19 | s1 | main.go:40:8:40:23 | call to append |
-| main.go:42:10:42:11 | s4 | main.go:38:2:38:2 | definition of s |
+| main.go:42:10:42:11 | s4 | main.go:42:7:42:7 | s [postupdate] |
 | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[0] |
 | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[1] |
 | main.go:47:20:47:21 | xs | main.go:47:2:50:2 | range statement[1] |

go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected

@@ -1,3 +1,3 @@
-| file://:0:0:0:0 | NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:9:6:9:6 | definition of w |
-| file://:0:0:0:0 | ReadFrom | tst.go:10:23:10:28 | reader | tst.go:9:2:9:12 | definition of bytesBuffer |
-| file://:0:0:0:0 | Reset | reset.go:12:15:12:20 | source | reset.go:11:6:11:11 | definition of reader |
+| file://:0:0:0:0 | NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:25:10:25 | w [postupdate] |
+| file://:0:0:0:0 | ReadFrom | tst.go:10:23:10:28 | reader | tst.go:10:2:10:12 | bytesBuffer [postupdate] |
+| file://:0:0:0:0 | Reset | reset.go:12:15:12:20 | source | reset.go:12:2:12:7 | reader [postupdate] |

go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionOutput_getExitNode.expected

@@ -1,13 +1,13 @@
-| parameter 0 | reset.go:12:2:12:21 | call to Reset | reset.go:9:2:9:7 | definition of source |
-| parameter 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:9:6:9:6 | definition of w |
-| parameter 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:8:12:8:15 | definition of data |
-| parameter 0 | tst.go:10:2:10:29 | call to ReadFrom | tst.go:8:12:8:17 | definition of reader |
-| parameter 0 | tst.go:16:2:16:12 | call to test5 | tst.go:15:12:15:12 | definition of x |
-| parameter 1 | tst.go:16:2:16:12 | call to test5 | tst.go:15:15:15:15 | definition of y |
-| receiver | main.go:53:14:53:21 | call to bump | main.go:52:2:52:2 | definition of c |
-| receiver | reset.go:12:2:12:21 | call to Reset | reset.go:11:6:11:11 | definition of reader |
-| receiver | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:9:10:26 | call to NewEncoder |
-| receiver | tst.go:10:2:10:29 | call to ReadFrom | tst.go:9:2:9:12 | definition of bytesBuffer |
+| parameter 0 | reset.go:12:2:12:21 | call to Reset | reset.go:12:15:12:20 | source [postupdate] |
+| parameter 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:25:10:25 | w [postupdate] |
+| parameter 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:35:10:38 | data [postupdate] |
+| parameter 0 | tst.go:10:2:10:29 | call to ReadFrom | tst.go:10:23:10:28 | reader [postupdate] |
+| parameter 0 | tst.go:16:2:16:12 | call to test5 | tst.go:16:8:16:8 | x [postupdate] |
+| parameter 1 | tst.go:16:2:16:12 | call to test5 | tst.go:16:11:16:11 | y [postupdate] |
+| receiver | main.go:53:14:53:21 | call to bump | main.go:53:14:53:14 | c [postupdate] |
+| receiver | reset.go:12:2:12:21 | call to Reset | reset.go:12:2:12:7 | reader [postupdate] |
+| receiver | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:9:10:26 | call to NewEncoder [postupdate] |
+| receiver | tst.go:10:2:10:29 | call to ReadFrom | tst.go:10:2:10:12 | bytesBuffer [postupdate] |
 | result | main.go:51:2:51:14 | call to op | main.go:51:2:51:14 | call to op |
 | result | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 |
 | result | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump |

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go

@@ -30,9 +30,9 @@ func gogf_Core(g gdb.Core) {
 	g.GetStruct(&v7, "SELECT user from users") // $ source
 	sink(v7)                                   // $ hasTaintFlow="v7"
 
-	var v8 []User // $ source
-	g.GetStructs(v8, "SELECT user from users")
-	sink(v8) // $ hasTaintFlow="v8"
+	var v8 []User
+	g.GetStructs(v8, "SELECT user from users") // $ source
+	sink(v8)                                   // $ hasTaintFlow="v8"
 
 	v9, _ := g.GetValue("SELECT user from users") // $ source
 	sink(v9)                                      // $ hasTaintFlow="v9"
@@ -132,9 +132,9 @@ func gogf_TX(g gdb.TX) {
 	g.GetStruct(&v4, "SELECT user from users") // $ source
 	sink(v4)                                   // $ hasTaintFlow="v4"
 
-	var v5 []User // $ source
-	g.GetStructs(v5, "SELECT user from users")
-	sink(v5) // $ hasTaintFlow="v5"
+	var v5 []User
+	g.GetStructs(v5, "SELECT user from users") // $ source
+	sink(v5)                                   // $ hasTaintFlow="v5"
 
 	v6, _ := g.GetValue("SELECT user from users") // $ source
 	sink(v6)                                      // $ hasTaintFlow="v6"

go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected

@@ -1,7 +1,7 @@
 #select
-| test.go:35:13:35:30 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:36:13:36:27 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:37:13:37:29 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:35:13:35:30 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:36:13:36:27 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:37:13:37:29 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:42:13:42:43 | type conversion | test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:42:20:42:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:47:13:47:52 | type conversion | test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:47:20:47:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:52:13:52:53 | type conversion | test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:52:20:52:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go |  |
@@ -30,7 +30,7 @@
 | test.go:232:14:232:22 | type conversion | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:7:231:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:235:14:235:26 | type conversion | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:8:234:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:238:14:238:27 | type conversion | test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:237:9:237:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:242:14:242:30 | type conversion | test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:240:6:240:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:242:14:242:30 | type conversion | test.go:241:14:241:16 | str [postupdate] | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:241:14:241:16 | str [postupdate] | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:249:21:249:29 | untrusted | test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:246:15:246:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:259:16:259:45 | type conversion | test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:259:23:259:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:264:16:264:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go |  |
@@ -53,9 +53,9 @@
 | test.go:311:21:311:48 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:311:21:311:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:312:21:312:52 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:312:21:312:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go |  |
 edges
-| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:1  |
-| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:1  |
-| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:1  |
+| test.go:34:13:34:17 | bound [postupdate] | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:1  |
+| test.go:34:13:34:17 | bound [postupdate] | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:1  |
+| test.go:34:13:34:17 | bound [postupdate] | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:1  |
 | test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | provenance | Src:MaD:2  |
 | test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | provenance | Src:MaD:3  |
 | test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | provenance | Src:MaD:4  |
@@ -87,8 +87,8 @@ edges
 | test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:39 |
 | test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | provenance |  |
 | test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:40 |
-| test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | provenance |  |
-| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | Src:MaD:21 MaD:38 |
+| test.go:208:18:208:33 | selection of Form | test.go:208:36:208:36 | s [postupdate] | provenance | Src:MaD:21 MaD:38 |
+| test.go:208:36:208:36 | s [postupdate] | test.go:209:14:209:28 | type conversion | provenance |  |
 | test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | Src:MaD:15  |
 | test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | Src:MaD:15  |
 | test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | provenance |  |
@@ -97,7 +97,7 @@ edges
 | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | Src:MaD:17  |
 | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | Src:MaD:18  |
 | test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | provenance | Src:MaD:19  |
-| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:20  |
+| test.go:241:14:241:16 | str [postupdate] | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:20  |
 | test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | provenance | Src:MaD:17  |
 | test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | provenance | Src:MaD:14  |
 | test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | provenance | Src:MaD:14  |
@@ -116,8 +116,8 @@ edges
 | test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | provenance | Src:MaD:16  |
 | test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | provenance | Src:MaD:16  |
 | test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | Src:MaD:16  |
-| test.go:276:2:276:13 | definition of genericFiles [array] | test.go:297:51:297:62 | genericFiles [array] | provenance |  |
-| test.go:278:21:278:28 | index expression | test.go:276:2:276:13 | definition of genericFiles [array] | provenance |  |
+| test.go:278:3:278:14 | genericFiles [postupdate] [array] | test.go:297:51:297:62 | genericFiles [array] | provenance |  |
+| test.go:278:21:278:28 | index expression | test.go:278:3:278:14 | genericFiles [postupdate] [array] | provenance |  |
 | test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | FunctionModel |
 | test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | provenance |  |
 | test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:22 |
@@ -146,10 +146,10 @@ edges
 | test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:30 |
 | test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | provenance |  |
 | test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:31 |
-| test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | provenance |  |
-| test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | provenance |  |
 | test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | Src:MaD:17  |
-| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:34 |
+| test.go:310:2:310:5 | bMap [postupdate] | test.go:311:21:311:24 | bMap | provenance |  |
+| test.go:310:2:310:5 | bMap [postupdate] | test.go:312:21:312:24 | bMap | provenance |  |
+| test.go:310:22:310:30 | untrusted | test.go:310:2:310:5 | bMap [postupdate] | provenance | MaD:34 |
 | test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:32 |
 | test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | provenance |  |
 | test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:33 |
@@ -197,7 +197,7 @@ models
 | 40 | Summary: group:beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual |
 | 41 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual |
 nodes
-| test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound |
+| test.go:34:13:34:17 | bound [postupdate] | semmle.label | bound [postupdate] |
 | test.go:35:13:35:30 | type conversion | semmle.label | type conversion |
 | test.go:36:13:36:27 | type conversion | semmle.label | type conversion |
 | test.go:37:13:37:29 | type conversion | semmle.label | type conversion |
@@ -249,8 +249,8 @@ nodes
 | test.go:205:14:205:59 | type conversion | semmle.label | type conversion |
 | test.go:205:21:205:58 | call to Substr | semmle.label | call to Substr |
 | test.go:205:34:205:51 | type assertion | semmle.label | type assertion |
-| test.go:207:6:207:6 | definition of s | semmle.label | definition of s |
 | test.go:208:18:208:33 | selection of Form | semmle.label | selection of Form |
+| test.go:208:36:208:36 | s [postupdate] | semmle.label | s [postupdate] |
 | test.go:209:14:209:28 | type conversion | semmle.label | type conversion |
 | test.go:223:2:223:34 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:223:2:223:34 | ... := ...[1] | semmle.label | ... := ...[1] |
@@ -266,7 +266,7 @@ nodes
 | test.go:235:14:235:26 | type conversion | semmle.label | type conversion |
 | test.go:237:9:237:17 | call to Input | semmle.label | call to Input |
 | test.go:238:14:238:27 | type conversion | semmle.label | type conversion |
-| test.go:240:6:240:8 | definition of str | semmle.label | definition of str |
+| test.go:241:14:241:16 | str [postupdate] | semmle.label | str [postupdate] |
 | test.go:242:14:242:30 | type conversion | semmle.label | type conversion |
 | test.go:246:15:246:36 | call to GetString | semmle.label | call to GetString |
 | test.go:249:21:249:29 | untrusted | semmle.label | untrusted |
@@ -277,7 +277,7 @@ nodes
 | test.go:270:55:270:84 | type conversion | semmle.label | type conversion |
 | test.go:270:62:270:83 | call to GetCookie | semmle.label | call to GetCookie |
 | test.go:275:2:275:40 | ... := ...[0] | semmle.label | ... := ...[0] |
-| test.go:276:2:276:13 | definition of genericFiles [array] | semmle.label | definition of genericFiles [array] |
+| test.go:278:3:278:14 | genericFiles [postupdate] [array] | semmle.label | genericFiles [postupdate] [array] |
 | test.go:278:21:278:28 | index expression | semmle.label | index expression |
 | test.go:283:21:283:61 | call to GetDisplayString | semmle.label | call to GetDisplayString |
 | test.go:283:44:283:60 | selection of Filename | semmle.label | selection of Filename |
@@ -321,8 +321,8 @@ nodes
 | test.go:303:21:303:51 | call to SliceUnique | semmle.label | call to SliceUnique |
 | test.go:303:21:303:87 | selection of Filename | semmle.label | selection of Filename |
 | test.go:303:39:303:50 | genericFiles | semmle.label | genericFiles |
-| test.go:308:2:308:5 | definition of bMap | semmle.label | definition of bMap |
 | test.go:309:15:309:36 | call to GetString | semmle.label | call to GetString |
+| test.go:310:2:310:5 | bMap [postupdate] | semmle.label | bMap [postupdate] |
 | test.go:310:22:310:30 | untrusted | semmle.label | untrusted |
 | test.go:311:21:311:24 | bMap | semmle.label | bMap |
 | test.go:311:21:311:39 | call to Get | semmle.label | call to Get |

go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected

@@ -10,8 +10,8 @@ edges
 | test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | Src:MaD:6 Sink:MaD:2 |
 | test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | Src:MaD:6 Sink:MaD:5 |
 | test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | Src:MaD:6 Sink:MaD:3 |
-| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | Src:MaD:7 MaD:8 |
-| test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | provenance | Sink:MaD:3 |
+| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... [postupdate] | provenance | Src:MaD:7 MaD:8 |
+| test.go:324:40:324:43 | &... [postupdate] | test.go:326:35:326:43 | untrusted | provenance | Sink:MaD:3 |
 | test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | Src:MaD:6 Sink:MaD:1 |
 | test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | Src:MaD:6 Sink:MaD:4 |
 | test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:6 Sink:MaD:1 |
@@ -30,7 +30,7 @@ nodes
 | test.go:217:10:217:18 | untrusted | semmle.label | untrusted |
 | test.go:218:35:218:43 | untrusted | semmle.label | untrusted |
 | test.go:324:17:324:37 | selection of RequestBody | semmle.label | selection of RequestBody |
-| test.go:324:40:324:43 | &... | semmle.label | &... |
+| test.go:324:40:324:43 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:326:35:326:43 | untrusted | semmle.label | untrusted |
 | test.go:332:15:332:26 | call to Data | semmle.label | call to Data |
 | test.go:334:23:334:31 | untrusted | semmle.label | untrusted |

go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected

@@ -1,8 +1,8 @@
 #select
-| test.go:81:13:81:29 | type conversion | test.go:80:13:80:16 | &... | test.go:81:13:81:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... | stored value |
-| test.go:82:13:82:43 | type conversion | test.go:80:13:80:16 | &... | test.go:82:13:82:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... | stored value |
-| test.go:86:13:86:30 | type conversion | test.go:85:22:85:26 | &... | test.go:86:13:86:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:85:22:85:26 | &... | stored value |
-| test.go:90:13:90:30 | type conversion | test.go:89:21:89:25 | &... | test.go:90:13:90:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:89:21:89:25 | &... | stored value |
+| test.go:81:13:81:29 | type conversion | test.go:80:13:80:16 | &... [postupdate] | test.go:81:13:81:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... [postupdate] | stored value |
+| test.go:82:13:82:43 | type conversion | test.go:80:13:80:16 | &... [postupdate] | test.go:82:13:82:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... [postupdate] | stored value |
+| test.go:86:13:86:30 | type conversion | test.go:85:22:85:26 | &... [postupdate] | test.go:86:13:86:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:85:22:85:26 | &... [postupdate] | stored value |
+| test.go:90:13:90:30 | type conversion | test.go:89:21:89:25 | &... [postupdate] | test.go:90:13:90:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:89:21:89:25 | &... [postupdate] | stored value |
 | test.go:95:13:95:37 | type conversion | test.go:95:20:95:36 | call to Value | test.go:95:13:95:37 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:95:20:95:36 | call to Value | stored value |
 | test.go:96:13:96:49 | type conversion | test.go:96:20:96:39 | call to RawValue | test.go:96:13:96:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:96:20:96:39 | call to RawValue | stored value |
 | test.go:97:13:97:38 | type conversion | test.go:97:20:97:37 | call to String | test.go:97:13:97:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:97:20:97:37 | call to String | stored value |
@@ -12,25 +12,25 @@
 | test.go:101:13:101:38 | type conversion | test.go:101:20:101:37 | call to Value | test.go:101:13:101:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:101:20:101:37 | call to Value | stored value |
 | test.go:102:13:102:50 | type conversion | test.go:102:20:102:40 | call to RawValue | test.go:102:13:102:50 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:102:20:102:40 | call to RawValue | stored value |
 | test.go:103:13:103:39 | type conversion | test.go:103:20:103:38 | call to String | test.go:103:13:103:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:103:20:103:38 | call to String | stored value |
-| test.go:110:13:110:33 | type conversion | test.go:109:9:109:13 | &... | test.go:110:13:110:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:109:9:109:13 | &... | stored value |
-| test.go:114:13:114:29 | type conversion | test.go:113:9:113:12 | &... | test.go:114:13:114:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:113:9:113:12 | &... | stored value |
-| test.go:118:13:118:48 | type conversion | test.go:117:12:117:19 | &... | test.go:118:13:118:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:117:12:117:19 | &... | stored value |
-| test.go:122:13:122:43 | type conversion | test.go:121:16:121:24 | &... | test.go:122:13:122:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:121:16:121:24 | &... | stored value |
-| test.go:126:13:126:39 | type conversion | test.go:125:16:125:23 | &... | test.go:126:13:126:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:125:16:125:23 | &... | stored value |
-| test.go:130:13:130:47 | type conversion | test.go:129:15:129:24 | &... | test.go:130:13:130:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:129:15:129:24 | &... | stored value |
-| test.go:134:13:134:38 | type conversion | test.go:133:18:133:30 | &... | test.go:134:13:134:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:133:18:133:30 | &... | stored value |
-| test.go:141:13:141:48 | type conversion | test.go:140:12:140:19 | &... | test.go:141:13:141:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:140:12:140:19 | &... | stored value |
-| test.go:145:13:145:43 | type conversion | test.go:144:16:144:24 | &... | test.go:145:13:145:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:144:16:144:24 | &... | stored value |
-| test.go:149:13:149:39 | type conversion | test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:148:16:148:23 | &... | stored value |
-| test.go:153:13:153:47 | type conversion | test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:152:15:152:24 | &... | stored value |
-| test.go:157:13:157:38 | type conversion | test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:156:18:156:30 | &... | stored value |
-| test.go:161:13:161:28 | type conversion | test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:160:14:160:22 | &... | stored value |
-| test.go:165:13:165:32 | type conversion | test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:164:15:164:24 | &... | stored value |
+| test.go:110:13:110:33 | type conversion | test.go:109:9:109:13 | &... [postupdate] | test.go:110:13:110:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:109:9:109:13 | &... [postupdate] | stored value |
+| test.go:114:13:114:29 | type conversion | test.go:113:9:113:12 | &... [postupdate] | test.go:114:13:114:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:113:9:113:12 | &... [postupdate] | stored value |
+| test.go:118:13:118:48 | type conversion | test.go:117:12:117:19 | &... [postupdate] | test.go:118:13:118:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:117:12:117:19 | &... [postupdate] | stored value |
+| test.go:122:13:122:43 | type conversion | test.go:121:16:121:24 | &... [postupdate] | test.go:122:13:122:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:121:16:121:24 | &... [postupdate] | stored value |
+| test.go:126:13:126:39 | type conversion | test.go:125:16:125:23 | &... [postupdate] | test.go:126:13:126:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:125:16:125:23 | &... [postupdate] | stored value |
+| test.go:130:13:130:47 | type conversion | test.go:129:15:129:24 | &... [postupdate] | test.go:130:13:130:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:129:15:129:24 | &... [postupdate] | stored value |
+| test.go:134:13:134:38 | type conversion | test.go:133:18:133:30 | &... [postupdate] | test.go:134:13:134:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:133:18:133:30 | &... [postupdate] | stored value |
+| test.go:141:13:141:48 | type conversion | test.go:140:12:140:19 | &... [postupdate] | test.go:141:13:141:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:140:12:140:19 | &... [postupdate] | stored value |
+| test.go:145:13:145:43 | type conversion | test.go:144:16:144:24 | &... [postupdate] | test.go:145:13:145:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:144:16:144:24 | &... [postupdate] | stored value |
+| test.go:149:13:149:39 | type conversion | test.go:148:16:148:23 | &... [postupdate] | test.go:149:13:149:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:148:16:148:23 | &... [postupdate] | stored value |
+| test.go:153:13:153:47 | type conversion | test.go:152:15:152:24 | &... [postupdate] | test.go:153:13:153:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:152:15:152:24 | &... [postupdate] | stored value |
+| test.go:157:13:157:38 | type conversion | test.go:156:18:156:30 | &... [postupdate] | test.go:157:13:157:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:156:18:156:30 | &... [postupdate] | stored value |
+| test.go:161:13:161:28 | type conversion | test.go:160:14:160:22 | &... [postupdate] | test.go:161:13:161:28 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:160:14:160:22 | &... [postupdate] | stored value |
+| test.go:165:13:165:32 | type conversion | test.go:164:15:164:24 | &... [postupdate] | test.go:165:13:165:32 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:164:15:164:24 | &... [postupdate] | stored value |
 edges
-| test.go:80:13:80:16 | &... | test.go:81:13:81:29 | type conversion | provenance | Src:MaD:1  |
-| test.go:80:13:80:16 | &... | test.go:82:13:82:43 | type conversion | provenance | Src:MaD:1  |
-| test.go:85:22:85:26 | &... | test.go:86:13:86:30 | type conversion | provenance | Src:MaD:2  |
-| test.go:89:21:89:25 | &... | test.go:90:13:90:30 | type conversion | provenance | Src:MaD:3  |
+| test.go:80:13:80:16 | &... [postupdate] | test.go:81:13:81:29 | type conversion | provenance | Src:MaD:1  |
+| test.go:80:13:80:16 | &... [postupdate] | test.go:82:13:82:43 | type conversion | provenance | Src:MaD:1  |
+| test.go:85:22:85:26 | &... [postupdate] | test.go:86:13:86:30 | type conversion | provenance | Src:MaD:2  |
+| test.go:89:21:89:25 | &... [postupdate] | test.go:90:13:90:30 | type conversion | provenance | Src:MaD:3  |
 | test.go:95:20:95:36 | call to Value | test.go:95:13:95:37 | type conversion | provenance |  |
 | test.go:96:20:96:39 | call to RawValue | test.go:96:13:96:49 | type conversion | provenance |  |
 | test.go:97:20:97:37 | call to String | test.go:97:13:97:38 | type conversion | provenance |  |
@@ -40,31 +40,31 @@ edges
 | test.go:101:20:101:37 | call to Value | test.go:101:13:101:38 | type conversion | provenance |  |
 | test.go:102:20:102:40 | call to RawValue | test.go:102:13:102:50 | type conversion | provenance |  |
 | test.go:103:20:103:38 | call to String | test.go:103:13:103:39 | type conversion | provenance |  |
-| test.go:109:9:109:13 | &... | test.go:110:13:110:33 | type conversion | provenance |  |
-| test.go:113:9:113:12 | &... | test.go:114:13:114:29 | type conversion | provenance |  |
-| test.go:117:12:117:19 | &... | test.go:118:13:118:48 | type conversion | provenance |  |
-| test.go:121:16:121:24 | &... | test.go:122:13:122:43 | type conversion | provenance |  |
-| test.go:125:16:125:23 | &... | test.go:126:13:126:39 | type conversion | provenance |  |
-| test.go:129:15:129:24 | &... | test.go:130:13:130:47 | type conversion | provenance |  |
-| test.go:133:18:133:30 | &... | test.go:134:13:134:38 | type conversion | provenance |  |
-| test.go:140:12:140:19 | &... | test.go:141:13:141:48 | type conversion | provenance |  |
-| test.go:144:16:144:24 | &... | test.go:145:13:145:43 | type conversion | provenance |  |
-| test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | provenance |  |
-| test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | provenance |  |
-| test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | provenance |  |
-| test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | provenance |  |
-| test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | provenance |  |
+| test.go:109:9:109:13 | &... [postupdate] | test.go:110:13:110:33 | type conversion | provenance |  |
+| test.go:113:9:113:12 | &... [postupdate] | test.go:114:13:114:29 | type conversion | provenance |  |
+| test.go:117:12:117:19 | &... [postupdate] | test.go:118:13:118:48 | type conversion | provenance |  |
+| test.go:121:16:121:24 | &... [postupdate] | test.go:122:13:122:43 | type conversion | provenance |  |
+| test.go:125:16:125:23 | &... [postupdate] | test.go:126:13:126:39 | type conversion | provenance |  |
+| test.go:129:15:129:24 | &... [postupdate] | test.go:130:13:130:47 | type conversion | provenance |  |
+| test.go:133:18:133:30 | &... [postupdate] | test.go:134:13:134:38 | type conversion | provenance |  |
+| test.go:140:12:140:19 | &... [postupdate] | test.go:141:13:141:48 | type conversion | provenance |  |
+| test.go:144:16:144:24 | &... [postupdate] | test.go:145:13:145:43 | type conversion | provenance |  |
+| test.go:148:16:148:23 | &... [postupdate] | test.go:149:13:149:39 | type conversion | provenance |  |
+| test.go:152:15:152:24 | &... [postupdate] | test.go:153:13:153:47 | type conversion | provenance |  |
+| test.go:156:18:156:30 | &... [postupdate] | test.go:157:13:157:38 | type conversion | provenance |  |
+| test.go:160:14:160:22 | &... [postupdate] | test.go:161:13:161:28 | type conversion | provenance |  |
+| test.go:164:15:164:24 | &... [postupdate] | test.go:165:13:165:32 | type conversion | provenance |  |
 models
 | 1 | Source: group:beego-orm; Ormer; true; Read; ; ; Argument[0]; database; manual |
 | 2 | Source: group:beego-orm; Ormer; true; ReadForUpdate; ; ; Argument[0]; database; manual |
 | 3 | Source: group:beego-orm; Ormer; true; ReadOrCreate; ; ; Argument[0]; database; manual |
 nodes
-| test.go:80:13:80:16 | &... | semmle.label | &... |
+| test.go:80:13:80:16 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:81:13:81:29 | type conversion | semmle.label | type conversion |
 | test.go:82:13:82:43 | type conversion | semmle.label | type conversion |
-| test.go:85:22:85:26 | &... | semmle.label | &... |
+| test.go:85:22:85:26 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:86:13:86:30 | type conversion | semmle.label | type conversion |
-| test.go:89:21:89:25 | &... | semmle.label | &... |
+| test.go:89:21:89:25 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:90:13:90:30 | type conversion | semmle.label | type conversion |
 | test.go:95:13:95:37 | type conversion | semmle.label | type conversion |
 | test.go:95:20:95:36 | call to Value | semmle.label | call to Value |
@@ -84,32 +84,32 @@ nodes
 | test.go:102:20:102:40 | call to RawValue | semmle.label | call to RawValue |
 | test.go:103:13:103:39 | type conversion | semmle.label | type conversion |
 | test.go:103:20:103:38 | call to String | semmle.label | call to String |
-| test.go:109:9:109:13 | &... | semmle.label | &... |
+| test.go:109:9:109:13 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:110:13:110:33 | type conversion | semmle.label | type conversion |
-| test.go:113:9:113:12 | &... | semmle.label | &... |
+| test.go:113:9:113:12 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:114:13:114:29 | type conversion | semmle.label | type conversion |
-| test.go:117:12:117:19 | &... | semmle.label | &... |
+| test.go:117:12:117:19 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:118:13:118:48 | type conversion | semmle.label | type conversion |
-| test.go:121:16:121:24 | &... | semmle.label | &... |
+| test.go:121:16:121:24 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:122:13:122:43 | type conversion | semmle.label | type conversion |
-| test.go:125:16:125:23 | &... | semmle.label | &... |
+| test.go:125:16:125:23 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:126:13:126:39 | type conversion | semmle.label | type conversion |
-| test.go:129:15:129:24 | &... | semmle.label | &... |
+| test.go:129:15:129:24 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:130:13:130:47 | type conversion | semmle.label | type conversion |
-| test.go:133:18:133:30 | &... | semmle.label | &... |
+| test.go:133:18:133:30 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:134:13:134:38 | type conversion | semmle.label | type conversion |
-| test.go:140:12:140:19 | &... | semmle.label | &... |
+| test.go:140:12:140:19 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:141:13:141:48 | type conversion | semmle.label | type conversion |
-| test.go:144:16:144:24 | &... | semmle.label | &... |
+| test.go:144:16:144:24 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:145:13:145:43 | type conversion | semmle.label | type conversion |
-| test.go:148:16:148:23 | &... | semmle.label | &... |
+| test.go:148:16:148:23 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:149:13:149:39 | type conversion | semmle.label | type conversion |
-| test.go:152:15:152:24 | &... | semmle.label | &... |
+| test.go:152:15:152:24 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:153:13:153:47 | type conversion | semmle.label | type conversion |
-| test.go:156:18:156:30 | &... | semmle.label | &... |
+| test.go:156:18:156:30 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:157:13:157:38 | type conversion | semmle.label | type conversion |
-| test.go:160:14:160:22 | &... | semmle.label | &... |
+| test.go:160:14:160:22 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:161:13:161:28 | type conversion | semmle.label | type conversion |
-| test.go:164:15:164:24 | &... | semmle.label | &... |
+| test.go:164:15:164:24 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:165:13:165:32 | type conversion | semmle.label | type conversion |
 subpaths

go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected

@@ -5,9 +5,10 @@ edges
 | test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | provenance | Src:MaD:2 Sink:MaD:1 |
 | test.go:178:11:178:32 | call to Param | test.go:185:24:185:29 | param2 | provenance | Src:MaD:2  |
 | test.go:185:24:185:29 | param2 | test.go:185:20:185:29 | ...+... | provenance | Config Sink:MaD:1 |
-| test.go:193:9:193:26 | star expression | test.go:193:10:193:26 | selection of URL | provenance | Config |
+| test.go:193:9:193:26 | star expression | test.go:193:10:193:26 | selection of URL [postupdate] | provenance | Config |
 | test.go:193:9:193:26 | star expression | test.go:196:21:196:23 | url | provenance |  |
 | test.go:193:10:193:26 | selection of URL | test.go:193:9:193:26 | star expression | provenance | Src:MaD:3 Config |
+| test.go:193:10:193:26 | selection of URL [postupdate] | test.go:193:9:193:26 | star expression | provenance | Config |
 | test.go:196:21:196:23 | url | test.go:196:21:196:32 | call to String | provenance | Config Sink:MaD:1 |
 models
 | 1 | Sink: github.com/labstack/echo; Context; true; Redirect; ; ; Argument[1]; url-redirection; manual |
@@ -21,6 +22,7 @@ nodes
 | test.go:185:24:185:29 | param2 | semmle.label | param2 |
 | test.go:193:9:193:26 | star expression | semmle.label | star expression |
 | test.go:193:10:193:26 | selection of URL | semmle.label | selection of URL |
+| test.go:193:10:193:26 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] |
 | test.go:196:21:196:23 | url | semmle.label | url |
 | test.go:196:21:196:32 | call to String | semmle.label | call to String |
 subpaths

go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected

@@ -11,7 +11,7 @@
 | test.go:77:20:77:25 | buffer | test.go:72:2:72:31 | ... := ...[0] | test.go:77:20:77:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:72:2:72:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:83:16:83:24 | selection of Value | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:82:2:82:32 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:89:16:89:31 | selection of Value | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:88:13:88:25 | call to Cookies | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:100:16:100:21 | selection of s | test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:99:11:99:15 | &... | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:100:16:100:21 | selection of s | test.go:99:11:99:15 | &... [postupdate] | test.go:100:16:100:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:99:11:99:15 | &... [postupdate] | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:114:16:114:42 | type assertion | test.go:113:21:113:42 | call to Param | test.go:114:16:114:42 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:113:21:113:42 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:125:16:125:20 | param | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | Cross-site scripting vulnerability due to $@. | test.go:124:11:124:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:131:20:131:32 | type conversion | test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:130:11:130:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
@@ -29,23 +29,23 @@ edges
 | test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | Src:MaD:4  |
 | test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | provenance |  |
 | test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:17 |
-| test.go:59:2:59:7 | definition of buffer | test.go:61:20:61:25 | buffer | provenance |  |
-| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:15 |
-| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:16 |
-| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:18 |
+| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:15 |
+| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:16 |
+| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:18 |
+| test.go:60:12:60:17 | buffer [postupdate] | test.go:61:20:61:25 | buffer | provenance |  |
 | test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | Src:MaD:7  |
 | test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | Src:MaD:7  |
 | test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | provenance |  |
 | test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:17 |
-| test.go:75:2:75:7 | definition of buffer | test.go:77:20:77:25 | buffer | provenance |  |
-| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:15 |
-| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:16 |
-| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:18 |
+| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:15 |
+| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:16 |
+| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:18 |
+| test.go:76:12:76:17 | buffer [postupdate] | test.go:77:20:77:25 | buffer | provenance |  |
 | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | Src:MaD:2  |
 | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | Src:MaD:3  |
-| test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:1  |
-| test.go:112:17:112:19 | definition of ctx | test.go:114:16:114:18 | ctx | provenance |  |
-| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | Src:MaD:8 MaD:14 |
+| test.go:99:11:99:15 | &... [postupdate] | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:1  |
+| test.go:113:2:113:4 | ctx [postupdate] | test.go:114:16:114:18 | ctx | provenance |  |
+| test.go:113:21:113:42 | call to Param | test.go:113:2:113:4 | ctx [postupdate] | provenance | Src:MaD:8 MaD:14 |
 | test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:13 |
 | test.go:114:16:114:33 | call to Get | test.go:114:16:114:42 | type assertion | provenance |  |
 | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | provenance | Src:MaD:8  |
@@ -93,24 +93,24 @@ nodes
 | test.go:57:2:57:46 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:58:2:58:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:58:13:58:22 | fileHeader | semmle.label | fileHeader |
-| test.go:59:2:59:7 | definition of buffer | semmle.label | definition of buffer |
 | test.go:60:2:60:5 | file | semmle.label | file |
+| test.go:60:12:60:17 | buffer [postupdate] | semmle.label | buffer [postupdate] |
 | test.go:61:20:61:25 | buffer | semmle.label | buffer |
 | test.go:66:2:66:31 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:67:16:67:41 | index expression | semmle.label | index expression |
 | test.go:72:2:72:31 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:74:2:74:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:74:13:74:22 | fileHeader | semmle.label | fileHeader |
-| test.go:75:2:75:7 | definition of buffer | semmle.label | definition of buffer |
 | test.go:76:2:76:5 | file | semmle.label | file |
+| test.go:76:12:76:17 | buffer [postupdate] | semmle.label | buffer [postupdate] |
 | test.go:77:20:77:25 | buffer | semmle.label | buffer |
 | test.go:82:2:82:32 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:83:16:83:24 | selection of Value | semmle.label | selection of Value |
 | test.go:88:13:88:25 | call to Cookies | semmle.label | call to Cookies |
 | test.go:89:16:89:31 | selection of Value | semmle.label | selection of Value |
-| test.go:99:11:99:15 | &... | semmle.label | &... |
+| test.go:99:11:99:15 | &... [postupdate] | semmle.label | &... [postupdate] |
 | test.go:100:16:100:21 | selection of s | semmle.label | selection of s |
-| test.go:112:17:112:19 | definition of ctx | semmle.label | definition of ctx |
+| test.go:113:2:113:4 | ctx [postupdate] | semmle.label | ctx [postupdate] |
 | test.go:113:21:113:42 | call to Param | semmle.label | call to Param |
 | test.go:114:16:114:18 | ctx | semmle.label | ctx |
 | test.go:114:16:114:33 | call to Get | semmle.label | call to Get |

go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected

@@ -9,28 +9,28 @@ edges
 | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:31:21:31:34 | untrustedInput | provenance |  |
 | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:35:27:35:41 | untrustedString | provenance |  |
 | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:39:31:39:45 | untrustedString | provenance |  |
-| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:4 |
-| jsoniter.go:27:33:27:37 | &... | jsoniter.go:28:15:28:24 | selection of field | provenance | Sink:MaD:1 |
-| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:2 |
-| jsoniter.go:31:37:31:42 | &... | jsoniter.go:32:15:32:25 | selection of field | provenance | Sink:MaD:1 |
-| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:5 |
-| jsoniter.go:35:44:35:49 | &... | jsoniter.go:36:15:36:25 | selection of field | provenance | Sink:MaD:1 |
-| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:3 |
-| jsoniter.go:39:48:39:53 | &... | jsoniter.go:40:15:40:25 | selection of field | provenance | Sink:MaD:1 |
+| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... [postupdate] | provenance | MaD:4 |
+| jsoniter.go:27:33:27:37 | &... [postupdate] | jsoniter.go:28:15:28:24 | selection of field | provenance | Sink:MaD:1 |
+| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... [postupdate] | provenance | MaD:2 |
+| jsoniter.go:31:37:31:42 | &... [postupdate] | jsoniter.go:32:15:32:25 | selection of field | provenance | Sink:MaD:1 |
+| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... [postupdate] | provenance | MaD:5 |
+| jsoniter.go:35:44:35:49 | &... [postupdate] | jsoniter.go:36:15:36:25 | selection of field | provenance | Sink:MaD:1 |
+| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... [postupdate] | provenance | MaD:3 |
+| jsoniter.go:39:48:39:53 | &... [postupdate] | jsoniter.go:40:15:40:25 | selection of field | provenance | Sink:MaD:1 |
 nodes
 | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | semmle.label | call to getUntrustedBytes |
 | jsoniter.go:24:21:24:40 | call to getUntrustedString | semmle.label | call to getUntrustedString |
 | jsoniter.go:27:17:27:30 | untrustedInput | semmle.label | untrustedInput |
-| jsoniter.go:27:33:27:37 | &... | semmle.label | &... |
+| jsoniter.go:27:33:27:37 | &... [postupdate] | semmle.label | &... [postupdate] |
 | jsoniter.go:28:15:28:24 | selection of field | semmle.label | selection of field |
 | jsoniter.go:31:21:31:34 | untrustedInput | semmle.label | untrustedInput |
-| jsoniter.go:31:37:31:42 | &... | semmle.label | &... |
+| jsoniter.go:31:37:31:42 | &... [postupdate] | semmle.label | &... [postupdate] |
 | jsoniter.go:32:15:32:25 | selection of field | semmle.label | selection of field |
 | jsoniter.go:35:27:35:41 | untrustedString | semmle.label | untrustedString |
-| jsoniter.go:35:44:35:49 | &... | semmle.label | &... |
+| jsoniter.go:35:44:35:49 | &... [postupdate] | semmle.label | &... [postupdate] |
 | jsoniter.go:36:15:36:25 | selection of field | semmle.label | selection of field |
 | jsoniter.go:39:31:39:45 | untrustedString | semmle.label | untrustedString |
-| jsoniter.go:39:48:39:53 | &... | semmle.label | &... |
+| jsoniter.go:39:48:39:53 | &... [postupdate] | semmle.label | &... [postupdate] |
 | jsoniter.go:40:15:40:25 | selection of field | semmle.label | selection of field |
 subpaths
 invalidModelRow

go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected

@@ -31,39 +31,39 @@
 | Gin.go:158:10:158:19 | selection of Params |
 | Gin.go:162:13:162:22 | selection of Params |
 | Gin.go:168:12:168:21 | selection of Params |
-| Gin.go:178:16:178:22 | &... |
-| Gin.go:182:7:182:19 | definition of personPointer |
-| Gin.go:188:15:188:21 | &... |
-| Gin.go:192:7:192:19 | definition of personPointer |
-| Gin.go:198:16:198:22 | &... |
-| Gin.go:202:7:202:19 | definition of personPointer |
-| Gin.go:208:15:208:21 | &... |
-| Gin.go:212:7:212:19 | definition of personPointer |
-| Gin.go:218:17:218:23 | &... |
-| Gin.go:222:7:222:19 | definition of personPointer |
-| Gin.go:228:20:228:26 | &... |
-| Gin.go:232:7:232:19 | definition of personPointer |
-| Gin.go:238:16:238:22 | &... |
-| Gin.go:242:7:242:19 | definition of personPointer |
-| Gin.go:248:12:248:18 | &... |
-| Gin.go:252:7:252:19 | definition of personPointer |
-| Gin.go:258:18:258:24 | &... |
-| Gin.go:262:7:262:19 | definition of personPointer |
-| Gin.go:268:26:268:32 | &... |
-| Gin.go:272:7:272:19 | definition of personPointer |
-| Gin.go:278:22:278:28 | &... |
-| Gin.go:282:7:282:19 | definition of personPointer |
-| Gin.go:288:23:288:29 | &... |
-| Gin.go:292:7:292:19 | definition of personPointer |
-| Gin.go:298:21:298:27 | &... |
-| Gin.go:302:7:302:19 | definition of personPointer |
-| Gin.go:308:22:308:28 | &... |
-| Gin.go:312:7:312:19 | definition of personPointer |
-| Gin.go:318:21:318:27 | &... |
-| Gin.go:322:7:322:19 | definition of personPointer |
-| Gin.go:328:22:328:28 | &... |
-| Gin.go:332:7:332:19 | definition of personPointer |
-| Gin.go:338:18:338:24 | &... |
-| Gin.go:342:7:342:19 | definition of personPointer |
-| Gin.go:348:24:348:30 | &... |
-| Gin.go:352:7:352:19 | definition of personPointer |
+| Gin.go:178:16:178:22 | &... [postupdate] |
+| Gin.go:183:16:183:28 | personPointer [postupdate] |
+| Gin.go:188:15:188:21 | &... [postupdate] |
+| Gin.go:193:15:193:27 | personPointer [postupdate] |
+| Gin.go:198:16:198:22 | &... [postupdate] |
+| Gin.go:203:16:203:28 | personPointer [postupdate] |
+| Gin.go:208:15:208:21 | &... [postupdate] |
+| Gin.go:213:15:213:27 | personPointer [postupdate] |
+| Gin.go:218:17:218:23 | &... [postupdate] |
+| Gin.go:223:17:223:29 | personPointer [postupdate] |
+| Gin.go:228:20:228:26 | &... [postupdate] |
+| Gin.go:233:20:233:32 | personPointer [postupdate] |
+| Gin.go:238:16:238:22 | &... [postupdate] |
+| Gin.go:243:16:243:28 | personPointer [postupdate] |
+| Gin.go:248:12:248:18 | &... [postupdate] |
+| Gin.go:253:12:253:24 | personPointer [postupdate] |
+| Gin.go:258:18:258:24 | &... [postupdate] |
+| Gin.go:263:18:263:30 | personPointer [postupdate] |
+| Gin.go:268:26:268:32 | &... [postupdate] |
+| Gin.go:273:26:273:38 | personPointer [postupdate] |
+| Gin.go:278:22:278:28 | &... [postupdate] |
+| Gin.go:283:22:283:34 | personPointer [postupdate] |
+| Gin.go:288:23:288:29 | &... [postupdate] |
+| Gin.go:293:23:293:35 | personPointer [postupdate] |
+| Gin.go:298:21:298:27 | &... [postupdate] |
+| Gin.go:303:21:303:33 | personPointer [postupdate] |
+| Gin.go:308:22:308:28 | &... [postupdate] |
+| Gin.go:313:22:313:34 | personPointer [postupdate] |
+| Gin.go:318:21:318:27 | &... [postupdate] |
+| Gin.go:323:21:323:33 | personPointer [postupdate] |
+| Gin.go:328:22:328:28 | &... [postupdate] |
+| Gin.go:333:22:333:34 | personPointer [postupdate] |
+| Gin.go:338:18:338:24 | &... [postupdate] |
+| Gin.go:343:18:343:30 | personPointer [postupdate] |
+| Gin.go:348:24:348:30 | &... [postupdate] |
+| Gin.go:353:24:353:36 | personPointer [postupdate] |

go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected

@@ -8,11 +8,11 @@ edges
 | gorestful.go:15:15:15:44 | call to QueryParameters | gorestful.go:15:15:15:47 | index expression | provenance | Src:MaD:4 Sink:MaD:1 |
 | gorestful.go:17:2:17:39 | ... := ...[0] | gorestful.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 |
 | gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | provenance | Src:MaD:3 Sink:MaD:1 |
-| gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 |
+| gorestful.go:23:21:23:24 | &... [postupdate] | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 |
 | gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | provenance | Src:MaD:4 Sink:MaD:1 |
 | gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 |
 | gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | provenance | Src:MaD:3 Sink:MaD:1 |
-| gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 |
+| gorestful_v2.go:23:21:23:24 | &... [postupdate] | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 |
 nodes
 | gorestful.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters |
 | gorestful.go:15:15:15:47 | index expression | semmle.label | index expression |
@@ -23,7 +23,7 @@ nodes
 | gorestful.go:20:15:20:42 | call to PathParameter | semmle.label | call to PathParameter |
 | gorestful.go:21:15:21:38 | call to PathParameters | semmle.label | call to PathParameters |
 | gorestful.go:21:15:21:45 | index expression | semmle.label | index expression |
-| gorestful.go:23:21:23:24 | &... | semmle.label | &... |
+| gorestful.go:23:21:23:24 | &... [postupdate] | semmle.label | &... [postupdate] |
 | gorestful.go:24:15:24:21 | selection of cmd | semmle.label | selection of cmd |
 | gorestful_v2.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters |
 | gorestful_v2.go:15:15:15:47 | index expression | semmle.label | index expression |
@@ -34,7 +34,7 @@ nodes
 | gorestful_v2.go:20:15:20:42 | call to PathParameter | semmle.label | call to PathParameter |
 | gorestful_v2.go:21:15:21:38 | call to PathParameters | semmle.label | call to PathParameters |
 | gorestful_v2.go:21:15:21:45 | index expression | semmle.label | index expression |
-| gorestful_v2.go:23:21:23:24 | &... | semmle.label | &... |
+| gorestful_v2.go:23:21:23:24 | &... [postupdate] | semmle.label | &... [postupdate] |
 | gorestful_v2.go:24:15:24:21 | selection of cmd | semmle.label | selection of cmd |
 subpaths
 invalidModelRow
@@ -45,11 +45,11 @@ invalidModelRow
 | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful.go:19:15:19:44 | call to HeaderParameter | a user-provided value |
 | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful.go:20:15:20:42 | call to PathParameter | a user-provided value |
 | gorestful.go:21:15:21:45 | index expression | gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | This command depends on $@. | gorestful.go:21:15:21:38 | call to PathParameters | a user-provided value |
-| gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... | a user-provided value |
+| gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... [postupdate] | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... [postupdate] | a user-provided value |
 | gorestful_v2.go:15:15:15:47 | index expression | gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | This command depends on $@. | gorestful_v2.go:15:15:15:44 | call to QueryParameters | a user-provided value |
 | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | This command depends on $@. | gorestful_v2.go:16:15:16:43 | call to QueryParameter | a user-provided value |
 | gorestful_v2.go:18:15:18:17 | val | gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | This command depends on $@. | gorestful_v2.go:17:2:17:39 | ... := ...[0] | a user-provided value |
 | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | a user-provided value |
 | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful_v2.go:20:15:20:42 | call to PathParameter | a user-provided value |
 | gorestful_v2.go:21:15:21:45 | index expression | gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | This command depends on $@. | gorestful_v2.go:21:15:21:38 | call to PathParameters | a user-provided value |
-| gorestful_v2.go:24:15:24:21 | selection of cmd | gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful_v2.go:23:21:23:24 | &... | a user-provided value |
+| gorestful_v2.go:24:15:24:21 | selection of cmd | gorestful_v2.go:23:21:23:24 | &... [postupdate] | gorestful_v2.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful_v2.go:23:21:23:24 | &... [postupdate] | a user-provided value |

go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected

@@ -1,10 +1,11 @@
 #select
 | EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value |
 edges
-| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params | provenance | Config |
+| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | provenance | Config |
 | EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config |
 | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Src:MaD:2 Config |
 | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:2 Config |
+| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Config |
 | EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config Sink:MaD:1 |
 models
 | 1 | Sink: group:revel; Controller; true; Redirect; ; ; Argument[0]; url-redirection; manual |
@@ -12,6 +13,7 @@ models
 nodes
 | EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference |
 | EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params |
+| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | semmle.label | selection of Params [postupdate] |
 | EndToEnd.go:94:20:94:32 | selection of Form | semmle.label | selection of Form |
 | EndToEnd.go:94:20:94:49 | call to Get | semmle.label | call to Get |
 subpaths

go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected

@@ -5,10 +5,10 @@
 | examples/booking/app/init.go:36:44:36:53 | selection of Path | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:36:44:36:48 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go |  |
 | examples/booking/app/init.go:40:49:40:58 | selection of Path | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:40:49:40:53 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go |  |
 edges
-| EndToEnd.go:35:2:35:4 | definition of buf | EndToEnd.go:37:24:37:26 | buf | provenance |  |
+| EndToEnd.go:36:2:36:4 | buf [postupdate] | EndToEnd.go:37:24:37:26 | buf | provenance |  |
 | EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | Src:MaD:1  |
 | EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:4 |
-| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:3 |
+| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:36:2:36:4 | buf [postupdate] | provenance | MaD:3 |
 | EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | Src:MaD:1  |
 | EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:4 |
 | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | Src:MaD:1  |
@@ -20,7 +20,7 @@ models
 | 3 | Summary: io; StringWriter; true; WriteString; ; ; Argument[0]; Argument[receiver]; taint; manual |
 | 4 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
 nodes
-| EndToEnd.go:35:2:35:4 | definition of buf | semmle.label | definition of buf |
+| EndToEnd.go:36:2:36:4 | buf [postupdate] | semmle.label | buf [postupdate] |
 | EndToEnd.go:36:18:36:25 | selection of Params | semmle.label | selection of Params |
 | EndToEnd.go:36:18:36:30 | selection of Form | semmle.label | selection of Form |
 | EndToEnd.go:36:18:36:47 | call to Get | semmle.label | call to Get |

go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected

@@ -8,64 +8,76 @@ invalidModelRow
 | crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | ... := ...[1] |
 | crypto.go:11:42:11:51 | ciphertext | crypto.go:11:2:11:57 | ... := ...[0] |
 | io.go:14:31:14:43 | "some string" | io.go:14:13:14:44 | call to NewReader |
-| io.go:16:3:16:3 | definition of w | io.go:16:23:16:27 | &... |
-| io.go:16:3:16:3 | definition of w | io.go:16:30:16:34 | &... |
-| io.go:16:23:16:27 | &... | io.go:15:7:15:10 | definition of buf1 |
+| io.go:16:3:16:3 | definition of w | io.go:16:23:16:27 | &... [postupdate] |
+| io.go:16:3:16:3 | definition of w | io.go:16:30:16:34 | &... [postupdate] |
+| io.go:16:23:16:27 | &... | io.go:16:24:16:27 | buf1 [postupdate] |
+| io.go:16:23:16:27 | &... [postupdate] | io.go:16:24:16:27 | buf1 [postupdate] |
 | io.go:16:24:16:27 | buf1 | io.go:16:23:16:27 | &... |
-| io.go:16:30:16:34 | &... | io.go:15:13:15:16 | definition of buf2 |
+| io.go:16:24:16:27 | buf1 [postupdate] | io.go:16:23:16:27 | &... |
+| io.go:16:30:16:34 | &... | io.go:16:31:16:34 | buf2 [postupdate] |
+| io.go:16:30:16:34 | &... [postupdate] | io.go:16:31:16:34 | buf2 [postupdate] |
 | io.go:16:31:16:34 | buf2 | io.go:16:30:16:34 | &... |
-| io.go:18:14:18:19 | reader | io.go:16:3:16:3 | definition of w |
+| io.go:16:31:16:34 | buf2 [postupdate] | io.go:16:30:16:34 | &... |
+| io.go:18:14:18:19 | reader | io.go:18:11:18:11 | w [postupdate] |
 | io.go:22:31:22:43 | "some string" | io.go:22:13:22:44 | call to NewReader |
-| io.go:25:19:25:23 | &... | io.go:23:7:23:10 | definition of buf1 |
+| io.go:25:19:25:23 | &... | io.go:25:20:25:23 | buf1 [postupdate] |
+| io.go:25:19:25:23 | &... [postupdate] | io.go:25:20:25:23 | buf1 [postupdate] |
 | io.go:25:20:25:23 | buf1 | io.go:25:19:25:23 | &... |
-| io.go:27:21:27:26 | reader | io.go:25:3:25:4 | definition of w2 |
+| io.go:25:20:25:23 | buf1 [postupdate] | io.go:25:19:25:23 | &... |
+| io.go:27:21:27:26 | reader | io.go:27:17:27:18 | w2 [postupdate] |
 | io.go:31:31:31:43 | "some string" | io.go:31:13:31:44 | call to NewReader |
-| io.go:33:19:33:23 | &... | io.go:32:7:32:10 | definition of buf1 |
+| io.go:33:19:33:23 | &... | io.go:33:20:33:23 | buf1 [postupdate] |
+| io.go:33:19:33:23 | &... [postupdate] | io.go:33:20:33:23 | buf1 [postupdate] |
 | io.go:33:20:33:23 | buf1 | io.go:33:19:33:23 | &... |
-| io.go:35:16:35:21 | reader | io.go:33:3:33:4 | definition of w2 |
+| io.go:33:20:33:23 | buf1 [postupdate] | io.go:33:19:33:23 | &... |
+| io.go:35:16:35:21 | reader | io.go:35:12:35:13 | w2 [postupdate] |
 | io.go:39:6:39:6 | definition of w | io.go:39:3:39:19 | ... := ...[0] |
 | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[0] |
 | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[1] |
-| io.go:40:17:40:31 | "some string\\n" | io.go:39:6:39:6 | definition of w |
-| io.go:43:16:43:16 | r | io.go:42:3:42:5 | definition of buf |
+| io.go:40:17:40:31 | "some string\\n" | io.go:40:14:40:14 | w [postupdate] |
+| io.go:43:16:43:16 | r | io.go:43:3:43:5 | buf [postupdate] |
 | io.go:44:13:44:15 | buf | io.go:44:13:44:24 | call to String |
 | io.go:48:31:48:43 | "some string" | io.go:48:13:48:44 | call to NewReader |
-| io.go:50:18:50:23 | reader | io.go:49:3:49:5 | definition of buf |
+| io.go:50:18:50:23 | reader | io.go:50:26:50:28 | buf [postupdate] |
 | io.go:54:31:54:43 | "some string" | io.go:54:13:54:44 | call to NewReader |
-| io.go:56:15:56:20 | reader | io.go:55:3:55:5 | definition of buf |
-| io.go:61:18:61:21 | &... | io.go:60:7:60:9 | definition of buf |
+| io.go:56:15:56:20 | reader | io.go:56:23:56:25 | buf [postupdate] |
+| io.go:61:18:61:21 | &... | io.go:61:19:61:21 | buf [postupdate] |
+| io.go:61:18:61:21 | &... [postupdate] | io.go:61:19:61:21 | buf [postupdate] |
 | io.go:61:19:61:21 | buf | io.go:61:18:61:21 | &... |
-| io.go:62:21:62:26 | "test" | io.go:61:3:61:3 | definition of w |
+| io.go:61:19:61:21 | buf [postupdate] | io.go:61:18:61:21 | &... |
+| io.go:62:21:62:26 | "test" | io.go:62:18:62:18 | w [postupdate] |
 | io.go:65:31:65:43 | "some string" | io.go:65:13:65:44 | call to NewReader |
-| io.go:67:3:67:8 | reader | io.go:66:3:66:5 | definition of buf |
+| io.go:67:3:67:8 | reader | io.go:67:15:67:17 | buf [postupdate] |
 | io.go:70:31:70:43 | "some string" | io.go:70:13:70:44 | call to NewReader |
-| io.go:72:3:72:8 | reader | io.go:71:3:71:5 | definition of buf |
+| io.go:72:3:72:8 | reader | io.go:72:17:72:19 | buf [postupdate] |
 | io.go:76:31:76:43 | "some string" | io.go:76:13:76:44 | call to NewReader |
 | io.go:77:24:77:29 | reader | io.go:77:9:77:33 | call to LimitReader |
-| io.go:78:22:78:23 | lr | io.go:78:11:78:19 | selection of Stdout |
+| io.go:78:22:78:23 | lr | io.go:78:11:78:19 | selection of Stdout [postupdate] |
 | io.go:82:27:82:36 | "reader1 " | io.go:82:9:82:37 | call to NewReader |
 | io.go:83:27:83:36 | "reader2 " | io.go:83:9:83:37 | call to NewReader |
 | io.go:84:27:84:35 | "reader3" | io.go:84:9:84:36 | call to NewReader |
 | io.go:85:23:85:24 | r1 | io.go:85:8:85:33 | call to MultiReader |
 | io.go:85:27:85:28 | r2 | io.go:85:8:85:33 | call to MultiReader |
 | io.go:85:31:85:32 | r3 | io.go:85:8:85:33 | call to MultiReader |
-| io.go:86:22:86:22 | r | io.go:86:11:86:19 | selection of Stdout |
+| io.go:86:22:86:22 | r | io.go:86:11:86:19 | selection of Stdout [postupdate] |
 | io.go:89:26:89:38 | "some string" | io.go:89:8:89:39 | call to NewReader |
 | io.go:91:23:91:23 | r | io.go:91:10:91:30 | call to TeeReader |
-| io.go:91:23:91:23 | r | io.go:91:26:91:29 | &... |
-| io.go:91:26:91:29 | &... | io.go:90:7:90:9 | definition of buf |
+| io.go:91:23:91:23 | r | io.go:91:26:91:29 | &... [postupdate] |
+| io.go:91:26:91:29 | &... | io.go:91:27:91:29 | buf [postupdate] |
+| io.go:91:26:91:29 | &... [postupdate] | io.go:91:27:91:29 | buf [postupdate] |
 | io.go:91:27:91:29 | buf | io.go:91:26:91:29 | &... |
-| io.go:93:22:93:24 | tee | io.go:93:11:93:19 | selection of Stdout |
+| io.go:91:27:91:29 | buf [postupdate] | io.go:91:26:91:29 | &... |
+| io.go:93:22:93:24 | tee | io.go:93:11:93:19 | selection of Stdout [postupdate] |
 | io.go:96:26:96:38 | "some string" | io.go:96:8:96:39 | call to NewReader |
 | io.go:97:28:97:28 | r | io.go:97:8:97:36 | call to NewSectionReader |
-| io.go:98:22:98:22 | s | io.go:98:11:98:19 | selection of Stdout |
+| io.go:98:22:98:22 | s | io.go:98:11:98:19 | selection of Stdout [postupdate] |
 | io.go:101:26:101:38 | "some string" | io.go:101:8:101:39 | call to NewReader |
-| io.go:102:3:102:3 | r | io.go:102:13:102:21 | selection of Stdout |
+| io.go:102:3:102:3 | r | io.go:102:13:102:21 | selection of Stdout [postupdate] |
 | io.go:108:30:108:42 | "some string" | io.go:108:12:108:43 | call to NewReader |
 | io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | ... := ...[0] |
 | io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | ... := ...[1] |
 | io.go:109:27:109:32 | reader | io.go:109:2:109:33 | ... := ...[0] |
-| io.go:110:18:110:20 | buf | io.go:110:2:110:10 | selection of Stdout |
+| io.go:110:18:110:20 | buf | io.go:110:2:110:10 | selection of Stdout [postupdate] |
 | main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[0] |
 | main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[1] |
 | main.go:11:25:11:25 | v | main.go:11:2:11:26 | ... := ...[0] |
@@ -74,21 +86,23 @@ invalidModelRow
 | main.go:13:33:13:33 | v | main.go:13:2:13:52 | ... := ...[0] |
 | main.go:13:36:13:45 | "/*JSON*/" | main.go:13:2:13:52 | ... := ...[0] |
 | main.go:13:48:13:51 | "  " | main.go:13:2:13:52 | ... := ...[0] |
-| main.go:14:25:14:25 | b | main.go:14:9:14:41 | slice literal |
-| main.go:14:28:14:30 | err | main.go:14:9:14:41 | slice literal |
-| main.go:14:33:14:34 | b2 | main.go:14:9:14:41 | slice literal |
-| main.go:14:37:14:40 | err2 | main.go:14:9:14:41 | slice literal |
+| main.go:14:25:14:25 | b | main.go:14:9:14:41 | slice literal [postupdate] |
+| main.go:14:28:14:30 | err | main.go:14:9:14:41 | slice literal [postupdate] |
+| main.go:14:33:14:34 | b2 | main.go:14:9:14:41 | slice literal [postupdate] |
+| main.go:14:37:14:40 | err2 | main.go:14:9:14:41 | slice literal [postupdate] |
 | main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[0] |
 | main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[1] |
 | main.go:19:35:19:41 | encoded | main.go:19:2:19:42 | ... := ...[0] |
-| main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | slice literal |
-| main.go:23:34:23:36 | err | main.go:23:9:23:48 | slice literal |
-| main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | slice literal |
-| main.go:28:2:28:4 | implicit dereference | main.go:26:15:26:17 | definition of req |
+| main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | slice literal [postupdate] |
+| main.go:23:34:23:36 | err | main.go:23:9:23:48 | slice literal [postupdate] |
+| main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | slice literal [postupdate] |
+| main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:4 | req [postupdate] |
 | main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:9 | selection of Body |
 | main.go:28:2:28:4 | req | main.go:28:2:28:4 | implicit dereference |
-| main.go:28:2:28:9 | selection of Body | main.go:27:2:27:2 | definition of b |
-| main.go:34:2:34:4 | implicit dereference | main.go:32:16:32:18 | definition of req |
+| main.go:28:2:28:4 | req [postupdate] | main.go:28:2:28:4 | implicit dereference |
+| main.go:28:2:28:9 | selection of Body | main.go:28:16:28:16 | b [postupdate] |
+| main.go:34:2:34:4 | implicit dereference | main.go:34:2:34:4 | req [postupdate] |
 | main.go:34:2:34:4 | implicit dereference | main.go:34:2:34:9 | selection of Body |
 | main.go:34:2:34:4 | req | main.go:34:2:34:4 | implicit dereference |
-| main.go:34:2:34:9 | selection of Body | main.go:33:2:33:2 | definition of b |
+| main.go:34:2:34:4 | req [postupdate] | main.go:34:2:34:4 | implicit dereference |
+| main.go:34:2:34:9 | selection of Body | main.go:34:16:34:16 | b [postupdate] |

go/ql/test/library-tests/semmle/go/frameworks/WebSocket/Read.expected

@@ -1,8 +1,8 @@
-| WebSocketReadWrite.go:31:7:31:10 | definition of xnet |
-| WebSocketReadWrite.go:35:3:35:7 | definition of xnet2 |
+| WebSocketReadWrite.go:32:11:32:14 | xnet [postupdate] |
+| WebSocketReadWrite.go:36:21:36:25 | xnet2 [postupdate] |
 | WebSocketReadWrite.go:41:3:41:40 | ... := ...[1] |
 | WebSocketReadWrite.go:44:3:44:48 | ... := ...[1] |
-| WebSocketReadWrite.go:51:7:51:16 | definition of gorillaMsg |
-| WebSocketReadWrite.go:55:3:55:10 | definition of gorilla2 |
+| WebSocketReadWrite.go:52:26:52:35 | gorillaMsg [postupdate] |
+| WebSocketReadWrite.go:56:17:56:24 | gorilla2 [postupdate] |
 | WebSocketReadWrite.go:61:3:61:38 | ... := ...[1] |
 | WebSocketReadWrite.go:67:3:67:36 | ... := ...[0] |

go/ql/test/library-tests/semmle/go/frameworks/WebSocket/RemoteFlowSources.expected

@@ -1,9 +1,9 @@
 | WebSocketReadWrite.go:27:9:27:16 | selection of Header |
-| WebSocketReadWrite.go:31:7:31:10 | definition of xnet |
-| WebSocketReadWrite.go:35:3:35:7 | definition of xnet2 |
+| WebSocketReadWrite.go:32:11:32:14 | xnet [postupdate] |
+| WebSocketReadWrite.go:36:21:36:25 | xnet2 [postupdate] |
 | WebSocketReadWrite.go:41:3:41:40 | ... := ...[1] |
 | WebSocketReadWrite.go:44:3:44:48 | ... := ...[1] |
-| WebSocketReadWrite.go:51:7:51:16 | definition of gorillaMsg |
-| WebSocketReadWrite.go:55:3:55:10 | definition of gorilla2 |
+| WebSocketReadWrite.go:52:26:52:35 | gorillaMsg [postupdate] |
+| WebSocketReadWrite.go:56:17:56:24 | gorilla2 [postupdate] |
 | WebSocketReadWrite.go:61:3:61:38 | ... := ...[1] |
 | WebSocketReadWrite.go:67:3:67:36 | ... := ...[0] |

go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected

@@ -44,28 +44,20 @@ edges
 | test.go:39:23:39:77 | call to NewTokenizerFragment | test.go:40:15:40:31 | tokenizerFragment | provenance |  |
 | test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | Src:MaD:1 MaD:4 |
 | test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:12 |
-| test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance |  |
-| test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance |  |
-| test.go:42:6:42:14 | definition of cleanNode | test.go:45:23:45:31 | cleanNode | provenance |  |
 | test.go:43:2:43:43 | ... := ...[0] | test.go:44:24:44:34 | taintedNode | provenance |  |
 | test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | Src:MaD:1 MaD:5 |
-| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:10 |
-| test.go:45:22:45:31 | &... | test.go:45:23:45:31 | cleanNode | provenance |  |
+| test.go:44:2:44:10 | cleanNode [postupdate] | test.go:45:22:45:31 | &... | provenance |  |
+| test.go:44:2:44:10 | cleanNode [postupdate] | test.go:45:23:45:31 | cleanNode | provenance |  |
+| test.go:44:24:44:34 | taintedNode | test.go:44:2:44:10 | cleanNode [postupdate] | provenance | MaD:10 |
 | test.go:45:22:45:31 | &... [pointer] | test.go:45:22:45:31 | &... | provenance |  |
-| test.go:45:22:45:31 | &... [pointer] | test.go:45:22:45:31 | &... | provenance |  |
-| test.go:45:22:45:31 | &... [pointer] | test.go:45:23:45:31 | cleanNode | provenance |  |
 | test.go:45:23:45:31 | cleanNode | test.go:45:22:45:31 | &... | provenance |  |
 | test.go:45:23:45:31 | cleanNode | test.go:45:22:45:31 | &... [pointer] | provenance |  |
-| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance |  |
-| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance |  |
-| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:23:50:32 | cleanNode2 | provenance |  |
 | test.go:48:2:48:44 | ... := ...[0] | test.go:49:26:49:37 | taintedNode2 | provenance |  |
 | test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | Src:MaD:1 MaD:5 |
-| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:11 |
-| test.go:50:22:50:32 | &... | test.go:50:23:50:32 | cleanNode2 | provenance |  |
+| test.go:49:2:49:11 | cleanNode2 [postupdate] | test.go:50:22:50:32 | &... | provenance |  |
+| test.go:49:2:49:11 | cleanNode2 [postupdate] | test.go:50:23:50:32 | cleanNode2 | provenance |  |
+| test.go:49:26:49:37 | taintedNode2 | test.go:49:2:49:11 | cleanNode2 [postupdate] | provenance | MaD:11 |
 | test.go:50:22:50:32 | &... [pointer] | test.go:50:22:50:32 | &... | provenance |  |
-| test.go:50:22:50:32 | &... [pointer] | test.go:50:22:50:32 | &... | provenance |  |
-| test.go:50:22:50:32 | &... [pointer] | test.go:50:23:50:32 | cleanNode2 | provenance |  |
 | test.go:50:23:50:32 | cleanNode2 | test.go:50:22:50:32 | &... | provenance |  |
 | test.go:50:23:50:32 | cleanNode2 | test.go:50:22:50:32 | &... [pointer] | provenance |  |
 models
@@ -125,20 +117,18 @@ nodes
 | test.go:39:49:39:60 | selection of Body | semmle.label | selection of Body |
 | test.go:40:15:40:31 | tokenizerFragment | semmle.label | tokenizerFragment |
 | test.go:40:15:40:42 | call to Buffered | semmle.label | call to Buffered |
-| test.go:42:6:42:14 | definition of cleanNode | semmle.label | definition of cleanNode |
 | test.go:43:2:43:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:43:31:43:42 | selection of Body | semmle.label | selection of Body |
+| test.go:44:2:44:10 | cleanNode [postupdate] | semmle.label | cleanNode [postupdate] |
 | test.go:44:24:44:34 | taintedNode | semmle.label | taintedNode |
 | test.go:45:22:45:31 | &... | semmle.label | &... |
-| test.go:45:22:45:31 | &... | semmle.label | &... |
 | test.go:45:22:45:31 | &... [pointer] | semmle.label | &... [pointer] |
 | test.go:45:23:45:31 | cleanNode | semmle.label | cleanNode |
-| test.go:47:6:47:15 | definition of cleanNode2 | semmle.label | definition of cleanNode2 |
 | test.go:48:2:48:44 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:48:32:48:43 | selection of Body | semmle.label | selection of Body |
+| test.go:49:2:49:11 | cleanNode2 [postupdate] | semmle.label | cleanNode2 [postupdate] |
 | test.go:49:26:49:37 | taintedNode2 | semmle.label | taintedNode2 |
 | test.go:50:22:50:32 | &... | semmle.label | &... |
-| test.go:50:22:50:32 | &... | semmle.label | &... |
 | test.go:50:22:50:32 | &... [pointer] | semmle.label | &... [pointer] |
 | test.go:50:23:50:32 | cleanNode2 | semmle.label | cleanNode2 |
 subpaths

go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go

@@ -13,30 +13,30 @@ func main() {
 	var inb []byte
 
 	out, _ = yaml1.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]"
-	yaml1.Unmarshal(inb, out)  // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out"
+	yaml1.Unmarshal(inb, out)  // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]"
 
 	out, _ = yaml2.Marshal(in)      // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]"
-	yaml2.Unmarshal(inb, out)       // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out"
-	yaml2.UnmarshalStrict(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out"
+	yaml2.Unmarshal(inb, out)       // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]"
+	yaml2.UnmarshalStrict(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]"
 
 	var r io.Reader
 	d := yaml2.NewDecoder(r) // $ ttfnmodelstep="r -> call to NewDecoder"
-	d.Decode(out)            // $ ttfnmodelstep="d -> definition of out"
+	d.Decode(out)            // $ ttfnmodelstep="d -> out [postupdate]"
 
 	var w io.Writer
-	e := yaml2.NewEncoder(w) // $ ttfnmodelstep="definition of e -> definition of w"
-	e.Encode(in)             // $ ttfnmodelstep="in -> definition of e"
+	e := yaml2.NewEncoder(w) // $ ttfnmodelstep="definition of e -> w [postupdate]"
+	e.Encode(in)             // $ ttfnmodelstep="in -> e [postupdate]"
 
 	out, _ = yaml3.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]"
-	yaml3.Unmarshal(inb, out)  // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out"
+	yaml3.Unmarshal(inb, out)  // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]"
 
 	d1 := yaml3.NewDecoder(r) // $ ttfnmodelstep="r -> call to NewDecoder"
-	d1.Decode(out)            // $ ttfnmodelstep="d1 -> definition of out"
+	d1.Decode(out)            // $ ttfnmodelstep="d1 -> out [postupdate]"
 
-	e1 := yaml3.NewEncoder(w) // $ ttfnmodelstep="definition of e1 -> definition of w"
-	e1.Encode(in)             // $ ttfnmodelstep="in -> definition of e1"
+	e1 := yaml3.NewEncoder(w) // $ ttfnmodelstep="definition of e1 -> w [postupdate]"
+	e1.Encode(in)             // $ ttfnmodelstep="in -> e1 [postupdate]"
 
 	var n1 yaml3.Node
-	n1.Decode(out) // $ ttfnmodelstep="n1 -> definition of out"
-	n1.Encode(in)  // $ ttfnmodelstep="in -> definition of n1"
+	n1.Decode(out) // $ ttfnmodelstep="n1 -> out [postupdate]"
+	n1.Encode(in)  // $ ttfnmodelstep="in -> n1 [postupdate]"
 }

go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected

@@ -56,8 +56,8 @@ edges
 | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config |
 | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:2 MaD:7 |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | provenance |  |
-| SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance |  |
-| SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | provenance |  |
+| SanitizingDoubleDash.go:13:15:13:32 | array literal [postupdate] [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance |  |
+| SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [postupdate] [array] | provenance |  |
 | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node | provenance |  |
 | SanitizingDoubleDash.go:14:23:14:33 | slice element node | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance |  |
 | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | SanitizingDoubleDash.go:39:14:39:44 | call to append | provenance | MaD:5 |
@@ -65,8 +65,8 @@ edges
 | SanitizingDoubleDash.go:39:14:39:44 | call to append | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:39:14:39:44 | call to append [array] | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | provenance |  |
-| SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance |  |
-| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | provenance |  |
+| SanitizingDoubleDash.go:52:15:52:31 | slice literal [postupdate] [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance |  |
+| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [postupdate] [array] | provenance |  |
 | SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance |  |
@@ -99,16 +99,16 @@ edges
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:142:31:142:37 | tainted | provenance |  |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:148:30:148:36 | tainted | provenance |  |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:152:24:152:30 | tainted | provenance |  |
-| SanitizingDoubleDash.go:95:15:95:32 | array literal [array] | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | provenance |  |
-| SanitizingDoubleDash.go:95:25:95:31 | tainted | SanitizingDoubleDash.go:95:15:95:32 | array literal [array] | provenance |  |
+| SanitizingDoubleDash.go:95:15:95:32 | array literal [postupdate] [array] | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | provenance |  |
+| SanitizingDoubleDash.go:95:25:95:31 | tainted | SanitizingDoubleDash.go:95:15:95:32 | array literal [postupdate] [array] | provenance |  |
 | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | SanitizingDoubleDash.go:96:24:96:34 | slice element node | provenance |  |
 | SanitizingDoubleDash.go:96:24:96:34 | slice element node | SanitizingDoubleDash.go:96:24:96:34 | slice expression | provenance |  |
-| SanitizingDoubleDash.go:100:15:100:38 | array literal [array] | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | provenance |  |
-| SanitizingDoubleDash.go:100:31:100:37 | tainted | SanitizingDoubleDash.go:100:15:100:38 | array literal [array] | provenance |  |
+| SanitizingDoubleDash.go:100:15:100:38 | array literal [postupdate] [array] | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | provenance |  |
+| SanitizingDoubleDash.go:100:31:100:37 | tainted | SanitizingDoubleDash.go:100:15:100:38 | array literal [postupdate] [array] | provenance |  |
 | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | SanitizingDoubleDash.go:101:24:101:34 | slice element node | provenance |  |
 | SanitizingDoubleDash.go:101:24:101:34 | slice element node | SanitizingDoubleDash.go:101:24:101:34 | slice expression | provenance |  |
-| SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | provenance |  |
-| SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | provenance |  |
+| SanitizingDoubleDash.go:105:15:105:37 | slice literal [postupdate] [array] | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | provenance |  |
+| SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [postupdate] [array] | provenance |  |
 | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | SanitizingDoubleDash.go:111:14:111:44 | call to append | provenance | MaD:5 |
 | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | SanitizingDoubleDash.go:111:14:111:44 | call to append [array] | provenance | MaD:5 |
 | SanitizingDoubleDash.go:111:14:111:44 | call to append | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | provenance |  |
@@ -124,8 +124,8 @@ edges
 | SanitizingDoubleDash.go:123:14:123:38 | call to append | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:123:14:123:38 | call to append [array] | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:123:14:123:38 | []type{args} [array] | provenance |  |
-| SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | provenance |  |
-| SanitizingDoubleDash.go:128:24:128:30 | tainted | SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | provenance |  |
+| SanitizingDoubleDash.go:128:15:128:31 | slice literal [postupdate] [array] | SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | provenance |  |
+| SanitizingDoubleDash.go:128:24:128:30 | tainted | SanitizingDoubleDash.go:128:15:128:31 | slice literal [postupdate] [array] | provenance |  |
 | SanitizingDoubleDash.go:129:14:129:35 | call to append | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:129:21:129:28 | arrayLit | SanitizingDoubleDash.go:129:14:129:35 | call to append | provenance | MaD:4 |
@@ -184,7 +184,7 @@ nodes
 | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | semmle.label | definition of tainted |
 | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query |
-| SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | semmle.label | array literal [array] |
+| SanitizingDoubleDash.go:13:15:13:32 | array literal [postupdate] [array] | semmle.label | array literal [postupdate] [array] |
 | SanitizingDoubleDash.go:13:25:13:31 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | semmle.label | arrayLit [array] |
 | SanitizingDoubleDash.go:14:23:14:33 | slice element node | semmle.label | slice element node |
@@ -194,7 +194,7 @@ nodes
 | SanitizingDoubleDash.go:39:14:39:44 | call to append [array] | semmle.label | call to append [array] |
 | SanitizingDoubleDash.go:39:31:39:37 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | semmle.label | arrayLit |
-| SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | semmle.label | slice literal [array] |
+| SanitizingDoubleDash.go:52:15:52:31 | slice literal [postupdate] [array] | semmle.label | slice literal [postupdate] [array] |
 | SanitizingDoubleDash.go:52:24:52:30 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:53:14:53:35 | call to append | semmle.label | call to append |
 | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | semmle.label | call to append [array] |
@@ -213,17 +213,17 @@ nodes
 | SanitizingDoubleDash.go:80:23:80:29 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | semmle.label | selection of URL |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | semmle.label | call to Query |
-| SanitizingDoubleDash.go:95:15:95:32 | array literal [array] | semmle.label | array literal [array] |
+| SanitizingDoubleDash.go:95:15:95:32 | array literal [postupdate] [array] | semmle.label | array literal [postupdate] [array] |
 | SanitizingDoubleDash.go:95:25:95:31 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | semmle.label | arrayLit [array] |
 | SanitizingDoubleDash.go:96:24:96:34 | slice element node | semmle.label | slice element node |
 | SanitizingDoubleDash.go:96:24:96:34 | slice expression | semmle.label | slice expression |
-| SanitizingDoubleDash.go:100:15:100:38 | array literal [array] | semmle.label | array literal [array] |
+| SanitizingDoubleDash.go:100:15:100:38 | array literal [postupdate] [array] | semmle.label | array literal [postupdate] [array] |
 | SanitizingDoubleDash.go:100:31:100:37 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | semmle.label | arrayLit [array] |
 | SanitizingDoubleDash.go:101:24:101:34 | slice element node | semmle.label | slice element node |
 | SanitizingDoubleDash.go:101:24:101:34 | slice expression | semmle.label | slice expression |
-| SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | semmle.label | slice literal [array] |
+| SanitizingDoubleDash.go:105:15:105:37 | slice literal [postupdate] [array] | semmle.label | slice literal [postupdate] [array] |
 | SanitizingDoubleDash.go:105:30:105:36 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | semmle.label | []type{args} [array] |
@@ -241,7 +241,7 @@ nodes
 | SanitizingDoubleDash.go:123:14:123:38 | call to append [array] | semmle.label | call to append [array] |
 | SanitizingDoubleDash.go:123:31:123:37 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | semmle.label | arrayLit |
-| SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | semmle.label | slice literal [array] |
+| SanitizingDoubleDash.go:128:15:128:31 | slice literal [postupdate] [array] | semmle.label | slice literal [postupdate] [array] |
 | SanitizingDoubleDash.go:128:24:128:30 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:129:14:129:35 | call to append | semmle.label | call to append |
 | SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | semmle.label | call to append [array] |

go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected

@@ -2,14 +2,14 @@
 | StoredCommand.go:14:22:14:28 | cmdName | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:14:22:14:28 | cmdName | This command depends on a $@. | StoredCommand.go:11:2:11:27 | ... := ...[0] | stored value |
 edges
 | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows | provenance | Src:MaD:2  |
-| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... | provenance | FunctionModel |
-| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 |
+| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... [postupdate] | provenance | FunctionModel |
+| StoredCommand.go:13:12:13:19 | &... [postupdate] | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 |
 models
 | 1 | Sink: os/exec; ; false; Command; ; ; Argument[0]; command-injection; manual |
 | 2 | Source: database/sql; DB; true; Query; ; ; ReturnValue[0]; database; manual |
 nodes
 | StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] |
 | StoredCommand.go:13:2:13:5 | rows | semmle.label | rows |
-| StoredCommand.go:13:12:13:19 | &... | semmle.label | &... |
+| StoredCommand.go:13:12:13:19 | &... [postupdate] | semmle.label | &... [postupdate] |
 | StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName |
 subpaths

go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected

@@ -13,11 +13,11 @@
 | reflectedxsstest.go:54:11:54:21 | type conversion | reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:54:11:54:21 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:51:14:51:18 | selection of URL | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go |  |
 | tst.go:18:12:18:39 | type conversion | tst.go:14:15:14:20 | selection of Form | tst.go:18:12:18:39 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:14:15:14:20 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go |  |
 | tst.go:53:12:53:26 | type conversion | tst.go:48:14:48:19 | selection of Form | tst.go:53:12:53:26 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:48:14:48:19 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go |  |
-| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | Cross-site scripting vulnerability due to $@. | websocketXss.go:30:7:30:10 | definition of xnet | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
-| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:34:3:34:7 | definition of xnet2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
+| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:31:11:31:14 | xnet [postupdate] | websocketXss.go:32:24:32:27 | xnet | Cross-site scripting vulnerability due to $@. | websocketXss.go:31:11:31:14 | xnet [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
+| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:35:21:35:25 | xnet2 [postupdate] | websocketXss.go:36:24:36:28 | xnet2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:35:21:35:25 | xnet2 [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
 | websocketXss.go:41:24:41:29 | nhooyr | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | Cross-site scripting vulnerability due to $@. | websocketXss.go:40:3:40:40 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
-| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | Cross-site scripting vulnerability due to $@. | websocketXss.go:46:7:46:16 | definition of gorillaMsg | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
-| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:50:3:50:10 | definition of gorilla2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
+| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | websocketXss.go:48:24:48:33 | gorillaMsg | Cross-site scripting vulnerability due to $@. | websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
+| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | websocketXss.go:52:24:52:31 | gorilla2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
 | websocketXss.go:55:24:55:31 | gorilla3 | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | Cross-site scripting vulnerability due to $@. | websocketXss.go:54:3:54:38 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go |  |
 edges
 | ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | Src:MaD:6 MaD:18 |
@@ -48,8 +48,8 @@ edges
 | reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:16 |
 | reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:15 |
 | reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName | provenance |  |
-| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance |  |
-| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:14 |
+| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | provenance | MaD:14 |
+| reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance |  |
 | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:12 |
 | reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion | provenance |  |
 | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | provenance |  |
@@ -62,11 +62,11 @@ edges
 | tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:19 |
 | tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | Src:MaD:6 MaD:18 |
 | tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance |  |
-| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5  |
-| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4  |
+| websocketXss.go:31:11:31:14 | xnet [postupdate] | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5  |
+| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4  |
 | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11  |
-| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1  |
-| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2  |
+| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1  |
+| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2  |
 | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3  |
 models
 | 1 | Source: github.com/gorilla/websocket; ; false; ReadJSON; ; ; Argument[1]; remote; manual |
@@ -123,8 +123,8 @@ nodes
 | reflectedxsstest.go:39:16:39:21 | reader | semmle.label | reader |
 | reflectedxsstest.go:40:14:40:17 | part | semmle.label | part |
 | reflectedxsstest.go:40:14:40:28 | call to FileName | semmle.label | call to FileName |
-| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | semmle.label | definition of byteSlice |
 | reflectedxsstest.go:42:2:42:5 | part | semmle.label | part |
+| reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | semmle.label | byteSlice [postupdate] |
 | reflectedxsstest.go:44:10:44:55 | type conversion | semmle.label | type conversion |
 | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | semmle.label | []type{args} [array] |
 | reflectedxsstest.go:44:17:44:54 | call to Sprintf | semmle.label | call to Sprintf |
@@ -141,16 +141,25 @@ nodes
 | tst.go:48:14:48:19 | selection of Form | semmle.label | selection of Form |
 | tst.go:48:14:48:34 | call to Get | semmle.label | call to Get |
 | tst.go:53:12:53:26 | type conversion | semmle.label | type conversion |
-| websocketXss.go:30:7:30:10 | definition of xnet | semmle.label | definition of xnet |
+| websocketXss.go:31:11:31:14 | xnet [postupdate] | semmle.label | xnet [postupdate] |
 | websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet |
-| websocketXss.go:34:3:34:7 | definition of xnet2 | semmle.label | definition of xnet2 |
+| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | semmle.label | xnet2 [postupdate] |
 | websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 |
 | websocketXss.go:40:3:40:40 | ... := ...[1] | semmle.label | ... := ...[1] |
 | websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr |
-| websocketXss.go:46:7:46:16 | definition of gorillaMsg | semmle.label | definition of gorillaMsg |
+| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | semmle.label | gorillaMsg [postupdate] |
 | websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg |
-| websocketXss.go:50:3:50:10 | definition of gorilla2 | semmle.label | definition of gorilla2 |
+| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | semmle.label | gorilla2 [postupdate] |
 | websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 |
 | websocketXss.go:54:3:54:38 | ... := ...[1] | semmle.label | ... := ...[1] |
 | websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 |
 subpaths
+testFailures
+| websocketXss.go:30:32:30:60 | comment | Missing result: Source[go/reflected-xss] |
+| websocketXss.go:31:11:31:14 | xnet [postupdate] | Unexpected result: Source |
+| websocketXss.go:34:30:34:58 | comment | Missing result: Source[go/reflected-xss] |
+| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | Unexpected result: Source |
+| websocketXss.go:46:38:46:66 | comment | Missing result: Source[go/reflected-xss] |
+| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | Unexpected result: Source |
+| websocketXss.go:50:33:50:61 | comment | Missing result: Source[go/reflected-xss] |
+| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | Unexpected result: Source |

go/ql/test/query-tests/Security/CWE-079/StoredXss.expected

@@ -3,15 +3,15 @@
 | stored.go:61:22:61:25 | path | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | Stored cross-site scripting vulnerability due to $@. | stored.go:59:30:59:33 | definition of path | stored value |
 edges
 | stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance | Src:MaD:1  |
-| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... | provenance | FunctionModel |
-| stored.go:25:29:25:33 | &... | stored.go:30:22:30:25 | name | provenance |  |
+| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... [postupdate] | provenance | FunctionModel |
+| stored.go:25:29:25:33 | &... [postupdate] | stored.go:30:22:30:25 | name | provenance |  |
 | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance |  |
 models
 | 1 | Source: database/sql; DB; true; Query; ; ; ReturnValue[0]; database; manual |
 nodes
 | stored.go:18:3:18:28 | ... := ...[0] | semmle.label | ... := ...[0] |
 | stored.go:25:14:25:17 | rows | semmle.label | rows |
-| stored.go:25:29:25:33 | &... | semmle.label | &... |
+| stored.go:25:29:25:33 | &... [postupdate] | semmle.label | &... [postupdate] |
 | stored.go:30:22:30:25 | name | semmle.label | name |
 | stored.go:59:30:59:33 | definition of path | semmle.label | definition of path |
 | stored.go:61:22:61:25 | path | semmle.label | path |

go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected

@@ -12,9 +12,9 @@ edges
 | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | []type{args} [array] | provenance |  |
 | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | call to Sprintf | provenance | FunctionModel |
 | sample.go:16:9:16:15 | slice expression | sample.go:26:25:26:30 | call to Guid | provenance |  |
-| sample.go:33:2:33:6 | definition of nonce | sample.go:37:35:37:39 | nonce | provenance |  |
 | sample.go:34:12:34:40 | call to New | sample.go:35:14:35:19 | random | provenance |  |
-| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:2 |
+| sample.go:35:14:35:19 | random | sample.go:35:22:35:26 | nonce [postupdate] | provenance | MaD:2 |
+| sample.go:35:22:35:26 | nonce [postupdate] | sample.go:37:35:37:39 | nonce | provenance |  |
 | sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance |  |
 | sample.go:56:11:56:40 | type conversion | sample.go:58:32:58:43 | type conversion | provenance |  |
 | sample.go:56:18:56:39 | index expression | sample.go:56:11:56:40 | type conversion | provenance |  |
@@ -31,9 +31,9 @@ nodes
 | sample.go:15:49:15:61 | call to Uint32 | semmle.label | call to Uint32 |
 | sample.go:16:9:16:15 | slice expression | semmle.label | slice expression |
 | sample.go:26:25:26:30 | call to Guid | semmle.label | call to Guid |
-| sample.go:33:2:33:6 | definition of nonce | semmle.label | definition of nonce |
 | sample.go:34:12:34:40 | call to New | semmle.label | call to New |
 | sample.go:35:14:35:19 | random | semmle.label | random |
+| sample.go:35:22:35:26 | nonce [postupdate] | semmle.label | nonce [postupdate] |
 | sample.go:37:35:37:39 | nonce | semmle.label | nonce |
 | sample.go:43:17:43:39 | call to Intn | semmle.label | call to Intn |
 | sample.go:44:17:44:39 | call to Intn | semmle.label | call to Intn |

go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected

@@ -29,43 +29,34 @@ edges
 | stdlib.go:93:13:93:32 | call to Get | stdlib.go:94:3:94:8 | target | provenance |  |
 | stdlib.go:94:3:94:8 | target | stdlib.go:94:3:94:25 | ... += ... | provenance | Config |
 | stdlib.go:94:3:94:25 | ... += ... | stdlib.go:96:23:96:28 | target | provenance | Sink:MaD:1 |
-| stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | provenance |  |
-| stdlib.go:111:54:111:54 | definition of r [pointer, URL] | stdlib.go:115:6:115:6 | r [pointer, URL] | provenance |  |
-| stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | provenance |  |
-| stdlib.go:115:6:115:6 | r [pointer, URL] | stdlib.go:116:4:116:4 | r [pointer, URL] | provenance |  |
-| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | provenance |  |
-| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | stdlib.go:116:4:116:8 | selection of URL [pointer] | provenance |  |
-| stdlib.go:116:4:116:4 | implicit dereference [URL] | stdlib.go:111:54:111:54 | definition of r [pointer, URL] | provenance |  |
-| stdlib.go:116:4:116:4 | implicit dereference [URL] | stdlib.go:116:4:116:8 | selection of URL | provenance |  |
-| stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | provenance |  |
-| stdlib.go:116:4:116:4 | r [pointer, URL] | stdlib.go:116:4:116:4 | implicit dereference [URL] | provenance |  |
-| stdlib.go:116:4:116:4 | r [pointer, URL] | stdlib.go:117:24:117:24 | r [pointer, URL] | provenance |  |
-| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL | provenance | Config |
-| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL [pointer] | provenance |  |
-| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:4 | implicit dereference [URL] | provenance | Src:MaD:4  |
+| stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | provenance |  |
+| stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | stdlib.go:117:24:117:24 | r [pointer, URL] | provenance |  |
+| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL [postupdate] | provenance | Config |
 | stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:8 | implicit dereference | provenance | Src:MaD:4 Config |
-| stdlib.go:116:4:116:8 | selection of URL [pointer] | stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | provenance |  |
-| stdlib.go:116:4:116:8 | selection of URL [pointer] | stdlib.go:116:4:116:8 | implicit dereference | provenance |  |
+| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | provenance |  |
+| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:8 | implicit dereference | provenance | Config |
 | stdlib.go:117:24:117:24 | implicit dereference [URL] | stdlib.go:117:24:117:28 | selection of URL | provenance |  |
 | stdlib.go:117:24:117:24 | r [pointer, URL] | stdlib.go:117:24:117:24 | implicit dereference [URL] | provenance |  |
 | stdlib.go:117:24:117:28 | selection of URL | stdlib.go:117:24:117:37 | call to String | provenance | Src:MaD:4 Config Sink:MaD:1 |
 | stdlib.go:150:13:150:18 | selection of Form | stdlib.go:150:13:150:32 | call to Get | provenance | Src:MaD:2 Config |
 | stdlib.go:150:13:150:32 | call to Get | stdlib.go:156:23:156:28 | target | provenance | Sink:MaD:1 |
-| stdlib.go:163:10:163:15 | star expression | stdlib.go:163:11:163:15 | selection of URL | provenance | Config |
+| stdlib.go:163:10:163:15 | star expression | stdlib.go:163:11:163:15 | selection of URL [postupdate] | provenance | Config |
 | stdlib.go:163:10:163:15 | star expression | stdlib.go:166:24:166:26 | url | provenance |  |
 | stdlib.go:163:11:163:15 | selection of URL | stdlib.go:163:10:163:15 | star expression | provenance | Src:MaD:4 Config |
+| stdlib.go:163:11:163:15 | selection of URL [postupdate] | stdlib.go:163:10:163:15 | star expression | provenance | Config |
 | stdlib.go:166:24:166:26 | url | stdlib.go:166:24:166:35 | call to String | provenance | Config Sink:MaD:1 |
 | stdlib.go:177:35:177:39 | selection of URL | stdlib.go:177:35:177:52 | call to RequestURI | provenance | Src:MaD:4 Config |
 | stdlib.go:177:35:177:52 | call to RequestURI | stdlib.go:177:24:177:52 | ...+... | provenance | Config Sink:MaD:1 |
 | stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | provenance | Src:MaD:3 Sink:MaD:1 |
-| stdlib.go:194:3:194:8 | definition of target | stdlib.go:196:23:196:28 | target | provenance |  |
-| stdlib.go:194:3:194:57 | ... := ...[0] | stdlib.go:194:3:194:8 | definition of target | provenance |  |
+| stdlib.go:194:3:194:57 | ... := ...[0] | stdlib.go:196:23:196:28 | target | provenance |  |
 | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:194:3:194:57 | ... := ...[0] | provenance | Src:MaD:3 Config |
-| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:194:3:194:8 | definition of target | provenance | Config |
+| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:28 | target [postupdate] | provenance | Config |
 | stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 |
 | stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config |
 | stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 |
 | stdlib.go:196:23:196:28 | target | stdlib.go:198:23:198:28 | target | provenance |  |
+| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config |
+| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:198:23:198:28 | target | provenance |  |
 | stdlib.go:198:23:198:28 | target | stdlib.go:198:23:198:42 | call to EscapedPath | provenance | Config Sink:MaD:1 |
 models
 | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual |
@@ -98,17 +89,11 @@ nodes
 | stdlib.go:94:3:94:8 | target | semmle.label | target |
 | stdlib.go:94:3:94:25 | ... += ... | semmle.label | ... += ... |
 | stdlib.go:96:23:96:28 | target | semmle.label | target |
-| stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] |
-| stdlib.go:111:54:111:54 | definition of r [pointer, URL] | semmle.label | definition of r [pointer, URL] |
-| stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] |
-| stdlib.go:115:6:115:6 | r [pointer, URL] | semmle.label | r [pointer, URL] |
-| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | semmle.label | implicit dereference [URL, pointer] |
-| stdlib.go:116:4:116:4 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
-| stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] |
-| stdlib.go:116:4:116:4 | r [pointer, URL] | semmle.label | r [pointer, URL] |
+| stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | semmle.label | implicit dereference [postupdate] [URL] |
+| stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | semmle.label | r [postupdate] [pointer, URL] |
 | stdlib.go:116:4:116:8 | implicit dereference | semmle.label | implicit dereference |
 | stdlib.go:116:4:116:8 | selection of URL | semmle.label | selection of URL |
-| stdlib.go:116:4:116:8 | selection of URL [pointer] | semmle.label | selection of URL [pointer] |
+| stdlib.go:116:4:116:8 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] |
 | stdlib.go:117:24:117:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
 | stdlib.go:117:24:117:24 | r [pointer, URL] | semmle.label | r [pointer, URL] |
 | stdlib.go:117:24:117:28 | selection of URL | semmle.label | selection of URL |
@@ -118,6 +103,7 @@ nodes
 | stdlib.go:156:23:156:28 | target | semmle.label | target |
 | stdlib.go:163:10:163:15 | star expression | semmle.label | star expression |
 | stdlib.go:163:11:163:15 | selection of URL | semmle.label | selection of URL |
+| stdlib.go:163:11:163:15 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] |
 | stdlib.go:166:24:166:26 | url | semmle.label | url |
 | stdlib.go:166:24:166:35 | call to String | semmle.label | call to String |
 | stdlib.go:177:24:177:52 | ...+... | semmle.label | ...+... |
@@ -125,11 +111,11 @@ nodes
 | stdlib.go:177:35:177:52 | call to RequestURI | semmle.label | call to RequestURI |
 | stdlib.go:186:13:186:33 | call to FormValue | semmle.label | call to FormValue |
 | stdlib.go:188:23:188:28 | target | semmle.label | target |
-| stdlib.go:194:3:194:8 | definition of target | semmle.label | definition of target |
 | stdlib.go:194:3:194:57 | ... := ...[0] | semmle.label | ... := ...[0] |
 | stdlib.go:194:36:194:56 | call to FormValue | semmle.label | call to FormValue |
 | stdlib.go:196:23:196:28 | implicit dereference | semmle.label | implicit dereference |
 | stdlib.go:196:23:196:28 | target | semmle.label | target |
+| stdlib.go:196:23:196:28 | target [postupdate] | semmle.label | target [postupdate] |
 | stdlib.go:196:23:196:33 | selection of Path | semmle.label | selection of Path |
 | stdlib.go:198:23:198:28 | target | semmle.label | target |
 | stdlib.go:198:23:198:42 | call to EscapedPath | semmle.label | call to EscapedPath |

go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected

@@ -37,12 +37,7 @@ edges
 | tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | provenance | Src:MaD:1  |
 | tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | provenance | Src:MaD:1  |
 | tst.go:10:13:10:35 | call to FormValue | tst.go:47:11:47:18 | tainted2 | provenance | Src:MaD:1  |
-| tst.go:46:2:46:2 | definition of u [pointer] | tst.go:47:2:47:2 | u [pointer] | provenance |  |
-| tst.go:47:2:47:2 | implicit dereference | tst.go:46:2:46:2 | definition of u [pointer] | provenance |  |
-| tst.go:47:2:47:2 | implicit dereference | tst.go:47:2:47:2 | u | provenance |  |
-| tst.go:47:2:47:2 | u | tst.go:47:2:47:2 | implicit dereference | provenance |  |
 | tst.go:47:2:47:2 | u | tst.go:48:11:48:11 | u | provenance |  |
-| tst.go:47:2:47:2 | u [pointer] | tst.go:47:2:47:2 | implicit dereference | provenance |  |
 | tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | u | provenance | Config |
 | tst.go:47:11:47:18 | tainted2 | tst.go:48:11:48:11 | u | provenance | Config |
 | tst.go:48:11:48:11 | u | tst.go:48:11:48:20 | call to String | provenance | MaD:3 |
@@ -75,10 +70,7 @@ nodes
 | tst.go:36:18:36:24 | tainted | semmle.label | tainted |
 | tst.go:38:11:38:29 | ...+... | semmle.label | ...+... |
 | tst.go:40:11:40:40 | ...+... | semmle.label | ...+... |
-| tst.go:46:2:46:2 | definition of u [pointer] | semmle.label | definition of u [pointer] |
-| tst.go:47:2:47:2 | implicit dereference | semmle.label | implicit dereference |
 | tst.go:47:2:47:2 | u | semmle.label | u |
-| tst.go:47:2:47:2 | u [pointer] | semmle.label | u [pointer] |
 | tst.go:47:11:47:18 | tainted2 | semmle.label | tainted2 |
 | tst.go:48:11:48:11 | u | semmle.label | u |
 | tst.go:48:11:48:20 | call to String | semmle.label | call to String |