Removed edges and nodes are mostly duplicates. They were only there
originally due to multiple configurations being in scope.
`DataFlow::PathNode` has union semantics for configurations. Nodes are
only generated if they are reachable from a source, but this includes
sources from other configurations.
No alerts are lost.
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
For InterProceduralDataFlow, it's hard to get it to use InlineFlowTest
because you need to show both the source and the sink, and there are
problems with quoting when the source is already surrounded by quotes.
Removed edges were only there originally due to multiple configurations
being in scope. `DataFlow::PathNode` has union semantics for
configurations. Nodes are only generated if they are reachable from a
source, but this includes sources from other configurations.
No alerts are lost.
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
Removed nodes and edges were only there originally due to multiple
configurations being in scope. `DataFlow::PathNode` has union semantics
for configurations. Nodes are only generated if they are reachable from
a source, but this includes sources from other configurations.
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
The new `edges` and `nodes` sections in the .expected files are because
the PathGraph module was not imported in the tests before, and thus
these query predicates were not in scope.
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
When a function is assigned to a variable and called through that
variable then we previously didn't realise it was a function. With
this change we try use local flow to determine if the function being
called is a method.
