From d594de81902e18b22b5362e618eb68e8f0657d9d Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Thu, 17 Aug 2023 10:20:23 +0100
Subject: [PATCH 1/4] Swift: Test dataflow on fields a bit more.

---
 .../dataflow/dataflow/DataFlow.expected       | 62 +++++++++++++++++++
 .../dataflow/dataflow/LocalFlow.expected      | 36 +++++++++++
 .../dataflow/dataflow/test.swift              | 28 +++++++++
 3 files changed, 126 insertions(+)

diff --git a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
index c638ea8e344..df3da66d96b 100644
--- a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
+++ b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
@@ -4,10 +4,12 @@ edges
 | file://:0:0:0:0 | self [v2, some:0] | file://:0:0:0:0 | .v2 [some:0] |
 | file://:0:0:0:0 | self [v2] | file://:0:0:0:0 | .v2 |
 | file://:0:0:0:0 | self [v3] | file://:0:0:0:0 | .v3 |
+| file://:0:0:0:0 | self [v] | file://:0:0:0:0 | .v |
 | file://:0:0:0:0 | self [x, some:0] | file://:0:0:0:0 | .x [some:0] |
 | file://:0:0:0:0 | self [x] | file://:0:0:0:0 | .x |
 | file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [v2] |
 | file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [v3] |
+| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [v] |
 | file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [x] |
 | file://:0:0:0:0 | value [some:0] | file://:0:0:0:0 | [post] self [v2, some:0] |
 | file://:0:0:0:0 | value [some:0] | file://:0:0:0:0 | [post] self [x, some:0] |
@@ -404,9 +406,34 @@ edges
 | test.swift:756:15:756:19 | .v2 [some:0] | test.swift:756:15:756:21 | ...! |
 | test.swift:757:15:757:15 | mo1 [v3] | test.swift:732:9:732:9 | self [v3] |
 | test.swift:757:15:757:15 | mo1 [v3] | test.swift:757:15:757:19 | .v3 |
+| test.swift:764:8:764:13 | v | test.swift:765:14:765:14 | v |
+| test.swift:765:5:765:5 | [post] self [v] | test.swift:764:3:766:3 | self[return] [v] |
+| test.swift:765:14:765:14 | v | test.swift:765:5:765:5 | [post] self [v] |
+| test.swift:768:8:768:8 | self [v] | test.swift:768:31:768:31 | self [v] |
+| test.swift:768:31:768:31 | self [v] | test.swift:768:31:768:31 | .v |
+| test.swift:768:31:768:31 | self [v] | test.swift:770:7:770:7 | self [v] |
+| test.swift:770:7:770:7 | self [v] | file://:0:0:0:0 | self [v] |
+| test.swift:770:7:770:7 | value | file://:0:0:0:0 | value |
+| test.swift:774:14:774:25 | call to S3.init(_:) [v] | test.swift:777:15:777:15 | s1 [v] |
+| test.swift:774:14:774:25 | call to S3.init(_:) [v] | test.swift:779:15:779:15 | s1 [v] |
+| test.swift:774:17:774:24 | call to source() | test.swift:764:8:764:13 | v |
+| test.swift:774:17:774:24 | call to source() | test.swift:774:14:774:25 | call to S3.init(_:) [v] |
+| test.swift:777:15:777:15 | s1 [v] | test.swift:770:7:770:7 | self [v] |
+| test.swift:777:15:777:15 | s1 [v] | test.swift:777:15:777:18 | .v |
+| test.swift:779:15:779:15 | s1 [v] | test.swift:768:8:768:8 | self [v] |
+| test.swift:779:15:779:15 | s1 [v] | test.swift:779:15:779:23 | call to getv() |
+| test.swift:783:5:783:5 | [post] s2 [v] | test.swift:786:15:786:15 | s2 [v] |
+| test.swift:783:5:783:5 | [post] s2 [v] | test.swift:788:15:788:15 | s2 [v] |
+| test.swift:783:12:783:19 | call to source() | test.swift:770:7:770:7 | value |
+| test.swift:783:12:783:19 | call to source() | test.swift:783:5:783:5 | [post] s2 [v] |
+| test.swift:786:15:786:15 | s2 [v] | test.swift:770:7:770:7 | self [v] |
+| test.swift:786:15:786:15 | s2 [v] | test.swift:786:15:786:18 | .v |
+| test.swift:788:15:788:15 | s2 [v] | test.swift:768:8:768:8 | self [v] |
+| test.swift:788:15:788:15 | s2 [v] | test.swift:788:15:788:23 | call to getv() |
 nodes
 | file://:0:0:0:0 | .a [x] | semmle.label | .a [x] |
 | file://:0:0:0:0 | .str | semmle.label | .str |
+| file://:0:0:0:0 | .v | semmle.label | .v |
 | file://:0:0:0:0 | .v2 | semmle.label | .v2 |
 | file://:0:0:0:0 | .v2 [some:0] | semmle.label | .v2 [some:0] |
 | file://:0:0:0:0 | .v3 | semmle.label | .v3 |
@@ -415,6 +442,7 @@ nodes
 | file://:0:0:0:0 | [post] self [v2, some:0] | semmle.label | [post] self [v2, some:0] |
 | file://:0:0:0:0 | [post] self [v2] | semmle.label | [post] self [v2] |
 | file://:0:0:0:0 | [post] self [v3] | semmle.label | [post] self [v3] |
+| file://:0:0:0:0 | [post] self [v] | semmle.label | [post] self [v] |
 | file://:0:0:0:0 | [post] self [x, some:0] | semmle.label | [post] self [x, some:0] |
 | file://:0:0:0:0 | [post] self [x] | semmle.label | [post] self [x] |
 | file://:0:0:0:0 | self [a, x] | semmle.label | self [a, x] |
@@ -422,11 +450,13 @@ nodes
 | file://:0:0:0:0 | self [v2, some:0] | semmle.label | self [v2, some:0] |
 | file://:0:0:0:0 | self [v2] | semmle.label | self [v2] |
 | file://:0:0:0:0 | self [v3] | semmle.label | self [v3] |
+| file://:0:0:0:0 | self [v] | semmle.label | self [v] |
 | file://:0:0:0:0 | self [x, some:0] | semmle.label | self [x, some:0] |
 | file://:0:0:0:0 | self [x] | semmle.label | self [x] |
 | file://:0:0:0:0 | value | semmle.label | value |
 | file://:0:0:0:0 | value | semmle.label | value |
 | file://:0:0:0:0 | value | semmle.label | value |
+| file://:0:0:0:0 | value | semmle.label | value |
 | file://:0:0:0:0 | value [some:0] | semmle.label | value [some:0] |
 | file://:0:0:0:0 | value [some:0] | semmle.label | value [some:0] |
 | test.swift:6:19:6:26 | call to source() | semmle.label | call to source() |
@@ -849,6 +879,27 @@ nodes
 | test.swift:756:15:756:21 | ...! | semmle.label | ...! |
 | test.swift:757:15:757:15 | mo1 [v3] | semmle.label | mo1 [v3] |
 | test.swift:757:15:757:19 | .v3 | semmle.label | .v3 |
+| test.swift:764:3:766:3 | self[return] [v] | semmle.label | self[return] [v] |
+| test.swift:764:8:764:13 | v | semmle.label | v |
+| test.swift:765:5:765:5 | [post] self [v] | semmle.label | [post] self [v] |
+| test.swift:765:14:765:14 | v | semmle.label | v |
+| test.swift:768:8:768:8 | self [v] | semmle.label | self [v] |
+| test.swift:768:31:768:31 | .v | semmle.label | .v |
+| test.swift:768:31:768:31 | self [v] | semmle.label | self [v] |
+| test.swift:770:7:770:7 | self [v] | semmle.label | self [v] |
+| test.swift:770:7:770:7 | value | semmle.label | value |
+| test.swift:774:14:774:25 | call to S3.init(_:) [v] | semmle.label | call to S3.init(_:) [v] |
+| test.swift:774:17:774:24 | call to source() | semmle.label | call to source() |
+| test.swift:777:15:777:15 | s1 [v] | semmle.label | s1 [v] |
+| test.swift:777:15:777:18 | .v | semmle.label | .v |
+| test.swift:779:15:779:15 | s1 [v] | semmle.label | s1 [v] |
+| test.swift:779:15:779:23 | call to getv() | semmle.label | call to getv() |
+| test.swift:783:5:783:5 | [post] s2 [v] | semmle.label | [post] s2 [v] |
+| test.swift:783:12:783:19 | call to source() | semmle.label | call to source() |
+| test.swift:786:15:786:15 | s2 [v] | semmle.label | s2 [v] |
+| test.swift:786:15:786:18 | .v | semmle.label | .v |
+| test.swift:788:15:788:15 | s2 [v] | semmle.label | s2 [v] |
+| test.swift:788:15:788:23 | call to getv() | semmle.label | call to getv() |
 subpaths
 | test.swift:75:22:75:22 | x | test.swift:65:16:65:28 | arg1 | test.swift:65:1:70:1 | arg2[return] | test.swift:75:32:75:32 | [post] y |
 | test.swift:114:19:114:19 | arg | test.swift:109:9:109:14 | arg | test.swift:110:12:110:12 | arg | test.swift:114:12:114:22 | call to ... |
@@ -897,6 +948,13 @@ subpaths
 | test.swift:756:15:756:15 | mo1 [v2, some:0] | test.swift:731:9:731:9 | self [v2, some:0] | file://:0:0:0:0 | .v2 [some:0] | test.swift:756:15:756:19 | .v2 [some:0] |
 | test.swift:756:15:756:15 | mo1 [v2] | test.swift:731:9:731:9 | self [v2] | file://:0:0:0:0 | .v2 | test.swift:756:15:756:19 | .v2 |
 | test.swift:757:15:757:15 | mo1 [v3] | test.swift:732:9:732:9 | self [v3] | file://:0:0:0:0 | .v3 | test.swift:757:15:757:19 | .v3 |
+| test.swift:768:31:768:31 | self [v] | test.swift:770:7:770:7 | self [v] | file://:0:0:0:0 | .v | test.swift:768:31:768:31 | .v |
+| test.swift:774:17:774:24 | call to source() | test.swift:764:8:764:13 | v | test.swift:764:3:766:3 | self[return] [v] | test.swift:774:14:774:25 | call to S3.init(_:) [v] |
+| test.swift:777:15:777:15 | s1 [v] | test.swift:770:7:770:7 | self [v] | file://:0:0:0:0 | .v | test.swift:777:15:777:18 | .v |
+| test.swift:779:15:779:15 | s1 [v] | test.swift:768:8:768:8 | self [v] | test.swift:768:31:768:31 | .v | test.swift:779:15:779:23 | call to getv() |
+| test.swift:783:12:783:19 | call to source() | test.swift:770:7:770:7 | value | file://:0:0:0:0 | [post] self [v] | test.swift:783:5:783:5 | [post] s2 [v] |
+| test.swift:786:15:786:15 | s2 [v] | test.swift:770:7:770:7 | self [v] | file://:0:0:0:0 | .v | test.swift:786:15:786:18 | .v |
+| test.swift:788:15:788:15 | s2 [v] | test.swift:768:8:768:8 | self [v] | test.swift:768:31:768:31 | .v | test.swift:788:15:788:23 | call to getv() |
 #select
 | test.swift:7:15:7:15 | t1 | test.swift:6:19:6:26 | call to source() | test.swift:7:15:7:15 | t1 | result |
 | test.swift:9:15:9:15 | t1 | test.swift:6:19:6:26 | call to source() | test.swift:9:15:9:15 | t1 | result |
@@ -996,3 +1054,7 @@ subpaths
 | test.swift:754:15:754:15 | v3 | test.swift:744:10:744:17 | call to source() | test.swift:754:15:754:15 | v3 | result |
 | test.swift:756:15:756:21 | ...! | test.swift:746:14:746:21 | call to source() | test.swift:756:15:756:21 | ...! | result |
 | test.swift:757:15:757:19 | .v3 | test.swift:747:14:747:21 | call to source() | test.swift:757:15:757:19 | .v3 | result |
+| test.swift:777:15:777:18 | .v | test.swift:774:17:774:24 | call to source() | test.swift:777:15:777:18 | .v | result |
+| test.swift:779:15:779:23 | call to getv() | test.swift:774:17:774:24 | call to source() | test.swift:779:15:779:23 | call to getv() | result |
+| test.swift:786:15:786:18 | .v | test.swift:783:12:783:19 | call to source() | test.swift:786:15:786:18 | .v | result |
+| test.swift:788:15:788:23 | call to getv() | test.swift:783:12:783:19 | call to source() | test.swift:788:15:788:23 | call to getv() | result |
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
index 18e5d25010d..c3040bc6c9a 100644
--- a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
+++ b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
@@ -913,3 +913,39 @@
 | test.swift:759:15:759:15 | mo2 | test.swift:760:15:760:15 | mo2 |
 | test.swift:759:15:759:20 | .v2 | test.swift:759:15:759:22 | ...! |
 | test.swift:760:15:760:15 | mo2 | test.swift:760:15:760:18 | ...! |
+| test.swift:764:3:764:3 | SSA def(self) | test.swift:765:5:765:5 | self |
+| test.swift:764:3:764:3 | self | test.swift:764:3:764:3 | SSA def(self) |
+| test.swift:764:8:764:13 | SSA def(v) | test.swift:765:14:765:14 | v |
+| test.swift:764:8:764:13 | v | test.swift:764:8:764:13 | SSA def(v) |
+| test.swift:765:5:765:5 | [post] self | test.swift:764:3:766:3 | self[return] |
+| test.swift:765:5:765:5 | self | test.swift:764:3:766:3 | self[return] |
+| test.swift:768:8:768:8 | SSA def(self) | test.swift:768:31:768:31 | self |
+| test.swift:768:8:768:8 | self | test.swift:768:8:768:8 | SSA def(self) |
+| test.swift:768:31:768:31 | [post] self | test.swift:768:3:768:33 | self[return] |
+| test.swift:768:31:768:31 | self | test.swift:768:3:768:33 | self[return] |
+| test.swift:770:7:770:7 | self | test.swift:770:7:770:7 | SSA def(self) |
+| test.swift:770:7:770:7 | self | test.swift:770:7:770:7 | SSA def(self) |
+| test.swift:770:7:770:7 | self | test.swift:770:7:770:7 | SSA def(self) |
+| test.swift:770:7:770:7 | value | test.swift:770:7:770:7 | SSA def(value) |
+| test.swift:774:9:774:9 | SSA def(s1) | test.swift:777:15:777:15 | s1 |
+| test.swift:774:9:774:9 | s1 | test.swift:774:9:774:9 | SSA def(s1) |
+| test.swift:774:14:774:25 | call to S3.init(_:) | test.swift:774:9:774:9 | s1 |
+| test.swift:775:9:775:9 | SSA def(s2) | test.swift:778:15:778:15 | s2 |
+| test.swift:775:9:775:9 | s2 | test.swift:775:9:775:9 | SSA def(s2) |
+| test.swift:775:14:775:18 | call to S3.init(_:) | test.swift:775:9:775:9 | s2 |
+| test.swift:777:15:777:15 | [post] s1 | test.swift:779:15:779:15 | s1 |
+| test.swift:777:15:777:15 | s1 | test.swift:779:15:779:15 | s1 |
+| test.swift:778:15:778:15 | [post] s2 | test.swift:780:15:780:15 | s2 |
+| test.swift:778:15:778:15 | s2 | test.swift:780:15:780:15 | s2 |
+| test.swift:779:15:779:15 | [post] s1 | test.swift:782:5:782:5 | s1 |
+| test.swift:779:15:779:15 | s1 | test.swift:782:5:782:5 | s1 |
+| test.swift:780:15:780:15 | [post] s2 | test.swift:783:5:783:5 | s2 |
+| test.swift:780:15:780:15 | s2 | test.swift:783:5:783:5 | s2 |
+| test.swift:782:5:782:5 | [post] s1 | test.swift:785:15:785:15 | s1 |
+| test.swift:782:5:782:5 | s1 | test.swift:785:15:785:15 | s1 |
+| test.swift:783:5:783:5 | [post] s2 | test.swift:786:15:786:15 | s2 |
+| test.swift:783:5:783:5 | s2 | test.swift:786:15:786:15 | s2 |
+| test.swift:785:15:785:15 | [post] s1 | test.swift:787:15:787:15 | s1 |
+| test.swift:785:15:785:15 | s1 | test.swift:787:15:787:15 | s1 |
+| test.swift:786:15:786:15 | [post] s2 | test.swift:788:15:788:15 | s2 |
+| test.swift:786:15:786:15 | s2 | test.swift:788:15:788:15 | s2 |
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/test.swift b/swift/ql/test/library-tests/dataflow/dataflow/test.swift
index 44001572dbd..60618063c8d 100644
--- a/swift/ql/test/library-tests/dataflow/dataflow/test.swift
+++ b/swift/ql/test/library-tests/dataflow/dataflow/test.swift
@@ -759,3 +759,31 @@ func testWriteOptional() {
     sink(arg: mo2!.v2!) // $ MISSING:flow=749
     sink(arg: mo2!.v3) // $ MISSING:flow=750
 }
+
+struct S3 {
+  init(_ v: Int) {
+    self.v = v
+  }
+
+  func getv() -> Int { return v }
+
+  var v: Int
+}
+
+func testStruct() {
+    var s1 = S3(source())
+    var s2 = S3(0)
+
+    sink(arg: s1.v) // $ flow=774
+    sink(arg: s2.v)
+    sink(arg: s1.getv()) // $ flow=774
+    sink(arg: s2.getv())
+
+    s1.v = 0
+    s2.v = source()
+
+    sink(arg: s1.v)
+    sink(arg: s2.v) // $ flow=783
+    sink(arg: s1.getv())
+    sink(arg: s2.getv()) // $ flow=783
+}

From 8475464fbe43edbab1b5b763630dd9e3d34e640f Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Mon, 11 Sep 2023 09:58:25 +0200
Subject: [PATCH 2/4] C#: Cleanup hotfix version of quoting.

---
 csharp/ql/integration-tests/all-platforms/dotnet_run/test.py | 1 -
 csharp/tools/tracing-config.lua                              | 4 ----
 2 files changed, 5 deletions(-)

diff --git a/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py b/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py
index 583d5cc2476..65e8309dac0 100644
--- a/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py
+++ b/csharp/ql/integration-tests/all-platforms/dotnet_run/test.py
@@ -54,7 +54,6 @@ s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test7-db', 'dotne
 check_build_out("hello, world", s)
 check_diagnostics(test_db="test8-db")
 
-
 # two arguments, no '--' (first argument quoted)
 s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test8-db', 'dotnet run "hello world part1" part2'], "test9-db")
 check_build_out("hello world part1, part2", s)
diff --git a/csharp/tools/tracing-config.lua b/csharp/tools/tracing-config.lua
index 1b63cb9caeb..716a6f42cee 100644
--- a/csharp/tools/tracing-config.lua
+++ b/csharp/tools/tracing-config.lua
@@ -84,10 +84,6 @@ function RegisterExtractorPack(id)
                 dotnetRunNeedsSeparator = false
                 dotnetRunInjectionIndex = i
             end
-            -- if we encounter a whitespace, we explicitly need to quote the argument.
-            if OperatingSystem == 'windows' and arg:match('%s') then
-                argv[i] = '"' .. arg .. '"'
-            end
         end
         if match then
             local injections = { '-p:UseSharedCompilation=false', '-p:EmitCompilerGeneratedFiles=true' }

From d4a1c297aa8549315f50414bef1600ca39735c2f Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Wed, 6 Sep 2023 11:35:45 +0200
Subject: [PATCH 3/4] C#: Quote arguments containing whitespaces on windows in
 the tracer.

---
 csharp/tools/tracing-config.lua | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/csharp/tools/tracing-config.lua b/csharp/tools/tracing-config.lua
index 716a6f42cee..c2534aed559 100644
--- a/csharp/tools/tracing-config.lua
+++ b/csharp/tools/tracing-config.lua
@@ -64,7 +64,7 @@ function RegisterExtractorPack(id)
 
                 -- for `dotnet test`, we should not append `-p:UseSharedCompilation=false` to the command line
                 -- if an `exe` or `dll` is passed as an argument as the call is forwarded to vstest.
-                if testMatch and (arg:match('%.exe$') or arg:match('%.dll'))  then
+                if testMatch and (arg:match('%.exe$') or arg:match('%.dll')) then
                     match = false
                     break
                 end
@@ -110,7 +110,7 @@ function RegisterExtractorPack(id)
                     invocation = {
                         path = AbsolutifyExtractorPath(id, compilerPath),
                         arguments = {
-                            commandLineString = table.concat(argv, " ")
+                            commandLineString = ArgvToCommandLineString(argv)
                         }
                     }
                 }
@@ -174,7 +174,7 @@ function RegisterExtractorPack(id)
                     seenCompilerCall = true
                 end
                 if seenCompilerCall then
-                    table.insert(extractorArgs, '"' .. arg .. '"')
+                    table.insert(extractorArgs, arg)
                 end
             end
 
@@ -184,7 +184,7 @@ function RegisterExtractorPack(id)
                     invocation = {
                         path = AbsolutifyExtractorPath(id, extractor),
                         arguments = {
-                            commandLineString = table.concat(extractorArgs, " ")
+                            commandLineString = ArgvToCommandLineString(extractorArgs)
                         }
                     }
                 }

From d13f4210eb2e704d328d8d28e79f457ee4a811d8 Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Mon, 11 Sep 2023 10:51:35 +0100
Subject: [PATCH 4/4] Fix space handling in Golang configure-baseline scripts

---
 go/codeql-tools/configure-baseline.cmd | 4 ++--
 go/codeql-tools/configure-baseline.sh  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go/codeql-tools/configure-baseline.cmd b/go/codeql-tools/configure-baseline.cmd
index 7812c14a102..285c3d66829 100644
--- a/go/codeql-tools/configure-baseline.cmd
+++ b/go/codeql-tools/configure-baseline.cmd
@@ -1,6 +1,6 @@
 @echo off
 if exist vendor\modules.txt (
-  type %CODEQL_EXTRACTOR_GO_ROOT%\tools\baseline-config-vendor.json
+  type "%CODEQL_EXTRACTOR_GO_ROOT%\tools\baseline-config-vendor.json"
 ) else (
-  type %CODEQL_EXTRACTOR_GO_ROOT%\tools\baseline-config-empty.json
+  type "%CODEQL_EXTRACTOR_GO_ROOT%\tools\baseline-config-empty.json"
 )
diff --git a/go/codeql-tools/configure-baseline.sh b/go/codeql-tools/configure-baseline.sh
index 4883045f342..f426773c3ba 100755
--- a/go/codeql-tools/configure-baseline.sh
+++ b/go/codeql-tools/configure-baseline.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 if [ -f vendor/modules.txt ]; then
-  cat $CODEQL_EXTRACTOR_GO_ROOT/tools/baseline-config-vendor.json
+  cat "$CODEQL_EXTRACTOR_GO_ROOT/tools/baseline-config-vendor.json"
 else
-  cat $CODEQL_EXTRACTOR_GO_ROOT/tools/baseline-config-empty.json
+  cat "$CODEQL_EXTRACTOR_GO_ROOT/tools/baseline-config-empty.json"
 fi