Python: revert spurious Py2 hidden-test rebless

The earlier rebless added '.hidden/inner' and 'folder' to the expected output, but those are namespace-package folders without __init__.py, so under Py2 mode (respect_init=True) they are correctly *not* extracted as packages. The previous local rebless picked up Py3 behaviour because python/ql/test/2/extractor-tests/options doesn't propagate --lang=2 (only library-tests and query-tests do). CI runs it under Py2 and produces the smaller output. This brings the expected file back in line with main and CI. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Python: fold in evaluation-order review-comment fixes from main
2026-06-11 16:01:09 +02:00 · 2026-05-29 05:38:44 +00:00 · 2026-05-28 21:12:48 +00:00 · 2026-05-28 21:09:49 +00:00 · 2026-05-28 21:09:49 +00:00 · 2026-05-28 21:09:49 +00:00
762 changed files with 17745 additions and 29642 deletions
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -237,6 +237,9 @@ use_repo(
    kotlin_extractor_deps,
    "codeql_kotlin_defaults",
    "codeql_kotlin_embeddable",
+    "kotlin-compiler-1.8.0",
+    "kotlin-compiler-1.9.0-Beta",
+    "kotlin-compiler-1.9.20-Beta",
    "kotlin-compiler-2.0.0-RC1",
    "kotlin-compiler-2.0.20-Beta2",
    "kotlin-compiler-2.1.0-Beta1",
@@ -245,7 +248,9 @@ use_repo(
    "kotlin-compiler-2.2.20-Beta2",
    "kotlin-compiler-2.3.0",
    "kotlin-compiler-2.3.20",
-    "kotlin-compiler-2.4.0",
+    "kotlin-compiler-embeddable-1.8.0",
+    "kotlin-compiler-embeddable-1.9.0-Beta",
+    "kotlin-compiler-embeddable-1.9.20-Beta",
    "kotlin-compiler-embeddable-2.0.0-RC1",
    "kotlin-compiler-embeddable-2.0.20-Beta2",
    "kotlin-compiler-embeddable-2.1.0-Beta1",
@@ -254,7 +259,9 @@ use_repo(
    "kotlin-compiler-embeddable-2.2.20-Beta2",
    "kotlin-compiler-embeddable-2.3.0",
    "kotlin-compiler-embeddable-2.3.20",
-    "kotlin-compiler-embeddable-2.4.0",
+    "kotlin-stdlib-1.8.0",
+    "kotlin-stdlib-1.9.0-Beta",
+    "kotlin-stdlib-1.9.20-Beta",
    "kotlin-stdlib-2.0.0-RC1",
    "kotlin-stdlib-2.0.20-Beta2",
    "kotlin-stdlib-2.1.0-Beta1",
@@ -263,7 +270,6 @@ use_repo(
    "kotlin-stdlib-2.2.20-Beta2",
    "kotlin-stdlib-2.3.0",
    "kotlin-stdlib-2.3.20",
-    "kotlin-stdlib-2.4.0",
 )

 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,9 +1,3 @@
-## 0.4.37
-
-### Minor Analysis Improvements
-
-* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
-
 ## 0.4.36

 ### Minor Analysis Improvements
--- a/actions/ql/lib/change-notes/2026-05-12-improved-alphanumeric-regex.md
+++ b/actions/ql/lib/change-notes/2026-05-12-improved-alphanumeric-regex.md
@@ -1,5 +1,4 @@
-## 0.4.37
-
-### Minor Analysis Improvements
-
-* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
+---
+category: minorAnalysis
+---
+* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.37
+lastReleaseVersion: 0.4.36
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.38-dev
+version: 0.4.37-dev
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,22 +1,3 @@
-## 0.6.29
-
-### Query Metadata Changes
-
-* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`.
-
-### Major Analysis Improvements
-
-* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query.
-
-### Minor Analysis Improvements
-
-* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`.
-* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes.
-
-### Bug Fixes
-
-* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.
-
 ## 0.6.28

 ### Query Metadata Changes
--- a/actions/ql/src/change-notes/2026-05-05-untrusted-checkout-high.md
+++ b/actions/ql/src/change-notes/2026-05-05-untrusted-checkout-high.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query.
--- a/actions/ql/src/change-notes/2026-05-12-sha256-pinned-actions.md
+++ b/actions/ql/src/change-notes/2026-05-12-sha256-pinned-actions.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes.
--- a/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-alert.md
+++ b/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-alert.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`.
--- a/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-helpfile.md
+++ b/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-helpfile.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.
--- a/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-metadata.md
+++ b/actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-metadata.md
@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`.
--- a/actions/ql/src/change-notes/released/0.6.29.md
+++ b/actions/ql/src/change-notes/released/0.6.29.md
@@ -1,18 +0,0 @@
-## 0.6.29
-
-### Query Metadata Changes
-
-* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`.
-
-### Major Analysis Improvements
-
-* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query.
-
-### Minor Analysis Improvements
-
-* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`.
-* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes.
-
-### Bug Fixes
-
-* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.29
+lastReleaseVersion: 0.6.28
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.30-dev
+version: 0.6.29-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,19 +1,3 @@
-## 10.2.0
-
-### Deprecated APIs
-
-* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead.
-
-### New Features
-
-* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations.
-* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations.
-
-### Minor Analysis Improvements
-
-* Added flow source models for `scanf_s` and related functions.
-* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported.
-
 ## 10.1.1

 ### Minor Analysis Improvements
--- a/cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md
+++ b/cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Added flow source models for `scanf_s` and related functions.
+* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported.
--- a/cpp/ql/lib/change-notes/2026-05-16-alias-template.md
+++ b/cpp/ql/lib/change-notes/2026-05-16-alias-template.md
@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations.
--- a/cpp/ql/lib/change-notes/2026-05-18-alias-type.md
+++ b/cpp/ql/lib/change-notes/2026-05-18-alias-type.md
@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead.
--- a/cpp/ql/lib/change-notes/2026-05-21-generated-from.md
+++ b/cpp/ql/lib/change-notes/2026-05-21-generated-from.md
@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations.
--- a/cpp/ql/lib/change-notes/released/10.2.0.md
+++ b/cpp/ql/lib/change-notes/released/10.2.0.md
@@ -1,15 +0,0 @@
-## 10.2.0
-
-### Deprecated APIs
-
-* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead.
-
-### New Features
-
-* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations.
-* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations.
-
-### Minor Analysis Improvements
-
-* Added flow source models for `scanf_s` and related functions.
-* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 10.2.0
+lastReleaseVersion: 10.1.1
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 10.2.1-dev
+version: 10.1.2-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
@@ -276,45 +276,6 @@ private predicate isClassConstructedFrom(Class c, Class templateClass) {
  not c.isConstructedFrom(_) and c = templateClass
 }

-/** Gets the fully templated version of `c`. */
-private Class getFullyTemplatedClassOld(Class c) {
-  not c.isFromUninstantiatedTemplate(_) and
-  isClassConstructedFrom(c, result)
-}
-
-private TemplateClass getOriginalClassTemplate(TemplateClass tc) {
-  result = tc.getOriginalTemplate()
-  or
-  not exists(tc.getOriginalTemplate()) and
-  result = tc
-}
-
-/** Gets the fully templated version of `c`. */
-private Class getFullyTemplatedClassNew(Class c) {
-  not c.isFromUninstantiatedTemplate(_) and
-  exists(Class mid |
-    c.isConstructedFrom(mid)
-    or
-    not c.isConstructedFrom(_) and c = mid
-  |
-    result = getOriginalClassTemplate(mid)
-    or
-    not mid instanceof TemplateClass and mid = result
-  )
-}
-
-/** Gets the fully templated version of `c`. */
-private Class getFullyTemplatedClass(Class c) {
-  // The `Class::getOriginalTemplate` predicate was introduced in CodeQL
-  // version 2.25.6 and the upgrade script leaves the
-  // `class_template_generated_from` extensionals empty if the database
-  // was generated with an older extractor. So we use the old implementation
-  // if the `class_template_generated_from` extensional is empty.
-  if class_template_generated_from(_, _)
-  then result = getFullyTemplatedClassNew(c)
-  else result = getFullyTemplatedClassOld(c)
-}
-
 /**
 * Holds if `f` is an instantiation of a function template `templateFunc`, or
 * holds with `f = templateFunc` if `f` is not an instantiation of any function
@@ -331,7 +292,7 @@ private predicate isFunctionConstructedFrom(Function f, Function templateFunc) {
 }

 /** Gets the fully templated version of `f`. */
-private Function getFullyTemplatedFunctionOld(Function f) {
+Function getFullyTemplatedFunction(Function f) {
  not f.isFromUninstantiatedTemplate(_) and
  (
    exists(Class c, Class templateClass, int i |
@@ -345,46 +306,13 @@ private Function getFullyTemplatedFunctionOld(Function f) {
  )
 }

-private TemplateFunction getOriginalFunctionTemplate(TemplateFunction tf) {
-  result = tf.getOriginalTemplate()
-  or
-  not exists(tf.getOriginalTemplate()) and
-  result = tf
-}
-
-/** Gets the fully templated version of `f`. */
-private Function getFullyTemplatedFunctionNew(Function f) {
-  not f.isFromUninstantiatedTemplate(_) and
-  exists(Function mid |
-    f.isConstructedFrom(mid)
-    or
-    not f.isConstructedFrom(_) and f = mid
-  |
-    result = getOriginalFunctionTemplate(mid)
-    or
-    not mid instanceof TemplateFunction and mid = result
-  )
-}
-
-/** Gets the fully templated version of `f`. */
-Function getFullyTemplatedFunction(Function f) {
-  // The `Function::getOriginalTemplate` predicate was introduced in CodeQL
-  // version 2.25.6 and the upgrade script leaves the
-  // `function_template_generated_from` extensionals empty if the database
-  // was generated with an older extractor. So we use the old implementation
-  // if the `function_template_generated_from` extensional is empty.
-  if function_template_generated_from(_, _)
-  then result = getFullyTemplatedFunctionNew(f)
-  else result = getFullyTemplatedFunctionOld(f)
-}
-
 /** Prefixes `const` to `s` if `t` is const, or returns `s` otherwise. */
 bindingset[s, t]
 private string withConst(string s, Type t) {
  if t.isConst() then result = "const " + s else result = s
 }

-/** Prefixes `volatile` to `s` if `t` is volatile, or returns `s` otherwise. */
+/** Prefixes `volatile` to `s` if `t` is const, or returns `s` otherwise. */
 bindingset[s, t]
 private string withVolatile(string s, Type t) {
  if t.isVolatile() then result = "volatile " + s else result = s
@@ -562,7 +490,7 @@ pragma[nomagic]
 private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining) {
  // If there is a declaring type then we start by expanding the function templates
  exists(Class template |
-    template = getFullyTemplatedClass(f.getDeclaringType()) and
+    isClassConstructedFrom(f.getDeclaringType(), template) and
    remaining = getNumberOfSupportedClassTemplateArguments(template) and
    result = getTypeNameWithoutFunctionTemplates(f, n, 0)
  )
@@ -574,7 +502,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining
  or
  exists(string mid, TypeTemplateParameter tp, Class template |
    mid = getTypeNameWithoutClassTemplates(f, n, remaining + 1) and
-    template = getFullyTemplatedClass(f.getDeclaringType()) and
+    isClassConstructedFrom(f.getDeclaringType(), template) and
    tp = getSupportedClassTemplateArgument(template, remaining)
  |
    result = mid.replaceAll(tp.getName(), "class:" + remaining.toString())
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 1.6.4
-
-No user-facing changes.
-
 ## 1.6.3

 ### Minor Analysis Improvements
--- a/cpp/ql/src/change-notes/released/1.6.4.md
+++ b/cpp/ql/src/change-notes/released/1.6.4.md
@@ -1,3 +0,0 @@
-## 1.6.4
-
-No user-facing changes.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.4
+lastReleaseVersion: 1.6.3
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.6.5-dev
+version: 1.6.4-dev
 groups:
  - cpp
  - queries
--- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected
+++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected
@@ -51,16 +51,13 @@ models
 | 50 | Summary: ; ; false; ymlStepGenerated; ; ; Argument[0]; ReturnValue; taint; df-generated |
 | 51 | Summary: ; ; false; ymlStepManual; ; ; Argument[0]; ReturnValue; taint; manual |
 | 52 | Summary: ; ; false; ymlStepManual_with_body; ; ; Argument[0]; ReturnValue; taint; manual |
-| 53 | Summary: ; TemplateClass1; true; templateFunction2<U,V>; (U,V); ; Argument[1]; ReturnValue; value; manual |
-| 54 | Summary: ; TemplateClass1<T>; false; templateFunction<U>; (T,U); ; Argument[0]; ReturnValue; value; manual |
-| 55 | Summary: ; TemplateClass2<T,U>; true; function; (U,T); ; Argument[1]; ReturnValue; value; manual |
-| 56 | Summary: Azure::Core::IO; BodyStream; true; Read; ; ; Argument[-1]; Argument[*0]; taint; manual |
-| 57 | Summary: Azure::Core::IO; BodyStream; true; ReadToCount; ; ; Argument[-1]; Argument[*0]; taint; manual |
-| 58 | Summary: Azure::Core::IO; BodyStream; true; ReadToEnd; ; ; Argument[-1]; ReturnValue.Element; taint; manual |
-| 59 | Summary: Azure; Nullable; true; Value; ; ; Argument[-1]; ReturnValue[*]; taint; manual |
-| 60 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
+| 53 | Summary: Azure::Core::IO; BodyStream; true; Read; ; ; Argument[-1]; Argument[*0]; taint; manual |
+| 54 | Summary: Azure::Core::IO; BodyStream; true; ReadToCount; ; ; Argument[-1]; Argument[*0]; taint; manual |
+| 55 | Summary: Azure::Core::IO; BodyStream; true; ReadToEnd; ; ; Argument[-1]; ReturnValue.Element; taint; manual |
+| 56 | Summary: Azure; Nullable; true; Value; ; ; Argument[-1]; ReturnValue[*]; taint; manual |
+| 57 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
 edges
-| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:60 |
+| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:57 |
 | asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:91:7:91:17 | recv_buffer | provenance | Src:MaD:32  |
 | asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:93:29:93:39 | *recv_buffer | provenance | Src:MaD:32 Sink:MaD:2 |
 | asio_streams.cpp:97:37:97:44 | call to source | asio_streams.cpp:98:7:98:14 | send_str | provenance | TaintFunction |
@@ -69,24 +66,24 @@ edges
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:101:7:101:17 | send_buffer | provenance |  |
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:2 |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance |  |
-| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:60 |
-| azure.cpp:62:10:62:14 | [summary param] this in Value | azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | provenance | MaD:59 |
-| azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | provenance | MaD:56 |
-| azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | provenance | MaD:57 |
-| azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | provenance | MaD:58 |
+| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:57 |
+| azure.cpp:62:10:62:14 | [summary param] this in Value | azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | provenance | MaD:56 |
+| azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | provenance | MaD:53 |
+| azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | provenance | MaD:54 |
+| azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | provenance | MaD:55 |
 | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue in ReadToEnd [element] | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:253:48:253:60 | *call to GetBodyStream | provenance | Src:MaD:29  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:257:5:257:8 | *resp | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:262:5:262:8 | *resp | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:266:38:266:41 | *resp | provenance |  |
 | azure.cpp:257:5:257:8 | *resp | azure.cpp:113:16:113:19 | [summary param] this in Read | provenance |  |
-| azure.cpp:257:5:257:8 | *resp | azure.cpp:257:16:257:21 | Read output argument | provenance | MaD:56 |
+| azure.cpp:257:5:257:8 | *resp | azure.cpp:257:16:257:21 | Read output argument | provenance | MaD:53 |
 | azure.cpp:257:16:257:21 | Read output argument | azure.cpp:258:10:258:16 | * ... | provenance |  |
 | azure.cpp:262:5:262:8 | *resp | azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | provenance |  |
-| azure.cpp:262:5:262:8 | *resp | azure.cpp:262:23:262:28 | ReadToCount output argument | provenance | MaD:57 |
+| azure.cpp:262:5:262:8 | *resp | azure.cpp:262:23:262:28 | ReadToCount output argument | provenance | MaD:54 |
 | azure.cpp:262:23:262:28 | ReadToCount output argument | azure.cpp:263:10:263:16 | * ... | provenance |  |
 | azure.cpp:266:38:266:41 | *resp | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | provenance |  |
-| azure.cpp:266:38:266:41 | *resp | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | MaD:58 |
+| azure.cpp:266:38:266:41 | *resp | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | MaD:55 |
 | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance |  |
 | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:267:10:267:12 | vec [element] | provenance |  |
 | azure.cpp:267:10:267:12 | vec [element] | azure.cpp:267:10:267:12 | vec | provenance |  |
@@ -103,11 +100,11 @@ edges
 | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | provenance | Src:MaD:26  |
 | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:282:21:282:23 | *call to get | provenance |  |
 | azure.cpp:282:21:282:23 | *call to get | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | provenance |  |
-| azure.cpp:282:21:282:23 | *call to get | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | MaD:58 |
+| azure.cpp:282:21:282:23 | *call to get | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | MaD:55 |
 | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:10:282:38 | call to ReadToEnd | provenance |  |
 | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance |  |
 | azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:62:10:62:14 | [summary param] this in Value | provenance |  |
-| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:289:63:289:65 | call to Value | provenance | MaD:59 |
+| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:289:63:289:65 | call to Value | provenance | MaD:56 |
 | azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:24:289:56 | call to GetHeader | provenance |  |
 | azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:32:289:40 | call to GetHeader | provenance | Src:MaD:30  |
 | azure.cpp:289:63:289:65 | call to Value | azure.cpp:289:63:289:65 | call to Value | provenance |  |
@@ -183,39 +180,6 @@ edges
 | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:119:10:119:11 | y2 | provenance | Sink:MaD:1 |
 | test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | provenance |  |
 | test.cpp:118:44:118:44 | *x | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | MaD:48 |
-| test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | provenance | MaD:54 |
-| test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | provenance | MaD:53 |
-| test.cpp:133:10:133:18 | call to ymlSource | test.cpp:133:10:133:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:133:10:133:18 | call to ymlSource | test.cpp:134:45:134:45 | x | provenance |  |
-| test.cpp:134:13:134:43 | call to templateFunction | test.cpp:134:13:134:43 | call to templateFunction | provenance |  |
-| test.cpp:134:13:134:43 | call to templateFunction | test.cpp:135:10:135:10 | y | provenance | Sink:MaD:1 |
-| test.cpp:134:45:134:45 | x | test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | provenance |  |
-| test.cpp:134:45:134:45 | x | test.cpp:134:13:134:43 | call to templateFunction | provenance | MaD:54 |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | provenance | MaD:55 |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | provenance | MaD:55 |
-| test.cpp:146:10:146:18 | call to ymlSource | test.cpp:146:10:146:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:146:10:146:18 | call to ymlSource | test.cpp:148:26:148:26 | x | provenance |  |
-| test.cpp:148:10:148:27 | call to function | test.cpp:148:10:148:27 | call to function | provenance |  |
-| test.cpp:148:10:148:27 | call to function | test.cpp:149:10:149:10 | z | provenance | Sink:MaD:1 |
-| test.cpp:148:26:148:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | provenance |  |
-| test.cpp:148:26:148:26 | x | test.cpp:148:10:148:27 | call to function | provenance | MaD:55 |
-| test.cpp:155:10:155:18 | call to ymlSource | test.cpp:155:10:155:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:155:10:155:18 | call to ymlSource | test.cpp:157:26:157:26 | x | provenance |  |
-| test.cpp:157:13:157:20 | call to function | test.cpp:157:13:157:20 | call to function | provenance |  |
-| test.cpp:157:13:157:20 | call to function | test.cpp:158:10:158:10 | z | provenance | Sink:MaD:1 |
-| test.cpp:157:26:157:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | provenance |  |
-| test.cpp:157:26:157:26 | x | test.cpp:157:13:157:20 | call to function | provenance | MaD:55 |
-| test.cpp:164:34:164:34 | x | test.cpp:165:69:165:69 | x | provenance |  |
-| test.cpp:165:12:165:64 | call to templateFunction2 | test.cpp:164:7:164:7 | *templateFunction3 | provenance |  |
-| test.cpp:165:12:165:64 | call to templateFunction2 | test.cpp:165:12:165:64 | call to templateFunction2 | provenance |  |
-| test.cpp:165:69:165:69 | x | test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | provenance |  |
-| test.cpp:165:69:165:69 | x | test.cpp:165:12:165:64 | call to templateFunction2 | provenance | MaD:53 |
-| test.cpp:170:10:170:18 | call to ymlSource | test.cpp:170:10:170:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:170:10:170:18 | call to ymlSource | test.cpp:172:51:172:51 | x | provenance |  |
-| test.cpp:172:13:172:44 | call to templateFunction3 | test.cpp:172:13:172:44 | call to templateFunction3 | provenance |  |
-| test.cpp:172:13:172:44 | call to templateFunction3 | test.cpp:173:10:173:10 | y | provenance | Sink:MaD:1 |
-| test.cpp:172:51:172:51 | x | test.cpp:164:34:164:34 | x | provenance |  |
-| test.cpp:172:51:172:51 | x | test.cpp:172:13:172:44 | call to templateFunction3 | provenance | MaD:53 |
 | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | provenance | MaD:33 |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:22:15:22:29 | *call to GetCommandLineA | provenance | Src:MaD:3  |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:24:8:24:11 | * ... | provenance |  |
@@ -519,43 +483,6 @@ nodes
 | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | semmle.label | call to callWithNonTypeTemplate |
 | test.cpp:118:44:118:44 | *x | semmle.label | *x |
 | test.cpp:119:10:119:11 | y2 | semmle.label | y2 |
-| test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | semmle.label | [summary param] 0 in templateFunction |
-| test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | semmle.label | [summary] to write: ReturnValue in templateFunction |
-| test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | semmle.label | [summary param] 1 in templateFunction2 |
-| test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | semmle.label | [summary] to write: ReturnValue in templateFunction2 |
-| test.cpp:133:10:133:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:133:10:133:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:134:13:134:43 | call to templateFunction | semmle.label | call to templateFunction |
-| test.cpp:134:13:134:43 | call to templateFunction | semmle.label | call to templateFunction |
-| test.cpp:134:45:134:45 | x | semmle.label | x |
-| test.cpp:135:10:135:10 | y | semmle.label | y |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | semmle.label | [summary param] 1 in function |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | semmle.label | [summary param] 1 in function |
-| test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | semmle.label | [summary] to write: ReturnValue in function |
-| test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | semmle.label | [summary] to write: ReturnValue in function |
-| test.cpp:146:10:146:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:146:10:146:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:148:10:148:27 | call to function | semmle.label | call to function |
-| test.cpp:148:10:148:27 | call to function | semmle.label | call to function |
-| test.cpp:148:26:148:26 | x | semmle.label | x |
-| test.cpp:149:10:149:10 | z | semmle.label | z |
-| test.cpp:155:10:155:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:155:10:155:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:157:13:157:20 | call to function | semmle.label | call to function |
-| test.cpp:157:13:157:20 | call to function | semmle.label | call to function |
-| test.cpp:157:26:157:26 | x | semmle.label | x |
-| test.cpp:158:10:158:10 | z | semmle.label | z |
-| test.cpp:164:7:164:7 | *templateFunction3 | semmle.label | *templateFunction3 |
-| test.cpp:164:34:164:34 | x | semmle.label | x |
-| test.cpp:165:12:165:64 | call to templateFunction2 | semmle.label | call to templateFunction2 |
-| test.cpp:165:12:165:64 | call to templateFunction2 | semmle.label | call to templateFunction2 |
-| test.cpp:165:69:165:69 | x | semmle.label | x |
-| test.cpp:170:10:170:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:170:10:170:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:172:13:172:44 | call to templateFunction3 | semmle.label | call to templateFunction3 |
-| test.cpp:172:13:172:44 | call to templateFunction3 | semmle.label | call to templateFunction3 |
-| test.cpp:172:51:172:51 | x | semmle.label | x |
-| test.cpp:173:10:173:10 | y | semmle.label | y |
 | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | semmle.label | [summary param] *0 in CommandLineToArgvA |
 | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | semmle.label | [summary] to write: ReturnValue[**] in CommandLineToArgvA |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | semmle.label | *call to GetCommandLineA |
@@ -761,11 +688,6 @@ subpaths
 | test.cpp:25:35:25:35 | x | test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | test.cpp:25:11:25:33 | call to ymlStepManual_with_body |
 | test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body |
 | test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate |
-| test.cpp:134:45:134:45 | x | test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | test.cpp:134:13:134:43 | call to templateFunction |
-| test.cpp:148:26:148:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | test.cpp:148:10:148:27 | call to function |
-| test.cpp:157:26:157:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | test.cpp:157:13:157:20 | call to function |
-| test.cpp:165:69:165:69 | x | test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | test.cpp:165:12:165:64 | call to templateFunction2 |
-| test.cpp:172:51:172:51 | x | test.cpp:164:34:164:34 | x | test.cpp:164:7:164:7 | *templateFunction3 | test.cpp:172:13:172:44 | call to templateFunction3 |
 | windows.cpp:27:36:27:38 | *cmd | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA |
 | windows.cpp:537:40:537:41 | *& ... | windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | windows.cpp:473:17:473:37 | [summary param] *0 in RtlCopyVolatileMemory [Return] | windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument |
 | windows.cpp:542:38:542:39 | *& ... | windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | windows.cpp:479:17:479:35 | [summary param] *0 in RtlCopyDeviceMemory [Return] | windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument |
--- a/cpp/ql/test/library-tests/dataflow/external-models/flow.ext.yml
+++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.ext.yml
@@ -18,7 +18,4 @@ extensions:
      - ["", "", False, "ymlStepManual_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["", "", False, "ymlStepGenerated_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
      - ["", "", False, "callWithArgument", "", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "manual"]
-      - ["", "", False, "callWithNonTypeTemplate<T>", "(const T &)", "", "Argument[*0]", "ReturnValue", "value", "manual"]
-      - ["", "TemplateClass1<T>", False, "templateFunction<U>", "(T,U)", "", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["", "TemplateClass1", True, "templateFunction2<U,V>", "(U,V)", "", "Argument[1]", "ReturnValue", "value", "manual"]
-      - ["", "TemplateClass2<T,U>", True, "function", "(U,T)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["", "", False, "callWithNonTypeTemplate<T>", "(const T &)", "", "Argument[*0]", "ReturnValue", "value", "manual"]
--- a/cpp/ql/test/library-tests/dataflow/external-models/sinks.expected
+++ b/cpp/ql/test/library-tests/dataflow/external-models/sinks.expected
@@ -15,7 +15,3 @@
 | test.cpp:89:11:89:11 | y | test-sink |
 | test.cpp:116:10:116:11 | y1 | test-sink |
 | test.cpp:119:10:119:11 | y2 | test-sink |
-| test.cpp:135:10:135:10 | y | test-sink |
-| test.cpp:149:10:149:10 | z | test-sink |
-| test.cpp:158:10:158:10 | z | test-sink |
-| test.cpp:173:10:173:10 | y | test-sink |
--- a/cpp/ql/test/library-tests/dataflow/external-models/sources.expected
+++ b/cpp/ql/test/library-tests/dataflow/external-models/sources.expected
@@ -9,10 +9,6 @@
 | test.cpp:56:8:56:16 | call to ymlSource | local |
 | test.cpp:94:10:94:18 | call to ymlSource | local |
 | test.cpp:114:10:114:18 | call to ymlSource | local |
-| test.cpp:133:10:133:18 | call to ymlSource | local |
-| test.cpp:146:10:146:18 | call to ymlSource | local |
-| test.cpp:155:10:155:18 | call to ymlSource | local |
-| test.cpp:170:10:170:18 | call to ymlSource | local |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | local |
 | windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | local |
 | windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | local |
--- a/cpp/ql/test/library-tests/dataflow/external-models/test.cpp
+++ b/cpp/ql/test/library-tests/dataflow/external-models/test.cpp
@@ -118,57 +118,3 @@ void test_callWithNonTypeTemplate() {
 	int y2 = callWithNonTypeTemplate<int, 10>(x);
 	ymlSink(y2); // $ ir
 }
-
-template<class T>
-struct TemplateClass1 {
-  template<class U>
-  U templateFunction(T, U);
-
-	template<class U, class V>
-  V templateFunction2(U, V);
-};
-
-void test_template_function_in_template_class() {
-	TemplateClass1<int> b;
-	int x = ymlSource();
-	auto y = b.templateFunction<unsigned long>(x, 0UL);
-	ymlSink(y); // $ ir
-}
-
-template<class S, class T>
-struct TemplateClass2 {
-	T function(T, S);
-};
-
-template<class V> using PartialInstantiationOfTemplateClass2 = TemplateClass2<int, V>;
-
-void test_partial_class_instantiation() {
-	int x = ymlSource();
-	PartialInstantiationOfTemplateClass2<unsigned long> y;
-	int z = y.function(0UL, x);
-	ymlSink(z); // $ ir
-}
-
-template<class V> struct DeriveFromFromPartialTemplateInstantiation : TemplateClass2<int, V> { };
-
-void test_inheritance() {
-	int x = ymlSource();
-	DeriveFromFromPartialTemplateInstantiation<long> y;
-	auto z = y.function(0L, x);
-	ymlSink(z); // $ ir
-}
-
-template<class T>
-struct Class1 : TemplateClass1<T> {
-  template<class U>
-  int templateFunction3(U u, int x) {
-    return TemplateClass1<T>::template templateFunction2<U, int>(u, x);
-  }
-};
-
-void test_class1() {
-	int x = ymlSource();
-	Class1<int> c;
-	auto y = c.templateFunction3<unsigned long>(0UL, x);
-	ymlSink(y); // $ ir
-}
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
@@ -27383,55 +27383,54 @@ getParameterTypeName
 | stl.h:91:24:91:33 | operator++ | 0 | int |
 | stl.h:95:44:95:44 | back_inserter | 0 | func:0 & |
 | stl.h:95:44:95:44 | back_inserter | 0 | func:0 & |
-| stl.h:147:12:147:23 | basic_string | 0 | const class:2 & |
-| stl.h:148:3:148:14 | basic_string | 0 | const class:0 * |
-| stl.h:148:3:148:14 | basic_string | 1 | const class:2 & |
-| stl.h:149:33:149:44 | basic_string | 0 | func:0 |
-| stl.h:149:33:149:44 | basic_string | 1 | func:0 |
-| stl.h:149:33:149:44 | basic_string | 2 | const class:2 & |
-| stl.h:165:8:165:16 | push_back | 0 | class:0 |
+| stl.h:148:3:148:14 | basic_string | 0 | const class:2 & |
+| stl.h:149:33:149:44 | basic_string | 0 | const class:0 * |
+| stl.h:149:33:149:44 | basic_string | 1 | const class:2 & |
+| stl.h:151:16:151:20 | c_str | 0 | func:0 |
+| stl.h:151:16:151:20 | c_str | 1 | func:0 |
+| stl.h:151:16:151:20 | c_str | 2 | const class:2 & |
 | stl.h:173:13:173:22 | operator[] | 0 | size_type |
 | stl.h:175:13:175:14 | at | 0 | size_type |
-| stl.h:176:35:176:44 | operator+= | 0 | const func:0 & |
-| stl.h:176:35:176:44 | operator+= | 0 | const func:0 & |
-| stl.h:177:17:177:26 | operator+= | 0 | const class:0 * |
-| stl.h:178:17:178:22 | append | 0 | const basic_string & |
-| stl.h:179:17:179:22 | append | 0 | const class:0 * |
-| stl.h:180:17:180:22 | append | 0 | size_type |
-| stl.h:180:17:180:22 | append | 1 | class:0 |
-| stl.h:181:47:181:52 | append | 0 | func:0 |
-| stl.h:181:47:181:52 | append | 1 | func:0 |
-| stl.h:182:17:182:22 | assign | 0 | const basic_string & |
-| stl.h:183:17:183:22 | assign | 0 | size_type |
-| stl.h:183:17:183:22 | assign | 1 | class:0 |
-| stl.h:184:47:184:52 | assign | 0 | func:0 |
-| stl.h:184:47:184:52 | assign | 1 | func:0 |
-| stl.h:185:17:185:22 | insert | 0 | size_type |
-| stl.h:185:17:185:22 | insert | 1 | const basic_string & |
+| stl.h:176:35:176:44 | operator+= | 0 | size_type |
+| stl.h:176:35:176:44 | operator+= | 0 | size_type |
+| stl.h:177:17:177:26 | operator+= | 0 | const func:0 & |
+| stl.h:178:17:178:22 | append | 0 | const class:0 * |
+| stl.h:179:17:179:22 | append | 0 | const basic_string & |
+| stl.h:180:17:180:22 | append | 0 | const class:0 * |
+| stl.h:181:47:181:52 | append | 0 | size_type |
+| stl.h:181:47:181:52 | append | 1 | class:0 |
+| stl.h:182:17:182:22 | assign | 0 | func:0 |
+| stl.h:182:17:182:22 | assign | 1 | func:0 |
+| stl.h:183:17:183:22 | assign | 0 | const basic_string & |
+| stl.h:184:47:184:52 | assign | 0 | size_type |
+| stl.h:184:47:184:52 | assign | 1 | class:0 |
+| stl.h:185:17:185:22 | insert | 0 | func:0 |
+| stl.h:185:17:185:22 | insert | 1 | func:0 |
 | stl.h:186:17:186:22 | insert | 0 | size_type |
-| stl.h:186:17:186:22 | insert | 1 | size_type |
-| stl.h:186:17:186:22 | insert | 2 | class:0 |
+| stl.h:186:17:186:22 | insert | 1 | const basic_string & |
 | stl.h:187:17:187:22 | insert | 0 | size_type |
-| stl.h:187:17:187:22 | insert | 1 | const class:0 * |
-| stl.h:188:12:188:17 | insert | 0 | const_iterator |
-| stl.h:188:12:188:17 | insert | 1 | size_type |
-| stl.h:188:12:188:17 | insert | 2 | class:0 |
+| stl.h:187:17:187:22 | insert | 1 | size_type |
+| stl.h:187:17:187:22 | insert | 2 | class:0 |
+| stl.h:188:12:188:17 | insert | 0 | size_type |
+| stl.h:188:12:188:17 | insert | 1 | const class:0 * |
 | stl.h:189:42:189:47 | insert | 0 | const_iterator |
-| stl.h:189:42:189:47 | insert | 1 | func:0 |
-| stl.h:189:42:189:47 | insert | 2 | func:0 |
-| stl.h:190:17:190:23 | replace | 0 | size_type |
-| stl.h:190:17:190:23 | replace | 1 | size_type |
-| stl.h:190:17:190:23 | replace | 2 | const basic_string & |
+| stl.h:189:42:189:47 | insert | 1 | size_type |
+| stl.h:189:42:189:47 | insert | 2 | class:0 |
+| stl.h:190:17:190:23 | replace | 0 | const_iterator |
+| stl.h:190:17:190:23 | replace | 1 | func:0 |
+| stl.h:190:17:190:23 | replace | 2 | func:0 |
 | stl.h:191:17:191:23 | replace | 0 | size_type |
 | stl.h:191:17:191:23 | replace | 1 | size_type |
-| stl.h:191:17:191:23 | replace | 2 | size_type |
-| stl.h:191:17:191:23 | replace | 3 | class:0 |
-| stl.h:192:13:192:16 | copy | 0 | class:0 * |
+| stl.h:191:17:191:23 | replace | 2 | const basic_string & |
+| stl.h:192:13:192:16 | copy | 0 | size_type |
 | stl.h:192:13:192:16 | copy | 1 | size_type |
 | stl.h:192:13:192:16 | copy | 2 | size_type |
-| stl.h:194:16:194:21 | substr | 0 | size_type |
-| stl.h:194:16:194:21 | substr | 1 | size_type |
-| stl.h:195:8:195:11 | swap | 0 | basic_string & |
+| stl.h:192:13:192:16 | copy | 3 | class:0 |
+| stl.h:193:8:193:12 | clear | 0 | class:0 * |
+| stl.h:193:8:193:12 | clear | 1 | size_type |
+| stl.h:193:8:193:12 | clear | 2 | size_type |
+| stl.h:195:8:195:11 | swap | 0 | size_type |
+| stl.h:195:8:195:11 | swap | 1 | size_type |
 | stl.h:198:94:198:102 | operator+ | 0 | const basic_string & |
 | stl.h:198:94:198:102 | operator+ | 1 | const basic_string & |
 | stl.h:199:94:199:102 | operator+ | 0 | const basic_string & |
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 1.7.68
-
-No user-facing changes.
-
 ## 1.7.67

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.68.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.68.md
@@ -1,3 +0,0 @@
-## 1.7.68
-
-No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.68
+lastReleaseVersion: 1.7.67
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.69-dev
+version: 1.7.68-dev
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 1.7.68
-
-No user-facing changes.
-
 ## 1.7.67

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.68.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.68.md
@@ -1,3 +0,0 @@
-## 1.7.68
-
-No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.68
+lastReleaseVersion: 1.7.67
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.69-dev
+version: 1.7.68-dev
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,10 +1,3 @@
-## 6.0.2
-
-### Minor Analysis Improvements
-
-* Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. The QL library and data flow analysis now support the new C# 14 language constructs and include generated Models as Data (MaD) models for the .NET 10 runtime.
-* C# 14: Added support for user-defined instance increment/decrement operators.
-
 ## 6.0.1

 No user-facing changes.
--- a/csharp/ql/lib/change-notes/2026-05-12-user-increment-decrement.md
+++ b/csharp/ql/lib/change-notes/2026-05-12-user-increment-decrement.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* C# 14: Added support for user-defined instance increment/decrement operators.
--- a/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md
+++ b/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md
@@ -1,6 +1,4 @@
-## 6.0.2
-
-### Minor Analysis Improvements
-
+---
+category: minorAnalysis
+---
 * Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. The QL library and data flow analysis now support the new C# 14 language constructs and include generated Models as Data (MaD) models for the .NET 10 runtime.
-* C# 14: Added support for user-defined instance increment/decrement operators.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.0.2
+lastReleaseVersion: 6.0.1
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 6.0.3-dev
+version: 6.0.2-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 1.7.4
-
-No user-facing changes.
-
 ## 1.7.3

 No user-facing changes.
--- a/csharp/ql/src/change-notes/released/1.7.4.md
+++ b/csharp/ql/src/change-notes/released/1.7.4.md
@@ -1,3 +0,0 @@
-## 1.7.4
-
-No user-facing changes.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.4
+lastReleaseVersion: 1.7.3
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.7.5-dev
+version: 1.7.4-dev
 groups:
  - csharp
  - queries
--- a/docs/codeql/reusables/supported-versions-compilers.rst
+++ b/docs/codeql/reusables/supported-versions-compilers.rst
@@ -21,7 +21,7 @@
   Java,"Java 7 to 26 [6]_","javac (OpenJDK and Oracle JDK),

   Eclipse compiler for Java (ECJ) [7]_",``.java``
-   Kotlin,"Kotlin 2.0.0 to 2.4.\ *x*","kotlinc",``.kt``
+   Kotlin,"Kotlin 1.8.0 to 2.3.2\ *x*","kotlinc",``.kt``
   JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [8]_"
   Python [9]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py``
   Ruby [10]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 1.0.51
-
-No user-facing changes.
-
 ## 1.0.50

 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/1.0.51.md
+++ b/go/ql/consistency-queries/change-notes/released/1.0.51.md
@@ -1,3 +0,0 @@
-## 1.0.51
-
-No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.51
+lastReleaseVersion: 1.0.50
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.52-dev
+version: 1.0.51-dev
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 7.1.2
-
-No user-facing changes.
-
 ## 7.1.1

 No user-facing changes.
--- a/go/ql/lib/change-notes/2026-06-01-non-returning-functions.md
+++ b/go/ql/lib/change-notes/2026-06-01-non-returning-functions.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* More logging functions are now recognized as not returning or panicking.
--- a/go/ql/lib/change-notes/released/7.1.2.md
+++ b/go/ql/lib/change-notes/released/7.1.2.md
@@ -1,3 +0,0 @@
-## 7.1.2
-
-No user-facing changes.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.1.2
+lastReleaseVersion: 7.1.1
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 7.1.3-dev
+version: 7.1.2-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/lib/semmle/go/Concepts.qll
+++ b/go/ql/lib/semmle/go/Concepts.qll
@@ -413,13 +413,17 @@ private class ExternalLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
  }
 }

-private class HeuristicLoggerFunction extends Method {
-  string logFunctionPrefix;
-
-  HeuristicLoggerFunction() {
-    exists(string tp, string name |
-      this.hasQualifiedName(_, tp, name) and
-      this.getReceiverBaseType().getUnderlyingType() instanceof InterfaceType
+/**
+ * A call to an interface that looks like a logger. It is common to use a
+ * locally-defined interface for logging to make it easy to changing logging
+ * library.
+ */
+private class HeuristicLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
+  HeuristicLoggerCall() {
+    exists(Method m, string tp, string logFunctionPrefix, string name |
+      m = this.getTarget() and
+      m.hasQualifiedName(_, tp, name) and
+      m.getReceiverBaseType().getUnderlyingType() instanceof InterfaceType
    |
      tp.regexpMatch(".*[lL]ogger") and
      logFunctionPrefix =
@@ -431,19 +435,6 @@ private class HeuristicLoggerFunction extends Method {
    )
  }

-  override predicate mayReturnNormally() { logFunctionPrefix != "Fatal" }
-
-  override predicate mustPanic() { logFunctionPrefix = "Panic" }
-}
-
-/**
- * A call to an interface that looks like a logger. It is common to use a
- * locally-defined interface for logging to make it easy to change logging
- * library.
- */
-private class HeuristicLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
-  HeuristicLoggerCall() { this.getTarget() instanceof HeuristicLoggerFunction }
-
  override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
 }

--- a/go/ql/lib/semmle/go/frameworks/Glog.qll
+++ b/go/ql/lib/semmle/go/frameworks/Glog.qll
@@ -12,37 +12,17 @@ import go
 * forks.
 */
 module Glog {
-  /** Gets a package name for `glog` or `klog` (which is a fork). */
-  string packagePath() {
-    result =
-      package([
-          "github.com/golang/glog", "gopkg.in/glog", "k8s.io/klog", "github.com/barakmich/glog"
-        ], "")
-  }
-
  private class GlogFunction extends Function {
    int firstPrintedArg;
-    string format;
-    string level;

    GlogFunction() {
-      exists(string pkg, string context, int nContextArgs, string depth, int nDepthArgs, string fn |
-        pkg = packagePath() and
+      exists(string pkg, string fn, string level |
+        pkg = package(["github.com/golang/glog", "gopkg.in/glog", "k8s.io/klog"], "") and
        level = ["Error", "Exit", "Fatal", "Info", "Warning"] and
        (
-          context = "" and nContextArgs = 0
+          fn = level + ["", "f", "ln"] and firstPrintedArg = 0
          or
-          context = "Context" and nContextArgs = 1
-        ) and
-        (
-          depth = "" and nDepthArgs = 0
-          or
-          depth = "Depth" and nDepthArgs = 1
-        ) and
-        format = ["", "f", "ln"] and
-        (
-          fn = level + context + depth + format and
-          firstPrintedArg = nContextArgs + nDepthArgs
+          fn = level + "Depth" and firstPrintedArg = 1
        )
      |
        this.hasQualifiedName(pkg, fn)
@@ -55,15 +35,10 @@ module Glog {
     * Gets the index of the first argument that may be output, including a format string if one is present.
     */
    int getFirstPrintedArg() { result = firstPrintedArg }
-
-    /** Holds if this function takes a format string. */
-    predicate formatter() { format = "f" }
-
-    override predicate mayReturnNormally() { level != "Fatal" and level != "Exit" }
  }

  private class StringFormatter extends StringOps::Formatting::Range instanceof GlogFunction {
-    StringFormatter() { this.formatter() }
+    StringFormatter() { this.getName().matches("%f") }

    override int getFormatStringIndex() { result = super.getFirstPrintedArg() }
  }
--- a/go/ql/lib/semmle/go/frameworks/Logrus.qll
+++ b/go/ql/lib/semmle/go/frameworks/Logrus.qll
@@ -28,12 +28,6 @@ module Logrus {
        this.(Method).hasQualifiedName(packagePath(), ["Entry", "Logger"], name)
      )
    }
-
-    override predicate mayReturnNormally() {
-      not exists(string level, string suffix | level = ["Fatal", "Panic"] |
-        this.getName() = level + suffix
-      )
-    }
  }

  private class StringFormatters extends StringOps::Formatting::Range instanceof LogFunction {
--- a/go/ql/lib/semmle/go/frameworks/Zap.qll
+++ b/go/ql/lib/semmle/go/frameworks/Zap.qll
@@ -47,7 +47,7 @@ module Zap {
  }

  /** A Zap logging function which always panics. */
-  private class FatalLogMethod extends ZapFunction {
+  private class FatalLogMethod extends Method {
    FatalLogMethod() {
      this.hasQualifiedName(packagePath(), "Logger", "Fatal")
      or
@@ -58,7 +58,7 @@ module Zap {
  }

  /** A Zap logging function which always panics. */
-  private class MustPanicLogMethod extends ZapFunction {
+  private class MustPanicLogMethod extends Method {
    MustPanicLogMethod() {
      this.hasQualifiedName(packagePath(), "Logger", "Panic")
      or
--- a/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll
+++ b/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll
@@ -29,37 +29,18 @@ module Log {
  }

  private class LogFormatter extends StringOps::Formatting::Range instanceof LogFunction {
-    LogFormatter() { this.getName() = ["Fatalf", "Panicf", "Printf", "Panic", "Panicf", "Panicln"] }
+    LogFormatter() { this.getName() = ["Fatalf", "Panicf", "Printf"] }

    override int getFormatStringIndex() { result = 0 }
  }

  /** A fatal log function, which calls `os.Exit`. */
  private class FatalLogFunction extends Function {
-    FatalLogFunction() {
-      exists(string fn | fn = ["Fatal", "Fatalf", "Fatalln"] |
-        this.hasQualifiedName("log", fn)
-        or
-        this.(Method).hasQualifiedName("log", "Logger", fn)
-      )
-    }
+    FatalLogFunction() { this.hasQualifiedName("log", ["Fatal", "Fatalf", "Fatalln"]) }

    override predicate mayReturnNormally() { none() }
  }

-  /** A log function which must panic. */
-  private class PanicLogFunction extends Function {
-    PanicLogFunction() {
-      exists(string fn | fn = ["Panic", "Panicf", "Panicln"] |
-        this.hasQualifiedName("log", fn)
-        or
-        this.(Method).hasQualifiedName("log", "Logger", fn)
-      )
-    }
-
-    override predicate mustPanic() { any() }
-  }
-
  // These models are not implemented using Models-as-Data because they represent reverse flow.
  private class FunctionModels extends TaintTracking::FunctionModel {
    FunctionInput inp;
@@ -82,6 +63,30 @@ module Log {
    FunctionOutput outp;

    MethodModels() {
+      // signature: func (*Logger) Fatal(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Fatal") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Fatalf(format string, v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Fatalf") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Fatalln(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Fatalln") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Panic(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Panic") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Panicf(format string, v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Panicf") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Panicln(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Panicln") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
      // signature: func (*Logger) Print(v ...interface{})
      this.hasQualifiedName("log", "Logger", "Print") and
      (inp.isParameter(_) and outp.isReceiver())
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 1.6.4
-
-No user-facing changes.
-
 ## 1.6.3

 No user-facing changes.
--- a/go/ql/src/change-notes/released/1.6.4.md
+++ b/go/ql/src/change-notes/released/1.6.4.md
@@ -1,3 +0,0 @@
-## 1.6.4
-
-No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.4
+lastReleaseVersion: 1.6.3
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.6.5-dev
+version: 1.6.4-dev
 groups:
  - go
  - queries
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go
@@ -1,181 +1,54 @@
-//go:generate depstubber -vendor github.com/golang/glog Level,Verbose Error,ErrorContext,ErrorContextDepth,ErrorContextDepthf,ErrorContextf,ErrorDepth,ErrorDepthf,Errorf,Errorln,Exit,ExitContext,ExitContextDepth,ExitContextDepthf,ExitContextf,ExitDepth,ExitDepthf,Exitf,Exitln,Fatal,FatalContext,FatalContextDepth,FatalContextDepthf,FatalContextf,FatalDepth,FatalDepthf,Fatalf,Fatalln,Info,InfoContext,InfoContextDepth,InfoContextDepthf,InfoContextf,InfoDepth,InfoDepthf,Infof,Infoln,V,VDepth,Warning,WarningContext,WarningContextDepth,WarningContextDepthf,WarningContextf,WarningDepth,WarningDepthf,Warningf,Warningln
-//go:generate depstubber -vendor k8s.io/klog Level,Verbose Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,V,Warning,WarningDepth,Warningf,Warningln
+//go:generate depstubber -vendor github.com/golang/glog "" Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln
+//go:generate depstubber -vendor k8s.io/klog "" Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln

 package main

 import (
-	"context"
-
 	"github.com/golang/glog"
 	"k8s.io/klog"
 )

-func glogTest(selector int) {
-	ctx := context.Background()
-
-	glog.Error(text)                           // $ logger=text
-	glog.ErrorContext(ctx, text)               // $ logger=text
-	glog.ErrorContextDepth(ctx, 0, text)       // $ logger=text
-	glog.ErrorContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	glog.ErrorContextf(ctx, fmt, text)         // $ logger=fmt logger=text
-	glog.ErrorDepth(0, text)                   // $ logger=text
-	glog.ErrorDepthf(0, fmt, text)             // $ logger=fmt logger=text
-	glog.Errorf(fmt, text)                     // $ logger=fmt logger=text
-	glog.Errorln(text)                         // $ logger=text
-	if selector == 1 {
-		glog.Exit(text) // $ logger=text
-	}
-	if selector == 2 {
-		glog.ExitContext(ctx, text) // $ logger=text
-	}
-	if selector == 3 {
-		glog.ExitContextDepth(ctx, 0, text) // $ logger=text
-	}
-	if selector == 4 {
-		glog.ExitContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 5 {
-		glog.ExitContextf(ctx, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 6 {
-		glog.ExitDepth(0, text) // $ logger=text
-	}
-	if selector == 7 {
-		glog.ExitDepthf(0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 8 {
-		glog.Exitf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 9 {
-		glog.Exitln(text) // $ logger=text
-	}
-	if selector == 10 {
-		glog.Fatal(text) // $ logger=text
-	}
-	if selector == 11 {
-		glog.FatalContext(ctx, text) // $ logger=text
-	}
-	if selector == 12 {
-		glog.FatalContextDepth(ctx, 0, text) // $ logger=text
-	}
-	if selector == 13 {
-		glog.FatalContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 14 {
-		glog.FatalContextf(ctx, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 15 {
-		glog.FatalDepth(0, text) // $ logger=text
-	}
-	if selector == 16 {
-		glog.FatalDepthf(0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 17 {
-		glog.Fatalf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 18 {
-		glog.Fatalln(text) // $ logger=text
-	}
-	glog.Info(text)                              // $ logger=text
-	glog.InfoContext(ctx, text)                  // $ logger=text
-	glog.InfoContextDepth(ctx, 0, text)          // $ logger=text
-	glog.InfoContextDepthf(ctx, 0, fmt, text)    // $ logger=fmt logger=text
-	glog.InfoContextf(ctx, fmt, text)            // $ logger=fmt logger=text
-	glog.InfoDepth(0, text)                      // $ logger=text
-	glog.InfoDepthf(0, fmt, text)                // $ logger=fmt logger=text
-	glog.Infof(fmt, text)                        // $ logger=fmt logger=text
-	glog.Infoln(text)                            // $ logger=text
-	glog.Warning(text)                           // $ logger=text
-	glog.WarningContext(ctx, text)               // $ logger=text
-	glog.WarningContextDepth(ctx, 0, text)       // $ logger=text
-	glog.WarningContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	glog.WarningContextf(ctx, fmt, text)         // $ logger=fmt logger=text
-	glog.WarningDepth(0, text)                   // $ logger=text
-	glog.WarningDepthf(0, fmt, text)             // $ logger=fmt logger=text
-	glog.Warningf(fmt, text)                     // $ logger=fmt logger=text
-	glog.Warningln(text)                         // $ logger=text
-
-	glog.V(0).Info(text)                           // $ logger=text
-	glog.V(0).InfoContext(ctx, text)               // $ logger=text
-	glog.V(0).InfoContextDepth(ctx, 0, text)       // $ logger=text
-	glog.V(0).InfoContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	glog.V(0).InfoContextf(ctx, fmt, text)         // $ logger=fmt logger=text
-	glog.V(0).InfoDepth(0, text)                   // $ logger=text
-	glog.V(0).InfoDepthf(0, fmt, text)             // $ logger=fmt logger=text
-	glog.V(0).Infof(fmt, text)                     // $ logger=fmt logger=text
-	glog.V(0).Infoln(text)                         // $ logger=text
-	glog.VDepth(0, 0).Info(text)                   // $ logger=text
+func glogTest() {
+	glog.Error(text)           // $ logger=text
+	glog.ErrorDepth(0, text)   // $ logger=text
+	glog.Errorf(fmt, text)     // $ logger=fmt logger=text
+	glog.Errorln(text)         // $ logger=text
+	glog.Exit(text)            // $ logger=text
+	glog.ExitDepth(0, text)    // $ logger=text
+	glog.Exitf(fmt, text)      // $ logger=fmt logger=text
+	glog.Exitln(text)          // $ logger=text
+	glog.Fatal(text)           // $ logger=text
+	glog.FatalDepth(0, text)   // $ logger=text
+	glog.Fatalf(fmt, text)     // $ logger=fmt logger=text
+	glog.Fatalln(text)         // $ logger=text
+	glog.Info(text)            // $ logger=text
+	glog.InfoDepth(0, text)    // $ logger=text
+	glog.Infof(fmt, text)      // $ logger=fmt logger=text
+	glog.Infoln(text)          // $ logger=text
+	glog.Warning(text)         // $ logger=text
+	glog.WarningDepth(0, text) // $ logger=text
+	glog.Warningf(fmt, text)   // $ logger=fmt logger=text
+	glog.Warningln(text)       // $ logger=text

 	// components corresponding to the format specifier "%T" are not considered vulnerable
-	glog.ErrorContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.ErrorContextf(ctx, "%s: found type %T", text, v)         // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.ErrorDepthf(0, "%s: found type %T", text, v)             // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.Errorf("%s: found type %T", text, v)                     // $ logger="%s: found type %T" logger=text type-logger=v
-	if selector == 19 {
-		glog.ExitContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 20 {
-		glog.ExitContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 21 {
-		glog.ExitDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 22 {
-		glog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 23 {
-		glog.FatalContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 24 {
-		glog.FatalContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 25 {
-		glog.FatalDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 26 {
-		glog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	glog.InfoContextDepthf(ctx, 0, "%s: found type %T", text, v)      // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.InfoContextf(ctx, "%s: found type %T", text, v)              // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.InfoDepthf(0, "%s: found type %T", text, v)                  // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.Infof("%s: found type %T", text, v)                          // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.WarningContextDepthf(ctx, 0, "%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.WarningContextf(ctx, "%s: found type %T", text, v)           // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.WarningDepthf(0, "%s: found type %T", text, v)               // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.Warningf("%s: found type %T", text, v)                       // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).InfoContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).InfoContextf(ctx, "%s: found type %T", text, v)         // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).InfoDepthf(0, "%s: found type %T", text, v)             // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).Infof("%s: found type %T", text, v)                     // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Errorf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Exitf("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Fatalf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Infof("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v

-	klog.Error(text)         // $ logger=text
-	klog.ErrorDepth(0, text) // $ logger=text
-	klog.Errorf(fmt, text)   // $ logger=fmt logger=text
-	klog.Errorln(text)       // $ logger=text
-	if selector == 27 {
-		klog.Exit(text) // $ logger=text
-	}
-	if selector == 28 {
-		klog.ExitDepth(0, text) // $ logger=text
-	}
-	if selector == 29 {
-		klog.Exitf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 30 {
-		klog.Exitln(text) // $ logger=text
-	}
-	if selector == 31 {
-		klog.Fatal(text) // $ logger=text
-	}
-	if selector == 32 {
-		klog.FatalDepth(0, text) // $ logger=text
-	}
-	if selector == 33 {
-		klog.Fatalf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 34 {
-		klog.Fatalln(text) // $ logger=text
-	}
+	klog.Error(text)           // $ logger=text
+	klog.ErrorDepth(0, text)   // $ logger=text
+	klog.Errorf(fmt, text)     // $ logger=fmt logger=text
+	klog.Errorln(text)         // $ logger=text
+	klog.Exit(text)            // $ logger=text
+	klog.ExitDepth(0, text)    // $ logger=text
+	klog.Exitf(fmt, text)      // $ logger=fmt logger=text
+	klog.Exitln(text)          // $ logger=text
+	klog.Fatal(text)           // $ logger=text
+	klog.FatalDepth(0, text)   // $ logger=text
+	klog.Fatalf(fmt, text)     // $ logger=fmt logger=text
+	klog.Fatalln(text)         // $ logger=text
 	klog.Info(text)            // $ logger=text
 	klog.InfoDepth(0, text)    // $ logger=text
 	klog.Infof(fmt, text)      // $ logger=fmt logger=text
@@ -184,19 +57,11 @@ func glogTest(selector int) {
 	klog.WarningDepth(0, text) // $ logger=text
 	klog.Warningf(fmt, text)   // $ logger=fmt logger=text
 	klog.Warningln(text)       // $ logger=text
-	klog.V(0).Info(text)       // $ logger=text
-	klog.V(0).Infof(fmt, text) // $ logger=fmt logger=text
-	klog.V(0).Infoln(text)     // $ logger=text

 	// components corresponding to the format specifier "%T" are not considered vulnerable
-	klog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	if selector == 35 {
-		klog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 36 {
-		klog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	klog.Infof("%s: found type %T", text, v)      // $ logger="%s: found type %T" logger=text type-logger=v
-	klog.Warningf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
-	klog.V(0).Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Errorf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Exitf("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Fatalf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Infof("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
 }
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/go.mod
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/go.mod
@@ -3,7 +3,7 @@ module codeql-go-tests/concepts/loggercall
 go 1.15

 require (
-	github.com/golang/glog v1.2.5
+	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/sirupsen/logrus v1.7.0
 	k8s.io/klog v1.0.0
 )
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go
@@ -6,6 +6,5 @@ const text = "test"
 var v []byte

 func main() {
-	glogTest(len(v))
 	stdlib()
 }
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go
@@ -2,125 +2,47 @@
 // This is a simple stub for github.com/golang/glog, strictly for use in testing.

 // See the LICENSE file for information about the licensing of the original library.
-// Source: github.com/golang/glog (exports: Level,Verbose; functions: Error,ErrorContext,ErrorContextDepth,ErrorContextDepthf,ErrorContextf,ErrorDepth,ErrorDepthf,Errorf,Errorln,Exit,ExitContext,ExitContextDepth,ExitContextDepthf,ExitContextf,ExitDepth,ExitDepthf,Exitf,Exitln,Fatal,FatalContext,FatalContextDepth,FatalContextDepthf,FatalContextf,FatalDepth,FatalDepthf,Fatalf,Fatalln,Info,InfoContext,InfoContextDepth,InfoContextDepthf,InfoContextf,InfoDepth,InfoDepthf,Infof,Infoln,V,VDepth,Warning,WarningContext,WarningContextDepth,WarningContextDepthf,WarningContextf,WarningDepth,WarningDepthf,Warningf,Warningln)
+// Source: github.com/golang/glog (exports: ; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln)

 // Package glog is a stub of github.com/golang/glog, generated by depstubber.
 package glog

-import "context"
-
-type Level int32
-
-type Verbose bool
-
 func Error(_ ...interface{}) {}

-func ErrorContext(_ context.Context, _ ...interface{}) {}
-
-func ErrorContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func ErrorContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func ErrorContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func ErrorDepth(_ int, _ ...interface{}) {}

-func ErrorDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Errorf(_ string, _ ...interface{}) {}

 func Errorln(_ ...interface{}) {}

 func Exit(_ ...interface{}) {}

-func ExitContext(_ context.Context, _ ...interface{}) {}
-
-func ExitContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func ExitContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func ExitContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func ExitDepth(_ int, _ ...interface{}) {}

-func ExitDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Exitf(_ string, _ ...interface{}) {}

 func Exitln(_ ...interface{}) {}

 func Fatal(_ ...interface{}) {}

-func FatalContext(_ context.Context, _ ...interface{}) {}
-
-func FatalContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func FatalContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func FatalContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func FatalDepth(_ int, _ ...interface{}) {}

-func FatalDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Fatalf(_ string, _ ...interface{}) {}

 func Fatalln(_ ...interface{}) {}

 func Info(_ ...interface{}) {}

-func InfoContext(_ context.Context, _ ...interface{}) {}
-
-func InfoContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func InfoContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func InfoContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func InfoDepth(_ int, _ ...interface{}) {}

-func InfoDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Infof(_ string, _ ...interface{}) {}

 func Infoln(_ ...interface{}) {}

-func V(_ Level) Verbose { return false }
-
-func VDepth(_ int, _ Level) Verbose { return false }
-
 func Warning(_ ...interface{}) {}

-func WarningContext(_ context.Context, _ ...interface{}) {}
-
-func WarningContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func WarningContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func WarningContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func WarningDepth(_ int, _ ...interface{}) {}

-func WarningDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Warningf(_ string, _ ...interface{}) {}

 func Warningln(_ ...interface{}) {}
-
-func (_ Verbose) Info(_ ...interface{}) {}
-
-func (_ Verbose) InfoContext(_ context.Context, _ ...interface{}) {}
-
-func (_ Verbose) InfoContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func (_ Verbose) InfoContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func (_ Verbose) InfoContextf(_ context.Context, _ string, _ ...interface{}) {}
-
-func (_ Verbose) InfoDepth(_ int, _ ...interface{}) {}
-
-func (_ Verbose) InfoDepthf(_ int, _ string, _ ...interface{}) {}
-
-func (_ Verbose) Infof(_ string, _ ...interface{}) {}
-
-func (_ Verbose) Infoln(_ ...interface{}) {}
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go
@@ -2,15 +2,11 @@
 // This is a simple stub for k8s.io/klog, strictly for use in testing.

 // See the LICENSE file for information about the licensing of the original library.
-// Source: k8s.io/klog (exports: Level,Verbose; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,V,Warning,WarningDepth,Warningf,Warningln)
+// Source: k8s.io/klog (exports: ; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln)

 // Package klog is a stub of k8s.io/klog, generated by depstubber.
 package klog

-type Level int32
-
-type Verbose bool
-
 func Error(_ ...interface{}) {}

 func ErrorDepth(_ int, _ ...interface{}) {}
@@ -43,8 +39,6 @@ func Infof(_ string, _ ...interface{}) {}

 func Infoln(_ ...interface{}) {}

-func V(_ Level) Verbose { return false }
-
 func Warning(_ ...interface{}) {}

 func WarningDepth(_ int, _ ...interface{}) {}
@@ -52,9 +46,3 @@ func WarningDepth(_ int, _ ...interface{}) {}
 func Warningf(_ string, _ ...interface{}) {}

 func Warningln(_ ...interface{}) {}
-
-func (_ Verbose) Info(_ ...interface{}) {}
-
-func (_ Verbose) Infof(_ string, _ ...interface{}) {}
-
-func (_ Verbose) Infoln(_ ...interface{}) {}
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt
@@ -1,4 +1,4 @@
-# github.com/golang/glog v1.2.5
+# github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 ## explicit
 github.com/golang/glog
 # github.com/sirupsen/logrus v1.7.0
--- a/go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/NoretFunctions.expected
+++ b/go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/NoretFunctions.expected
@@ -1,21 +1,11 @@
-| file://:0:0:0:0 | Exit | os.Exit |
-| file://:0:0:0:0 | Fatal | log.Fatal |
-| file://:0:0:0:0 | Fatal | log.Logger.Fatal |
-| file://:0:0:0:0 | Fatalf | log.Fatalf |
-| file://:0:0:0:0 | Fatalf | log.Logger.Fatalf |
-| file://:0:0:0:0 | Fatalln | log.Fatalln |
-| file://:0:0:0:0 | Fatalln | log.Logger.Fatalln |
-| file://:0:0:0:0 | Panic | log.Logger.Panic |
-| file://:0:0:0:0 | Panic | log.Panic |
-| file://:0:0:0:0 | Panicf | log.Logger.Panicf |
-| file://:0:0:0:0 | Panicf | log.Panicf |
-| file://:0:0:0:0 | Panicln | log.Logger.Panicln |
-| file://:0:0:0:0 | Panicln | log.Panicln |
-| file://:0:0:0:0 | panic | panic |
-| noretfunctions.go:8:6:8:12 | isNoRet | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.isNoRet |
-| noretfunctions.go:20:6:20:22 | noRetUsesLogFatal | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.noRetUsesLogFatal |
-| noretfunctions.go:24:6:24:23 | noRetUsesLogFatalf | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.noRetUsesLogFatalf |
-| stmts7.go:10:6:10:15 | canRecover | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.canRecover |
-| stmts.go:10:6:10:10 | test5 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test5 |
-| stmts.go:46:6:46:10 | test6 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test6 |
-| stmts.go:112:6:112:10 | test9 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test9 |
+| file://:0:0:0:0 | Exit | package os |
+| file://:0:0:0:0 | Fatal | package log |
+| file://:0:0:0:0 | Fatalf | package log |
+| file://:0:0:0:0 | Fatalln | package log |
+| noretfunctions.go:8:6:8:12 | isNoRet | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| noretfunctions.go:20:6:20:22 | noRetUsesLogFatal | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| noretfunctions.go:24:6:24:23 | noRetUsesLogFatalf | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts7.go:10:6:10:15 | canRecover | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts.go:10:6:10:10 | test5 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts.go:46:6:46:10 | test6 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts.go:112:6:112:10 | test9 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
--- a/go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/NoretFunctions.ql
+++ b/go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/NoretFunctions.ql
@@ -2,4 +2,4 @@ import go

 from Function f
 where not f.mayReturnNormally()
-select f, f.getQualifiedName()
+select f, f.getPackage()
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql
@@ -9,9 +9,9 @@ import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 import utils.test.InlineFlowTest

 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") }
+  predicate isSource(DataFlow::Node src) { sourceNode(src, "qltest") }

-  predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") }
+  predicate isSink(DataFlow::Node src) { sinkNode(src, "qltest") }
 }

 import ValueFlowTest<Config>
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/CONSISTENCY/DataFlowConsistency.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/CONSISTENCY/DataFlowConsistency.expected
@@ -1,2 +0,0 @@
-reverseRead
-| main.go:23:3:23:5 | out | Origin of readStep is missing a PostUpdateNode. |
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go
@@ -4,7 +4,7 @@ func source() string {
 	return "untrusted data"
 }

-func sink(any) {
+func sink(string) {
 }

 type A struct {
@@ -19,10 +19,6 @@ func functionWithVarArgsParameter(s ...string) string {
 	return s[1]
 }

-func functionWithVarArgsOutParameter(in string, out ...*string) {
-	*out[0] = in
-}
-
 func functionWithSliceOfStructsParameter(s []A) string {
 	return s[1].f
 }
@@ -42,12 +38,6 @@ func main() {
 	sink(functionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to functionWithVarArgsParameter"
 	sink(functionWithVarArgsParameter(s0, s1))    // $ hasValueFlow="call to functionWithVarArgsParameter"

-	var out1 *string
-	var out2 *string
-	functionWithVarArgsOutParameter(source(), out1, out2)
-	sink(out1) // $ MISSING: hasValueFlow="out1"
-	sink(out2) // $ MISSING: hasValueFlow="out2"
-
 	sliceOfStructs := []A{{f: source()}}
 	sink(sliceOfStructs[0].f) // $ hasValueFlow="selection of f"

--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected
@@ -1,2 +0,0 @@
-invalidModelRow
-testFailures
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml
@@ -1,21 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: summaryModel
-    data:
-      - ["github.com/nonexistent/test", "", False, "FunctionWithParameter", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithSliceParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOutParameter", "", "", "Argument[0]", "Argument[1].ArrayElement", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithSliceOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sourceModel
-    data:
-      - ["github.com/nonexistent/test", "", False, "VariadicSource", "", "", "Argument[0]", "qltest", "manual"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["github.com/nonexistent/test", "", False, "VariadicSink", "", "", "Argument[0]", "qltest", "manual"]
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql
@@ -1,22 +0,0 @@
-import go
-import semmle.go.dataflow.ExternalFlow
-import ModelValidation
-import utils.test.InlineFlowTest
-
-module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    sourceNode(source, "qltest")
-    or
-    exists(Function fn | fn.hasQualifiedName(_, ["source", "taint"]) |
-      source = fn.getACall().getResult()
-    )
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sinkNode(sink, "qltest")
-    or
-    exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
-  }
-}
-
-import FlowTest<Config, Config>
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod
@@ -1,5 +0,0 @@
-module semmle.go.Packages
-
-go 1.25
-
-require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go
@@ -1,56 +0,0 @@
-package main
-
-import (
-	"github.com/nonexistent/test"
-)
-
-func source() string {
-	return "untrusted data"
-}
-
-func sink(any) {
-}
-
-func main() {
-	s := source()
-	sink(test.FunctionWithParameter(s)) // $ hasValueFlow="call to FunctionWithParameter"
-
-	stringSlice := []string{source()}
-	sink(stringSlice[0]) // $ hasValueFlow="index expression"
-
-	s0 := ""
-	s1 := source()
-	sSlice := []string{s0, s1}
-	sink(test.FunctionWithParameter(sSlice[1]))        // $ hasValueFlow="call to FunctionWithParameter"
-	sink(test.FunctionWithSliceParameter(sSlice))      // $ hasValueFlow="call to FunctionWithSliceParameter"
-	sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
-	sink(test.FunctionWithVarArgsParameter(s0, s1))    // $ hasValueFlow="call to FunctionWithVarArgsParameter"
-
-	var out1 *string
-	var out2 *string
-	test.FunctionWithVarArgsOutParameter(source(), out1, out2)
-	sink(out1) // $ MISSING: hasValueFlow="out1"
-	sink(out2) // $ MISSING: hasValueFlow="out2"
-
-	sliceOfStructs := []test.A{{Field: source()}}
-	sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
-
-	a0 := test.A{Field: ""}
-	a1 := test.A{Field: source()}
-	aSlice := []test.A{a0, a1}
-	sink(test.FunctionWithSliceOfStructsParameter(aSlice))      // $ hasValueFlow="call to FunctionWithSliceOfStructsParameter"
-	sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
-	sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1))    // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
-
-	var variadicSource string
-	test.VariadicSource(&variadicSource)
-	sink(variadicSource)  // $ MISSING: hasTaintFlow="variadicSource"
-	sink(&variadicSource) // $ MISSING: hasTaintFlow="&..."
-
-	var variadicSourcePtr *string
-	test.VariadicSource(variadicSourcePtr)
-	sink(variadicSourcePtr)  // $ MISSING: hasTaintFlow="variadicSourcePtr"
-	sink(*variadicSourcePtr) // $ MISSING: hasTaintFlow="star expression"
-
-	test.VariadicSink(source()) // $ hasTaintFlow="[]type{args}"
-}
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go
@@ -1,32 +0,0 @@
-package test
-
-type A struct {
-	Field string
-}
-
-func FunctionWithParameter(s string) string {
-	return ""
-}
-
-func FunctionWithSliceParameter(s []string) string {
-	return ""
-}
-
-func FunctionWithVarArgsParameter(s ...string) string {
-	return ""
-}
-
-func FunctionWithVarArgsOutParameter(in string, out ...*string) {
-}
-
-func FunctionWithSliceOfStructsParameter(s []A) string {
-	return ""
-}
-
-func FunctionWithVarArgsOfStructsParameter(s ...A) string {
-	return ""
-}
-
-func VariadicSource(s ...*string) {}
-
-func VariadicSink(s ...string) {}
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt
@@ -1,3 +0,0 @@
-# github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
-## explicit
-github.com/nonexistent/test
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql
@@ -20,9 +20,6 @@ class SummaryModelTest extends DataFlow::FunctionModel {
    this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsParameter") and
    (inp.isParameter(_) and outp.isResult())
    or
-    this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsOutParameter") and
-    (inp.isParameter(0) and outp.isParameter(any(int i | i >= 1)))
-    or
    this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithSliceOfStructsParameter") and
    (inp.isParameter(0) and outp.isResult())
    or
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod
@@ -1,5 +1,5 @@
 module semmle.go.Packages

-go 1.25
+go 1.17

 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go
@@ -8,7 +8,7 @@ func source() string {
 	return "untrusted data"
 }

-func sink(any) {
+func sink(string) {
 }

 func main() {
@@ -21,17 +21,10 @@ func main() {
 	s0 := ""
 	s1 := source()
 	sSlice := []string{s0, s1}
-	sink(test.FunctionWithParameter(sSlice[1]))           // $ hasValueFlow="call to FunctionWithParameter"
-	sink(test.FunctionWithSliceParameter(sSlice))         // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
-	sink(test.FunctionWithVarArgsParameter(sSlice...))    // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
-	randomFunctionWithMoreThanOneParameter(1, 2, 3, 4, 5) // This is needed to make the next line pass, because we need to have seen a call to a function with at least 2 parameters for ParameterInput to exist with index 1.
-	sink(test.FunctionWithVarArgsParameter(s0, s1))       // $ hasValueFlow="call to FunctionWithVarArgsParameter"
-
-	var out1 *string
-	var out2 *string
-	test.FunctionWithVarArgsOutParameter(source(), out1, out2)
-	sink(out1) // $ hasValueFlow="out1"
-	sink(out2) // $ hasValueFlow="out2"
+	sink(test.FunctionWithParameter(sSlice[1]))        // $ hasValueFlow="call to FunctionWithParameter"
+	sink(test.FunctionWithSliceParameter(sSlice))      // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
+	sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
+	sink(test.FunctionWithVarArgsParameter(s0, s1))    // $ MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"

 	sliceOfStructs := []test.A{{Field: source()}}
 	sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
@@ -44,6 +37,3 @@ func main() {
 	sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
 	sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1))    // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
 }
-
-func randomFunctionWithMoreThanOneParameter(i1, i2, i3, i4, i5 int) {
-}
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages
--- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go
@@ -16,9 +16,6 @@ func FunctionWithVarArgsParameter(s ...string) string {
 	return ""
 }

-func FunctionWithVarArgsOutParameter(in string, out ...*string) {
-}
-
 func FunctionWithSliceOfStructsParameter(s []A) string {
 	return ""
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Log.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Log.go
@@ -15,6 +15,62 @@ func TaintStepTest_LogNew_B0I0O0(sourceCQL interface{}) interface{} {
 	return intoWriter414
 }

+func TaintStepTest_LogLoggerFatal_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface518 := sourceCQL.(interface{})
+	var intoLogger650 log.Logger
+	intoLogger650.Fatal(fromInterface518)
+	return intoLogger650
+}
+
+func TaintStepTest_LogLoggerFatalf_B0I0O0(sourceCQL interface{}) interface{} {
+	fromString784 := sourceCQL.(string)
+	var intoLogger957 log.Logger
+	intoLogger957.Fatalf(fromString784, nil)
+	return intoLogger957
+}
+
+func TaintStepTest_LogLoggerFatalf_B0I1O0(sourceCQL interface{}) interface{} {
+	fromInterface520 := sourceCQL.(interface{})
+	var intoLogger443 log.Logger
+	intoLogger443.Fatalf("", fromInterface520)
+	return intoLogger443
+}
+
+func TaintStepTest_LogLoggerFatalln_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface127 := sourceCQL.(interface{})
+	var intoLogger483 log.Logger
+	intoLogger483.Fatalln(fromInterface127)
+	return intoLogger483
+}
+
+func TaintStepTest_LogLoggerPanic_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface989 := sourceCQL.(interface{})
+	var intoLogger982 log.Logger
+	intoLogger982.Panic(fromInterface989)
+	return intoLogger982
+}
+
+func TaintStepTest_LogLoggerPanicf_B0I0O0(sourceCQL interface{}) interface{} {
+	fromString417 := sourceCQL.(string)
+	var intoLogger584 log.Logger
+	intoLogger584.Panicf(fromString417, nil)
+	return intoLogger584
+}
+
+func TaintStepTest_LogLoggerPanicf_B0I1O0(sourceCQL interface{}) interface{} {
+	fromInterface991 := sourceCQL.(interface{})
+	var intoLogger881 log.Logger
+	intoLogger881.Panicf("", fromInterface991)
+	return intoLogger881
+}
+
+func TaintStepTest_LogLoggerPanicln_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface186 := sourceCQL.(interface{})
+	var intoLogger284 log.Logger
+	intoLogger284.Panicln(fromInterface186)
+	return intoLogger284
+}
+
 func TaintStepTest_LogLoggerPrint_B0I0O0(sourceCQL interface{}) interface{} {
 	fromInterface908 := sourceCQL.(interface{})
 	var intoLogger137 log.Logger
@@ -69,6 +125,46 @@ func RunAllTaints_Log() {
 		out := TaintStepTest_LogNew_B0I0O0(source)
 		sink(0, out)
 	}
+	{
+		source := newSource(1)
+		out := TaintStepTest_LogLoggerFatal_B0I0O0(source)
+		sink(1, out)
+	}
+	{
+		source := newSource(2)
+		out := TaintStepTest_LogLoggerFatalf_B0I0O0(source)
+		sink(2, out)
+	}
+	{
+		source := newSource(3)
+		out := TaintStepTest_LogLoggerFatalf_B0I1O0(source)
+		sink(3, out)
+	}
+	{
+		source := newSource(4)
+		out := TaintStepTest_LogLoggerFatalln_B0I0O0(source)
+		sink(4, out)
+	}
+	{
+		source := newSource(5)
+		out := TaintStepTest_LogLoggerPanic_B0I0O0(source)
+		sink(5, out)
+	}
+	{
+		source := newSource(6)
+		out := TaintStepTest_LogLoggerPanicf_B0I0O0(source)
+		sink(6, out)
+	}
+	{
+		source := newSource(7)
+		out := TaintStepTest_LogLoggerPanicf_B0I1O0(source)
+		sink(7, out)
+	}
+	{
+		source := newSource(8)
+		out := TaintStepTest_LogLoggerPanicln_B0I0O0(source)
+		sink(8, out)
+	}
 	{
 		source := newSource(9)
 		out := TaintStepTest_LogLoggerPrint_B0I0O0(source)
--- a/go/ql/test/query-tests/Security/CWE-117/CONSISTENCY/DataFlowConsistency.expected
+++ b/go/ql/test/query-tests/Security/CWE-117/CONSISTENCY/DataFlowConsistency.expected
@@ -3,9 +3,9 @@ reverseRead
 | LogInjection.go:33:14:33:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
 | LogInjection.go:34:18:34:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
 | LogInjection.go:35:14:35:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:551:14:551:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:559:14:559:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:567:14:567:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:602:14:602:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:603:14:603:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:828:12:828:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:447:14:447:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:455:14:455:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:463:14:463:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:498:14:498:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:499:14:499:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:724:12:724:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
--- a/go/ql/test/query-tests/Security/CWE-117/LogInjection.go
+++ b/go/ql/test/query-tests/Security/CWE-117/LogInjection.go
@@ -49,22 +49,22 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		log.Printf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		log.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"

-		if testFlag == "1" {
+		if testFlag == "true" {
 			log.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "2" {
+		if testFlag == "true" {
 			log.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "3" {
+		if testFlag == "true" {
 			log.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "4" {
+		if testFlag == "true" {
 			log.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "5" {
+		if testFlag == "true" {
 			log.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "6" {
+		if testFlag == "true" {
 			log.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}

@@ -72,24 +72,12 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger.Print("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
 		logger.Printf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		logger.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		if testFlag == "7" {
-			logger.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "8" {
-			logger.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "9" {
-			logger.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "10" {
-			logger.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "11" {
-			logger.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "12" {
-			logger.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
+		logger.Fatal("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Fatalf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		logger.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panic("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panicf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 	}
 	// k8s.io/klog
 	{
@@ -103,24 +91,12 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		klog.Error(username)     // $ hasTaintFlow="username"
 		klog.Errorf(username)    // $ hasTaintFlow="username"
 		klog.Errorln(username)   // $ hasTaintFlow="username"
-		if testFlag == "77" {
-			klog.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "78" {
-			klog.Fatalf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "79" {
-			klog.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "80" {
-			klog.Exit(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "81" {
-			klog.Exitf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "82" {
-			klog.Exitln(username) // $ hasTaintFlow="username"
-		}
+		klog.Fatal(username)     // $ hasTaintFlow="username"
+		klog.Fatalf(username)    // $ hasTaintFlow="username"
+		klog.Fatalln(username)   // $ hasTaintFlow="username"
+		klog.Exit(username)      // $ hasTaintFlow="username"
+		klog.Exitf(username)     // $ hasTaintFlow="username"
+		klog.Exitln(username)    // $ hasTaintFlow="username"
 	}
 	// astaxie/beego
 	{
@@ -185,30 +161,14 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		glog.ErrorDepth(0, username) // $ hasTaintFlow="username"
 		glog.Errorf(username)        // $ hasTaintFlow="username"
 		glog.Errorln(username)       // $ hasTaintFlow="username"
-		if testFlag == "83" {
-			glog.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "84" {
-			glog.FatalDepth(0, username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "85" {
-			glog.Fatalf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "86" {
-			glog.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "87" {
-			glog.Exit(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "88" {
-			glog.ExitDepth(0, username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "89" {
-			glog.Exitf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "90" {
-			glog.Exitln(username) // $ hasTaintFlow="username"
-		}
+		glog.Fatal(username)         // $ hasTaintFlow="username"
+		glog.FatalDepth(0, username) // $ hasTaintFlow="username"
+		glog.Fatalf(username)        // $ hasTaintFlow="username"
+		glog.Fatalln(username)       // $ hasTaintFlow="username"
+		glog.Exit(username)          // $ hasTaintFlow="username"
+		glog.ExitDepth(0, username)  // $ hasTaintFlow="username"
+		glog.Exitf(username)         // $ hasTaintFlow="username"
+		glog.Exitln(username)        // $ hasTaintFlow="username"

 	}
 	// sirupsen/logrus
@@ -219,42 +179,26 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger := logrus.New()
 		entry := logrus.NewEntry(logger)

-		logrus.Debug(username)      // $ hasTaintFlow="username"
-		logrus.Debugf(username, "") // $ hasTaintFlow="username"
-		logrus.Debugf("", username) // $ hasTaintFlow="username"
-		logrus.Debugln(username)    // $ hasTaintFlow="username"
-		logrus.Error(username)      // $ hasTaintFlow="username"
-		logrus.Errorf(username, "") // $ hasTaintFlow="username"
-		logrus.Errorf("", username) // $ hasTaintFlow="username"
-		logrus.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "13" {
-			logrus.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "14" {
-			logrus.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "15" {
-			logrus.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "16" {
-			logrus.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		logrus.Info(username)      // $ hasTaintFlow="username"
-		logrus.Infof(username, "") // $ hasTaintFlow="username"
-		logrus.Infof("", username) // $ hasTaintFlow="username"
-		logrus.Infoln(username)    // $ hasTaintFlow="username"
-		if testFlag == "17" {
-			logrus.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "18" {
-			logrus.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "19" {
-			logrus.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "20" {
-			logrus.Panicln(username) // $ hasTaintFlow="username"
-		}
+		logrus.Debug(username)         // $ hasTaintFlow="username"
+		logrus.Debugf(username, "")    // $ hasTaintFlow="username"
+		logrus.Debugf("", username)    // $ hasTaintFlow="username"
+		logrus.Debugln(username)       // $ hasTaintFlow="username"
+		logrus.Error(username)         // $ hasTaintFlow="username"
+		logrus.Errorf(username, "")    // $ hasTaintFlow="username"
+		logrus.Errorf("", username)    // $ hasTaintFlow="username"
+		logrus.Errorln(username)       // $ hasTaintFlow="username"
+		logrus.Fatal(username)         // $ hasTaintFlow="username"
+		logrus.Fatalf(username, "")    // $ hasTaintFlow="username"
+		logrus.Fatalf("", username)    // $ hasTaintFlow="username"
+		logrus.Fatalln(username)       // $ hasTaintFlow="username"
+		logrus.Info(username)          // $ hasTaintFlow="username"
+		logrus.Infof(username, "")     // $ hasTaintFlow="username"
+		logrus.Infof("", username)     // $ hasTaintFlow="username"
+		logrus.Infoln(username)        // $ hasTaintFlow="username"
+		logrus.Panic(username)         // $ hasTaintFlow="username"
+		logrus.Panicf(username, "")    // $ hasTaintFlow="username"
+		logrus.Panicf("", username)    // $ hasTaintFlow="username"
+		logrus.Panicln(username)       // $ hasTaintFlow="username"
 		logrus.Print(username)         // $ hasTaintFlow="username"
 		logrus.Printf(username, "")    // $ hasTaintFlow="username"
 		logrus.Printf("", username)    // $ hasTaintFlow="username"
@@ -276,46 +220,30 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logrus.WithField("", username) // $ hasTaintFlow="username"
 		logrus.WithFields(fields)      // $ hasTaintFlow="fields"

-		entry.Debug(username)      // $ hasTaintFlow="username"
-		entry.Debugf(username, "") // $ hasTaintFlow="username"
-		entry.Debugf("", username) // $ hasTaintFlow="username"
-		entry.Debugln(username)    // $ hasTaintFlow="username"
-		entry.Error(username)      // $ hasTaintFlow="username"
-		entry.Errorf(username, "") // $ hasTaintFlow="username"
-		entry.Errorf("", username) // $ hasTaintFlow="username"
-		entry.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "21" {
-			entry.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "22" {
-			entry.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "23" {
-			entry.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "24" {
-			entry.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		entry.Info(username)        // $ hasTaintFlow="username"
-		entry.Infof(username, "")   // $ hasTaintFlow="username"
-		entry.Infof("", username)   // $ hasTaintFlow="username"
-		entry.Infoln(username)      // $ hasTaintFlow="username"
-		entry.Log(0, username)      // $ hasTaintFlow="username"
-		entry.Logf(0, username, "") // $ hasTaintFlow="username"
-		entry.Logf(0, "", username) // $ hasTaintFlow="username"
-		entry.Logln(0, username)    // $ hasTaintFlow="username"
-		if testFlag == "25" {
-			entry.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "26" {
-			entry.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "27" {
-			entry.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "28" {
-			entry.Panicln(username) // $ hasTaintFlow="username"
-		}
+		entry.Debug(username)         // $ hasTaintFlow="username"
+		entry.Debugf(username, "")    // $ hasTaintFlow="username"
+		entry.Debugf("", username)    // $ hasTaintFlow="username"
+		entry.Debugln(username)       // $ hasTaintFlow="username"
+		entry.Error(username)         // $ hasTaintFlow="username"
+		entry.Errorf(username, "")    // $ hasTaintFlow="username"
+		entry.Errorf("", username)    // $ hasTaintFlow="username"
+		entry.Errorln(username)       // $ hasTaintFlow="username"
+		entry.Fatal(username)         // $ hasTaintFlow="username"
+		entry.Fatalf(username, "")    // $ hasTaintFlow="username"
+		entry.Fatalf("", username)    // $ hasTaintFlow="username"
+		entry.Fatalln(username)       // $ hasTaintFlow="username"
+		entry.Info(username)          // $ hasTaintFlow="username"
+		entry.Infof(username, "")     // $ hasTaintFlow="username"
+		entry.Infof("", username)     // $ hasTaintFlow="username"
+		entry.Infoln(username)        // $ hasTaintFlow="username"
+		entry.Log(0, username)        // $ hasTaintFlow="username"
+		entry.Logf(0, username, "")   // $ hasTaintFlow="username"
+		entry.Logf(0, "", username)   // $ hasTaintFlow="username"
+		entry.Logln(0, username)      // $ hasTaintFlow="username"
+		entry.Panic(username)         // $ hasTaintFlow="username"
+		entry.Panicf(username, "")    // $ hasTaintFlow="username"
+		entry.Panicf("", username)    // $ hasTaintFlow="username"
+		entry.Panicln(username)       // $ hasTaintFlow="username"
 		entry.Print(username)         // $ hasTaintFlow="username"
 		entry.Printf(username, "")    // $ hasTaintFlow="username"
 		entry.Printf("", username)    // $ hasTaintFlow="username"
@@ -337,46 +265,30 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		entry.WithField("", username) // $ hasTaintFlow="username"
 		entry.WithFields(fields)      // $ hasTaintFlow="fields"

-		logger.Debug(username)      // $ hasTaintFlow="username"
-		logger.Debugf(username, "") // $ hasTaintFlow="username"
-		logger.Debugf("", username) // $ hasTaintFlow="username"
-		logger.Debugln(username)    // $ hasTaintFlow="username"
-		logger.Error(username)      // $ hasTaintFlow="username"
-		logger.Errorf(username, "") // $ hasTaintFlow="username"
-		logger.Errorf("", username) // $ hasTaintFlow="username"
-		logger.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "29" {
-			logger.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "30" {
-			logger.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "31" {
-			logger.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "32" {
-			logger.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		logger.Info(username)        // $ hasTaintFlow="username"
-		logger.Infof(username, "")   // $ hasTaintFlow="username"
-		logger.Infof("", username)   // $ hasTaintFlow="username"
-		logger.Infoln(username)      // $ hasTaintFlow="username"
-		logger.Log(0, username)      // $ hasTaintFlow="username"
-		logger.Logf(0, username, "") // $ hasTaintFlow="username"
-		logger.Logf(0, "", username) // $ hasTaintFlow="username"
-		logger.Logln(0, username)    // $ hasTaintFlow="username"
-		if testFlag == "33" {
-			logger.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "34" {
-			logger.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "35" {
-			logger.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "36" {
-			logger.Panicln(username) // $ hasTaintFlow="username"
-		}
+		logger.Debug(username)         // $ hasTaintFlow="username"
+		logger.Debugf(username, "")    // $ hasTaintFlow="username"
+		logger.Debugf("", username)    // $ hasTaintFlow="username"
+		logger.Debugln(username)       // $ hasTaintFlow="username"
+		logger.Error(username)         // $ hasTaintFlow="username"
+		logger.Errorf(username, "")    // $ hasTaintFlow="username"
+		logger.Errorf("", username)    // $ hasTaintFlow="username"
+		logger.Errorln(username)       // $ hasTaintFlow="username"
+		logger.Fatal(username)         // $ hasTaintFlow="username"
+		logger.Fatalf(username, "")    // $ hasTaintFlow="username"
+		logger.Fatalf("", username)    // $ hasTaintFlow="username"
+		logger.Fatalln(username)       // $ hasTaintFlow="username"
+		logger.Info(username)          // $ hasTaintFlow="username"
+		logger.Infof(username, "")     // $ hasTaintFlow="username"
+		logger.Infof("", username)     // $ hasTaintFlow="username"
+		logger.Infoln(username)        // $ hasTaintFlow="username"
+		logger.Log(0, username)        // $ hasTaintFlow="username"
+		logger.Logf(0, username, "")   // $ hasTaintFlow="username"
+		logger.Logf(0, "", username)   // $ hasTaintFlow="username"
+		logger.Logln(0, username)      // $ hasTaintFlow="username"
+		logger.Panic(username)         // $ hasTaintFlow="username"
+		logger.Panicf(username, "")    // $ hasTaintFlow="username"
+		logger.Panicf("", username)    // $ hasTaintFlow="username"
+		logger.Panicln(username)       // $ hasTaintFlow="username"
 		logger.Print(username)         // $ hasTaintFlow="username"
 		logger.Printf(username, "")    // $ hasTaintFlow="username"
 		logger.Printf("", username)    // $ hasTaintFlow="username"
@@ -399,42 +311,26 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger.WithFields(fields)      // $ hasTaintFlow="fields"

 		var fieldlogger logrus.FieldLogger = entry
-		fieldlogger.Debug(username)      // $ hasTaintFlow="username"
-		fieldlogger.Debugf(username, "") // $ hasTaintFlow="username"
-		fieldlogger.Debugf("", username) // $ hasTaintFlow="username"
-		fieldlogger.Debugln(username)    // $ hasTaintFlow="username"
-		fieldlogger.Error(username)      // $ hasTaintFlow="username"
-		fieldlogger.Errorf(username, "") // $ hasTaintFlow="username"
-		fieldlogger.Errorf("", username) // $ hasTaintFlow="username"
-		fieldlogger.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "37" {
-			fieldlogger.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "38" {
-			fieldlogger.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "39" {
-			fieldlogger.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "40" {
-			fieldlogger.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		fieldlogger.Info(username)      // $ hasTaintFlow="username"
-		fieldlogger.Infof(username, "") // $ hasTaintFlow="username"
-		fieldlogger.Infof("", username) // $ hasTaintFlow="username"
-		fieldlogger.Infoln(username)    // $ hasTaintFlow="username"
-		if testFlag == "41" {
-			fieldlogger.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "42" {
-			fieldlogger.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "43" {
-			fieldlogger.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "44" {
-			fieldlogger.Panicln(username) // $ hasTaintFlow="username"
-		}
+		fieldlogger.Debug(username)         // $ hasTaintFlow="username"
+		fieldlogger.Debugf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Debugf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Debugln(username)       // $ hasTaintFlow="username"
+		fieldlogger.Error(username)         // $ hasTaintFlow="username"
+		fieldlogger.Errorf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Errorf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Errorln(username)       // $ hasTaintFlow="username"
+		fieldlogger.Fatal(username)         // $ hasTaintFlow="username"
+		fieldlogger.Fatalf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Fatalf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Fatalln(username)       // $ hasTaintFlow="username"
+		fieldlogger.Info(username)          // $ hasTaintFlow="username"
+		fieldlogger.Infof(username, "")     // $ hasTaintFlow="username"
+		fieldlogger.Infof("", username)     // $ hasTaintFlow="username"
+		fieldlogger.Infoln(username)        // $ hasTaintFlow="username"
+		fieldlogger.Panic(username)         // $ hasTaintFlow="username"
+		fieldlogger.Panicf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Panicf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Panicln(username)       // $ hasTaintFlow="username"
 		fieldlogger.Print(username)         // $ hasTaintFlow="username"
 		fieldlogger.Printf(username, "")    // $ hasTaintFlow="username"
 		fieldlogger.Printf("", username)    // $ hasTaintFlow="username"
@@ -470,11 +366,11 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger.DPanic(username) // $ hasTaintFlow="username"
 		logger.Debug(username)  // $ hasTaintFlow="username"
 		logger.Error(username)  // $ hasTaintFlow="username"
-		if testFlag == "45" {
+		if testFlag == " true" {
 			logger.Fatal(username) // $ hasTaintFlow="username"
 		}
 		logger.Info(username) // $ hasTaintFlow="username"
-		if testFlag == "46" {
+		if testFlag == " true" {
 			logger.Panic(username) // $ hasTaintFlow="username"
 		}
 		logger.Warn(username)        // $ hasTaintFlow="username"
@@ -486,33 +382,33 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		sLogger.DPanic(username) // $ hasTaintFlow="username"
 		sLogger.Debug(username)  // $ hasTaintFlow="username"
 		sLogger.Error(username)  // $ hasTaintFlow="username"
-		if testFlag == "47" {
+		if testFlag == " true" {
 			sLogger.Fatal(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Info(username) // $ hasTaintFlow="username"
-		if testFlag == "48" {
+		if testFlag == " true" {
 			sLogger.Panic(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warn(username)    // $ hasTaintFlow="username"
 		sLogger.DPanicf(username) // $ hasTaintFlow="username"
 		sLogger.Debugf(username)  // $ hasTaintFlow="username"
 		sLogger.Errorf(username)  // $ hasTaintFlow="username"
-		if testFlag == "49" {
+		if testFlag == " true" {
 			sLogger.Fatalf(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Infof(username) // $ hasTaintFlow="username"
-		if testFlag == "50" {
+		if testFlag == " true" {
 			sLogger.Panicf(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warnf(username)   // $ hasTaintFlow="username"
 		sLogger.DPanicw(username) // $ hasTaintFlow="username"
 		sLogger.Debugw(username)  // $ hasTaintFlow="username"
 		sLogger.Errorw(username)  // $ hasTaintFlow="username"
-		if testFlag == "51" {
+		if testFlag == " true" {
 			sLogger.Fatalw(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Infow(username) // $ hasTaintFlow="username"
-		if testFlag == "52" {
+		if testFlag == " true" {
 			sLogger.Panicw(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warnw(username) // $ hasTaintFlow="username"
@@ -619,10 +515,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		verbose.Infof("user %q logged in.\n", username)
 		klog.Infof("user %q logged in.\n", username)
 		klog.Errorf("user %q logged in.\n", username)
-		if testFlag == "53" {
+		if testFlag == " true" {
 			klog.Fatalf("user %q logged in.\n", username)
 		}
-		if testFlag == "54" {
+		if testFlag == " true" {
 			klog.Exitf("user %q logged in.\n", username)
 		}
 	}
@@ -638,10 +534,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {

 		glog.Infof("user %q logged in.\n", username)
 		glog.Errorf("user %q logged in.\n", username)
-		if testFlag == "55" {
+		if testFlag == " true" {
 			glog.Fatalf("user %q logged in.\n", username)
 		}
-		if testFlag == "56" {
+		if testFlag == " true" {
 			glog.Exitf("user %q logged in.\n", username)
 		}
 	}
@@ -649,11 +545,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 	{
 		logrus.Debugf("user %q logged in.\n", username)
 		logrus.Errorf("user %q logged in.\n", username)
-		if testFlag == "57" {
+		if testFlag == " true" {
 			logrus.Fatalf("user %q logged in.\n", username)
 		}
 		logrus.Infof("user %q logged in.\n", username)
-		if testFlag == "58" {
+		if testFlag == " true" {
 			logrus.Panicf("user %q logged in.\n", username)
 		}
 		logrus.Printf("user %q logged in.\n", username)
@@ -665,12 +561,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		entry := logrus.WithFields(fields)
 		entry.Debugf("user %q logged in.\n", username)
 		entry.Errorf("user %q logged in.\n", username)
-		if testFlag == "59" {
+		if testFlag == " true" {
 			entry.Fatalf("user %q logged in.\n", username)
 		}
 		entry.Infof("user %q logged in.\n", username)
 		entry.Logf(0, "user %q logged in.\n", username)
-		if testFlag == "60" {
+		if testFlag == " true" {
 			entry.Panicf("user %q logged in.\n", username)
 		}
 		entry.Printf("user %q logged in.\n", username)
@@ -681,12 +577,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger := entry.Logger
 		logger.Debugf("user %q logged in.\n", username)
 		logger.Errorf("user %q logged in.\n", username)
-		if testFlag == "61" {
+		if testFlag == " true" {
 			logger.Fatalf("user %q logged in.\n", username)
 		}
 		logger.Infof("user %q logged in.\n", username)
 		logger.Logf(0, "user %q logged in.\n", username)
-		if testFlag == "62" {
+		if testFlag == " true" {
 			logger.Panicf("user %q logged in.\n", username)
 		}
 		logger.Printf("user %q logged in.\n", username)
@@ -707,11 +603,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		sLogger.DPanicf("user %q logged in.\n", username)
 		sLogger.Debugf("user %q logged in.\n", username)
 		sLogger.Errorf("user %q logged in.\n", username)
-		if testFlag == "63" {
+		if testFlag == " true" {
 			sLogger.Fatalf("user %q logged in.\n", username)
 		}
 		sLogger.Infof("user %q logged in.\n", username)
-		if testFlag == "64" {
+		if testFlag == " true" {
 			sLogger.Panicf("user %q logged in.\n", username)
 		}
 		sLogger.Warnf("user %q logged in.\n", username)
@@ -724,10 +620,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		verbose.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		klog.Infof("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
 		klog.Errorf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		if testFlag == "65" {
+		if testFlag == " true" {
 			klog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
-		if testFlag == "66" {
+		if testFlag == " true" {
 			klog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 	}
@@ -743,10 +639,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {

 		glog.Infof("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
 		glog.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "67" {
+		if testFlag == " true" {
 			glog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
-		if testFlag == "68" {
+		if testFlag == " true" {
 			glog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 	}
@@ -754,11 +650,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 	{
 		logrus.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		logrus.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "69" {
+		if testFlag == " true" {
 			logrus.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logrus.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "70" {
+		if testFlag == " true" {
 			logrus.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logrus.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
@@ -770,12 +666,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		entry := logrus.WithFields(fields)
 		entry.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		entry.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "71" {
+		if testFlag == " true" {
 			entry.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		entry.Infof("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		entry.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "72" {
+		if testFlag == " true" {
 			entry.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		entry.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
@@ -786,12 +682,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger := entry.Logger
 		logger.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		logger.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "73" {
+		if testFlag == " true" {
 			logger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logger.Infof("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		logger.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "74" {
+		if testFlag == " true" {
 			logger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logger.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
@@ -812,11 +708,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		sLogger.DPanicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		sLogger.Debugf("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
 		sLogger.Errorf("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
-		if testFlag == "75" {
+		if testFlag == " true" {
 			sLogger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		sLogger.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "76" {
+		if testFlag == " true" {
 			sLogger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warnf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
--- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
+++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
@@ -37,22 +37,22 @@
 | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password |
 | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword |
 | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:33:13:33:20 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:33:13:33:20 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:36:14:36:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:36:14:36:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:41:14:41:17 | obj1 | passwords.go:39:13:39:13 | x | passwords.go:41:14:41:17 | obj1 | $@ flows to a logging call. | passwords.go:39:13:39:13 | x | Sensitive data returned by an access to password |
-| passwords.go:46:14:46:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:46:14:46:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:53:14:53:27 | fixed_password | passwords.go:52:2:52:15 | definition of fixed_password | passwords.go:53:14:53:27 | fixed_password | $@ flows to a logging call. | passwords.go:52:2:52:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password |
-| passwords.go:91:14:91:26 | utilityObject | passwords.go:89:16:89:36 | call to make | passwords.go:91:14:91:26 | utilityObject | $@ flows to a logging call. | passwords.go:89:16:89:36 | call to make | Sensitive data returned by an access to passwordSet |
-| passwords.go:94:23:94:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:94:23:94:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:104:15:104:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:104:15:104:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:110:16:110:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:110:16:110:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:115:15:115:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:115:15:115:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:119:14:119:45 | ...+... | passwords.go:118:6:118:14 | definition of password1 | passwords.go:119:14:119:45 | ...+... | $@ flows to a logging call. | passwords.go:118:6:118:14 | definition of password1 | Sensitive data returned by an access to password1 |
-| passwords.go:129:14:129:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:129:14:129:19 | config | passwords.go:123:13:123:14 | x3 | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:123:13:123:14 | x3 | Sensitive data returned by an access to password |
-| passwords.go:129:14:129:19 | config | passwords.go:126:13:126:25 | call to getPassword | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:130:14:130:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:130:14:130:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:131:14:131:21 | selection of y | passwords.go:126:13:126:25 | call to getPassword | passwords.go:131:14:131:21 | selection of y | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
+| passwords.go:32:12:32:19 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:34:14:34:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password |
+| passwords.go:44:14:44:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:51:14:51:27 | fixed_password | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:50:2:50:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password |
+| passwords.go:89:14:89:26 | utilityObject | passwords.go:87:16:87:36 | call to make | passwords.go:89:14:89:26 | utilityObject | $@ flows to a logging call. | passwords.go:87:16:87:36 | call to make | Sensitive data returned by an access to passwordSet |
+| passwords.go:92:23:92:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:92:23:92:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:102:15:102:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:102:15:102:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:108:16:108:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:108:16:108:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:113:15:113:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:113:15:113:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:117:14:117:45 | ...+... | passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:14:117:45 | ...+... | $@ flows to a logging call. | passwords.go:116:6:116:14 | definition of password1 | Sensitive data returned by an access to password1 |
+| passwords.go:127:14:127:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:127:14:127:19 | config | passwords.go:121:13:121:14 | x3 | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:14 | x3 | Sensitive data returned by an access to password |
+| passwords.go:127:14:127:19 | config | passwords.go:124:13:124:25 | call to getPassword | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword |
+| passwords.go:128:14:128:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:128:14:128:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:129:14:129:21 | selection of y | passwords.go:124:13:124:25 | call to getPassword | passwords.go:129:14:129:21 | selection of y | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword |
 | protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | definition of password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | definition of password | Sensitive data returned by an access to password |
 edges
 | klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance |  |
@@ -82,15 +82,95 @@ edges
 | main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance |  |
 | main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
 | main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
 | main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
 | main.go:54:12:54:19 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
+| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:56:11:56:18 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
+| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:59:18:59:25 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:62:12:62:19 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:65:13:65:20 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:68:11:68:18 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:71:18:71:25 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:74:12:74:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:74:12:74:19 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:77:13:77:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:77:13:77:20 | password | main.go:80:17:80:24 | password | provenance |  |
 | main.go:80:17:80:24 | password | main.go:82:12:82:19 | password | provenance |  |
 | main.go:80:17:80:24 | password | main.go:83:17:83:24 | password | provenance |  |
 | main.go:80:17:80:24 | password | main.go:86:19:86:26 | password | provenance |  |
@@ -102,46 +182,46 @@ edges
 | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance |  |
 | passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | provenance |  |
 | passwords.go:21:2:21:9 | definition of password | passwords.go:30:8:30:15 | password | provenance |  |
-| passwords.go:21:2:21:9 | definition of password | passwords.go:33:13:33:20 | password | provenance |  |
-| passwords.go:21:2:21:9 | definition of password | passwords.go:36:28:36:35 | password | provenance |  |
+| passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | provenance |  |
+| passwords.go:21:2:21:9 | definition of password | passwords.go:34:28:34:35 | password | provenance |  |
 | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance |  |
-| passwords.go:36:28:36:35 | password | passwords.go:36:14:36:35 | ...+... | provenance | Config |
-| passwords.go:36:28:36:35 | password | passwords.go:44:6:44:13 | password | provenance |  |
-| passwords.go:38:10:40:2 | struct literal | passwords.go:41:14:41:17 | obj1 | provenance |  |
-| passwords.go:39:13:39:13 | x | passwords.go:38:10:40:2 | struct literal | provenance | Config |
-| passwords.go:43:10:45:2 | struct literal | passwords.go:46:14:46:17 | obj2 | provenance |  |
-| passwords.go:44:6:44:13 | password | passwords.go:43:10:45:2 | struct literal | provenance | Config |
-| passwords.go:44:6:44:13 | password | passwords.go:50:11:50:18 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:94:23:94:28 | secret | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:104:33:104:40 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:110:34:110:41 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:115:33:115:40 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:52:2:52:15 | definition of fixed_password | passwords.go:53:14:53:27 | fixed_password | provenance |  |
-| passwords.go:88:19:90:2 | struct literal | passwords.go:91:14:91:26 | utilityObject | provenance |  |
-| passwords.go:89:16:89:36 | call to make | passwords.go:88:19:90:2 | struct literal | provenance | Config |
-| passwords.go:104:33:104:40 | password | passwords.go:104:15:104:40 | ...+... | provenance | Config |
-| passwords.go:104:33:104:40 | password | passwords.go:110:34:110:41 | password | provenance |  |
-| passwords.go:104:33:104:40 | password | passwords.go:115:33:115:40 | password | provenance |  |
-| passwords.go:104:33:104:40 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:110:34:110:41 | password | passwords.go:110:16:110:41 | ...+... | provenance | Config |
-| passwords.go:110:34:110:41 | password | passwords.go:115:33:115:40 | password | provenance |  |
-| passwords.go:110:34:110:41 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:115:33:115:40 | password | passwords.go:115:15:115:40 | ...+... | provenance | Config |
-| passwords.go:115:33:115:40 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:118:6:118:14 | definition of password1 | passwords.go:119:28:119:36 | password1 | provenance |  |
-| passwords.go:119:28:119:36 | password1 | passwords.go:119:28:119:45 | call to String | provenance | Config |
-| passwords.go:119:28:119:45 | call to String | passwords.go:119:14:119:45 | ...+... | provenance | Config |
-| passwords.go:122:12:127:2 | struct literal | passwords.go:129:14:129:19 | config | provenance |  |
-| passwords.go:122:12:127:2 | struct literal [x] | passwords.go:130:14:130:19 | config [x] | provenance |  |
-| passwords.go:122:12:127:2 | struct literal [y] | passwords.go:131:14:131:19 | config [y] | provenance |  |
-| passwords.go:123:13:123:14 | x3 | passwords.go:122:12:127:2 | struct literal | provenance | Config |
-| passwords.go:125:13:125:20 | password | passwords.go:122:12:127:2 | struct literal | provenance | Config |
-| passwords.go:125:13:125:20 | password | passwords.go:122:12:127:2 | struct literal [x] | provenance |  |
-| passwords.go:126:13:126:25 | call to getPassword | passwords.go:122:12:127:2 | struct literal | provenance | Config |
-| passwords.go:126:13:126:25 | call to getPassword | passwords.go:122:12:127:2 | struct literal [y] | provenance |  |
-| passwords.go:130:14:130:19 | config [x] | passwords.go:130:14:130:21 | selection of x | provenance |  |
-| passwords.go:131:14:131:19 | config [y] | passwords.go:131:14:131:21 | selection of y | provenance |  |
+| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config |
+| passwords.go:34:28:34:35 | password | passwords.go:42:6:42:13 | password | provenance |  |
+| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance |  |
+| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config |
+| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance |  |
+| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config |
+| passwords.go:42:6:42:13 | password | passwords.go:48:11:48:18 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:92:23:92:28 | secret | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:102:33:102:40 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:108:34:108:41 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:113:33:113:40 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | provenance |  |
+| passwords.go:86:19:88:2 | struct literal | passwords.go:89:14:89:26 | utilityObject | provenance |  |
+| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal | provenance | Config |
+| passwords.go:102:33:102:40 | password | passwords.go:102:15:102:40 | ...+... | provenance | Config |
+| passwords.go:102:33:102:40 | password | passwords.go:108:34:108:41 | password | provenance |  |
+| passwords.go:102:33:102:40 | password | passwords.go:113:33:113:40 | password | provenance |  |
+| passwords.go:102:33:102:40 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:108:34:108:41 | password | passwords.go:108:16:108:41 | ...+... | provenance | Config |
+| passwords.go:108:34:108:41 | password | passwords.go:113:33:113:40 | password | provenance |  |
+| passwords.go:108:34:108:41 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:113:33:113:40 | password | passwords.go:113:15:113:40 | ...+... | provenance | Config |
+| passwords.go:113:33:113:40 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:28:117:36 | password1 | provenance |  |
+| passwords.go:117:28:117:36 | password1 | passwords.go:117:28:117:45 | call to String | provenance | Config |
+| passwords.go:117:28:117:45 | call to String | passwords.go:117:14:117:45 | ...+... | provenance | Config |
+| passwords.go:120:12:125:2 | struct literal | passwords.go:127:14:127:19 | config | provenance |  |
+| passwords.go:120:12:125:2 | struct literal [x] | passwords.go:128:14:128:19 | config [x] | provenance |  |
+| passwords.go:120:12:125:2 | struct literal [y] | passwords.go:129:14:129:19 | config [y] | provenance |  |
+| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal | provenance | Config |
+| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal | provenance | Config |
+| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [x] | provenance |  |
+| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal | provenance | Config |
+| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [y] | provenance |  |
+| passwords.go:128:14:128:19 | config [x] | passwords.go:128:14:128:21 | selection of x | provenance |  |
+| passwords.go:129:14:129:19 | config [y] | passwords.go:129:14:129:21 | selection of y | provenance |  |
 | protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance |  |
 | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance |  |
 | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance |  |
@@ -194,12 +274,20 @@ nodes
 | main.go:54:12:54:19 | password | semmle.label | password |
 | main.go:54:12:54:19 | password | semmle.label | password |
 | main.go:56:11:56:18 | password | semmle.label | password |
+| main.go:56:11:56:18 | password | semmle.label | password |
+| main.go:59:18:59:25 | password | semmle.label | password |
 | main.go:59:18:59:25 | password | semmle.label | password |
 | main.go:62:12:62:19 | password | semmle.label | password |
+| main.go:62:12:62:19 | password | semmle.label | password |
+| main.go:65:13:65:20 | password | semmle.label | password |
 | main.go:65:13:65:20 | password | semmle.label | password |
 | main.go:68:11:68:18 | password | semmle.label | password |
+| main.go:68:11:68:18 | password | semmle.label | password |
+| main.go:71:18:71:25 | password | semmle.label | password |
 | main.go:71:18:71:25 | password | semmle.label | password |
 | main.go:74:12:74:19 | password | semmle.label | password |
+| main.go:74:12:74:19 | password | semmle.label | password |
+| main.go:77:13:77:20 | password | semmle.label | password |
 | main.go:77:13:77:20 | password | semmle.label | password |
 | main.go:79:14:79:21 | password | semmle.label | password |
 | main.go:80:17:80:24 | password | semmle.label | password |
@@ -220,43 +308,43 @@ nodes
 | passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword |
 | passwords.go:28:14:28:28 | call to getPassword | semmle.label | call to getPassword |
 | passwords.go:30:8:30:15 | password | semmle.label | password |
-| passwords.go:33:13:33:20 | password | semmle.label | password |
-| passwords.go:36:14:36:35 | ...+... | semmle.label | ...+... |
-| passwords.go:36:28:36:35 | password | semmle.label | password |
-| passwords.go:38:10:40:2 | struct literal | semmle.label | struct literal |
-| passwords.go:39:13:39:13 | x | semmle.label | x |
-| passwords.go:41:14:41:17 | obj1 | semmle.label | obj1 |
-| passwords.go:43:10:45:2 | struct literal | semmle.label | struct literal |
-| passwords.go:44:6:44:13 | password | semmle.label | password |
-| passwords.go:46:14:46:17 | obj2 | semmle.label | obj2 |
-| passwords.go:50:11:50:18 | password | semmle.label | password |
-| passwords.go:52:2:52:15 | definition of fixed_password | semmle.label | definition of fixed_password |
-| passwords.go:53:14:53:27 | fixed_password | semmle.label | fixed_password |
-| passwords.go:88:19:90:2 | struct literal | semmle.label | struct literal |
-| passwords.go:89:16:89:36 | call to make | semmle.label | call to make |
-| passwords.go:91:14:91:26 | utilityObject | semmle.label | utilityObject |
-| passwords.go:94:23:94:28 | secret | semmle.label | secret |
-| passwords.go:104:15:104:40 | ...+... | semmle.label | ...+... |
-| passwords.go:104:33:104:40 | password | semmle.label | password |
-| passwords.go:110:16:110:41 | ...+... | semmle.label | ...+... |
-| passwords.go:110:34:110:41 | password | semmle.label | password |
-| passwords.go:115:15:115:40 | ...+... | semmle.label | ...+... |
-| passwords.go:115:33:115:40 | password | semmle.label | password |
-| passwords.go:118:6:118:14 | definition of password1 | semmle.label | definition of password1 |
-| passwords.go:119:14:119:45 | ...+... | semmle.label | ...+... |
-| passwords.go:119:28:119:36 | password1 | semmle.label | password1 |
-| passwords.go:119:28:119:45 | call to String | semmle.label | call to String |
-| passwords.go:122:12:127:2 | struct literal | semmle.label | struct literal |
-| passwords.go:122:12:127:2 | struct literal [x] | semmle.label | struct literal [x] |
-| passwords.go:122:12:127:2 | struct literal [y] | semmle.label | struct literal [y] |
-| passwords.go:123:13:123:14 | x3 | semmle.label | x3 |
-| passwords.go:125:13:125:20 | password | semmle.label | password |
-| passwords.go:126:13:126:25 | call to getPassword | semmle.label | call to getPassword |
-| passwords.go:129:14:129:19 | config | semmle.label | config |
-| passwords.go:130:14:130:19 | config [x] | semmle.label | config [x] |
-| passwords.go:130:14:130:21 | selection of x | semmle.label | selection of x |
-| passwords.go:131:14:131:19 | config [y] | semmle.label | config [y] |
-| passwords.go:131:14:131:21 | selection of y | semmle.label | selection of y |
+| passwords.go:32:12:32:19 | password | semmle.label | password |
+| passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... |
+| passwords.go:34:28:34:35 | password | semmle.label | password |
+| passwords.go:36:10:38:2 | struct literal | semmle.label | struct literal |
+| passwords.go:37:13:37:13 | x | semmle.label | x |
+| passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 |
+| passwords.go:41:10:43:2 | struct literal | semmle.label | struct literal |
+| passwords.go:42:6:42:13 | password | semmle.label | password |
+| passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 |
+| passwords.go:48:11:48:18 | password | semmle.label | password |
+| passwords.go:50:2:50:15 | definition of fixed_password | semmle.label | definition of fixed_password |
+| passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password |
+| passwords.go:86:19:88:2 | struct literal | semmle.label | struct literal |
+| passwords.go:87:16:87:36 | call to make | semmle.label | call to make |
+| passwords.go:89:14:89:26 | utilityObject | semmle.label | utilityObject |
+| passwords.go:92:23:92:28 | secret | semmle.label | secret |
+| passwords.go:102:15:102:40 | ...+... | semmle.label | ...+... |
+| passwords.go:102:33:102:40 | password | semmle.label | password |
+| passwords.go:108:16:108:41 | ...+... | semmle.label | ...+... |
+| passwords.go:108:34:108:41 | password | semmle.label | password |
+| passwords.go:113:15:113:40 | ...+... | semmle.label | ...+... |
+| passwords.go:113:33:113:40 | password | semmle.label | password |
+| passwords.go:116:6:116:14 | definition of password1 | semmle.label | definition of password1 |
+| passwords.go:117:14:117:45 | ...+... | semmle.label | ...+... |
+| passwords.go:117:28:117:36 | password1 | semmle.label | password1 |
+| passwords.go:117:28:117:45 | call to String | semmle.label | call to String |
+| passwords.go:120:12:125:2 | struct literal | semmle.label | struct literal |
+| passwords.go:120:12:125:2 | struct literal [x] | semmle.label | struct literal [x] |
+| passwords.go:120:12:125:2 | struct literal [y] | semmle.label | struct literal [y] |
+| passwords.go:121:13:121:14 | x3 | semmle.label | x3 |
+| passwords.go:123:13:123:20 | password | semmle.label | password |
+| passwords.go:124:13:124:25 | call to getPassword | semmle.label | call to getPassword |
+| passwords.go:127:14:127:19 | config | semmle.label | config |
+| passwords.go:128:14:128:19 | config [x] | semmle.label | config [x] |
+| passwords.go:128:14:128:21 | selection of x | semmle.label | selection of x |
+| passwords.go:129:14:129:19 | config [y] | semmle.label | config [y] |
+| passwords.go:129:14:129:21 | selection of y | semmle.label | selection of y |
 | protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password |
 | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | semmle.label | implicit dereference [postupdate] [Description] |
 | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | semmle.label | query [postupdate] [pointer, Description] |
--- a/go/ql/test/query-tests/Security/CWE-312/passwords.go
+++ b/go/ql/test/query-tests/Security/CWE-312/passwords.go
@@ -16,7 +16,7 @@ func redact(kind, value string) string {
 	return value
 }

-func test(selector int) {
+func test() {
 	name := "user"
 	password := "P@ssw0rd" // $ Source
 	x := "horsebatterystapleincorrect"
@@ -29,9 +29,7 @@ func test(selector int) {

 	myLog(password)

-	if selector == 1 {
-		log.Panic(password) // $ Alert
-	}
+	log.Panic(password) // $ Alert

 	log.Println(name + ", " + password) // $ Alert

--- a/java/kotlin-extractor/BUILD.bazel
+++ b/java/kotlin-extractor/BUILD.bazel
@@ -64,14 +64,8 @@ _resources = [
        r[len("src/main/resources/"):],
    )
    for r in glob(["src/main/resources/**"])
-    if r != "src/main/resources/META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar"
 ]

-_compiler_plugin_registrar_service = (
-    "src/main/resources/META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar",
-    "META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar",
-)
-
 kt_javac_options(
    name = "javac-options",
    release = "8",
@@ -97,32 +91,19 @@ kt_javac_options(
        # * `resource_strip_prefix` is unique per jar, so we must also put other resources under the same version prefix
        genrule(
            name = "resources-%s" % v,
-            srcs = [src for src, _ in _resources] + (
-                [_compiler_plugin_registrar_service[0]] if not version_less(v, "2.4.0") else []
-            ),
+            srcs = [src for src, _ in _resources],
            outs = [
                "%s/com/github/codeql/extractor.name" % v,
            ] + [
                "%s/%s" % (v, target)
                for _, target in _resources
-            ] + (
-                ["%s/%s" % (
-                    v,
-                    _compiler_plugin_registrar_service[1],
-                )] if not version_less(v, "2.4.0") else []
-            ),
+            ],
            cmd = "\n".join([
                "echo %s-%s > $(RULEDIR)/%s/com/github/codeql/extractor.name" % (_extractor_name_prefix, v, v),
            ] + [
                "cp $(execpath %s) $(RULEDIR)/%s/%s" % (source, v, target)
                for source, target in _resources
-            ] + (
-                ["cp $(execpath %s) $(RULEDIR)/%s/%s" % (
-                    _compiler_plugin_registrar_service[0],
-                    v,
-                    _compiler_plugin_registrar_service[1],
-                )] if not version_less(v, "2.4.0") else []
-            )),
+            ]),
        ),
        kt_jvm_library(
            name = "%s-%s" % (_extractor_name_prefix, v),
--- a/java/kotlin-extractor/deps/kotlin-compiler-2.4.0.jar
+++ b/java/kotlin-extractor/deps/kotlin-compiler-2.4.0.jar
--- a/java/kotlin-extractor/deps/kotlin-compiler-embeddable-2.4.0.jar
+++ b/java/kotlin-extractor/deps/kotlin-compiler-embeddable-2.4.0.jar
--- a/Show More
+++ b/Show More