Merge branch 'master' into python-improve-file-taint

2026-05-02 04:05:14 +02:00 · 2020-04-30 11:24:29 +02:00
parent fe50811bbf b03e87f623
commit e0b4518a3e
274 changed files with 8969 additions and 1057 deletions
--- a/python/ql/test/2/library-tests/types/exceptions/ExitRaises.ql
+++ b/python/ql/test/2/library-tests/types/exceptions/ExitRaises.ql
@@ -1,5 +1,5 @@
 import python

 from RaisingNode r, Scope s, ClassObject cls
-where r.viableExceptionalExit(s, cls)
+where r.viableExceptionalExit_objectapi(s, cls)
 select r.getLocation().getStartLine(), r.toString(), s.toString(), cls.toString()
--- a/python/ql/test/3/library-tests/types/exceptions/Viable.ql
+++ b/python/ql/test/3/library-tests/types/exceptions/Viable.ql
@@ -1,6 +1,6 @@
 import python

 from RaisingNode r, ControlFlowNode n, ClassObject ex
-where r.viableExceptionEdge(n, ex)
+where r.viableExceptionEdge_objectapi(n, ex)
 select r.getLocation().getStartLine(), n.getLocation().getStartLine(), r.getNode().toString(),
    n.getNode().toString(), ex.toString()
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/if-urlsplit-access/Test.ql
@@ -1,10 +1,10 @@
 import python

-from NameNode name, CallNode call, string debug
+from ControlFlowNode arg, CallNode call, string debug
 where
-    call.getAnArg() = name and
+    call.getAnArg() = arg and
    call.getFunction().(NameNode).getId() = "check" and
-    if exists(name.pointsTo())
-    then debug = name.pointsTo().toString()
+    if exists(arg.pointsTo())
+    then debug = arg.pointsTo().toString()
    else debug = "<MISSING pointsTo()>"
-select name, debug
+select arg, debug
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/re-compile/Test.ql
@@ -1,10 +1,10 @@
 import python

-from NameNode name, CallNode call, string debug
+from ControlFlowNode arg, CallNode call, string debug
 where
-    call.getAnArg() = name and
+    call.getAnArg() = arg and
    call.getFunction().(NameNode).getId() = "check" and
-    if exists(name.pointsTo())
-    then debug = name.pointsTo().toString()
+    if exists(arg.pointsTo())
+    then debug = arg.pointsTo().toString()
    else debug = "<MISSING pointsTo()>"
-select name, debug
+select arg, debug
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.expected
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.expected
@@ -0,0 +1,2 @@
+| test.py:10:11:10:14 | ControlFlowNode for open | <MISSING pointsTo()> |
+| test.py:14:11:14:14 | ControlFlowNode for open | Builtin-function open |
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.ql
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/Test.ql
@@ -0,0 +1,10 @@
+import python
+
+from ControlFlowNode arg, CallNode call, string debug
+where
+    call.getAnArg() = arg and
+    call.getFunction().(NameNode).getId() = "check" and
+    if exists(arg.pointsTo())
+    then debug = arg.pointsTo().toString()
+    else debug = "<MISSING pointsTo()>"
+select arg, debug
--- a/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/test.py
+++ b/python/ql/test/library-tests/PointsTo/regressions/missing/uncalled-function/test.py
@@ -0,0 +1,18 @@
+# Points-to information seems to be missing if our analysis thinks the enclosing function
+# is never called. However, as illustrated by the code below, it's easy to fool our
+# analysis :(
+
+# This was inspired by a problem in real code, where our analysis doesn't have any
+# points-to information about the `open` call in
+# https://google-gruyere.appspot.com/code/gruyere.py on line 227
+
+def _func_not_called(filename, mode='rb'):
+    check(open)
+    return open(filename, mode)
+
+def _func_called(filename, mode='rb'):
+    check(open)
+    return open(filename, mode)
+
+globals()['_func_not_called']('test.txt')
+_func_called('test.txt')
--- a/python/ql/test/library-tests/filters/tests/Filter.expected
+++ b/python/ql/test/library-tests/filters/tests/Filter.expected
@@ -1,3 +1,6 @@
-| Class MyTest |
-| Function test_1 |
-| Function test_2 |
+| test.py:4:1:4:23 | Class MyTest |
+| test.py:6:5:6:21 | Function test_1 |
+| test.py:9:5:9:21 | Function test_2 |
+| test_foo.py:3:1:3:15 | Function test_foo |
+| unittest_test.py:3:1:3:33 | Class FooTest |
+| unittest_test.py:4:5:4:25 | Function test_valid |
--- a/python/ql/test/library-tests/filters/tests/Filter.ql
+++ b/python/ql/test/library-tests/filters/tests/Filter.ql
@@ -2,4 +2,4 @@ import python
 import semmle.python.filters.Tests

 from TestScope t
-select t.toString()
+select t
--- a/python/ql/test/library-tests/filters/tests/test.py
+++ b/python/ql/test/library-tests/filters/tests/test.py
@@ -1,5 +1,3 @@
-
-
 class TestCase:
    pass

--- a/python/ql/test/library-tests/filters/tests/test_foo.py
+++ b/python/ql/test/library-tests/filters/tests/test_foo.py
@@ -0,0 +1,4 @@
+# This is running under some unknown framework, but is clearly a test!
+
+def test_foo():
+    assert True
--- a/python/ql/test/library-tests/filters/tests/unittest_test.py
+++ b/python/ql/test/library-tests/filters/tests/unittest_test.py
@@ -0,0 +1,5 @@
+import unittest
+
+class FooTest(unittest.TestCase):
+    def test_valid(self):
+        pass
--- a/python/ql/test/library-tests/taint/strings/TestStep.expected
+++ b/python/ql/test/library-tests/taint/strings/TestStep.expected
@@ -1,5 +1,10 @@
 | Taint [externally controlled string] | test.py:67 | test.py:67:20:67:43 | urlsplit() |  |  -->  | Taint [externally controlled string] | test.py:69 | test.py:69:10:69:21 | urlsplit_res |  |
 | Taint [externally controlled string] | test.py:68 | test.py:68:20:68:43 | urlparse() |  |  -->  | Taint [externally controlled string] | test.py:69 | test.py:69:24:69:35 | urlparse_res |  |
+| Taint [externally controlled string] | test.py:98 | test.py:98:9:98:37 | Attribute() |  |  -->  | Taint externally controlled string | test.py:98 | test.py:98:9:98:40 | Subscript |  |
+| Taint [externally controlled string] | test.py:102 | test.py:102:9:102:38 | Attribute() |  |  -->  | Taint externally controlled string | test.py:102 | test.py:102:9:102:41 | Subscript |  |
+| Taint [externally controlled string] | test.py:104 | test.py:104:9:104:37 | Attribute() |  |  -->  | Taint externally controlled string | test.py:104 | test.py:104:9:104:41 | Subscript |  |
+| Taint [externally controlled string] | test.py:107 | test.py:107:9:107:30 | Attribute() |  |  -->  | Taint externally controlled string | test.py:107 | test.py:107:9:107:33 | Subscript |  |
+| Taint [externally controlled string] | test.py:109 | test.py:109:9:109:35 | Attribute() |  |  -->  | Taint externally controlled string | test.py:109 | test.py:109:9:109:38 | Subscript |  |
 | Taint exception.info | test.py:44 | test.py:44:22:44:26 | taint | p1 = exception.info |  -->  | Taint exception.info | test.py:45 | test.py:45:17:45:21 | taint | p1 = exception.info |
 | Taint exception.info | test.py:45 | test.py:45:17:45:21 | taint | p1 = exception.info |  -->  | Taint exception.info | test.py:45 | test.py:45:12:45:22 | func() | p1 = exception.info |
 | Taint exception.info | test.py:45 | test.py:45:17:45:21 | taint | p1 = exception.info |  -->  | Taint exception.info | test.py:52 | test.py:52:19:52:21 | arg | p0 = exception.info |
@@ -62,16 +67,81 @@
 | Taint externally controlled string | test.py:66 | test.py:66:22:66:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:68 | test.py:68:29:68:42 | tainted_string |  |
 | Taint externally controlled string | test.py:67 | test.py:67:29:67:42 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:67 | test.py:67:20:67:43 | urlsplit() |  |
 | Taint externally controlled string | test.py:68 | test.py:68:29:68:42 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:68 | test.py:68:20:68:43 | urlparse() |  |
-| Taint externally controlled string | test.py:79 | test.py:79:5:79:29 | For |  |  -->  | Taint externally controlled string | test.py:80 | test.py:80:14:80:17 | line |  |
-| Taint file[externally controlled string] | test.py:72 | test.py:72:20:72:31 | TAINTED_FILE |  |  -->  | Taint file[externally controlled string] | test.py:74 | test.py:74:9:74:20 | tainted_file |  |
-| Taint file[externally controlled string] | test.py:72 | test.py:72:20:72:31 | TAINTED_FILE |  |  -->  | Taint file[externally controlled string] | test.py:75 | test.py:75:9:75:20 | tainted_file |  |
-| Taint file[externally controlled string] | test.py:72 | test.py:72:20:72:31 | TAINTED_FILE |  |  -->  | Taint file[externally controlled string] | test.py:76 | test.py:76:9:76:20 | tainted_file |  |
-| Taint file[externally controlled string] | test.py:72 | test.py:72:20:72:31 | TAINTED_FILE |  |  -->  | Taint file[externally controlled string] | test.py:77 | test.py:77:9:77:20 | tainted_file |  |
-| Taint file[externally controlled string] | test.py:72 | test.py:72:20:72:31 | TAINTED_FILE |  |  -->  | Taint file[externally controlled string] | test.py:79 | test.py:79:17:79:28 | tainted_file |  |
-| Taint file[externally controlled string] | test.py:75 | test.py:75:9:75:20 | tainted_file |  |  -->  | Taint externally controlled string | test.py:75 | test.py:75:9:75:27 | Attribute() |  |
-| Taint file[externally controlled string] | test.py:76 | test.py:76:9:76:20 | tainted_file |  |  -->  | Taint externally controlled string | test.py:76 | test.py:76:9:76:31 | Attribute() |  |
-| Taint file[externally controlled string] | test.py:77 | test.py:77:9:77:20 | tainted_file |  |  -->  | Taint [externally controlled string] | test.py:77 | test.py:77:9:77:32 | Attribute() |  |
-| Taint file[externally controlled string] | test.py:79 | test.py:79:17:79:28 | tainted_file |  |  -->  | Taint externally controlled string | test.py:79 | test.py:79:5:79:29 | For |  |
+| Taint externally controlled string | test.py:72 | test.py:72:22:72:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:74 | test.py:74:9:74:22 | tainted_string |  |
+| Taint externally controlled string | test.py:72 | test.py:72:22:72:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:76 | test.py:76:12:76:25 | tainted_string |  |
+| Taint externally controlled string | test.py:74 | test.py:74:9:74:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:74 | test.py:74:9:74:30 | Attribute() |  |
+| Taint externally controlled string | test.py:74 | test.py:74:9:74:30 | Attribute() |  |  -->  | Taint externally controlled string | test.py:79 | test.py:79:10:79:10 | a |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:85 | test.py:85:9:85:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:86 | test.py:86:9:86:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:87 | test.py:87:9:87:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:88 | test.py:88:9:88:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:89 | test.py:89:9:89:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:90 | test.py:90:9:90:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:91 | test.py:91:9:91:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:92 | test.py:92:9:92:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:93 | test.py:93:9:93:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:94 | test.py:94:9:94:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:95 | test.py:95:9:95:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:96 | test.py:96:9:96:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:97 | test.py:97:9:97:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:98 | test.py:98:9:98:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:99 | test.py:99:9:99:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:100 | test.py:100:9:100:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:101 | test.py:101:9:101:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:102 | test.py:102:9:102:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:103 | test.py:103:9:103:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:104 | test.py:104:9:104:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:105 | test.py:105:9:105:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:106 | test.py:106:9:106:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:107 | test.py:107:9:107:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:108 | test.py:108:9:108:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:109 | test.py:109:9:109:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:110 | test.py:110:9:110:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:111 | test.py:111:9:111:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:112 | test.py:112:9:112:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:115 | test.py:115:9:115:22 | tainted_string |  |
+| Taint externally controlled string | test.py:82 | test.py:82:22:82:35 | TAINTED_STRING |  |  -->  | Taint externally controlled string | test.py:116 | test.py:116:9:116:22 | tainted_string |  |
+| Taint externally controlled string | test.py:85 | test.py:85:9:85:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:85 | test.py:85:9:85:35 | Attribute() |  |
+| Taint externally controlled string | test.py:86 | test.py:86:9:86:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:86 | test.py:86:9:86:33 | Attribute() |  |
+| Taint externally controlled string | test.py:87 | test.py:87:9:87:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:87 | test.py:87:9:87:31 | Attribute() |  |
+| Taint externally controlled string | test.py:88 | test.py:88:9:88:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:88 | test.py:88:9:88:38 | Attribute() |  |
+| Taint externally controlled string | test.py:89 | test.py:89:9:89:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:89 | test.py:89:9:89:38 | Attribute() |  |
+| Taint externally controlled string | test.py:89 | test.py:89:9:89:38 | Attribute() |  |  -->  | Taint externally controlled string | test.py:89 | test.py:89:9:89:54 | Attribute() |  |
+| Taint externally controlled string | test.py:90 | test.py:90:9:90:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:90 | test.py:90:9:90:35 | Attribute() |  |
+| Taint externally controlled string | test.py:91 | test.py:91:9:91:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:91 | test.py:91:9:91:37 | Attribute() |  |
+| Taint externally controlled string | test.py:92 | test.py:92:9:92:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:92 | test.py:92:9:92:46 | Attribute() |  |
+| Taint externally controlled string | test.py:93 | test.py:93:9:93:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:93 | test.py:93:9:93:33 | Attribute() |  |
+| Taint externally controlled string | test.py:94 | test.py:94:9:94:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:94 | test.py:94:9:94:30 | Attribute() |  |
+| Taint externally controlled string | test.py:95 | test.py:95:9:95:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:95 | test.py:95:9:95:31 | Attribute() |  |
+| Taint externally controlled string | test.py:96 | test.py:96:9:96:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:96 | test.py:96:9:96:35 | Attribute() |  |
+| Taint externally controlled string | test.py:97 | test.py:97:9:97:22 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:97 | test.py:97:9:97:37 | Attribute() |  |
+| Taint externally controlled string | test.py:98 | test.py:98:9:98:22 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:98 | test.py:98:9:98:37 | Attribute() |  |
+| Taint externally controlled string | test.py:99 | test.py:99:9:99:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:99 | test.py:99:9:99:42 | Attribute() |  |
+| Taint externally controlled string | test.py:100 | test.py:100:9:100:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:100 | test.py:100:9:100:33 | Attribute() |  |
+| Taint externally controlled string | test.py:101 | test.py:101:9:101:22 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:101 | test.py:101:9:101:38 | Attribute() |  |
+| Taint externally controlled string | test.py:102 | test.py:102:9:102:22 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:102 | test.py:102:9:102:38 | Attribute() |  |
+| Taint externally controlled string | test.py:103 | test.py:103:9:103:22 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:103 | test.py:103:9:103:37 | Attribute() |  |
+| Taint externally controlled string | test.py:104 | test.py:104:9:104:22 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:104 | test.py:104:9:104:37 | Attribute() |  |
+| Taint externally controlled string | test.py:105 | test.py:105:9:105:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:105 | test.py:105:9:105:31 | Attribute() |  |
+| Taint externally controlled string | test.py:106 | test.py:106:9:106:22 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:106 | test.py:106:9:106:30 | Attribute() |  |
+| Taint externally controlled string | test.py:107 | test.py:107:9:107:22 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:107 | test.py:107:9:107:30 | Attribute() |  |
+| Taint externally controlled string | test.py:108 | test.py:108:9:108:22 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:108 | test.py:108:9:108:35 | Attribute() |  |
+| Taint externally controlled string | test.py:109 | test.py:109:9:109:22 | tainted_string |  |  -->  | Taint [externally controlled string] | test.py:109 | test.py:109:9:109:35 | Attribute() |  |
+| Taint externally controlled string | test.py:110 | test.py:110:9:110:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:110 | test.py:110:9:110:30 | Attribute() |  |
+| Taint externally controlled string | test.py:111 | test.py:111:9:111:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:111 | test.py:111:9:111:33 | Attribute() |  |
+| Taint externally controlled string | test.py:112 | test.py:112:9:112:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:112 | test.py:112:9:112:30 | Attribute() |  |
+| Taint externally controlled string | test.py:115 | test.py:115:9:115:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:115 | test.py:115:9:115:30 | Attribute() |  |
+| Taint externally controlled string | test.py:116 | test.py:116:9:116:22 | tainted_string |  |  -->  | Taint externally controlled string | test.py:116 | test.py:116:9:116:33 | Attribute() |  |
+| Taint externally controlled string | test.py:127 | test.py:127:5:127:29 | For |  |  -->  | Taint externally controlled string | test.py:128 | test.py:128:14:128:17 | line |  |
+| Taint file[externally controlled string] | test.py:120 | test.py:120:20:120:31 | TAINTED_FILE |  |  -->  | Taint file[externally controlled string] | test.py:122 | test.py:122:9:122:20 | tainted_file |  |
+| Taint file[externally controlled string] | test.py:120 | test.py:120:20:120:31 | TAINTED_FILE |  |  -->  | Taint file[externally controlled string] | test.py:123 | test.py:123:9:123:20 | tainted_file |  |
+| Taint file[externally controlled string] | test.py:120 | test.py:120:20:120:31 | TAINTED_FILE |  |  -->  | Taint file[externally controlled string] | test.py:124 | test.py:124:9:124:20 | tainted_file |  |
+| Taint file[externally controlled string] | test.py:120 | test.py:120:20:120:31 | TAINTED_FILE |  |  -->  | Taint file[externally controlled string] | test.py:125 | test.py:125:9:125:20 | tainted_file |  |
+| Taint file[externally controlled string] | test.py:120 | test.py:120:20:120:31 | TAINTED_FILE |  |  -->  | Taint file[externally controlled string] | test.py:127 | test.py:127:17:127:28 | tainted_file |  |
+| Taint file[externally controlled string] | test.py:123 | test.py:123:9:123:20 | tainted_file |  |  -->  | Taint externally controlled string | test.py:123 | test.py:123:9:123:27 | Attribute() |  |
+| Taint file[externally controlled string] | test.py:124 | test.py:124:9:124:20 | tainted_file |  |  -->  | Taint externally controlled string | test.py:124 | test.py:124:9:124:31 | Attribute() |  |
+| Taint file[externally controlled string] | test.py:125 | test.py:125:9:125:20 | tainted_file |  |  -->  | Taint [externally controlled string] | test.py:125 | test.py:125:9:125:32 | Attribute() |  |
+| Taint file[externally controlled string] | test.py:127 | test.py:127:17:127:28 | tainted_file |  |  -->  | Taint externally controlled string | test.py:127 | test.py:127:5:127:29 | For |  |
 | Taint json[externally controlled string] | test.py:6 | test.py:6:20:6:45 | Attribute() |  |  -->  | Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json |  |
 | Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json |  |  -->  | Taint externally controlled string | test.py:7 | test.py:7:9:7:25 | Subscript |  |
 | Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json |  |  -->  | Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:25 | Subscript |  |
--- a/python/ql/test/library-tests/taint/strings/TestTaint.expected
+++ b/python/ql/test/library-tests/taint/strings/TestTaint.expected
@@ -22,8 +22,40 @@
 | test.py:58 | test_untrusted | res | externally controlled string |
 | test.py:69 | test_urlsplit_urlparse | urlparse_res | [externally controlled string] |
 | test.py:69 | test_urlsplit_urlparse | urlsplit_res | [externally controlled string] |
-| test.py:74 | test_tainted_file | tainted_file | file[externally controlled string] |
-| test.py:75 | test_tainted_file | Attribute() | externally controlled string |
-| test.py:76 | test_tainted_file | Attribute() | externally controlled string |
-| test.py:77 | test_tainted_file | Attribute() | [externally controlled string] |
-| test.py:80 | test_tainted_file | line | externally controlled string |
+| test.py:79 | test_method_reference | a | externally controlled string |
+| test.py:79 | test_method_reference | b | NO TAINT |
+| test.py:85 | test_str_methods | Attribute() | externally controlled string |
+| test.py:86 | test_str_methods | Attribute() | externally controlled string |
+| test.py:87 | test_str_methods | Attribute() | externally controlled string |
+| test.py:88 | test_str_methods | Attribute() | externally controlled string |
+| test.py:89 | test_str_methods | Attribute() | externally controlled string |
+| test.py:90 | test_str_methods | Attribute() | externally controlled string |
+| test.py:91 | test_str_methods | Attribute() | externally controlled string |
+| test.py:92 | test_str_methods | Attribute() | externally controlled string |
+| test.py:93 | test_str_methods | Attribute() | externally controlled string |
+| test.py:94 | test_str_methods | Attribute() | externally controlled string |
+| test.py:95 | test_str_methods | Attribute() | externally controlled string |
+| test.py:96 | test_str_methods | Attribute() | externally controlled string |
+| test.py:97 | test_str_methods | Attribute() | [externally controlled string] |
+| test.py:98 | test_str_methods | Subscript | externally controlled string |
+| test.py:99 | test_str_methods | Attribute() | externally controlled string |
+| test.py:100 | test_str_methods | Attribute() | externally controlled string |
+| test.py:101 | test_str_methods | Attribute() | [externally controlled string] |
+| test.py:102 | test_str_methods | Subscript | externally controlled string |
+| test.py:103 | test_str_methods | Attribute() | [externally controlled string] |
+| test.py:104 | test_str_methods | Subscript | externally controlled string |
+| test.py:105 | test_str_methods | Attribute() | externally controlled string |
+| test.py:106 | test_str_methods | Attribute() | [externally controlled string] |
+| test.py:107 | test_str_methods | Subscript | externally controlled string |
+| test.py:108 | test_str_methods | Attribute() | [externally controlled string] |
+| test.py:109 | test_str_methods | Subscript | externally controlled string |
+| test.py:110 | test_str_methods | Attribute() | externally controlled string |
+| test.py:111 | test_str_methods | Attribute() | externally controlled string |
+| test.py:112 | test_str_methods | Attribute() | externally controlled string |
+| test.py:115 | test_str_methods | Attribute() | externally controlled string |
+| test.py:116 | test_str_methods | Attribute() | externally controlled string |
+| test.py:122 | test_tainted_file | tainted_file | file[externally controlled string] |
+| test.py:123 | test_tainted_file | Attribute() | externally controlled string |
+| test.py:124 | test_tainted_file | Attribute() | externally controlled string |
+| test.py:125 | test_tainted_file | Attribute() | [externally controlled string] |
+| test.py:128 | test_tainted_file | line | externally controlled string |
--- a/python/ql/test/library-tests/taint/strings/test.py
+++ b/python/ql/test/library-tests/taint/strings/test.py
@@ -68,6 +68,54 @@ def test_urlsplit_urlparse():
    urlparse_res = urlparse(tainted_string)
    test(urlsplit_res, urlparse_res)

+def test_method_reference():
+    tainted_string = TAINTED_STRING
+
+    a = tainted_string.title()
+
+    func = tainted_string.title
+    b = func()
+
+    test(a, b) # TODO: `b` not tainted
+
+def test_str_methods():
+    tainted_string = TAINTED_STRING
+
+    test(
+        tainted_string.capitalize(),
+        tainted_string.casefold(),
+        tainted_string.center(),
+        tainted_string.encode('utf-8'),
+        tainted_string.encode('utf-8').decode('utf-8'),
+        tainted_string.expandtabs(),
+        tainted_string.format(foo=42),
+        tainted_string.format_map({'foo': 42}),
+        tainted_string.ljust(100),
+        tainted_string.lower(),
+        tainted_string.lstrip(),
+        tainted_string.lstrip('w.'),
+        tainted_string.partition(';'),
+        tainted_string.partition(';')[0],
+        tainted_string.replace('/', '', 1),
+        tainted_string.rjust(100),
+        tainted_string.rpartition(';'),
+        tainted_string.rpartition(';')[2],
+        tainted_string.rsplit(';', 4),
+        tainted_string.rsplit(';', 4)[-1],
+        tainted_string.rstrip(),
+        tainted_string.split(),
+        tainted_string.split()[0],
+        tainted_string.splitlines(),
+        tainted_string.splitlines()[0],
+        tainted_string.strip(),
+        tainted_string.swapcase(),
+        tainted_string.title(),
+        # ignoring, as I have never seen this in practice
+        # tainted_string.translate(translation_table),
+        tainted_string.upper(),
+        tainted_string.zfill(100),
+    )
+
 def test_tainted_file():
    tainted_file = TAINTED_FILE
    test(
--- a/python/ql/test/library-tests/types/exceptions/ExitRaises.ql
+++ b/python/ql/test/library-tests/types/exceptions/ExitRaises.ql
@@ -1,5 +1,5 @@
 import python

 from RaisingNode r, Scope s, ClassObject cls
-where r.viableExceptionalExit(s, cls)
+where r.viableExceptionalExit_objectapi(s, cls)
 select r.getLocation().getStartLine(), r, s.toString(), cls
--- a/python/ql/test/library-tests/types/exceptions/Handles.ql
+++ b/python/ql/test/library-tests/types/exceptions/Handles.ql
@@ -1,5 +1,5 @@
 import python

 from ExceptFlowNode n, ClassObject cls
-where n.handles(cls)
+where n.handles_objectapi(cls)
 select n.getLocation().getStartLine(), cls.toString()
--- a/python/ql/test/library-tests/types/exceptions/Viable.ql
+++ b/python/ql/test/library-tests/types/exceptions/Viable.ql
@@ -1,6 +1,6 @@
 import python

 from RaisingNode r, ControlFlowNode n, ClassObject ex
-where r.viableExceptionEdge(n, ex)
+where r.viableExceptionEdge_objectapi(n, ex)
 select r.getLocation().getStartLine(), n.getLocation().getStartLine(), r.getNode().toString(),
    n.getNode().toString(), ex.toString()
--- a/python/ql/test/library-tests/web/stdlib/HttpResponseSinks.expected
+++ b/python/ql/test/library-tests/web/stdlib/HttpResponseSinks.expected
@@ -0,0 +1,2 @@
+| test.py:72:26:72:58 | Taint sink | externally controlled string |
+| test.py:73:31:73:54 | Taint sink | [externally controlled string] |
--- a/python/ql/test/library-tests/web/stdlib/HttpResponseSinks.ql
+++ b/python/ql/test/library-tests/web/stdlib/HttpResponseSinks.ql
@@ -0,0 +1,7 @@
+import python
+import semmle.python.web.HttpResponse
+import semmle.python.security.strings.Untrusted
+
+from HttpResponseTaintSink sink, TaintKind kind
+where sink.sinks(kind)
+select sink, kind
--- a/python/ql/test/library-tests/web/stdlib/HttpSources.expected
+++ b/python/ql/test/library-tests/web/stdlib/HttpSources.expected
@@ -0,0 +1,34 @@
+| test.py:18:13:18:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:20:13:20:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:22:13:22:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:24:13:24:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:25:13:25:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:26:13:26:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:27:13:27:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:28:13:28:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:29:13:29:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:30:13:30:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:31:13:31:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:32:13:32:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:33:17:33:20 | self | BaseHTTPRequestHandlerKind |
+| test.py:34:19:34:22 | self | BaseHTTPRequestHandlerKind |
+| test.py:36:13:36:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:37:13:37:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:40:16:44:9 | Attribute() | CgiFieldStorageFormKind |
+| test.py:41:13:41:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:42:13:42:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:43:64:43:67 | self | BaseHTTPRequestHandlerKind |
+| test.py:69:9:69:12 | self | BaseHTTPRequestHandlerKind |
+| test.py:70:9:70:12 | self | BaseHTTPRequestHandlerKind |
+| test.py:71:9:71:12 | self | BaseHTTPRequestHandlerKind |
+| test.py:72:9:72:12 | self | BaseHTTPRequestHandlerKind |
+| test.py:73:9:73:12 | self | BaseHTTPRequestHandlerKind |
+| test.py:74:15:74:18 | self | BaseHTTPRequestHandlerKind |
+| test.py:78:16:82:9 | Attribute() | CgiFieldStorageFormKind |
+| test.py:79:13:79:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:80:13:80:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:81:64:81:67 | self | BaseHTTPRequestHandlerKind |
+| test.py:85:13:85:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:86:13:86:16 | self | BaseHTTPRequestHandlerKind |
+| test.py:96:9:96:12 | self | BaseHTTPRequestHandlerKind |
+| test.py:97:9:97:12 | self | BaseHTTPRequestHandlerKind |
--- a/python/ql/test/library-tests/web/stdlib/HttpSources.ql
+++ b/python/ql/test/library-tests/web/stdlib/HttpSources.ql
@@ -0,0 +1,9 @@
+import python
+import semmle.python.web.HttpRequest
+import semmle.python.security.strings.Untrusted
+
+from HttpRequestTaintSource source, TaintKind kind
+where
+    source.isSourceOf(kind) and
+    source.getLocation().getFile().getShortName() != "cgi.py"
+select source.(ControlFlowNode).getNode(), kind
--- a/python/ql/test/library-tests/web/stdlib/TestTaint.expected
+++ b/python/ql/test/library-tests/web/stdlib/TestTaint.expected
@@ -0,0 +1,32 @@
+| test.py:18 | ok   | taint_sources | self | BaseHTTPRequestHandlerKind |
+| test.py:20 | ok   | taint_sources | Attribute | externally controlled string |
+| test.py:22 | ok   | taint_sources | Attribute | externally controlled string |
+| test.py:24 | ok   | taint_sources | Attribute | {externally controlled string} |
+| test.py:25 | ok   | taint_sources | Subscript | externally controlled string |
+| test.py:26 | ok   | taint_sources | Attribute() | externally controlled string |
+| test.py:27 | ok   | taint_sources | Attribute() | [externally controlled string] |
+| test.py:28 | fail | taint_sources | Attribute() | <NO TAINT> |
+| test.py:29 | ok   | taint_sources | Attribute() | [externally controlled string] |
+| test.py:30 | fail | taint_sources | Attribute() | <NO TAINT> |
+| test.py:31 | ok   | taint_sources | Attribute() | externally controlled string |
+| test.py:32 | ok   | taint_sources | Attribute() | externally controlled string |
+| test.py:33 | ok   | taint_sources | str() | externally controlled string |
+| test.py:34 | ok   | taint_sources | bytes() | externally controlled string |
+| test.py:36 | ok   | taint_sources | Attribute | file[externally controlled string] |
+| test.py:37 | ok   | taint_sources | Attribute() | externally controlled string |
+| test.py:47 | ok   | taint_sources | form | CgiFieldStorageFormKind |
+| test.py:49 | ok   | taint_sources | Subscript | CgiFieldStorageFieldKind |
+| test.py:49 | ok   | taint_sources | Subscript | [CgiFieldStorageFieldKind] |
+| test.py:50 | ok   | taint_sources | Attribute | externally controlled string |
+| test.py:51 | ok   | taint_sources | Attribute | file[externally controlled string] |
+| test.py:52 | ok   | taint_sources | Attribute | externally controlled string |
+| test.py:53 | ok   | taint_sources | Subscript | CgiFieldStorageFieldKind |
+| test.py:54 | ok   | taint_sources | Attribute | externally controlled string |
+| test.py:55 | ok   | taint_sources | Attribute | file[externally controlled string] |
+| test.py:56 | ok   | taint_sources | Attribute | externally controlled string |
+| test.py:58 | ok   | taint_sources | Attribute() | [externally controlled string] |
+| test.py:58 | ok   | taint_sources | Attribute() | externally controlled string |
+| test.py:59 | ok   | taint_sources | Subscript | externally controlled string |
+| test.py:61 | ok   | taint_sources | Attribute() | externally controlled string |
+| test.py:63 | ok   | taint_sources | Attribute() | [externally controlled string] |
+| test.py:64 | ok   | taint_sources | Subscript | externally controlled string |
--- a/python/ql/test/library-tests/web/stdlib/TestTaint.ql
+++ b/python/ql/test/library-tests/web/stdlib/TestTaint.ql
@@ -0,0 +1,32 @@
+import python
+import semmle.python.security.TaintTracking
+import semmle.python.web.HttpRequest
+import semmle.python.security.strings.Untrusted
+
+from
+    Call call, Expr arg, boolean expected_taint, boolean has_taint, string test_res,
+    string taint_string
+where
+    call.getLocation().getFile().getShortName() = "test.py" and
+    (
+        call.getFunc().(Name).getId() = "ensure_tainted" and
+        expected_taint = true
+        or
+        call.getFunc().(Name).getId() = "ensure_not_tainted" and
+        expected_taint = false
+    ) and
+    arg = call.getAnArg() and
+    (
+        not exists(TaintedNode tainted | tainted.getAstNode() = arg) and
+        taint_string = "<NO TAINT>" and
+        has_taint = false
+        or
+        exists(TaintedNode tainted | tainted.getAstNode() = arg |
+            taint_string = tainted.getTaintKind().toString()
+        ) and
+        has_taint = true
+    ) and
+    if expected_taint = has_taint then test_res = "ok  " else test_res = "fail"
+// if expected_taint = has_taint then test_res = "✓" else test_res = "✕"
+select arg.getLocation().toString(), test_res, call.getScope().(Function).getName(), arg.toString(),
+    taint_string
--- a/python/ql/test/library-tests/web/stdlib/test.py
+++ b/python/ql/test/library-tests/web/stdlib/test.py
@@ -0,0 +1,108 @@
+import sys
+import os
+import cgi
+
+if sys.version_info[0] == 2:
+    from BaseHTTPServer import BaseHTTPRequestHandler
+    from BaseHTTPServer import HTTPServer
+
+if sys.version_info[0] == 3:
+    from http.server import HTTPServer, BaseHTTPRequestHandler
+
+
+class MyHandler(BaseHTTPRequestHandler):
+
+    def taint_sources(self):
+
+        ensure_tainted(
+            self,
+
+            self.requestline,
+
+            self.path,
+
+            self.headers,
+            self.headers['Foo'],
+            self.headers.get('Foo'),
+            self.headers.get_all('Foo'),
+            self.headers.keys(),
+            self.headers.values(),
+            self.headers.items(),
+            self.headers.as_bytes(),
+            self.headers.as_string(),
+            str(self.headers),
+            bytes(self.headers),
+
+            self.rfile,
+            self.rfile.read(),
+        )
+
+        form = cgi.FieldStorage(
+            self.rfile,
+            self.headers,
+            environ={'REQUEST_METHOD': 'POST', 'CONTENT_TYPE': self.headers.get('content-type')},
+        )
+
+        ensure_tainted(
+            form,
+
+            form['key'],
+            form['key'].value,
+            form['key'].file,
+            form['key'].filename,
+            form['key'][0], # will be a list, if multiple fields named "key" are provided
+            form['key'][0].value,
+            form['key'][0].file,
+            form['key'][0].filename,
+
+            form.getvalue('key'),
+            form.getvalue('key')[0], # will be a list, if multiple fields named "key" are provided
+
+            form.getfirst('key'),
+
+            form.getlist('key'),
+            form.getlist('key')[0],
+        )
+
+    def do_GET(self):
+        # send_response will log a line to stderr
+        self.send_response(200)
+        self.send_header("Content-type", "text/plain; charset=utf-8")
+        self.end_headers()
+        self.wfile.write(b"Hello BaseHTTPRequestHandler\n")
+        self.wfile.writelines([b"1\n", b"2\n", b"3\n"])
+        print(self.headers)
+
+
+    def do_POST(self):
+        form = cgi.FieldStorage(
+            self.rfile,
+            self.headers,
+            environ={'REQUEST_METHOD': 'POST', 'CONTENT_TYPE': self.headers.get('content-type')},
+        )
+
+        if 'myfile' not in form:
+            self.send_response(422)
+            self.end_headers()
+            return
+
+        field = form['myfile']
+
+        field.file.seek(0, os.SEEK_END)
+        filesize = field.file.tell()
+
+        print("Uploaded {!r} with {} bytes".format(field.filename, filesize))
+
+        self.send_response(200)
+        self.end_headers()
+
+
+if __name__ == "__main__":
+    server = HTTPServer(("127.0.0.1", 8080), MyHandler)
+    server.serve_forever()
+
+    # Headers works case insensitvely, so self.headers['foo'] == self.headers['FOO']
+    # curl localhost:8080 --header "Foo: 1" --header "foo: 2"
+
+    # To test file submission through forms, use
+    # curl -F myfile=@<yourfile> localhost:8080
--- a/python/ql/test/query-tests/Expressions/Arguments/WrongNumberArgumentsInCall.expected
+++ b/python/ql/test/query-tests/Expressions/Arguments/WrongNumberArgumentsInCall.expected
@@ -1,7 +1,7 @@
 | use_mox.py:28:1:28:4 | f0() | Call to $@ with too few arguments; should be no fewer than 1. | use_mox.py:7:1:7:10 | Function f0 | function f0 |
 | use_mox.py:29:1:29:5 | f1() | Call to $@ with too few arguments; should be no fewer than 2. | use_mox.py:10:1:10:13 | Function f1 | function f1 |
-| use_mox.py:32:1:32:8 | Attribute() | Call to $@ with too few arguments; should be no fewer than 1. | use_mox.py:15:5:15:20 | Function m0 | method C.m0 |
-| use_mox.py:33:1:33:9 | Attribute() | Call to $@ with too few arguments; should be no fewer than 2. | use_mox.py:18:5:18:23 | Function m1 | method C.m1 |
+| use_mox.py:32:1:32:8 | Attribute() | Call to $@ with too few arguments; should be no fewer than 1. | use_mox.py:15:5:15:20 | Function C.m0 | method C.m0 |
+| use_mox.py:33:1:33:9 | Attribute() | Call to $@ with too few arguments; should be no fewer than 2. | use_mox.py:18:5:18:23 | Function C.m1 | method C.m1 |
 | wrong_arguments.py:29:1:29:4 | f0() | Call to $@ with too few arguments; should be no fewer than 1. | wrong_arguments.py:3:1:3:10 | Function f0 | function f0 |
 | wrong_arguments.py:30:1:30:4 | f1() | Call to $@ with too few arguments; should be no fewer than 1. | wrong_arguments.py:6:1:6:20 | Function f1 | function f1 |
 | wrong_arguments.py:31:1:31:4 | f2() | Call to $@ with too few arguments; should be no fewer than 1. | wrong_arguments.py:9:1:9:14 | Function f2 | function f2 |
@@ -21,5 +21,5 @@
 | wrong_arguments.py:86:1:86:4 | l1() | Call to $@ with too few arguments; should be no fewer than 1. | wrong_arguments.py:71:6:71:21 | Function lambda | function lambda |
 | wrong_arguments.py:96:1:96:12 | f6() | Call to $@ with too many arguments; should be no more than 2. | wrong_arguments.py:21:1:21:13 | Function f6 | function f6 |
 | wrong_arguments.py:97:1:97:7 | f6() | Call to $@ with too many arguments; should be no more than 2. | wrong_arguments.py:21:1:21:13 | Function f6 | function f6 |
-| wrong_arguments.py:130:1:130:9 | Attribute() | Call to $@ with too few arguments; should be no fewer than 2. | wrong_arguments.py:126:5:126:31 | Function spam | method Eggs2.spam |
-| wrong_arguments.py:130:1:130:9 | Attribute() | Call to $@ with too many arguments; should be no more than 0. | wrong_arguments.py:121:5:121:19 | Function spam | method Eggs1.spam |
+| wrong_arguments.py:130:1:130:9 | Attribute() | Call to $@ with too few arguments; should be no fewer than 2. | wrong_arguments.py:126:5:126:31 | Function Eggs2.spam | method Eggs2.spam |
+| wrong_arguments.py:130:1:130:9 | Attribute() | Call to $@ with too many arguments; should be no more than 0. | wrong_arguments.py:121:5:121:19 | Function Eggs1.spam | method Eggs1.spam |
--- a/python/ql/test/query-tests/Functions/overriding/IncorrectlyOverriddenMethod.expected
+++ b/python/ql/test/query-tests/Functions/overriding/IncorrectlyOverriddenMethod.expected
@@ -1,6 +1,6 @@
-| test.py:24:5:24:26 | Function meth1 | Overriding method signature does not match $@, where it is passed too few. Overridden method $@ is correctly specified. | test.py:15:9:15:20 | Attribute() | here | test.py:5:5:5:20 | Function meth1 | method Base.meth1 |
-| test.py:24:5:24:26 | Function meth1 | Overriding method signature does not match $@, where it is passed too few. Overridden method $@ is correctly specified. | test.py:34:9:34:20 | Attribute() | here | test.py:5:5:5:20 | Function meth1 | method Base.meth1 |
-| test.py:27:5:27:20 | Function meth2 | Overriding method signature does not match $@, where it is passed an argument named 'spam'. Overridden method $@ is correctly specified. | test.py:20:9:20:31 | Attribute() | here | test.py:8:5:8:26 | Function meth2 | method Base.meth2 |
-| test.py:27:5:27:20 | Function meth2 | Overriding method signature does not match $@, where it is passed an argument named 'spam'. Overridden method $@ is correctly specified. | test.py:39:9:39:31 | Attribute() | here | test.py:8:5:8:26 | Function meth2 | method Base.meth2 |
-| test.py:27:5:27:20 | Function meth2 | Overriding method signature does not match $@, where it is passed too many. Overridden method $@ is correctly specified. | test.py:18:9:18:21 | Attribute() | here | test.py:8:5:8:26 | Function meth2 | method Base.meth2 |
-| test.py:27:5:27:20 | Function meth2 | Overriding method signature does not match $@, where it is passed too many. Overridden method $@ is correctly specified. | test.py:37:9:37:21 | Attribute() | here | test.py:8:5:8:26 | Function meth2 | method Base.meth2 |
+| test.py:24:5:24:26 | Function Derived.meth1 | Overriding method signature does not match $@, where it is passed too few. Overridden method $@ is correctly specified. | test.py:15:9:15:20 | Attribute() | here | test.py:5:5:5:20 | Function Base.meth1 | method Base.meth1 |
+| test.py:24:5:24:26 | Function Derived.meth1 | Overriding method signature does not match $@, where it is passed too few. Overridden method $@ is correctly specified. | test.py:34:9:34:20 | Attribute() | here | test.py:5:5:5:20 | Function Base.meth1 | method Base.meth1 |
+| test.py:27:5:27:20 | Function Derived.meth2 | Overriding method signature does not match $@, where it is passed an argument named 'spam'. Overridden method $@ is correctly specified. | test.py:20:9:20:31 | Attribute() | here | test.py:8:5:8:26 | Function Base.meth2 | method Base.meth2 |
+| test.py:27:5:27:20 | Function Derived.meth2 | Overriding method signature does not match $@, where it is passed an argument named 'spam'. Overridden method $@ is correctly specified. | test.py:39:9:39:31 | Attribute() | here | test.py:8:5:8:26 | Function Base.meth2 | method Base.meth2 |
+| test.py:27:5:27:20 | Function Derived.meth2 | Overriding method signature does not match $@, where it is passed too many. Overridden method $@ is correctly specified. | test.py:18:9:18:21 | Attribute() | here | test.py:8:5:8:26 | Function Base.meth2 | method Base.meth2 |
+| test.py:27:5:27:20 | Function Derived.meth2 | Overriding method signature does not match $@, where it is passed too many. Overridden method $@ is correctly specified. | test.py:37:9:37:21 | Attribute() | here | test.py:8:5:8:26 | Function Base.meth2 | method Base.meth2 |
--- a/python/ql/test/query-tests/Functions/overriding/WrongNumberArgumentsInCall.expected
+++ b/python/ql/test/query-tests/Functions/overriding/WrongNumberArgumentsInCall.expected
@@ -1,2 +1,2 @@
-| test.py:16:9:16:21 | Attribute() | Call to $@ with too many arguments; should be no more than 0. | test.py:5:5:5:20 | Function meth1 | method Base.meth1 |
-| test.py:17:9:17:20 | Attribute() | Call to $@ with too few arguments; should be no fewer than 1. | test.py:8:5:8:26 | Function meth2 | method Base.meth2 |
+| test.py:16:9:16:21 | Attribute() | Call to $@ with too many arguments; should be no more than 0. | test.py:5:5:5:20 | Function Base.meth1 | method Base.meth1 |
+| test.py:17:9:17:20 | Attribute() | Call to $@ with too few arguments; should be no fewer than 1. | test.py:8:5:8:26 | Function Base.meth2 | method Base.meth2 |