Bump actions/labeler from 4 to 5

Bumps [actions/labeler](https://github.com/actions/labeler) from 4 to 5.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/codeql-analysis.yml

@@ -28,7 +28,7 @@ jobs:
 
     steps:
     - name: Setup dotnet
-      uses: actions/setup-dotnet@v3
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: 7.0.102
 

.github/workflows/csharp-qltest.yml

@@ -72,7 +72,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Setup dotnet
-        uses: actions/setup-dotnet@v3
+        uses: actions/setup-dotnet@v4
         with:
           dotnet-version: 7.0.102
       - name: Extractor unit tests

.github/workflows/labeler.yml

@@ -9,6 +9,6 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@v4
+    - uses: actions/labeler@v5
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"

config/identical-files.json

@@ -462,10 +462,6 @@
     "ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll",
     "swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll"
   ],
-  "TypeTracker": [
-    "python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll",
-    "ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll"
-  ],
   "SummaryTypeTracker": [
     "python/ql/lib/semmle/python/dataflow/new/internal/SummaryTypeTracker.qll",
     "ruby/ql/lib/codeql/ruby/typetracking/internal/SummaryTypeTracker.qll"
@@ -534,4 +530,4 @@
     "python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml",
     "python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml"
   ]
-}
+}

cpp/downgrades/fc81eb5a3a7cdde8d9ad813da1e8f1e90dadbb91/upgrade.properties

@@ -0,0 +1,2 @@
+description: Revert removal of uniqueness constraint on link_targets/2
+compatibility: backwards

cpp/ql/lib/change-notes/2023-11-30-as-definition.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition.

cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll

@@ -5,6 +5,8 @@
 
 import cpp
 import semmle.code.cpp.ir.IR
+private import semmle.code.cpp.ir.implementation.raw.internal.TranslatedExpr
+private import semmle.code.cpp.ir.implementation.raw.internal.InstructionTag
 
 /**
  * Holds if `block` consists of an `UnreachedInstruction`.
@@ -201,10 +203,25 @@ private class GuardConditionFromIR extends GuardCondition {
    * `&&` and `||`. See the detailed explanation on predicate `controls`.
    */
   private predicate controlsBlock(BasicBlock controlled, boolean testIsTrue) {
-    exists(IRBlock irb |
+    exists(IRBlock irb, Instruction instr |
       ir.controls(irb, testIsTrue) and
-      irb.getAnInstruction().getAst().(ControlFlowNode).getBasicBlock() = controlled and
-      not isUnreachedBlock(irb)
+      instr = irb.getAnInstruction() and
+      instr.getAst().(ControlFlowNode).getBasicBlock() = controlled and
+      not isUnreachedBlock(irb) and
+      not this.excludeAsControlledInstruction(instr)
+    )
+  }
+
+  private predicate excludeAsControlledInstruction(Instruction instr) {
+    // Exclude the temporaries generated by a ternary expression.
+    exists(TranslatedConditionalExpr tce |
+      instr = tce.getInstruction(ConditionValueFalseStoreTag())
+      or
+      instr = tce.getInstruction(ConditionValueTrueStoreTag())
+      or
+      instr = tce.getInstruction(ConditionValueTrueTempAddressTag())
+      or
+      instr = tce.getInstruction(ConditionValueFalseTempAddressTag())
     )
   }
 }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

@@ -260,6 +260,71 @@ class Node extends TIRDataFlowNode {
    */
   Expr asDefiningArgument() { result = this.asDefiningArgument(_) }
 
+  /**
+   * Gets the definition associated with this node, if any.
+   *
+   * For example, consider the following example
+   * ```cpp
+   * int x = 42;     // 1
+   * x = 34;         // 2
+   * ++x;            // 3
+   * x++;            // 4
+   * x += 1;         // 5
+   * int y = x += 2; // 6
+   * ```
+   * - For (1) the result is `42`.
+   * - For (2) the result is `x = 34`.
+   * - For (3) the result is `++x`.
+   * - For (4) the result is `x++`.
+   * - For (5) the result is `x += 1`.
+   * - For (6) there are two results:
+   *   - For the definition generated by `x += 2` the result is `x += 2`
+   *   - For the definition generated by `int y = ...` the result is
+   *     also `x += 2`.
+   *
+   * For assignments, `node.asDefinition()` and `node.asExpr()` will both exist
+   * for the same dataflow node. However, for expression such as `x++` that
+   * both write to `x` and read the current value of `x`, `node.asDefinition()`
+   * will give the node corresponding to the value after the increment, and
+   * `node.asExpr()` will give the node corresponding to the value before the
+   * increment. For an example of this, consider the following:
+   *
+   * ```cpp
+   * sink(x++);
+   * ```
+   * in the above program, there will not be flow from a node `n` such that
+   * `n.asDefinition() instanceof IncrementOperation` to the argument of `sink`
+   * since the value passed to `sink` is the value before to the increment.
+   * However, there will be dataflow from a node `n` such that
+   * `n.asExpr() instanceof IncrementOperation` since the result of evaluating
+   * the expression `x++` is passed to `sink`.
+   */
+  Expr asDefinition() {
+    exists(StoreInstruction store |
+      store = this.asInstruction() and
+      result = asDefinitionImpl(store)
+    )
+  }
+
+  /**
+   * Gets the indirect definition at a given indirection corresponding to this
+   * node, if any.
+   *
+   * See the comments on `Node.asDefinition` for examples.
+   */
+  Expr asIndirectDefinition(int indirectionIndex) {
+    exists(StoreInstruction store |
+      this.(IndirectInstruction).hasInstructionAndIndirectionIndex(store, indirectionIndex) and
+      result = asDefinitionImpl(store)
+    )
+  }
+
+  /**
+   * Gets the indirect definition at some indirection corresponding to this
+   * node, if any.
+   */
+  Expr asIndirectDefinition() { result = this.asIndirectDefinition(_) }
+
   /**
    * Gets the argument that defines this `DefinitionByReferenceNode`, if any.
    *
@@ -1142,22 +1207,6 @@ private module GetConvertedResultExpression {
   }
 
   private Expr getConvertedResultExpressionImpl0(Instruction instr) {
-    // For an expression such as `i += 2` we pretend that the generated
-    // `StoreInstruction` contains the result of the expression even though
-    // this isn't totally aligned with the C/C++ standard.
-    exists(TranslatedAssignOperation tao |
-      result = tao.getExpr() and
-      instr = tao.getInstruction(any(AssignmentStoreTag tag))
-    )
-    or
-    // Similarly for `i++` and `++i` we pretend that the generated
-    // `StoreInstruction` is contains the result of the expression even though
-    // this isn't totally aligned with the C/C++ standard.
-    exists(TranslatedCrementOperation tco |
-      result = tco.getExpr() and
-      instr = tco.getInstruction(any(CrementStoreTag tag))
-    )
-    or
     // IR construction inserts an additional cast to a `size_t` on the extent
     // of a `new[]` expression. The resulting `ConvertInstruction` doesn't have
     // a result for `getConvertedResultExpression`. We remap this here so that
@@ -1165,7 +1214,7 @@ private module GetConvertedResultExpression {
     // represents the extent.
     exists(TranslatedNonConstantAllocationSize tas |
       result = tas.getExtent().getExpr() and
-      instr = tas.getInstruction(any(AllocationExtentConvertTag tag))
+      instr = tas.getInstruction(AllocationExtentConvertTag())
     )
     or
     // There's no instruction that returns `ParenthesisExpr`, but some queries
@@ -1174,6 +1223,39 @@ private module GetConvertedResultExpression {
       result = ttc.getExpr().(ParenthesisExpr) and
       instr = ttc.getResult()
     )
+    or
+    // Certain expressions generate `CopyValueInstruction`s only when they
+    // are needed. Examples of this include crement operations and compound
+    // assignment operations. For example:
+    // ```cpp
+    // int x = ...
+    // int y = x++;
+    // ```
+    // this generate IR like:
+    // ```
+    // r1(glval<int>) = VariableAddress[x] :
+    // r2(int)        = Constant[0]        :
+    // m3(int)        = Store[x]           : &:r1, r2
+    // r4(glval<int>) = VariableAddress[y] :
+    // r5(glval<int>) = VariableAddress[x] :
+    // r6(int)        = Load[x]            : &:r5, m3
+    // r7(int)        = Constant[1]        :
+    // r8(int)        = Add                : r6, r7
+    // m9(int)        = Store[x]           : &:r5, r8
+    // r11(int)       = CopyValue         : r6
+    // m12(int)       = Store[y]          : &:r4, r11
+    // ```
+    // When the `CopyValueInstruction` is not generated there is no instruction
+    // whose `getConvertedResultExpression` maps back to the expression. When
+    // such an instruction doesn't exist it means that the old value is not
+    // needed, and in that case the only value that will propagate forward in
+    // the program is the value that's been updated. So in those cases we just
+    // use the result of `node.asDefinition()` as the result of `node.asExpr()`.
+    exists(TranslatedCoreExpr tco |
+      tco.getInstruction(_) = instr and
+      tco.producesExprResult() and
+      result = asDefinitionImpl0(instr)
+    )
   }
 
   private Expr getConvertedResultExpressionImpl(Instruction instr) {
@@ -1182,6 +1264,75 @@ private module GetConvertedResultExpression {
     not exists(getConvertedResultExpressionImpl0(instr)) and
     result = instr.getConvertedResultExpression()
   }
+
+  /**
+   * Gets the result for `node.asDefinition()` (when `node` is the instruction
+   * node that wraps `store`) in the cases where `store.getAst()` should not be
+   * used to define the result of `node.asDefinition()`.
+   */
+  private Expr asDefinitionImpl0(StoreInstruction store) {
+    // For an expression such as `i += 2` we pretend that the generated
+    // `StoreInstruction` contains the result of the expression even though
+    // this isn't totally aligned with the C/C++ standard.
+    exists(TranslatedAssignOperation tao |
+      store = tao.getInstruction(AssignmentStoreTag()) and
+      result = tao.getExpr()
+    )
+    or
+    // Similarly for `i++` and `++i` we pretend that the generated
+    // `StoreInstruction` is contains the result of the expression even though
+    // this isn't totally aligned with the C/C++ standard.
+    exists(TranslatedCrementOperation tco |
+      store = tco.getInstruction(CrementStoreTag()) and
+      result = tco.getExpr()
+    )
+  }
+
+  /**
+   * Holds if the expression returned by `store.getAst()` should not be
+   * returned as the result of `node.asDefinition()` when `node` is the
+   * instruction node that wraps `store`.
+   */
+  private predicate excludeAsDefinitionResult(StoreInstruction store) {
+    // Exclude the store to the temporary generated by a ternary expression.
+    exists(TranslatedConditionalExpr tce |
+      store = tce.getInstruction(ConditionValueFalseStoreTag())
+      or
+      store = tce.getInstruction(ConditionValueTrueStoreTag())
+    )
+  }
+
+  /**
+   * Gets the expression that represents the result of `StoreInstruction` for
+   * dataflow purposes.
+   *
+   * For example, consider the following example
+   * ```cpp
+   * int x = 42;     // 1
+   * x = 34;         // 2
+   * ++x;            // 3
+   * x++;            // 4
+   * x += 1;         // 5
+   * int y = x += 2; // 6
+   * ```
+   * For (1) the result is `42`.
+   * For (2) the result is `x = 34`.
+   * For (3) the result is `++x`.
+   * For (4) the result is `x++`.
+   * For (5) the result is `x += 1`.
+   * For (6) there are two results:
+   *   - For the `StoreInstruction` generated by `x += 2` the result
+   *     is `x += 2`
+   *   - For the `StoreInstruction` generated by `int y = ...` the result
+   *     is also `x += 2`
+   */
+  Expr asDefinitionImpl(StoreInstruction store) {
+    not exists(asDefinitionImpl0(store)) and
+    not excludeAsDefinitionResult(store) and
+    result = store.getAst().(Expr).getUnconverted()
+    or
+    result = asDefinitionImpl0(store)
+  }
 }
 
 private import GetConvertedResultExpression

cpp/ql/lib/semmlecode.cpp.dbscheme

@@ -2149,7 +2149,7 @@ includes(
 );
 
 link_targets(
-    unique int id: @link_target,
+    int id: @link_target,
     int binary: @file ref
 );
 

cpp/ql/lib/upgrades/0a9eb01d3650642e013eb86be45d952289537f91/upgrade.properties

@@ -0,0 +1,2 @@
+description: Remove uniqueness constraint on link_targets/2
+compatibility: full

cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll

@@ -345,6 +345,8 @@ private module PossibleYearArithmeticOperationCheckConfig implements DataFlow::C
     )
   }
 
+  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     // flow from anything on the RHS of an assignment to a time/date structure to that
     // assignment.

cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql

@@ -35,10 +35,10 @@ predicate isSource(FS::FlowSource source, string sourceType) { sourceType = sour
 
 predicate isSink(DataFlow::Node sink, string kind) {
   exists(Expr use |
-    use = sink.asExpr() and
     not use.getUnspecifiedType() instanceof PointerType and
     outOfBoundsExpr(use, kind) and
-    not inSystemMacroExpansion(use)
+    not inSystemMacroExpansion(use) and
+    use = sink.asExpr()
   )
 }
 

cpp/ql/test/library-tests/controlflow/guards-ir/test.c

@@ -167,3 +167,10 @@ int ptr_test(int *x, int *y) {
 
     return 0;
 }
+
+int foo(const char*, int);
+
+int ternary_test(const char *path, int mode)
+{
+    return (foo(path, mode) == 0 ? 1 : 0);
+}

cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected

@@ -34,6 +34,7 @@ astGuards
 | test.c:159:9:159:19 | ... == ... |
 | test.c:162:9:162:18 | ... < ... |
 | test.c:165:9:165:18 | ... < ... |
+| test.c:175:13:175:32 | ... == ... |
 | test.cpp:18:8:18:10 | call to get |
 | test.cpp:31:7:31:13 | ... == ... |
 | test.cpp:42:13:42:20 | call to getABool |
@@ -158,6 +159,10 @@ astGuardsCompare
 | 165 | x >= y+-42 when ... < ... is false |
 | 165 | y < x+43 when ... < ... is false |
 | 165 | y >= x+43 when ... < ... is true |
+| 175 | 0 != call to foo+0 when ... == ... is false |
+| 175 | 0 == call to foo+0 when ... == ... is true |
+| 175 | call to foo != 0+0 when ... == ... is false |
+| 175 | call to foo == 0+0 when ... == ... is true |
 astGuardsControl
 | test.c:7:9:7:13 | ... > ... | false | 10 | 11 |
 | test.c:7:9:7:13 | ... > ... | true | 7 | 9 |
@@ -248,6 +253,8 @@ astGuardsControl
 | test.c:159:9:159:19 | ... == ... | true | 159 | 160 |
 | test.c:162:9:162:18 | ... < ... | true | 162 | 163 |
 | test.c:165:9:165:18 | ... < ... | true | 165 | 166 |
+| test.c:175:13:175:32 | ... == ... | false | 175 | 175 |
+| test.c:175:13:175:32 | ... == ... | true | 175 | 175 |
 | test.cpp:18:8:18:10 | call to get | true | 19 | 19 |
 | test.cpp:31:7:31:13 | ... == ... | false | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | false | 34 | 34 |
@@ -420,6 +427,10 @@ astGuardsEnsure
 | test.c:165:9:165:18 | ... < ... | test.c:165:9:165:9 | x | < | test.c:165:13:165:18 | ... - ... | 0 | 165 | 166 |
 | test.c:165:9:165:18 | ... < ... | test.c:165:13:165:13 | y | >= | test.c:165:9:165:9 | x | 43 | 165 | 166 |
 | test.c:165:9:165:18 | ... < ... | test.c:165:13:165:18 | ... - ... | >= | test.c:165:9:165:9 | x | 1 | 165 | 166 |
+| test.c:175:13:175:32 | ... == ... | test.c:175:13:175:15 | call to foo | != | test.c:175:32:175:32 | 0 | 0 | 175 | 175 |
+| test.c:175:13:175:32 | ... == ... | test.c:175:13:175:15 | call to foo | == | test.c:175:32:175:32 | 0 | 0 | 175 | 175 |
+| test.c:175:13:175:32 | ... == ... | test.c:175:32:175:32 | 0 | != | test.c:175:13:175:15 | call to foo | 0 | 175 | 175 |
+| test.c:175:13:175:32 | ... == ... | test.c:175:32:175:32 | 0 | == | test.c:175:13:175:15 | call to foo | 0 | 175 | 175 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | test.cpp:31:12:31:13 | - ... | 0 | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | test.cpp:31:12:31:13 | - ... | 0 | 34 | 34 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | == | test.cpp:31:12:31:13 | - ... | 0 | 30 | 30 |
@@ -458,6 +469,7 @@ irGuards
 | test.c:159:9:159:19 | CompareEQ: ... == ... |
 | test.c:162:9:162:18 | CompareLT: ... < ... |
 | test.c:165:9:165:18 | CompareLT: ... < ... |
+| test.c:175:13:175:32 | CompareEQ: ... == ... |
 | test.cpp:18:8:18:12 | CompareNE: (bool)... |
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... |
 | test.cpp:42:13:42:20 | Call: call to getABool |
@@ -566,6 +578,10 @@ irGuardsCompare
 | 165 | x >= y+-42 when CompareLT: ... < ... is false |
 | 165 | y < x+43 when CompareLT: ... < ... is false |
 | 165 | y >= x+43 when CompareLT: ... < ... is true |
+| 175 | 0 != call to foo+0 when CompareEQ: ... == ... is false |
+| 175 | 0 == call to foo+0 when CompareEQ: ... == ... is true |
+| 175 | call to foo != 0+0 when CompareEQ: ... == ... is false |
+| 175 | call to foo == 0+0 when CompareEQ: ... == ... is true |
 irGuardsControl
 | test.c:7:9:7:13 | CompareGT: ... > ... | false | 11 | 11 |
 | test.c:7:9:7:13 | CompareGT: ... > ... | true | 8 | 8 |
@@ -649,6 +665,8 @@ irGuardsControl
 | test.c:159:9:159:19 | CompareEQ: ... == ... | true | 159 | 160 |
 | test.c:162:9:162:18 | CompareLT: ... < ... | true | 162 | 163 |
 | test.c:165:9:165:18 | CompareLT: ... < ... | true | 165 | 166 |
+| test.c:175:13:175:32 | CompareEQ: ... == ... | false | 175 | 175 |
+| test.c:175:13:175:32 | CompareEQ: ... == ... | true | 175 | 175 |
 | test.cpp:18:8:18:12 | CompareNE: (bool)... | true | 19 | 19 |
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | false | 34 | 34 |
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | true | 30 | 30 |
@@ -804,6 +822,10 @@ irGuardsEnsure
 | test.c:165:9:165:18 | CompareLT: ... < ... | test.c:165:9:165:9 | Load: x | < | test.c:165:13:165:18 | PointerSub: ... - ... | 0 | 165 | 166 |
 | test.c:165:9:165:18 | CompareLT: ... < ... | test.c:165:13:165:13 | Load: y | >= | test.c:165:9:165:9 | Load: x | 43 | 165 | 166 |
 | test.c:165:9:165:18 | CompareLT: ... < ... | test.c:165:13:165:18 | PointerSub: ... - ... | >= | test.c:165:9:165:9 | Load: x | 1 | 165 | 166 |
+| test.c:175:13:175:32 | CompareEQ: ... == ... | test.c:175:13:175:15 | Call: call to foo | != | test.c:175:32:175:32 | Constant: 0 | 0 | 175 | 175 |
+| test.c:175:13:175:32 | CompareEQ: ... == ... | test.c:175:13:175:15 | Call: call to foo | == | test.c:175:32:175:32 | Constant: 0 | 0 | 175 | 175 |
+| test.c:175:13:175:32 | CompareEQ: ... == ... | test.c:175:32:175:32 | Constant: 0 | != | test.c:175:13:175:15 | Call: call to foo | 0 | 175 | 175 |
+| test.c:175:13:175:32 | CompareEQ: ... == ... | test.c:175:32:175:32 | Constant: 0 | == | test.c:175:13:175:15 | Call: call to foo | 0 | 175 | 175 |
 | test.cpp:18:8:18:12 | CompareNE: (bool)... | test.cpp:18:8:18:10 | Call: call to get | != | test.cpp:18:8:18:12 | Constant: (bool)... | 0 | 19 | 19 |
 | test.cpp:18:8:18:12 | CompareNE: (bool)... | test.cpp:18:8:18:12 | Constant: (bool)... | != | test.cpp:18:8:18:10 | Call: call to get | 0 | 19 | 19 |
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | test.cpp:31:7:31:7 | Load: x | != | test.cpp:31:12:31:13 | Constant: - ... | 0 | 34 | 34 |

cpp/ql/test/query-tests/Likely Bugs/Leap Year/Adding365DaysPerYear/Adding365daysPerYear.expected

@@ -1,9 +1,5 @@
 | test.cpp:173:29:173:51 | ... & ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:170:2:170:47 | ... += ... | ... += ... |
-| test.cpp:173:29:173:51 | ... & ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:170:16:170:47 | ... * ... | ... * ... |
 | test.cpp:174:30:174:45 | ... >> ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:170:2:170:47 | ... += ... | ... += ... |
-| test.cpp:174:30:174:45 | ... >> ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:170:16:170:47 | ... * ... | ... * ... |
 | test.cpp:193:15:193:24 | ... / ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:193:15:193:24 | ... / ... | ... / ... |
 | test.cpp:217:29:217:51 | ... & ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:214:2:214:47 | ... += ... | ... += ... |
-| test.cpp:217:29:217:51 | ... & ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:214:16:214:47 | ... * ... | ... * ... |
 | test.cpp:218:30:218:45 | ... >> ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:214:2:214:47 | ... += ... | ... += ... |
-| test.cpp:218:30:218:45 | ... >> ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:214:16:214:47 | ... * ... | ... * ... |

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected

@@ -47,6 +47,8 @@
 | tests.cpp:546:6:546:10 | call to fread | This 'fread' operation may access 400 bytes but the $@ is only 100 bytes. | tests.cpp:532:7:532:16 | charBuffer | destination buffer |
 | tests.cpp:569:6:569:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
 | tests.cpp:577:7:577:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
+| tests.cpp:637:6:637:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:633:7:633:12 | buffer | array |
+| tests.cpp:645:7:645:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:633:7:633:12 | buffer | array |
 | tests_restrict.c:12:2:12:7 | call to memcpy | This 'memcpy' operation accesses 2 bytes but the $@ is only 1 byte. | tests_restrict.c:7:6:7:13 | smallbuf | source buffer |
 | unions.cpp:26:2:26:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:21:10:21:11 | mu | destination buffer |
 | unions.cpp:30:2:30:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:15:7:15:11 | small | destination buffer |

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/UnboundedWrite.expected

@@ -1,6 +1,6 @@
 edges
 | main.cpp:6:27:6:30 | argv indirection | main.cpp:10:20:10:23 | argv indirection |
-| main.cpp:10:20:10:23 | argv indirection | tests.cpp:631:32:631:35 | argv indirection |
+| main.cpp:10:20:10:23 | argv indirection | tests.cpp:657:32:657:35 | argv indirection |
 | tests.cpp:613:19:613:24 | source indirection | tests.cpp:615:17:615:22 | source indirection |
 | tests.cpp:622:19:622:24 | source indirection | tests.cpp:625:2:625:16 | ... = ... indirection |
 | tests.cpp:625:2:625:16 | ... = ... indirection | tests.cpp:625:4:625:7 | s indirection [post update] [home indirection] |
@@ -8,10 +8,10 @@ edges
 | tests.cpp:628:14:628:14 | s indirection [home indirection] | tests.cpp:628:14:628:19 | home indirection |
 | tests.cpp:628:14:628:14 | s indirection [home indirection] | tests.cpp:628:16:628:19 | home indirection |
 | tests.cpp:628:16:628:19 | home indirection | tests.cpp:628:14:628:19 | home indirection |
-| tests.cpp:631:32:631:35 | argv indirection | tests.cpp:656:9:656:15 | access to array indirection |
-| tests.cpp:631:32:631:35 | argv indirection | tests.cpp:657:9:657:15 | access to array indirection |
-| tests.cpp:656:9:656:15 | access to array indirection | tests.cpp:613:19:613:24 | source indirection |
-| tests.cpp:657:9:657:15 | access to array indirection | tests.cpp:622:19:622:24 | source indirection |
+| tests.cpp:657:32:657:35 | argv indirection | tests.cpp:682:9:682:15 | access to array indirection |
+| tests.cpp:657:32:657:35 | argv indirection | tests.cpp:683:9:683:15 | access to array indirection |
+| tests.cpp:682:9:682:15 | access to array indirection | tests.cpp:613:19:613:24 | source indirection |
+| tests.cpp:683:9:683:15 | access to array indirection | tests.cpp:622:19:622:24 | source indirection |
 nodes
 | main.cpp:6:27:6:30 | argv indirection | semmle.label | argv indirection |
 | main.cpp:10:20:10:23 | argv indirection | semmle.label | argv indirection |
@@ -23,9 +23,9 @@ nodes
 | tests.cpp:628:14:628:14 | s indirection [home indirection] | semmle.label | s indirection [home indirection] |
 | tests.cpp:628:14:628:19 | home indirection | semmle.label | home indirection |
 | tests.cpp:628:16:628:19 | home indirection | semmle.label | home indirection |
-| tests.cpp:631:32:631:35 | argv indirection | semmle.label | argv indirection |
-| tests.cpp:656:9:656:15 | access to array indirection | semmle.label | access to array indirection |
-| tests.cpp:657:9:657:15 | access to array indirection | semmle.label | access to array indirection |
+| tests.cpp:657:32:657:35 | argv indirection | semmle.label | argv indirection |
+| tests.cpp:682:9:682:15 | access to array indirection | semmle.label | access to array indirection |
+| tests.cpp:683:9:683:15 | access to array indirection | semmle.label | access to array indirection |
 subpaths
 #select
 | tests.cpp:615:2:615:7 | call to strcpy | main.cpp:6:27:6:30 | argv indirection | tests.cpp:615:17:615:22 | source indirection | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | argv indirection | a command-line argument |

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp

@@ -628,6 +628,32 @@ void test25(char* source) {
 	strcpy(buf, s.home); // BAD
 }
 
+void test26(bool cond)
+{
+	char buffer[100];
+	char *ptr;
+	int i;
+
+	if (buffer[-1] == 0) { return; } // BAD: accesses buffer[-1]
+
+	ptr = buffer;
+	if (cond)
+	{
+		ptr += 1;
+		if (ptr[-1] == 0) { return; } // GOOD: accesses buffer[0]
+	} else {
+		if (ptr[-1] == 0) { return; } // BAD: accesses buffer[-1]
+	}
+	if (ptr[-1] == 0) { return; } // BAD: accesses buffer[-1] or buffer[0] [NOT DETECTED]
+
+	ptr = buffer;
+	for (i = 0; i < 2; i++)
+	{
+		ptr += 1;
+	}
+	if (ptr[-1] == 0) { return; } // GOOD: accesses buffer[1]
+}
+
 int tests_main(int argc, char *argv[])
 {
 	long long arr17[19];

cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected

@@ -16,7 +16,6 @@ edges
 | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:131:9:131:14 | ... + ... indirection |
 | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:132:15:132:20 | ... + ... indirection |
 | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:135:9:135:12 | ... ++ indirection |
-| argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:135:9:135:12 | ... ++ indirection |
 | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:136:15:136:18 | -- ... indirection |
 | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:139:9:139:26 | ... ? ... : ... indirection |
 | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:140:15:140:32 | ... ? ... : ... indirection |
@@ -43,7 +42,6 @@ nodes
 | argvLocal.c:131:9:131:14 | ... + ... indirection | semmle.label | ... + ... indirection |
 | argvLocal.c:132:15:132:20 | ... + ... indirection | semmle.label | ... + ... indirection |
 | argvLocal.c:135:9:135:12 | ... ++ indirection | semmle.label | ... ++ indirection |
-| argvLocal.c:135:9:135:12 | ... ++ indirection | semmle.label | ... ++ indirection |
 | argvLocal.c:136:15:136:18 | -- ... indirection | semmle.label | -- ... indirection |
 | argvLocal.c:139:9:139:26 | ... ? ... : ... indirection | semmle.label | ... ? ... : ... indirection |
 | argvLocal.c:140:15:140:32 | ... ? ... : ... indirection | semmle.label | ... ? ... : ... indirection |
@@ -70,7 +68,6 @@ subpaths
 | argvLocal.c:131:9:131:14 | ... + ... indirection | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:131:9:131:14 | ... + ... indirection | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:13:27:13:30 | argv indirection | a command-line argument |
 | argvLocal.c:132:15:132:20 | ... + ... indirection | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:132:15:132:20 | ... + ... indirection | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:13:27:13:30 | argv indirection | a command-line argument |
 | argvLocal.c:135:9:135:12 | ... ++ indirection | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:135:9:135:12 | ... ++ indirection | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:13:27:13:30 | argv indirection | a command-line argument |
-| argvLocal.c:135:9:135:12 | ... ++ indirection | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:135:9:135:12 | ... ++ indirection | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:13:27:13:30 | argv indirection | a command-line argument |
 | argvLocal.c:136:15:136:18 | -- ... indirection | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:136:15:136:18 | -- ... indirection | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:13:27:13:30 | argv indirection | a command-line argument |
 | argvLocal.c:139:9:139:26 | ... ? ... : ... indirection | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:139:9:139:26 | ... ? ... : ... indirection | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:13:27:13:30 | argv indirection | a command-line argument |
 | argvLocal.c:140:15:140:32 | ... ? ... : ... indirection | argvLocal.c:13:27:13:30 | argv indirection | argvLocal.c:140:15:140:32 | ... ? ... : ... indirection | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:13:27:13:30 | argv indirection | a command-line argument |

cpp/ql/test/query-tests/Security/CWE/CWE-367/semmle/test2.cpp

@@ -19,7 +19,7 @@ bool stat(const char *path, stat_data *buf);
 bool fstat(int file, stat_data *buf);
 bool lstat(const char *path, stat_data *buf);
 bool fstatat(int dir, const char *path, stat_data *buf);
-void chmod(const char *path, int setting);
+int chmod(const char *path, int setting);
 int rename(const char *from, const char *to);
 bool remove(const char *path);
 
@@ -408,3 +408,8 @@ void test7_1(const char *path1, const char *path2)
 		chmod(path2, 1234); // BAD
 	}
 }
+
+int test8(const char *path, int mode)
+{
+    return (chmod(path, mode) == 0 ? 1 : 0); // GOOD
+}

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/AssemblyCacheExtensions.cs

@@ -9,7 +9,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         private static readonly Version emptyVersion = new Version(0, 0, 0, 0);
 
         /// <summary>
-        /// This method orders AssemblyInfos by version numbers (.net core version first, then assembly version). Finally, it orders by filename to make the order deterministic.
+        /// This method orders AssemblyInfos. The method is used to define the assembly preference order in case of conflicts.
         /// </summary>
         public static IOrderedEnumerable<AssemblyInfo> OrderAssemblyInfosByPreference(this IEnumerable<AssemblyInfo> assemblies, IEnumerable<string> frameworkPaths)
         {
@@ -21,8 +21,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                 : assemblies.OrderBy(initialOrdering);
 
             return ordered
-                .ThenBy(info => info.NetCoreVersion ?? emptyVersion)
                 .ThenBy(info => info.Version ?? emptyVersion)
+                .ThenBy(info => info.NetCoreVersion ?? emptyVersion)
                 .ThenBy(info => info.Filename);
         }
     }

csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.expected

@@ -1,5 +1,6 @@
 | /avalara.avatax/21.10.0/lib/netstandard20/Avalara.AvaTax.netstandard20.dll |
 | /microsoft.bcl.asyncinterfaces/6.0.0/lib/netstandard2.1/Microsoft.Bcl.AsyncInterfaces.dll |
+| /microsoft.netcore.app.ref/3.1.0/ref/netcoreapp3.1/System.Data.DataSetExtensions.dll |
 | /microsoft.netcore.app.ref/3.1.0/ref/netcoreapp3.1/System.Runtime.InteropServices.WindowsRuntime.dll |
 | /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Data.dll |
 | /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Xml.dll |
@@ -26,7 +27,6 @@
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Console.dll |
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Core.dll |
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.Common.dll |
-| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.DataSetExtensions.dll |
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Contracts.dll |
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Debug.dll |
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.DiagnosticSource.dll |

csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.expected

@@ -1,5 +1,6 @@
 | /avalara.avatax/21.10.0/lib/netstandard20/Avalara.AvaTax.netstandard20.dll |
 | /microsoft.bcl.asyncinterfaces/6.0.0/lib/netstandard2.1/Microsoft.Bcl.AsyncInterfaces.dll |
+| /microsoft.netcore.app.ref/3.1.0/ref/netcoreapp3.1/System.Data.DataSetExtensions.dll |
 | /microsoft.netcore.app.ref/3.1.0/ref/netcoreapp3.1/System.Runtime.InteropServices.WindowsRuntime.dll |
 | /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Data.dll |
 | /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Xml.dll |
@@ -25,7 +26,6 @@
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Console.dll |
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Core.dll |
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.Common.dll |
-| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.DataSetExtensions.dll |
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Contracts.dll |
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Debug.dll |
 | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.DiagnosticSource.dll |

csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll

@@ -115,14 +115,24 @@ class HttpServerTransferSink extends Sink {
   }
 }
 
-private predicate isLocalUrlSanitizer(Guard g, Expr e, AbstractValue v) {
-  g.(MethodCall).getTarget().hasName("IsLocalUrl") and
-  e = g.(MethodCall).getArgument(0) and
+private predicate isLocalUrlSanitizerMethodCall(MethodCall guard, Expr e, AbstractValue v) {
+  exists(Method m | m = guard.getTarget() |
+    m.hasName("IsLocalUrl") and
+    e = guard.getArgument(0)
+    or
+    m.hasName("IsUrlLocalToHost") and
+    e = guard.getArgument(1)
+  ) and
   v.(AbstractValues::BooleanValue).getValue() = true
 }
 
+private predicate isLocalUrlSanitizer(Guard g, Expr e, AbstractValue v) {
+  isLocalUrlSanitizerMethodCall(g, e, v)
+}
+
 /**
- * A URL argument to a call to `UrlHelper.isLocalUrl()` that is a sanitizer for URL redirects.
+ * A URL argument to a call to `UrlHelper.IsLocalUrl()` or `HttpRequestBase.IsUrlLocalToHost()` that
+ * is a sanitizer for URL redirects.
  */
 class LocalUrlSanitizer extends Sanitizer {
   LocalUrlSanitizer() { this = DataFlow::BarrierGuard<isLocalUrlSanitizer/3>::getABarrierNode() }

csharp/ql/src/change-notes/2023-11-29-url-redirect-false-positive.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()`

csharp/ql/test/library-tests/dataflow/flowsources/remote/remoteFlowSource.ql

@@ -1,4 +1,5 @@
 import semmle.code.csharp.security.dataflow.flowsources.Remote
 
 from RemoteFlowSource source
+where source.getLocation().getFile().fromSource()
 select source, source.getSourceType()

csharp/ql/test/query-tests/Nullness/E.cs

@@ -431,6 +431,29 @@ public class E
         i = null;
         return @is.Any();
     }
+
+    static void Ex45(string s)
+    {
+        if (s is null)
+        {
+            s.ToString(); // BAD (always)
+        }
+
+        if (s is not not null)
+        {
+            s.ToString(); // BAD (always) (FALSE NEGATIVE)
+        }
+
+        if (s is not null)
+        {
+            s.ToString(); // GOOD
+        }
+
+        if (s is object)
+        {
+            s.ToString(); // GOOD
+        }
+    }
 }
 
 public static class Extensions

csharp/ql/test/query-tests/Nullness/EqualityCheck.expected

@@ -244,6 +244,8 @@
 | E.cs:423:33:423:44 | ... == ... | true | E.cs:423:38:423:44 | access to property Value | E.cs:423:33:423:33 | access to parameter j |
 | E.cs:430:34:430:45 | ... == ... | true | E.cs:430:34:430:34 | access to parameter j | E.cs:430:39:430:45 | access to property Value |
 | E.cs:430:34:430:45 | ... == ... | true | E.cs:430:39:430:45 | access to property Value | E.cs:430:34:430:34 | access to parameter j |
+| E.cs:437:13:437:21 | ... is ... | true | E.cs:437:13:437:13 | access to parameter s | E.cs:437:18:437:21 | null |
+| E.cs:437:13:437:21 | ... is ... | true | E.cs:437:18:437:21 | null | E.cs:437:13:437:13 | access to parameter s |
 | Forwarding.cs:59:13:59:21 | ... == ... | true | Forwarding.cs:59:13:59:13 | access to parameter o | Forwarding.cs:59:18:59:21 | null |
 | Forwarding.cs:59:13:59:21 | ... == ... | true | Forwarding.cs:59:18:59:21 | null | Forwarding.cs:59:13:59:13 | access to parameter o |
 | Forwarding.cs:78:16:78:39 | call to method ReferenceEquals | true | Forwarding.cs:78:32:78:32 | access to parameter o | Forwarding.cs:78:35:78:38 | null |

csharp/ql/test/query-tests/Nullness/Implications.expected

@@ -1300,6 +1300,11 @@
 | E.cs:429:13:429:22 | access to property HasValue | true | E.cs:429:13:429:13 | access to parameter i | non-null |
 | E.cs:432:16:432:24 | call to method Any<Int32> | false | E.cs:432:16:432:18 | access to parameter is | empty |
 | E.cs:432:16:432:24 | call to method Any<Int32> | true | E.cs:432:16:432:18 | access to parameter is | non-empty |
+| E.cs:437:13:437:21 | ... is ... | false | E.cs:437:13:437:13 | access to parameter s | non-null |
+| E.cs:437:13:437:21 | ... is ... | true | E.cs:437:13:437:13 | access to parameter s | null |
+| E.cs:442:13:442:29 | ... is ... | true | E.cs:442:13:442:13 | access to parameter s | non-null |
+| E.cs:447:13:447:25 | ... is ... | true | E.cs:447:13:447:13 | access to parameter s | non-null |
+| E.cs:452:13:452:23 | ... is ... | true | E.cs:452:13:452:13 | access to parameter s | non-null |
 | Forwarding.cs:9:13:9:30 | !... | false | Forwarding.cs:9:14:9:30 | call to method IsNullOrEmpty | true |
 | Forwarding.cs:9:13:9:30 | !... | true | Forwarding.cs:9:14:9:30 | call to method IsNullOrEmpty | false |
 | Forwarding.cs:9:14:9:14 | access to local variable s | empty | Forwarding.cs:7:20:7:23 | null | empty |

csharp/ql/test/query-tests/Nullness/NullAlways.expected

@@ -37,6 +37,7 @@
 | E.cs:324:13:324:14 | access to parameter s2 | Variable $@ is always null at this dereference. | E.cs:319:40:319:41 | s2 | s2 |
 | E.cs:331:9:331:9 | access to local variable x | Variable $@ is always null at this dereference. | E.cs:330:13:330:13 | x | x |
 | E.cs:405:16:405:16 | access to local variable i | Variable $@ is always null at this dereference. | E.cs:403:14:403:14 | i | i |
+| E.cs:439:13:439:13 | access to parameter s | Variable $@ is always null at this dereference. | E.cs:435:29:435:29 | s | s |
 | Forwarding.cs:36:31:36:31 | access to local variable s | Variable $@ is always null at this dereference. | Forwarding.cs:7:16:7:16 | s | s |
 | Forwarding.cs:40:27:40:27 | access to local variable s | Variable $@ is always null at this dereference. | Forwarding.cs:7:16:7:16 | s | s |
 | NullAlwaysBad.cs:9:30:9:30 | access to parameter s | Variable $@ is always null at this dereference. | NullAlwaysBad.cs:7:29:7:29 | s | s |

csharp/ql/test/query-tests/Nullness/NullCheck.expected

@@ -298,6 +298,11 @@
 | E.cs:422:13:422:22 | access to property HasValue | E.cs:422:13:422:13 | access to parameter i | true | false |
 | E.cs:429:13:429:22 | access to property HasValue | E.cs:429:13:429:13 | access to parameter i | false | true |
 | E.cs:429:13:429:22 | access to property HasValue | E.cs:429:13:429:13 | access to parameter i | true | false |
+| E.cs:437:13:437:21 | ... is ... | E.cs:437:13:437:13 | access to parameter s | false | false |
+| E.cs:437:13:437:21 | ... is ... | E.cs:437:13:437:13 | access to parameter s | true | true |
+| E.cs:442:13:442:29 | ... is ... | E.cs:442:13:442:13 | access to parameter s | true | false |
+| E.cs:447:13:447:25 | ... is ... | E.cs:447:13:447:13 | access to parameter s | true | false |
+| E.cs:452:13:452:23 | ... is ... | E.cs:452:13:452:13 | access to parameter s | true | false |
 | Forwarding.cs:9:14:9:30 | call to method IsNullOrEmpty | Forwarding.cs:9:14:9:14 | access to local variable s | false | false |
 | Forwarding.cs:14:13:14:32 | call to method IsNotNullOrEmpty | Forwarding.cs:14:13:14:13 | access to local variable s | true | false |
 | Forwarding.cs:19:14:19:23 | call to method IsNull | Forwarding.cs:19:14:19:14 | access to local variable s | false | false |

csharp/ql/test/query-tests/Nullness/NullMaybe.expected

@@ -408,6 +408,9 @@ nodes
 | E.cs:405:16:405:16 | access to local variable i |
 | E.cs:417:24:417:40 | SSA capture def(i) |
 | E.cs:417:34:417:34 | access to parameter i |
+| E.cs:435:29:435:29 | SSA param(s) |
+| E.cs:437:13:437:21 | [true] ... is ... |
+| E.cs:439:13:439:13 | access to parameter s |
 | Forwarding.cs:7:16:7:23 | SSA def(s) |
 | Forwarding.cs:9:13:9:30 | [false] !... |
 | Forwarding.cs:14:9:17:9 | if (...) ... |
@@ -798,6 +801,8 @@ edges
 | E.cs:404:9:404:18 | SSA def(i) | E.cs:405:16:405:16 | access to local variable i |
 | E.cs:404:9:404:18 | SSA def(i) | E.cs:405:16:405:16 | access to local variable i |
 | E.cs:417:24:417:40 | SSA capture def(i) | E.cs:417:34:417:34 | access to parameter i |
+| E.cs:435:29:435:29 | SSA param(s) | E.cs:437:13:437:21 | [true] ... is ... |
+| E.cs:437:13:437:21 | [true] ... is ... | E.cs:439:13:439:13 | access to parameter s |
 | Forwarding.cs:7:16:7:23 | SSA def(s) | Forwarding.cs:9:13:9:30 | [false] !... |
 | Forwarding.cs:9:13:9:30 | [false] !... | Forwarding.cs:14:9:17:9 | if (...) ... |
 | Forwarding.cs:14:9:17:9 | if (...) ... | Forwarding.cs:19:9:22:9 | if (...) ... |

csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Web;
 using System.Web.Mvc;
+using System.Web.WebPages;
 
 public class UrlRedirectHandler : IHttpHandler
 {
@@ -48,6 +49,13 @@ public class UrlRedirectHandler : IHttpHandler
 
         // GOOD: request parameter is URL encoded
         ctx.Response.Redirect(HttpUtility.UrlEncode(ctx.Request.QueryString["page"]));
+
+        // GOOD: whitelisted redirect
+        var url3 = ctx.Request.QueryString["page"];
+        if (new HttpRequestWrapper(ctx.Request).IsUrlLocalToHost(url3))
+        {
+            ctx.Response.Redirect(url3);
+        }
     }
 
     // Implementation as recommended by Microsoft.

csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected

@@ -1,10 +1,10 @@
 edges
-| UrlRedirect.cs:12:31:12:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:12:31:12:61 | access to indexer |
-| UrlRedirect.cs:22:22:22:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:22:22:22:52 | access to indexer : String |
-| UrlRedirect.cs:22:22:22:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:47:29:47:31 | access to local variable url |
-| UrlRedirect.cs:22:22:22:52 | access to indexer : String | UrlRedirect.cs:47:29:47:31 | access to local variable url |
-| UrlRedirect.cs:37:44:37:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:37:44:37:74 | access to indexer |
-| UrlRedirect.cs:38:47:38:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:47:38:77 | access to indexer |
+| UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer |
+| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:23:22:23:52 | access to indexer : String |
+| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:48:29:48:31 | access to local variable url |
+| UrlRedirect.cs:23:22:23:52 | access to indexer : String | UrlRedirect.cs:48:29:48:31 | access to local variable url |
+| UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer |
+| UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer |
 | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:16:22:16:26 | access to parameter value |
 | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion |
 | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion |
@@ -17,15 +17,15 @@ edges
 | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:56:31:56:35 | access to parameter value |
 | UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri |
 nodes
-| UrlRedirect.cs:12:31:12:53 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
-| UrlRedirect.cs:12:31:12:61 | access to indexer | semmle.label | access to indexer |
-| UrlRedirect.cs:22:22:22:44 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
-| UrlRedirect.cs:22:22:22:52 | access to indexer : String | semmle.label | access to indexer : String |
-| UrlRedirect.cs:37:44:37:66 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
-| UrlRedirect.cs:37:44:37:74 | access to indexer | semmle.label | access to indexer |
-| UrlRedirect.cs:38:47:38:69 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
-| UrlRedirect.cs:38:47:38:77 | access to indexer | semmle.label | access to indexer |
-| UrlRedirect.cs:47:29:47:31 | access to local variable url | semmle.label | access to local variable url |
+| UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
+| UrlRedirect.cs:13:31:13:61 | access to indexer | semmle.label | access to indexer |
+| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
+| UrlRedirect.cs:23:22:23:52 | access to indexer : String | semmle.label | access to indexer : String |
+| UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
+| UrlRedirect.cs:38:44:38:74 | access to indexer | semmle.label | access to indexer |
+| UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
+| UrlRedirect.cs:39:47:39:77 | access to indexer | semmle.label | access to indexer |
+| UrlRedirect.cs:48:29:48:31 | access to local variable url | semmle.label | access to local variable url |
 | UrlRedirectCore.cs:13:44:13:48 | value : String | semmle.label | value : String |
 | UrlRedirectCore.cs:16:22:16:26 | access to parameter value | semmle.label | access to parameter value |
 | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | semmle.label | call to operator implicit conversion |
@@ -41,10 +41,10 @@ nodes
 | UrlRedirectCore.cs:56:31:56:35 | access to parameter value | semmle.label | access to parameter value |
 subpaths
 #select
-| UrlRedirect.cs:12:31:12:61 | access to indexer | UrlRedirect.cs:12:31:12:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:12:31:12:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:12:31:12:53 | access to property QueryString | user-provided value |
-| UrlRedirect.cs:37:44:37:74 | access to indexer | UrlRedirect.cs:37:44:37:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:37:44:37:74 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:37:44:37:66 | access to property QueryString | user-provided value |
-| UrlRedirect.cs:38:47:38:77 | access to indexer | UrlRedirect.cs:38:47:38:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:47:38:77 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:38:47:38:69 | access to property QueryString | user-provided value |
-| UrlRedirect.cs:47:29:47:31 | access to local variable url | UrlRedirect.cs:22:22:22:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:47:29:47:31 | access to local variable url | Untrusted URL redirection due to $@. | UrlRedirect.cs:22:22:22:44 | access to property QueryString | user-provided value |
+| UrlRedirect.cs:13:31:13:61 | access to indexer | UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:13:31:13:53 | access to property QueryString | user-provided value |
+| UrlRedirect.cs:38:44:38:74 | access to indexer | UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:38:44:38:66 | access to property QueryString | user-provided value |
+| UrlRedirect.cs:39:47:39:77 | access to indexer | UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:39:47:39:69 | access to property QueryString | user-provided value |
+| UrlRedirect.cs:48:29:48:31 | access to local variable url | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:48:29:48:31 | access to local variable url | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
 | UrlRedirectCore.cs:16:22:16:26 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:16:22:16:26 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
 | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
 | UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |

csharp/ql/test/resources/stubs/System.Web.cs

@@ -81,7 +81,7 @@ namespace System.Web.UI
 
     public class Page
     {
-        public System.Security.Principal.IPrincipal User { get; } 
+        public System.Security.Principal.IPrincipal User { get; }
         public System.Web.HttpRequest Request { get; }
     }
 
@@ -157,6 +157,11 @@ namespace System.Web
         public HttpCookieCollection Cookies => null;
     }
 
+    public class HttpRequestWrapper : System.Web.HttpRequestBase
+    {
+        public HttpRequestWrapper(HttpRequest r) { }
+    }
+
     public class HttpResponse
     {
         public void Write(object o) { }
@@ -306,15 +311,16 @@ namespace System.Web.Routing
     {
     }
 
-    public class Route 
+    public class Route
     {
     }
 
-    public class RouteTable {
+    public class RouteTable
+    {
         public RouteCollection Routes { get; }
     }
 
-    public class RouteCollection 
+    public class RouteCollection
     {
         public Route MapPageRoute(string routeName, string routeUrl, string physicalFile, bool checkPhysicalUrlAccess) { return null; }
     }
@@ -369,6 +375,15 @@ namespace System.Web.Helpers
     }
 }
 
+namespace System.Web.WebPages
+{
+    public static class RequestExtensions
+    {
+        public static bool IsUrlLocalToHost(this System.Web.HttpRequestBase request, string url) => throw null;
+    }
+
+}
+
 namespace System.Web.Script.Serialization
 {
     // Generated from `System.Web.Script.Serialization.JavaScriptSerializer` in `System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`

go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected

@@ -1,56 +1,46 @@
 edges
-| tests.go:9:2:9:74 | ... := ...[0] | tests.go:10:9:10:9 | f |
-| tests.go:10:9:10:9 | f | tests.go:43:5:43:38 | ... := ...[0] |
-| tests.go:10:9:10:9 | f | tests.go:60:5:60:38 | ... := ...[0] |
-| tests.go:10:9:10:9 | f | tests.go:108:5:108:38 | ... := ...[0] |
-| tests.go:10:9:10:9 | f | tests.go:124:5:124:38 | ... := ...[0] |
-| tests.go:18:2:18:69 | return statement[0] | tests.go:53:5:53:42 | ... := ...[0] |
-| tests.go:18:2:18:69 | return statement[0] | tests.go:70:5:70:42 | ... := ...[0] |
-| tests.go:21:24:21:24 | definition of f | tests.go:22:8:22:8 | f |
-| tests.go:25:32:25:32 | definition of f | tests.go:26:13:26:13 | capture variable f |
-| tests.go:26:13:26:13 | capture variable f | tests.go:27:3:27:3 | f |
-| tests.go:43:5:43:38 | ... := ...[0] | tests.go:44:21:44:21 | f |
-| tests.go:43:5:43:38 | ... := ...[0] | tests.go:45:29:45:29 | f |
-| tests.go:44:21:44:21 | f | tests.go:21:24:21:24 | definition of f |
-| tests.go:45:29:45:29 | f | tests.go:25:32:25:32 | definition of f |
-| tests.go:53:5:53:42 | ... := ...[0] | tests.go:54:21:54:21 | f |
-| tests.go:53:5:53:42 | ... := ...[0] | tests.go:55:29:55:29 | f |
-| tests.go:54:21:54:21 | f | tests.go:21:24:21:24 | definition of f |
-| tests.go:55:29:55:29 | f | tests.go:25:32:25:32 | definition of f |
-| tests.go:60:5:60:38 | ... := ...[0] | tests.go:62:3:62:3 | f |
-| tests.go:70:5:70:42 | ... := ...[0] | tests.go:72:3:72:3 | f |
-| tests.go:108:5:108:38 | ... := ...[0] | tests.go:110:9:110:9 | f |
-| tests.go:124:5:124:38 | ... := ...[0] | tests.go:128:3:128:3 | f |
+| tests.go:8:24:8:24 | definition of f | tests.go:9:8:9:8 | f |
+| tests.go:12:32:12:32 | definition of f | tests.go:13:13:13:13 | capture variable f |
+| tests.go:13:13:13:13 | capture variable f | tests.go:14:3:14:3 | f |
+| tests.go:31:5:31:78 | ... := ...[0] | tests.go:32:21:32:21 | f |
+| tests.go:31:5:31:78 | ... := ...[0] | tests.go:33:29:33:29 | f |
+| tests.go:32:21:32:21 | f | tests.go:8:24:8:24 | definition of f |
+| tests.go:33:29:33:29 | f | tests.go:12:32:12:32 | definition of f |
+| tests.go:45:5:45:76 | ... := ...[0] | tests.go:46:21:46:21 | f |
+| tests.go:45:5:45:76 | ... := ...[0] | tests.go:47:29:47:29 | f |
+| tests.go:46:21:46:21 | f | tests.go:8:24:8:24 | definition of f |
+| tests.go:47:29:47:29 | f | tests.go:12:32:12:32 | definition of f |
+| tests.go:54:5:54:78 | ... := ...[0] | tests.go:56:3:56:3 | f |
+| tests.go:66:5:66:76 | ... := ...[0] | tests.go:68:3:68:3 | f |
+| tests.go:108:5:108:78 | ... := ...[0] | tests.go:110:9:110:9 | f |
+| tests.go:125:5:125:78 | ... := ...[0] | tests.go:129:3:129:3 | f |
 nodes
-| tests.go:9:2:9:74 | ... := ...[0] | semmle.label | ... := ...[0] |
-| tests.go:10:9:10:9 | f | semmle.label | f |
-| tests.go:18:2:18:69 | return statement[0] | semmle.label | return statement[0] |
-| tests.go:21:24:21:24 | definition of f | semmle.label | definition of f |
-| tests.go:22:8:22:8 | f | semmle.label | f |
-| tests.go:25:32:25:32 | definition of f | semmle.label | definition of f |
-| tests.go:26:13:26:13 | capture variable f | semmle.label | capture variable f |
-| tests.go:27:3:27:3 | f | semmle.label | f |
-| tests.go:43:5:43:38 | ... := ...[0] | semmle.label | ... := ...[0] |
-| tests.go:44:21:44:21 | f | semmle.label | f |
-| tests.go:45:29:45:29 | f | semmle.label | f |
-| tests.go:53:5:53:42 | ... := ...[0] | semmle.label | ... := ...[0] |
-| tests.go:54:21:54:21 | f | semmle.label | f |
-| tests.go:55:29:55:29 | f | semmle.label | f |
-| tests.go:60:5:60:38 | ... := ...[0] | semmle.label | ... := ...[0] |
-| tests.go:62:3:62:3 | f | semmle.label | f |
-| tests.go:70:5:70:42 | ... := ...[0] | semmle.label | ... := ...[0] |
-| tests.go:72:3:72:3 | f | semmle.label | f |
-| tests.go:108:5:108:38 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tests.go:8:24:8:24 | definition of f | semmle.label | definition of f |
+| tests.go:9:8:9:8 | f | semmle.label | f |
+| tests.go:12:32:12:32 | definition of f | semmle.label | definition of f |
+| tests.go:13:13:13:13 | capture variable f | semmle.label | capture variable f |
+| tests.go:14:3:14:3 | f | semmle.label | f |
+| tests.go:31:5:31:78 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tests.go:32:21:32:21 | f | semmle.label | f |
+| tests.go:33:29:33:29 | f | semmle.label | f |
+| tests.go:45:5:45:76 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tests.go:46:21:46:21 | f | semmle.label | f |
+| tests.go:47:29:47:29 | f | semmle.label | f |
+| tests.go:54:5:54:78 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tests.go:56:3:56:3 | f | semmle.label | f |
+| tests.go:66:5:66:76 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tests.go:68:3:68:3 | f | semmle.label | f |
+| tests.go:108:5:108:78 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tests.go:110:9:110:9 | f | semmle.label | f |
-| tests.go:124:5:124:38 | ... := ...[0] | semmle.label | ... := ...[0] |
-| tests.go:128:3:128:3 | f | semmle.label | f |
+| tests.go:125:5:125:78 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tests.go:129:3:129:3 | f | semmle.label | f |
 subpaths
 #select
-| tests.go:22:8:22:8 | f | tests.go:9:2:9:74 | ... := ...[0] | tests.go:22:8:22:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:9:12:9:74 | call to OpenFile | call to OpenFile |
-| tests.go:22:8:22:8 | f | tests.go:18:2:18:69 | return statement[0] | tests.go:22:8:22:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:18:9:18:69 | call to OpenFile | call to OpenFile |
-| tests.go:27:3:27:3 | f | tests.go:9:2:9:74 | ... := ...[0] | tests.go:27:3:27:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:9:12:9:74 | call to OpenFile | call to OpenFile |
-| tests.go:27:3:27:3 | f | tests.go:18:2:18:69 | return statement[0] | tests.go:27:3:27:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:18:9:18:69 | call to OpenFile | call to OpenFile |
-| tests.go:62:3:62:3 | f | tests.go:9:2:9:74 | ... := ...[0] | tests.go:62:3:62:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:9:12:9:74 | call to OpenFile | call to OpenFile |
-| tests.go:72:3:72:3 | f | tests.go:18:2:18:69 | return statement[0] | tests.go:72:3:72:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:18:9:18:69 | call to OpenFile | call to OpenFile |
-| tests.go:110:9:110:9 | f | tests.go:9:2:9:74 | ... := ...[0] | tests.go:110:9:110:9 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:9:12:9:74 | call to OpenFile | call to OpenFile |
-| tests.go:128:3:128:3 | f | tests.go:9:2:9:74 | ... := ...[0] | tests.go:128:3:128:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:9:12:9:74 | call to OpenFile | call to OpenFile |
+| tests.go:9:8:9:8 | f | tests.go:31:5:31:78 | ... := ...[0] | tests.go:9:8:9:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:31:15:31:78 | call to OpenFile | call to OpenFile |
+| tests.go:9:8:9:8 | f | tests.go:45:5:45:76 | ... := ...[0] | tests.go:9:8:9:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:45:15:45:76 | call to OpenFile | call to OpenFile |
+| tests.go:14:3:14:3 | f | tests.go:31:5:31:78 | ... := ...[0] | tests.go:14:3:14:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:31:15:31:78 | call to OpenFile | call to OpenFile |
+| tests.go:14:3:14:3 | f | tests.go:45:5:45:76 | ... := ...[0] | tests.go:14:3:14:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:45:15:45:76 | call to OpenFile | call to OpenFile |
+| tests.go:56:3:56:3 | f | tests.go:54:5:54:78 | ... := ...[0] | tests.go:56:3:56:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:54:15:54:78 | call to OpenFile | call to OpenFile |
+| tests.go:68:3:68:3 | f | tests.go:66:5:66:76 | ... := ...[0] | tests.go:68:3:68:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:66:15:66:76 | call to OpenFile | call to OpenFile |
+| tests.go:110:9:110:9 | f | tests.go:108:5:108:78 | ... := ...[0] | tests.go:110:9:110:9 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:108:15:108:78 | call to OpenFile | call to OpenFile |
+| tests.go:129:3:129:3 | f | tests.go:125:5:125:78 | ... := ...[0] | tests.go:129:3:129:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:125:15:125:78 | call to OpenFile | call to OpenFile |

go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/tests.go

@@ -5,19 +5,6 @@ import (
 	"os"
 )
 
-func openFileWrite(filename string) (*os.File, error) {
-	f, err := os.OpenFile(filename, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666)
-	return f, err
-}
-
-func openFileRead(filename string) (*os.File, error) {
-	return os.OpenFile(filename, os.O_RDONLY|os.O_CREATE, 0666)
-}
-
-func openFileReadWrite(filename string) (*os.File, error) {
-	return os.OpenFile(filename, os.O_RDWR|os.O_TRUNC|os.O_CREATE, 0666)
-}
-
 func closeFileDeferred(f *os.File) {
 	defer f.Close() // NOT OK, if `f` is writable
 }
@@ -40,41 +27,51 @@ func closeFileDeferredIndirectReturn(f *os.File) {
 }
 
 func deferredCalls() {
-	if f, err := openFileWrite("foo.txt"); err != nil {
-		closeFileDeferred(f)         // NOT OK
-		closeFileDeferredIndirect(f) // NOT OK
+	// open file for writing
+	if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil {
+		closeFileDeferred(f)               // NOT OK
+		closeFileDeferredIndirect(f)       // NOT OK
+		closeFileDeferredIndirectReturn(f) // OK - the error is not discarded at the call to Close (though it is discarded later)
 	}
 
-	if f, err := openFileRead("foo.txt"); err != nil {
-		closeFileDeferred(f)         // OK
-		closeFileDeferredIndirect(f) // OK
+	// open file for reading
+	if f, err := os.OpenFile("foo.txt", os.O_RDONLY|os.O_CREATE, 0666); err != nil {
+		closeFileDeferred(f)               // OK
+		closeFileDeferredIndirect(f)       // OK
+		closeFileDeferredIndirectReturn(f) // OK
 	}
 
-	if f, err := openFileReadWrite("foo.txt"); err != nil {
-		closeFileDeferred(f)         // NOT OK
-		closeFileDeferredIndirect(f) // NOT OK
+	// open file for reading and writing
+	if f, err := os.OpenFile("foo.txt", os.O_RDWR|os.O_TRUNC|os.O_CREATE, 0666); err != nil {
+		closeFileDeferred(f)               // NOT OK
+		closeFileDeferredIndirect(f)       // NOT OK
+		closeFileDeferredIndirectReturn(f) // OK - the error is not discarded at the call to Close (though it is discarded later)
 	}
 }
 
 func notDeferred() {
-	if f, err := openFileWrite("foo.txt"); err != nil {
+	// open file for writing
+	if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil {
 		// the handle is write-only and we don't check if `Close` succeeds
 		f.Close() // NOT OK
 	}
 
-	if f, err := openFileRead("foo.txt"); err != nil {
+	// open file for reading
+	if f, err := os.OpenFile("foo.txt", os.O_RDONLY|os.O_CREATE, 0666); err != nil {
 		// the handle is read-only, so this is ok
 		f.Close() // OK
 	}
 
-	if f, err := openFileReadWrite("foo.txt"); err != nil {
+	// open file for reading and writing
+	if f, err := os.OpenFile("foo.txt", os.O_RDWR|os.O_TRUNC|os.O_CREATE, 0666); err != nil {
 		// the handle is read-write and we don't check if `Close` succeeds
 		f.Close() // NOT OK
 	}
 }
 
 func foo() error {
-	if f, err := openFileWrite("foo.txt"); err != nil {
+	// open file for writing
+	if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil {
 		// the result of the call to `Close` is returned to the caller
 		return f.Close() // OK
 	}
@@ -83,7 +80,8 @@ func foo() error {
 }
 
 func isSyncedFirst() {
-	if f, err := openFileWrite("foo.txt"); err != nil {
+	// open file for writing
+	if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil {
 		// we have a call to `Sync` and check whether it was successful before proceeding
 		if err := f.Sync(); err != nil {
 			f.Close() // OK
@@ -93,7 +91,8 @@ func isSyncedFirst() {
 }
 
 func deferredCloseWithSync() {
-	if f, err := openFileWrite("foo.txt"); err != nil {
+	// open file for writing
+	if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil {
 		// a call to `Close` is deferred, but we have a call to `Sync` later which
 		// precedes the call to `Close` during execution
 		defer f.Close() // OK
@@ -105,7 +104,8 @@ func deferredCloseWithSync() {
 }
 
 func deferredCloseWithSyncEarlyReturn(n int) {
-	if f, err := openFileWrite("foo.txt"); err != nil {
+	// open file for writing
+	if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil {
 		// a call to `Close` is deferred
 		defer f.Close() // NOT OK
 
@@ -121,7 +121,8 @@ func deferredCloseWithSyncEarlyReturn(n int) {
 }
 
 func unhandledSync() {
-	if f, err := openFileWrite("foo.txt"); err != nil {
+	// open file for writing
+	if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil {
 		// we have a call to `Sync` which precedes the call to `Close`, but there is no check
 		// to see if `Sync` may have failed
 		f.Sync()

java/documentation/library-coverage/coverage.csv

@@ -194,7 +194,7 @@ org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
 org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
 org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
 org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-org.springframework.core.io,2,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,
+org.springframework.core.io,3,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,,,,,,
 org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
 org.springframework.http,14,,77,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,67,10
 org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,
@@ -211,7 +211,7 @@ org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,
 org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
 org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13,
 org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,
-org.springframework.web.util,,,165,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,140,25
+org.springframework.web.util,,9,157,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,132,25
 org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,2,
 org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,

java/documentation/library-coverage/coverage.rst

@@ -21,7 +21,7 @@ Java framework & library support
    Java Standard Library,``java.*``,10,724,221,76,,9,,,18
    Java extensions,"``javax.*``, ``jakarta.*``",67,686,74,4,4,,1,1,4
    Kotlin Standard Library,``kotlin*``,,1849,16,14,,,,,2
-   `Spring <https://spring.io/>`_,``org.springframework.*``,29,489,117,4,,28,14,,35
+   `Spring <https://spring.io/>`_,``org.springframework.*``,38,481,118,5,,28,14,,35
    Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.influxdb``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``",131,10503,875,116,6,18,18,,208
-   Totals,,299,18929,2423,315,16,122,33,1,401
+   Totals,,308,18921,2424,316,16,122,33,1,401
 

java/ql/lib/change-notes/2023-11-29-new-spring-models.md

@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Added a sink model for the `createRelative` method of the `org.springframework.core.io.Resource` interface.
+* Added source models for methods of the `org.springframework.web.util.UrlPathHelper` class and removed their taint flow models.

java/ql/lib/change-notes/2023-12-05-kotlin-array-get-set.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Taint tracking now understands Kotlin's `Array.get` and `Array.set` methods.

java/ql/lib/ext/org.springframework.core.io.model.yml

@@ -3,5 +3,6 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["org.springframework.core.io", "Resource", True, "createRelative", "(String)", "", "Argument[0]", "path-injection", "manual"]
       - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
       - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "request-forgery", "manual"]

java/ql/lib/ext/org.springframework.web.util.model.yml

@@ -1,4 +1,18 @@
 extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getLookupPathForRequest", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingQueryString", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingRequestUri", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinApplication", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinServletMapping", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getRequestUri", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getResolvedLookupPath", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getServletPath", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "resolveAndCacheLookupPath", "", "", "ReturnValue", "remote", "manual"]
+
   - addsTo:
       pack: codeql/java-all
       extensible: summaryModel
@@ -147,15 +161,7 @@ extensions:
       - ["org.springframework.web.util", "UrlPathHelper", False, "decodeRequestString", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
       - ["org.springframework.web.util", "UrlPathHelper", False, "getContextPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingContextPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingQueryString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingRequestUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinApplication", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinServletMapping", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getRequestUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getResolvedLookupPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getServletPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["org.springframework.web.util", "UrlPathHelper", False, "removeSemicolonContent", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "resolveAndCacheLookupPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["org.springframework.web.util", "WebUtils", False, "findParameterValue", "(Map,String)", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
       - ["org.springframework.web.util", "WebUtils", False, "findParameterValue", "(ServletRequest,String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["org.springframework.web.util", "WebUtils", False, "getCookie", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]

java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll

@@ -4,6 +4,10 @@ import semmle.code.java.Maps
 private import semmle.code.java.dataflow.SSA
 private import DataFlowUtil
 
+private class ArrayType extends RefType {
+  ArrayType() { this.getSourceDeclaration().getASourceSupertype*() instanceof Array }
+}
+
 private class EntryType extends RefType {
   EntryType() {
     this.getSourceDeclaration().getASourceSupertype*().hasQualifiedName("java.util", "Map$Entry")
@@ -446,6 +450,14 @@ predicate arrayStoreStep(Node node1, Node node2) {
   exists(Assignment assign | assign.getSource() = node1.asExpr() |
     node2.(PostUpdateNode).getPreUpdateNode().asExpr() = assign.getDest().(ArrayAccess).getArray()
   )
+  or
+  exists(Expr arr, Call call |
+    arr = node2.asExpr() and
+    call.getArgument(1) = node1.asExpr() and
+    call.getQualifier() = arr and
+    arr.getType() instanceof ArrayType and
+    call.getCallee().getName() = "set"
+  )
 }
 
 private predicate enhancedForStmtStep(Node node1, Node node2, Type containerType) {
@@ -470,6 +482,14 @@ predicate arrayReadStep(Node node1, Node node2, Type elemType) {
     node2.asExpr() = aa
   )
   or
+  exists(Expr arr, Call call |
+    arr = node1.asExpr() and
+    call = node2.asExpr() and
+    arr.getType() instanceof ArrayType and
+    call.getCallee().getName() = "get" and
+    call.getQualifier() = arr
+  )
+  or
   exists(Array arr |
     enhancedForStmtStep(node1, node2, arr) and
     arr.getComponentType() = elemType

java/ql/test-kotlin1/library-tests/dataflow/foreach/C2.kt

@@ -8,6 +8,7 @@ class C2 {
         val l = arrayOf(taint("a"), "")
         sink(l)
         sink(l[0])
+        sink(l.get(0))
         for (i in l.indices) {
             sink(l[i])
         }
@@ -15,4 +16,15 @@ class C2 {
             sink(s)
         }
     }
+
+    fun test2() {
+        val l1 = arrayOf("")
+        val l2 = arrayOf("")
+        l1[0] = taint("a")
+        l2.set(0, taint("a"))
+        sink(l1[0])
+        sink(l2[0])
+        sink(l1.get(0))
+        sink(l2.get(0))
+    }
 }

java/ql/test-kotlin1/library-tests/dataflow/foreach/test.expected

@@ -4,5 +4,10 @@
 | C1.java:10:44:10:46 | "a" | C1.java:19:20:19:20 | s |
 | C2.kt:8:32:8:32 | "a" | C2.kt:9:14:9:14 | l |
 | C2.kt:8:32:8:32 | "a" | C2.kt:10:14:10:17 | ...[...] |
-| C2.kt:8:32:8:32 | "a" | C2.kt:12:18:12:21 | ...[...] |
-| C2.kt:8:32:8:32 | "a" | C2.kt:15:18:15:18 | s |
+| C2.kt:8:32:8:32 | "a" | C2.kt:11:14:11:21 | get(...) |
+| C2.kt:8:32:8:32 | "a" | C2.kt:13:18:13:21 | ...[...] |
+| C2.kt:8:32:8:32 | "a" | C2.kt:16:18:16:18 | s |
+| C2.kt:23:24:23:24 | "a" | C2.kt:25:14:25:18 | ...[...] |
+| C2.kt:23:24:23:24 | "a" | C2.kt:27:14:27:22 | get(...) |
+| C2.kt:24:26:24:26 | "a" | C2.kt:26:14:26:18 | ...[...] |
+| C2.kt:24:26:24:26 | "a" | C2.kt:28:14:28:22 | get(...) |

java/ql/test-kotlin2/library-tests/vararg/args.expected

@@ -53,33 +53,33 @@ implicitVarargsArguments
 | test.kt:35:5:35:34 | funWithOnlyVarArgs(...) | 0 | test.kt:35:24:35:25 | 20 |
 | test.kt:35:5:35:34 | funWithOnlyVarArgs(...) | 1 | test.kt:35:28:35:29 | 21 |
 | test.kt:35:5:35:34 | funWithOnlyVarArgs(...) | 2 | test.kt:35:32:35:33 | 22 |
-| test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 0 | test.kt:36:28:36:30 | "foo" |
+| test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 0 | test.kt:36:27:36:31 | "foo" |
 | test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 1 | test.kt:36:34:36:37 | true |
 | test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 2 | test.kt:36:40:36:41 | 30 |
 | test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 3 | test.kt:36:44:36:45 | 31 |
 | test.kt:36:5:36:50 | funWithArgsAndVarArgs(...) | 4 | test.kt:36:48:36:49 | 32 |
-| test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 0 | test.kt:37:27:37:29 | "foo" |
+| test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 0 | test.kt:37:26:37:30 | "foo" |
 | test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 1 | test.kt:37:33:37:34 | 41 |
 | test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 2 | test.kt:37:37:37:38 | 42 |
 | test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 3 | test.kt:37:41:37:42 | 43 |
 | test.kt:37:5:37:53 | funWithMiddleVarArgs(...) | 4 | test.kt:37:49:37:52 | true |
 | test.kt:38:5:38:30 | funWithOnlyVarArgs(...) | 0 | test.kt:38:25:38:29 | array |
-| test.kt:39:5:39:46 | funWithArgsAndVarArgs(...) | 0 | test.kt:39:28:39:30 | "foo" |
+| test.kt:39:5:39:46 | funWithArgsAndVarArgs(...) | 0 | test.kt:39:27:39:31 | "foo" |
 | test.kt:39:5:39:46 | funWithArgsAndVarArgs(...) | 1 | test.kt:39:34:39:37 | true |
 | test.kt:39:5:39:46 | funWithArgsAndVarArgs(...) | 2 | test.kt:39:41:39:45 | array |
-| test.kt:40:5:40:49 | funWithMiddleVarArgs(...) | 0 | test.kt:40:27:40:29 | "foo" |
+| test.kt:40:5:40:49 | funWithMiddleVarArgs(...) | 0 | test.kt:40:26:40:30 | "foo" |
 | test.kt:40:5:40:49 | funWithMiddleVarArgs(...) | 1 | test.kt:40:34:40:38 | array |
 | test.kt:40:5:40:49 | funWithMiddleVarArgs(...) | 2 | test.kt:40:45:40:48 | true |
 | test.kt:41:5:41:36 | new HasVarargConstructor(...) | 0 | test.kt:41:26:41:27 | 51 |
 | test.kt:41:5:41:36 | new HasVarargConstructor(...) | 1 | test.kt:41:30:41:31 | 52 |
 | test.kt:41:5:41:36 | new HasVarargConstructor(...) | 2 | test.kt:41:34:41:35 | 53 |
-| test.kt:42:5:42:43 | new HasVarargConstructor(...) | 0 | test.kt:42:27:42:29 | "foo" |
+| test.kt:42:5:42:43 | new HasVarargConstructor(...) | 0 | test.kt:42:26:42:30 | "foo" |
 | test.kt:42:5:42:43 | new HasVarargConstructor(...) | 1 | test.kt:42:33:42:34 | 61 |
 | test.kt:42:5:42:43 | new HasVarargConstructor(...) | 2 | test.kt:42:37:42:38 | 62 |
 | test.kt:42:5:42:43 | new HasVarargConstructor(...) | 3 | test.kt:42:41:42:42 | 63 |
 | test.kt:43:5:43:38 | new SuperclassHasVarargConstructor(...) | 0 | test.kt:43:36:43:37 | 91 |
 | test.kt:44:5:44:32 | new HasVarargConstructor(...) | 0 | test.kt:44:27:44:31 | array |
-| test.kt:45:5:45:39 | new HasVarargConstructor(...) | 0 | test.kt:45:27:45:29 | "foo" |
+| test.kt:45:5:45:39 | new HasVarargConstructor(...) | 0 | test.kt:45:26:45:30 | "foo" |
 | test.kt:45:5:45:39 | new HasVarargConstructor(...) | 1 | test.kt:45:34:45:38 | array |
 | test.kt:55:13:55:43 | new X(...) | 0 | test.kt:55:42:55:42 | 1 |
 | test.kt:55:13:55:43 | new X(...) | 1 | test.kt:55:15:55:35 | tmp0_s |

java/ql/test/library-tests/frameworks/spring/webutil/Test.java

@@ -2396,45 +2396,6 @@ public class Test {
 			out = instance.getOriginatingContextPath(in);
 			sink(out); // $hasTaintFlow
 		}
-		{
-			// "org.springframework.web.util;UrlPathHelper;false;getOriginatingQueryString;;;Argument[0];ReturnValue;taint;manual"
-			String out = null;
-			HttpServletRequest in = (HttpServletRequest)source();
-			UrlPathHelper instance = null;
-			out = instance.getOriginatingQueryString(in);
-			sink(out); // $hasTaintFlow
-		}
-		{
-			// "org.springframework.web.util;UrlPathHelper;false;getOriginatingRequestUri;;;Argument[0];ReturnValue;taint;manual"
-			String out = null;
-			HttpServletRequest in = (HttpServletRequest)source();
-			UrlPathHelper instance = null;
-			out = instance.getOriginatingRequestUri(in);
-			sink(out); // $hasTaintFlow
-		}
-		{
-			// "org.springframework.web.util;UrlPathHelper;false;getRequestUri;;;Argument[0];ReturnValue;taint;manual"
-			String out = null;
-			HttpServletRequest in = (HttpServletRequest)source();
-			UrlPathHelper instance = null;
-			out = instance.getRequestUri(in);
-			sink(out); // $hasTaintFlow
-		}
-		{
-			// "org.springframework.web.util;UrlPathHelper;false;getResolvedLookupPath;;;Argument[0];ReturnValue;taint;manual"
-			String out = null;
-			ServletRequest in = (ServletRequest)source();
-			out = UrlPathHelper.getResolvedLookupPath(in);
-			sink(out); // $hasTaintFlow
-		}
-		{
-			// "org.springframework.web.util;UrlPathHelper;false;getServletPath;;;Argument[0];ReturnValue;taint;manual"
-			String out = null;
-			HttpServletRequest in = (HttpServletRequest)source();
-			UrlPathHelper instance = null;
-			out = instance.getServletPath(in);
-			sink(out); // $hasTaintFlow
-		}
 		{
 			// "org.springframework.web.util;UrlPathHelper;false;removeSemicolonContent;;;Argument[0];ReturnValue;taint;manual"
 			String out = null;
@@ -2443,14 +2404,6 @@ public class Test {
 			out = instance.removeSemicolonContent(in);
 			sink(out); // $hasTaintFlow
 		}
-		{
-			// "org.springframework.web.util;UrlPathHelper;false;resolveAndCacheLookupPath;;;Argument[0];ReturnValue;taint;manual"
-			String out = null;
-			HttpServletRequest in = (HttpServletRequest)source();
-			UrlPathHelper instance = null;
-			out = instance.resolveAndCacheLookupPath(in);
-			sink(out); // $hasTaintFlow
-		}
 		{
 			// "org.springframework.web.util;WebUtils;false;findParameterValue;(Map,String);;MapValue of Argument[0];ReturnValue;value;manual"
 			String out = null;
@@ -2605,22 +2558,6 @@ public class Test {
 			out = in.toString();
 			sink(out); // $ hasTaintFlow
 		}
-		{
-			// "org.springframework.web.util;UrlPathHelper;false;getPathWithinApplication;;;Argument[0];ReturnValue;taint;manual"
-			String out = null;
-			HttpServletRequest in = (HttpServletRequest)source();
-			UrlPathHelper instance = null;
-			out = instance.getPathWithinApplication(in);
-			sink(out); // $ hasTaintFlow
-		}
-		{
-			// "org.springframework.web.util;UrlPathHelper;false;getPathWithinServletMapping;;;Argument[0];ReturnValue;taint;manual"
-			String out = null;
-			HttpServletRequest in = (HttpServletRequest)source();
-			UrlPathHelper instance = null;
-			out = instance.getPathWithinServletMapping(in);
-			sink(out); // $ hasTaintFlow
-		}
 		{
 			// "org.springframework.web.util;WebUtils;false;setSessionAttribute;;;Argument[2];Argument[0];taint;manual"
 			HttpServletRequest out = null;

python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md

@@ -0,0 +1,5 @@
+---
+category: fix
+---
+
+- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected.

python/ql/lib/semmle/python/Flow.qll

@@ -126,7 +126,10 @@ class ControlFlowNode extends @py_flow_node {
   cached
   string toString() {
     Stages::AST::ref() and
-    exists(Scope s | s.getEntryNode() = this | result = "Entry node for " + s.toString())
+    // Since modules can have ambigous names, entry nodes can too, if we do not collate them.
+    exists(Scope s | s.getEntryNode() = this |
+      result = "Entry node for " + concat( | | s.toString(), ",")
+    )
     or
     exists(Scope s | s.getANormalExit() = this | result = "Exit node for " + s.toString())
     or

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll

@@ -281,28 +281,33 @@ class DataFlowExpr = Expr;
 /**
  * A module to compute local flow.
  *
- * Flow will generally go from control flow nodes into essa variables at definitions,
+ * Flow will generally go from control flow nodes for expressions into
+ * control flow nodes for variables at definitions,
  * and from there via use-use flow to other control flow nodes.
  *
  * Some syntaxtic constructs are handled separately.
  */
 module LocalFlow {
-  /** Holds if `nodeFrom` is the control flow node defining the essa variable `nodeTo`. */
+  /** Holds if `nodeFrom` is the expression defining the value for the variable `nodeTo`. */
   predicate definitionFlowStep(Node nodeFrom, Node nodeTo) {
     // Definition
     //   `x = f(42)`
-    //   nodeFrom is `f(42)`, cfg node
-    //   nodeTo is `x`, essa var
-    nodeFrom.(CfgNode).getNode() =
-      nodeTo.(EssaNode).getVar().getDefinition().(AssignmentDefinition).getValue()
+    //   nodeFrom is `f(42)`
+    //   nodeTo is `x`
+    exists(AssignmentDefinition def |
+      nodeFrom.(CfgNode).getNode() = def.getValue() and
+      nodeTo.(CfgNode).getNode() = def.getDefiningNode()
+    )
     or
     // With definition
     //   `with f(42) as x:`
-    //   nodeFrom is `f(42)`, cfg node
-    //   nodeTo is `x`, essa var
-    exists(With with, ControlFlowNode contextManager, ControlFlowNode var |
+    //   nodeFrom is `f(42)`
+    //   nodeTo is `x`
+    exists(With with, ControlFlowNode contextManager, WithDefinition withDef, ControlFlowNode var |
+      var = withDef.getDefiningNode()
+    |
       nodeFrom.(CfgNode).getNode() = contextManager and
-      nodeTo.(EssaNode).getVar().getDefinition().(WithDefinition).getDefiningNode() = var and
+      nodeTo.(CfgNode).getNode() = var and
       // see `with_flow` in `python/ql/src/semmle/python/dataflow/Implementation.qll`
       with.getContextExpr() = contextManager.getNode() and
       with.getOptionalVars() = var.getNode() and
@@ -313,34 +318,6 @@ module LocalFlow {
       // * `foo = x.foo(); await foo.async_method(); foo.close()` and
       // * `async with x.foo() as foo: await foo.async_method()`.
     )
-    or
-    // Async with var definition
-    //  `async with f(42) as x:`
-    //  nodeFrom is `x`, cfg node
-    //  nodeTo is `x`, essa var
-    //
-    // This makes the cfg node the local source of the awaited value.
-    //
-    // We have this step in addition to the step above, to handle cases where the QL
-    // modeling of `f(42)` requires a `.getAwaited()` step (in API graphs) when not
-    // using `async with`, so you can do both:
-    // * `foo = await x.foo(); await foo.async_method(); foo.close()` and
-    // * `async with x.foo() as foo: await foo.async_method()`.
-    exists(With with, ControlFlowNode var |
-      nodeFrom.(CfgNode).getNode() = var and
-      nodeTo.(EssaNode).getVar().getDefinition().(WithDefinition).getDefiningNode() = var and
-      with.getOptionalVars() = var.getNode() and
-      with.isAsync()
-    )
-    or
-    // Parameter definition
-    //   `def foo(x):`
-    //   nodeFrom is `x`, cfgNode
-    //   nodeTo is `x`, essa var
-    exists(ParameterDefinition pd |
-      nodeFrom.(CfgNode).getNode() = pd.getDefiningNode() and
-      nodeTo.(EssaNode).getVar() = pd.getVariable()
-    )
   }
 
   predicate expressionFlowStep(Node nodeFrom, Node nodeTo) {
@@ -372,9 +349,12 @@ module LocalFlow {
     // First use after definition
     //   `y = 42`
     //   `x = f(y)`
-    //   nodeFrom is `y` on first line, essa var
-    //   nodeTo is `y` on second line, cfg node
-    defToFirstUse(nodeFrom.asVar(), nodeTo.asCfgNode())
+    //   nodeFrom is `y` on first line
+    //   nodeTo is `y` on second line
+    exists(EssaDefinition def |
+      nodeFrom.(CfgNode).getNode() = def.(EssaNodeDefinition).getDefiningNode() and
+      AdjacentUses::firstUse(def, nodeTo.(CfgNode).getNode())
+    )
     or
     // Next use after use
     //   `x = f(y)`
@@ -565,11 +545,7 @@ predicate neverSkipInPathGraph(Node n) {
   // ```
   // we would end up saying that the path MUST not skip the x in `y = x`, which is just
   // annoying and doesn't help the path explanation become clearer.
-  n.asVar() instanceof EssaDefinition and
-  // For a parameter we have flow from ControlFlowNode to SSA node, and then onwards
-  // with use-use flow, and since the CFN is already part of the path graph, we don't
-  // want to force showing the SSA node as well.
-  not n.asVar() instanceof ParameterDefinition
+  n.asCfgNode() = any(EssaNodeDefinition def).getDefiningNode()
 }
 
 /**
@@ -916,7 +892,7 @@ predicate subscriptReadStep(CfgNode nodeFrom, Content c, CfgNode nodeTo) {
 predicate forReadStep(CfgNode nodeFrom, Content c, Node nodeTo) {
   exists(ForTarget target |
     nodeFrom.asExpr() = target.getSource() and
-    nodeTo.asVar().(EssaNodeDefinition).getDefiningNode() = target
+    nodeTo.asCfgNode() = target
   ) and
   (
     c instanceof ListElementContent

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll

@@ -24,13 +24,13 @@ private import semmle.python.frameworks.data.ModelsAsData
  * The current implementation of these cross flows can be seen in `EssaTaintTracking`.
  */
 newtype TNode =
-  /** A node corresponding to an SSA variable. */
-  TEssaNode(EssaVariable var) or
   /** A node corresponding to a control flow node. */
   TCfgNode(ControlFlowNode node) {
     isExpressionNode(node)
     or
     node.getNode() instanceof Pattern
+    or
+    node = any(ScopeEntryDefinition def).getDefiningNode()
   } or
   /**
    * A synthetic node representing the value of an object before a state change.
@@ -156,9 +156,6 @@ class Node extends TNode {
     this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 
-  /** Gets the ESSA variable corresponding to this node, if any. */
-  EssaVariable asVar() { none() }
-
   /** Gets the control-flow node corresponding to this node, if any. */
   ControlFlowNode asCfgNode() { none() }
 
@@ -171,25 +168,6 @@ class Node extends TNode {
   LocalSourceNode getALocalSource() { result.flowsTo(this) }
 }
 
-/** A data-flow node corresponding to an SSA variable. */
-class EssaNode extends Node, TEssaNode {
-  EssaVariable var;
-
-  EssaNode() { this = TEssaNode(var) }
-
-  /** Gets the `EssaVariable` represented by this data-flow node. */
-  EssaVariable getVar() { result = var }
-
-  override EssaVariable asVar() { result = var }
-
-  /** Gets a textual representation of this element. */
-  override string toString() { result = var.toString() }
-
-  override Scope getScope() { result = var.getScope() }
-
-  override Location getLocation() { result = var.getLocation() }
-}
-
 /** A data-flow node corresponding to a control-flow node. */
 class CfgNode extends Node, TCfgNode {
   ControlFlowNode node;
@@ -412,8 +390,8 @@ class ModuleVariableNode extends Node, TModuleVariableNode {
   }
 
   /** Gets an `EssaNode` that corresponds to an assignment of this global variable. */
-  EssaNode getAWrite() {
-    result.getVar().getDefinition().(EssaNodeDefinition).definedBy(var, any(DefinitionNode defn))
+  Node getAWrite() {
+    any(EssaNodeDefinition def).definedBy(var, result.asCfgNode().(DefinitionNode))
   }
 
   /** Gets the possible values of the variable at the end of import time */

python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll

@@ -112,7 +112,7 @@ module ImportResolution {
       not allowedEssaImportStep(_, firstDef)
     |
       not LocalFlow::defToFirstUse(firstDef, _) and
-      val.asVar() = firstDef
+      val.asCfgNode() = firstDef.getDefinition().(EssaNodeDefinition).getDefiningNode()
       or
       exists(ControlFlowNode mid, ControlFlowNode end |
         LocalFlow::defToFirstUse(firstDef, mid) and
@@ -320,11 +320,11 @@ module ImportResolution {
     // name as a submodule, we always consider that this attribute _could_ be a
     // reference to the submodule, even if we don't know that the submodule has been
     // imported yet.
-    exists(string submodule, Module package |
-      submodule = result.asVar().getName() and
-      SsaSource::init_module_submodule_defn(result.asVar().getSourceVariable(),
-        package.getEntryNode()) and
-      m = getModuleFromName(package.getPackageName() + "." + submodule)
+    exists(string submodule, Module package, EssaVariable var |
+      submodule = var.getName() and
+      SsaSource::init_module_submodule_defn(var.getSourceVariable(), package.getEntryNode()) and
+      m = getModuleFromName(package.getPackageName() + "." + submodule) and
+      result.asCfgNode() = var.getDefinition().(EssaNodeDefinition).getDefiningNode()
     )
   }
 

python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll

@@ -87,13 +87,13 @@
  *    This is adequate as the route through `TIterableElement(sequence)` does not transfer precise content.
  *
  * 5. [Read] Content is read from `sequence` to its elements.
- *    a) If the element is a plain variable, the target is the corresponding essa node.
+ *    a) If the element is a plain variable, the target is the corresponding control flow node.
  *
  *    b) If the element is itself a sequence, with control-flow node `seq`, the target is `TIterableSequence(seq)`.
  *
  *    c) If the element is a starred variable, with control-flow node `v`, the target is `TIterableElement(v)`.
  *
- * 6. [Store] Content is stored from `TIterableElement(v)` to the essa variable for `v`, with
+ * 6. [Store] Content is stored from `TIterableElement(v)` to the control flow node for variable `v`, with
  *    content type `ListElementContent`.
  *
  * 7. [Flow, Read, Store] Steps 2 through 7 are repeated for all recursive elements which are sequences.
@@ -313,7 +313,7 @@ predicate iterableUnpackingConvertingStoreStep(Node nodeFrom, Content c, Node no
  * Step 5
  * For a sequence node inside an iterable unpacking, data flows from the sequence to its elements. There are
  * three cases for what `toNode` should be:
- *    a) If the element is a plain variable, `toNode` is the corresponding essa node.
+ *    a) If the element is a plain variable, `toNode` is the corresponding control flow node.
  *
  *    b) If the element is itself a sequence, with control-flow node `seq`, `toNode` is `TIterableSequence(seq)`.
  *
@@ -351,20 +351,25 @@ predicate iterableUnpackingElementReadStep(Node nodeFrom, Content c, Node nodeTo
           nodeTo = TIterableElementNode(element)
         else
           // Step 5a
-          nodeTo.asVar().getDefinition().(MultiAssignmentDefinition).getDefiningNode() = element
+          exists(MultiAssignmentDefinition mad | element = mad.getDefiningNode() |
+            nodeTo.(CfgNode).getNode() = element
+          )
     )
   )
 }
 
 /**
  * Step 6
- * Data flows from `TIterableElement(v)` to the essa variable for `v`, with
+ * Data flows from `TIterableElement(v)` to the control flow node for variable `v`, with
  * content type `ListElementContent`.
  */
 predicate iterableUnpackingStarredElementStoreStep(Node nodeFrom, Content c, Node nodeTo) {
-  exists(ControlFlowNode starred | starred.getNode() instanceof Starred |
+  exists(ControlFlowNode starred, MultiAssignmentDefinition mad |
+    starred.getNode() instanceof Starred and
+    starred = mad.getDefiningNode()
+  |
     nodeFrom = TIterableElementNode(starred) and
-    nodeTo.asVar().getDefinition().(MultiAssignmentDefinition).getDefiningNode() = starred and
+    nodeTo.asCfgNode() = starred and
     c instanceof ListElementContent
   )
 }

python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll

@@ -71,7 +71,7 @@ class LocalSourceNode extends Node {
     or
     // We include all scope entry definitions, as these act as the local source within the scope they
     // enter.
-    this.asVar() instanceof ScopeEntryDefinition
+    this.asCfgNode() = any(ScopeEntryDefinition def).getDefiningNode()
   }
 
   /** Holds if this `LocalSourceNode` can flow to `nodeTo` in one or more local flow steps. */
@@ -165,7 +165,7 @@ class LocalSourceNodeNotModuleVariableNode extends LocalSourceNode {
   LocalSourceNodeNotModuleVariableNode() {
     this instanceof ExprNode
     or
-    this.asVar() instanceof ScopeEntryDefinition
+    this.asCfgNode() = any(ScopeEntryDefinition def).getDefiningNode()
   }
 }
 

python/ql/lib/semmle/python/dataflow/new/internal/MatchUnpacking.qll

@@ -89,8 +89,9 @@ predicate matchAsFlowStep(Node nodeFrom, Node nodeTo) {
     or
     // the interior pattern flows to the alias
     nodeFrom.(CfgNode).getNode().getNode() = subject.getPattern() and
-    nodeTo.(EssaNode).getVar().getDefinition().(PatternAliasDefinition).getDefiningNode().getNode() =
-      alias
+    exists(PatternAliasDefinition pad | pad.getDefiningNode().getNode() = alias |
+      nodeTo.(CfgNode).getNode() = pad.getDefiningNode()
+    )
   )
 }
 
@@ -123,13 +124,9 @@ predicate matchLiteralFlowStep(Node nodeFrom, Node nodeTo) {
 predicate matchCaptureFlowStep(Node nodeFrom, Node nodeTo) {
   exists(MatchCapturePattern capture, Name var | capture.getVariable() = var |
     nodeFrom.(CfgNode).getNode().getNode() = capture and
-    nodeTo
-        .(EssaNode)
-        .getVar()
-        .getDefinition()
-        .(PatternCaptureDefinition)
-        .getDefiningNode()
-        .getNode() = var
+    exists(PatternCaptureDefinition pcd | pcd.getDefiningNode().getNode() = var |
+      nodeTo.(CfgNode).getNode() = pcd.getDefiningNode()
+    )
   )
 }
 

python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll

@@ -216,8 +216,10 @@ predicate awaitStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
  */
 predicate asyncWithStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
   exists(With with, ControlFlowNode contextManager, ControlFlowNode var |
+    var = any(WithDefinition wd).getDefiningNode()
+  |
     nodeFrom.(DataFlow::CfgNode).getNode() = contextManager and
-    nodeTo.(DataFlow::EssaNode).getVar().getDefinition().(WithDefinition).getDefiningNode() = var and
+    nodeTo.(DataFlow::CfgNode).getNode() = var and
     // see `with_flow` in `python/ql/src/semmle/python/dataflow/Implementation.qll`
     with.getContextExpr() = contextManager.getNode() and
     with.getOptionalVars() = var.getNode() and

python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll

@@ -50,8 +50,20 @@ predicate jumpStep(Node nodeFrom, Node nodeTo) {
 }
 
 predicate capturedJumpStep(Node nodeFrom, Node nodeTo) {
-  exists(SsaSourceVariable var, DefinitionNode def | var.hasDefiningNode(def) |
-    nodeTo.asVar().(ScopeEntryDefinition).getSourceVariable() = var and
+  // Jump into a capturing scope.
+  //
+  // var = expr
+  // ...
+  // def f():
+  // ..var is used..
+  //
+  // nodeFrom is `expr`
+  // nodeTo is entry node for `f`
+  exists(ScopeEntryDefinition e, SsaSourceVariable var, DefinitionNode def |
+    e.getSourceVariable() = var and
+    var.hasDefiningNode(def)
+  |
+    nodeTo.asCfgNode() = e.getDefiningNode() and
     nodeFrom.asCfgNode() = def.getValue() and
     var.getScope().getScope*() = nodeFrom.getScope()
   )
@@ -228,8 +240,7 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input {
     |
       param = FlowSummary::SummaryComponent::parameter(apos) and
       DataFlowDispatch::parameterMatch(ppos, apos) and
-      // pick the SsaNode rather than the CfgNode
-      result.asVar().getDefinition().(ParameterDefinition).getParameter() = p and
+      result.asCfgNode().getNode() = p and
       (
         exists(int i | ppos.isPositional(i) |
           p = callable.getALocalSource().asExpr().(CallableExpr).getInnerScope().getArg(i)

python/ql/lib/semmle/python/frameworks/Django.qll

@@ -2762,7 +2762,7 @@ module PrivateDjango {
       this.asExpr() = list and
       // we look for an assignment to the `MIDDLEWARE` setting
       exists(DataFlow::Node mw |
-        mw.asVar().getName() = "MIDDLEWARE" and
+        mw.asExpr().(Name).getId() = "MIDDLEWARE" and
         DataFlow::localFlow(this, mw)
       |
         // To only include results where CSRF protection matters, we only care about CSRF

python/ql/lib/semmle/python/security/dataflow/ExceptionInfo.qll

@@ -28,8 +28,8 @@ private class TracebackFunctionCall extends ExceptionInfo, DataFlow::CallCfgNode
 /** A caught exception. */
 private class CaughtException extends ExceptionInfo {
   CaughtException() {
-    this.asVar().getDefinition().(EssaNodeDefinition).getDefiningNode().getNode() =
-      any(ExceptStmt s).getName()
+    this.asExpr() = any(ExceptStmt s).getName() and
+    this.asCfgNode() = any(EssaNodeDefinition def).getDefiningNode()
   }
 }
 

python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll

@@ -71,11 +71,11 @@ module PathInjection {
       // ```
       //
       // The same approach is used in the command injection query.
-      not exists(Module pathlib |
-        pathlib.getName() = "pathlib" and
-        this.getScope().getEnclosingModule() = pathlib and
-        // do allow this call if we're analyzing pathlib.py as part of CPython though
-        not exists(pathlib.getFile().getRelativePath())
+      not exists(Module inStdlib |
+        inStdlib.getName() in ["pathlib", "os"] and
+        this.getScope().getEnclosingModule() = inStdlib and
+        // do allow this call if we're analyzing, say, pathlib.py as part of CPython though
+        not exists(inStdlib.getFile().getRelativePath())
       )
     }
   }

python/ql/test/experimental/dataflow/basic/global.expected

@@ -1,69 +1,58 @@
-| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
+| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
-| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
+| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | ControlFlowNode for b |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:1:19:1:19 | SSA variable x | test.py:3:3:3:3 | SSA variable z |
-| test.py:1:19:1:19 | SSA variable x | test.py:3:7:3:7 | ControlFlowNode for y |
-| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:1:19:1:19 | SSA variable x | test.py:7:1:7:1 | GSSA Variable b |
-| test.py:1:19:1:19 | SSA variable x | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
-| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:2:3:2:3 | SSA variable y | test.py:7:1:7:1 | GSSA Variable b |
-| test.py:2:3:2:3 | SSA variable y | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
-| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:7:1:7:1 | ControlFlowNode for b |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
+| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
+| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z |
 | test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y |
 | test.py:2:7:2:7 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:2:7:2:7 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:2:7:2:7 | ControlFlowNode for x | test.py:7:1:7:1 | ControlFlowNode for b |
 | test.py:2:7:2:7 | ControlFlowNode for x | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:3:3:3:3 | SSA variable z | test.py:7:1:7:1 | GSSA Variable b |
-| test.py:3:3:3:3 | SSA variable z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
+| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:3:3:3:3 | ControlFlowNode for z | test.py:7:1:7:1 | ControlFlowNode for b |
+| test.py:3:3:3:3 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
+| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
 | test.py:3:7:3:7 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:3:7:3:7 | ControlFlowNode for y | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:3:7:3:7 | ControlFlowNode for y | test.py:7:1:7:1 | ControlFlowNode for b |
 | test.py:3:7:3:7 | ControlFlowNode for y | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:1:7:1 | ControlFlowNode for b |
 | test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:1:19:1:19 | ControlFlowNode for x |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:1:19:1:19 | SSA variable x |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:2:3:2:3 | SSA variable y |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:3:3:3:3 | SSA variable z |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:3:7:3:7 | ControlFlowNode for y |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:7:1:7:1 | GSSA Variable b |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:2:3:2:3 | ControlFlowNode for y |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:2:7:2:7 | ControlFlowNode for x |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:3:7:3:7 | ControlFlowNode for y |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:1:7:1 | ControlFlowNode for b |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
 | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:1:19:1:19 | ControlFlowNode for x |
-| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:1:19:1:19 | SSA variable x |
-| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:2:3:2:3 | SSA variable y |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:2:3:2:3 | ControlFlowNode for y |
 | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:3:3:3:3 | SSA variable z |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:3:3:3:3 | ControlFlowNode for z |
 | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:3:7:3:7 | ControlFlowNode for y |
 | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
-| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:1:7:1 | ControlFlowNode for b |
 | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
 | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a |
-| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b |
 | test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x |
-| test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | SSA variable x |
-| test.py:7:19:7:19 | ControlFlowNode for a | test.py:2:3:2:3 | SSA variable y |
+| test.py:7:19:7:19 | ControlFlowNode for a | test.py:2:3:2:3 | ControlFlowNode for y |
 | test.py:7:19:7:19 | ControlFlowNode for a | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:7:19:7:19 | ControlFlowNode for a | test.py:3:3:3:3 | SSA variable z |
+| test.py:7:19:7:19 | ControlFlowNode for a | test.py:3:3:3:3 | ControlFlowNode for z |
 | test.py:7:19:7:19 | ControlFlowNode for a | test.py:3:7:3:7 | ControlFlowNode for y |
 | test.py:7:19:7:19 | ControlFlowNode for a | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:1:7:1 | ControlFlowNode for b |
 | test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |

python/ql/test/experimental/dataflow/basic/globalStep.expected

@@ -1,53 +1,41 @@
-| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
-| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
-| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
+| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
+| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
+| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
-| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
-| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
-| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
-| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
-| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
-| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
-| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
-| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
+| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
+| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
+| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
+| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
+| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
 | test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
 | test.py:4:10:4:10 | ControlFlowNode for z | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
-| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
-| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
-| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a |
+| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b |
 | test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x |
 | test.py:7:19:7:19 | ControlFlowNode for a | test.py:1:19:1:19 | ControlFlowNode for x |
 | test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |

python/ql/test/experimental/dataflow/basic/local.expected

@@ -1,57 +1,41 @@
-| test.py:0:0:0:0 | GSSA Variable __name__ | test.py:0:0:0:0 | GSSA Variable __name__ |
-| test.py:0:0:0:0 | GSSA Variable __package__ | test.py:0:0:0:0 | GSSA Variable __package__ |
-| test.py:0:0:0:0 | GSSA Variable b | test.py:0:0:0:0 | GSSA Variable b |
-| test.py:0:0:0:0 | SSA variable $ | test.py:0:0:0:0 | SSA variable $ |
+| test.py:0:0:0:0 | Entry node for Module test | test.py:0:0:0:0 | Entry node for Module test |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr |
-| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
+| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
 | test.py:1:1:1:21 | SynthDictSplatParameterNode | test.py:1:1:1:21 | SynthDictSplatParameterNode |
 | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
-| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
-| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
+| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | ControlFlowNode for x |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:1:19:1:19 | SSA variable x | test.py:1:19:1:19 | SSA variable x |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:3:2:3 | SSA variable y |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:1:19:1:19 | SSA variable x | test.py:3:3:3:3 | SSA variable z |
-| test.py:1:19:1:19 | SSA variable x | test.py:3:7:3:7 | ControlFlowNode for y |
-| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z |
 | test.py:2:3:2:3 | ControlFlowNode for y | test.py:2:3:2:3 | ControlFlowNode for y |
-| test.py:2:3:2:3 | SSA variable y | test.py:2:3:2:3 | SSA variable y |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:3:3:3 | SSA variable z |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
-| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
 | test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | SSA variable z |
+| test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:3:3:3 | ControlFlowNode for z |
 | test.py:2:7:2:7 | ControlFlowNode for x | test.py:3:7:3:7 | ControlFlowNode for y |
 | test.py:2:7:2:7 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
 | test.py:3:3:3:3 | ControlFlowNode for z | test.py:3:3:3:3 | ControlFlowNode for z |
-| test.py:3:3:3:3 | SSA variable z | test.py:3:3:3:3 | SSA variable z |
-| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
+| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
 | test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
 | test.py:3:7:3:7 | ControlFlowNode for y | test.py:4:10:4:10 | ControlFlowNode for z |
 | test.py:4:10:4:10 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
 | test.py:6:1:6:1 | ControlFlowNode for a | test.py:6:1:6:1 | ControlFlowNode for a |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:6:1:6:1 | GSSA Variable a |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
-| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a |
 | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral |
 | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a |
 | test.py:7:1:7:1 | ControlFlowNode for b | test.py:7:1:7:1 | ControlFlowNode for b |
-| test.py:7:1:7:1 | GSSA Variable b | test.py:7:1:7:1 | GSSA Variable b |
 | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
 | test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id |
-| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b |
 | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:7:5:7:20 | GSSA Variable a | test.py:7:5:7:20 | GSSA Variable a |
 | test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() | test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() |
 | test.py:7:19:7:19 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
 | test.py:7:19:7:19 | [post] ControlFlowNode for a | test.py:7:19:7:19 | [post] ControlFlowNode for a |

python/ql/test/experimental/dataflow/basic/localStep.expected

@@ -1,11 +1,10 @@
-| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
-| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |
-| test.py:1:19:1:19 | SSA variable x | test.py:2:7:2:7 | ControlFlowNode for x |
-| test.py:2:3:2:3 | SSA variable y | test.py:3:7:3:7 | ControlFlowNode for y |
-| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | SSA variable y |
-| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | SSA variable z |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:7:19:7:19 | ControlFlowNode for a |
-| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | GSSA Variable a |
-| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
+| test.py:1:5:1:17 | ControlFlowNode for obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:2:7:2:7 | ControlFlowNode for x |
+| test.py:2:3:2:3 | ControlFlowNode for y | test.py:3:7:3:7 | ControlFlowNode for y |
+| test.py:2:7:2:7 | ControlFlowNode for x | test.py:2:3:2:3 | ControlFlowNode for y |
+| test.py:3:3:3:3 | ControlFlowNode for z | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:3:7:3:7 | ControlFlowNode for y | test.py:3:3:3:3 | ControlFlowNode for z |
+| test.py:6:1:6:1 | ControlFlowNode for a | test.py:7:19:7:19 | ControlFlowNode for a |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:6:1:6:1 | ControlFlowNode for a |
+| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b |

python/ql/test/experimental/dataflow/basic/maximalFlows.expected

@@ -1,10 +1,7 @@
+| test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b |
-| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:1:19:1:19 | SSA variable x | test.py:7:1:7:1 | GSSA Variable b |
-| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:2:3:2:3 | SSA variable y | test.py:7:1:7:1 | GSSA Variable b |
-| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:3:3:3:3 | SSA variable z | test.py:7:1:7:1 | GSSA Variable b |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:4:10:4:10 | ControlFlowNode for z |
-| test.py:6:1:6:1 | GSSA Variable a | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | ControlFlowNode for b |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:1:7:1 | ControlFlowNode for b |
+| test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral | test.py:7:19:7:19 | ControlFlowNode for a |
+| test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | test.py:7:1:7:1 | ControlFlowNode for b |

python/ql/test/experimental/dataflow/basic/maximalFlowsConfig.qll

@@ -1,3 +1,4 @@
+import python
 import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
 
@@ -11,14 +12,12 @@ class MaximalFlowsConfig extends DataFlow::Configuration {
   override predicate isSource(DataFlow::Node node) {
     node instanceof DataFlow::ParameterNode
     or
-    node instanceof DataFlow::EssaNode and
-    not exists(DataFlow::EssaNode pred | DataFlow::localFlowStep(pred, node))
+    node instanceof DataFlow::LocalSourceNode
   }
 
   override predicate isSink(DataFlow::Node node) {
     node instanceof DataFlowPrivate::ReturnNode
     or
-    node instanceof DataFlow::EssaNode and
-    not exists(node.(DataFlow::EssaNode).getVar().getASourceUse())
+    not DataFlowPrivate::LocalFlow::localFlowStep(node, _)
   }
 }

python/ql/test/experimental/dataflow/basic/sinks.expected

@@ -1,29 +1,19 @@
-| test.py:0:0:0:0 | GSSA Variable __name__ |
-| test.py:0:0:0:0 | GSSA Variable __package__ |
-| test.py:0:0:0:0 | GSSA Variable b |
-| test.py:0:0:0:0 | SSA variable $ |
+| test.py:0:0:0:0 | Entry node for Module test |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr |
 | test.py:1:1:1:21 | SynthDictSplatParameterNode |
 | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
-| test.py:1:5:1:17 | GSSA Variable obfuscated_id |
 | test.py:1:19:1:19 | ControlFlowNode for x |
-| test.py:1:19:1:19 | SSA variable x |
 | test.py:2:3:2:3 | ControlFlowNode for y |
-| test.py:2:3:2:3 | SSA variable y |
 | test.py:2:7:2:7 | ControlFlowNode for x |
 | test.py:3:3:3:3 | ControlFlowNode for z |
-| test.py:3:3:3:3 | SSA variable z |
 | test.py:3:7:3:7 | ControlFlowNode for y |
 | test.py:4:10:4:10 | ControlFlowNode for z |
 | test.py:6:1:6:1 | ControlFlowNode for a |
-| test.py:6:1:6:1 | GSSA Variable a |
 | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral |
 | test.py:7:1:7:1 | ControlFlowNode for b |
-| test.py:7:1:7:1 | GSSA Variable b |
 | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
 | test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id |
 | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:7:5:7:20 | GSSA Variable a |
 | test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() |
 | test.py:7:19:7:19 | ControlFlowNode for a |
 | test.py:7:19:7:19 | [post] ControlFlowNode for a |

python/ql/test/experimental/dataflow/basic/sources.expected

@@ -1,29 +1,19 @@
-| test.py:0:0:0:0 | GSSA Variable __name__ |
-| test.py:0:0:0:0 | GSSA Variable __package__ |
-| test.py:0:0:0:0 | GSSA Variable b |
-| test.py:0:0:0:0 | SSA variable $ |
+| test.py:0:0:0:0 | Entry node for Module test |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr |
 | test.py:1:1:1:21 | SynthDictSplatParameterNode |
 | test.py:1:5:1:17 | ControlFlowNode for obfuscated_id |
-| test.py:1:5:1:17 | GSSA Variable obfuscated_id |
 | test.py:1:19:1:19 | ControlFlowNode for x |
-| test.py:1:19:1:19 | SSA variable x |
 | test.py:2:3:2:3 | ControlFlowNode for y |
-| test.py:2:3:2:3 | SSA variable y |
 | test.py:2:7:2:7 | ControlFlowNode for x |
 | test.py:3:3:3:3 | ControlFlowNode for z |
-| test.py:3:3:3:3 | SSA variable z |
 | test.py:3:7:3:7 | ControlFlowNode for y |
 | test.py:4:10:4:10 | ControlFlowNode for z |
 | test.py:6:1:6:1 | ControlFlowNode for a |
-| test.py:6:1:6:1 | GSSA Variable a |
 | test.py:6:5:6:6 | ControlFlowNode for IntegerLiteral |
 | test.py:7:1:7:1 | ControlFlowNode for b |
-| test.py:7:1:7:1 | GSSA Variable b |
 | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
 | test.py:7:5:7:17 | [post] ControlFlowNode for obfuscated_id |
 | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |
-| test.py:7:5:7:20 | GSSA Variable a |
 | test.py:7:5:7:20 | [pre] ControlFlowNode for obfuscated_id() |
 | test.py:7:19:7:19 | ControlFlowNode for a |
 | test.py:7:19:7:19 | [post] ControlFlowNode for a |

python/ql/test/experimental/dataflow/basic/test.py

@@ -1,7 +1,7 @@
-def obfuscated_id(x): #$ step="FunctionExpr -> GSSA Variable obfuscated_id" step="x -> SSA variable x"
-  y = x #$ step="x -> SSA variable y" step="SSA variable x, l:-1 -> x"
-  z = y #$ step="y -> SSA variable z" step="SSA variable y, l:-1 -> y"
-  return z #$ flow="42, l:+2 -> z" step="SSA variable z, l:-1 -> z"
+def obfuscated_id(x): #$ step="FunctionExpr -> obfuscated_id"
+  y = x #$ step="x -> y" step="x, l:-1 -> x"
+  z = y #$ step="y -> z" step="y, l:-1 -> y"
+  return z #$ flow="42, l:+2 -> z" step="z, l:-1 -> z"
 
-a = 42 #$ step="42 -> GSSA Variable a"
-b = obfuscated_id(a) #$ flow="42, l:-1 -> GSSA Variable b" flow="FunctionExpr, l:-6 -> obfuscated_id" step="obfuscated_id(..) -> GSSA Variable b" step="GSSA Variable obfuscated_id, l:-6 -> obfuscated_id" step="GSSA Variable a, l:-1 -> a"
+a = 42 #$ step="42 -> a"
+b = obfuscated_id(a) #$ flow="42, l:-1 -> b" flow="FunctionExpr, l:-6 -> obfuscated_id" step="obfuscated_id(..) -> b" step="obfuscated_id, l:-6 -> obfuscated_id" step="a, l:-1 -> a"

python/ql/test/experimental/dataflow/coverage-py3/classes.py

@@ -51,7 +51,7 @@ class With_length_hint:
 def test_length_hint():
     import operator
 
-    with_length_hint = With_length_hint()  #$ arg1="SSA variable with_length_hint" func=With_length_hint.__length_hint__
+    with_length_hint = With_length_hint()  #$ arg1="with_length_hint" func=With_length_hint.__length_hint__
     operator.length_hint(with_length_hint)
 
 
@@ -68,5 +68,5 @@ class With_index:
 def test_index():
     import operator
 
-    with_index = With_index()  #$ arg1="SSA variable with_index" func=With_index.__index__
+    with_index = With_index()  #$ arg1="with_index" func=With_index.__index__
     operator.index(with_index)

python/ql/test/experimental/dataflow/coverage/argumentRoutingTest.ql

@@ -67,11 +67,11 @@ class Argument1ExtraRoutingConfig extends DataFlow::Configuration {
 
   override predicate isSource(DataFlow::Node node) {
     exists(AssignmentDefinition def, DataFlow::CallCfgNode call |
-      def.getVariable() = node.(DataFlow::EssaNode).getVar() and
+      def.getDefiningNode() = node.(DataFlow::CfgNode).getNode() and
       def.getValue() = call.getNode() and
       call.getFunction().asCfgNode().(NameNode).getId().matches("With\\_%")
     ) and
-    node.(DataFlow::EssaNode).getVar().getName().matches("with\\_%")
+    node.(DataFlow::CfgNode).getNode().(NameNode).getId().matches("with\\_%")
   }
 
   override predicate isSink(DataFlow::Node node) {

python/ql/test/experimental/dataflow/coverage/classes.py

@@ -57,7 +57,7 @@ class With_init:
 
 
 def test_init():
-    with_init = With_init()  #$ MISSING: arg1="SSA variable with_init" func=With_init.__init__
+    with_init = With_init()  #$ MISSING: arg1="with_init" func=With_init.__init__
 
 
 # object.__del__(self)
@@ -68,7 +68,7 @@ class With_del:
 
 
 def test_del():
-    with_del = With_del()  #$ MISSING: arg1="SSA variable with_del" func=With_del.__del__
+    with_del = With_del()  #$ MISSING: arg1="with_del" func=With_del.__del__
     del with_del
 
 
@@ -81,7 +81,7 @@ class With_repr:
 
 
 def test_repr():
-    with_repr = With_repr()  #$ MISSING: arg1="SSA variable with_repr" func=With_repr.__repr__
+    with_repr = With_repr()  #$ MISSING: arg1="with_repr" func=With_repr.__repr__
     repr(with_repr)
 
 
@@ -94,7 +94,7 @@ class With_str:
 
 
 def test_str():
-    with_str = With_str()  #$ MISSING: arg1="SSA variable with_str" func=With_str.__str__
+    with_str = With_str()  #$ MISSING: arg1="with_str" func=With_str.__str__
     str(with_str)
 
 
@@ -107,7 +107,7 @@ class With_bytes:
 
 
 def test_bytes():
-    with_bytes = With_bytes()  #$ MISSING: arg1="SSA variable with_bytes" func=With_bytes.__bytes__
+    with_bytes = With_bytes()  #$ MISSING: arg1="with_bytes" func=With_bytes.__bytes__
     bytes(with_bytes)
 
 
@@ -121,18 +121,18 @@ class With_format:
 
 
 def test_format():
-    with_format = With_format()  #$ MISSING: arg1="SSA variable with_format" func=With_format.__format__
+    with_format = With_format()  #$ MISSING: arg1="with_format" func=With_format.__format__
     arg2 = ""  #$ MISSING: arg2 func=With_format.__format__
     format(with_format, arg2)
 
 
 def test_format_str():
-    with_format = With_format()  #$ MISSING: arg1="SSA variable with_format" func=With_format.__format__
+    with_format = With_format()  #$ MISSING: arg1="with_format" func=With_format.__format__
     "{0}".format(with_format)
 
 
 def test_format_fstr():
-    with_format = With_format()  #$ MISSING: arg1="SSA variable with_format" func=With_format.__format__
+    with_format = With_format()  #$ MISSING: arg1="with_format" func=With_format.__format__
     f"{with_format}"
 
 
@@ -146,7 +146,7 @@ class With_lt:
 
 
 def test_lt():
-    with_lt = With_lt()  #$ MISSING: arg1="SSA variable with_lt" func=With_lt.__lt__
+    with_lt = With_lt()  #$ MISSING: arg1="with_lt" func=With_lt.__lt__
     arg2 = with_lt  #$ MISSING: arg2 func=With_lt.__lt__
     with_lt < arg2
 
@@ -161,7 +161,7 @@ class With_le:
 
 
 def test_le():
-    with_le = With_le()  #$ MISSING: arg1="SSA variable with_le" func=With_le.__le__
+    with_le = With_le()  #$ MISSING: arg1="with_le" func=With_le.__le__
     arg2 = with_le  #$ MISSING: arg2 func=With_le.__le__
     with_le <= arg2
 
@@ -176,7 +176,7 @@ class With_eq:
 
 
 def test_eq():
-    with_eq = With_eq()  #$ MISSING: arg1="SSA variable with_eq" func=With_eq.__eq__
+    with_eq = With_eq()  #$ MISSING: arg1="with_eq" func=With_eq.__eq__
     with_eq == with_eq  #$ MISSING: arg2="with_eq" func=With_eq.__eq__
 
 
@@ -190,7 +190,7 @@ class With_ne:
 
 
 def test_ne():
-    with_ne = With_ne()  #$ MISSING: arg1="SSA variable with_ne" func=With_ne.__ne__
+    with_ne = With_ne()  #$ MISSING: arg1="with_ne" func=With_ne.__ne__
     with_ne != with_ne  #$ MISSING: arg2="with_ne" func=With_ne.__ne__
 
 
@@ -204,7 +204,7 @@ class With_gt:
 
 
 def test_gt():
-    with_gt = With_gt()  #$ MISSING: arg1="SSA variable with_gt" func=With_gt.__gt__
+    with_gt = With_gt()  #$ MISSING: arg1="with_gt" func=With_gt.__gt__
     arg2 = with_gt  #$ MISSING: arg2 func=With_gt.__gt__
     with_gt > arg2
 
@@ -219,7 +219,7 @@ class With_ge:
 
 
 def test_ge():
-    with_ge = With_ge()  #$ MISSING: arg1="SSA variable with_ge" func=With_ge.__ge__
+    with_ge = With_ge()  #$ MISSING: arg1="with_ge" func=With_ge.__ge__
     arg2 = with_ge  #$ MISSING: arg2 func=With_ge.__ge__
     with_ge >= arg2
 
@@ -233,22 +233,22 @@ class With_hash:
 
 
 def test_hash():
-    with_hash = With_hash()  #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__
+    with_hash = With_hash()  #$ MISSING: arg1="with_hash" func=With_hash.__hash__
     hash(with_hash)
 
 
 def test_hash_set():
-    with_hash = With_hash()  #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__
+    with_hash = With_hash()  #$ MISSING: arg1="with_hash" func=With_hash.__hash__
     len(set([with_hash]))
 
 
 def test_hash_frozenset():
-    with_hash = With_hash()  #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__
+    with_hash = With_hash()  #$ MISSING: arg1="with_hash" func=With_hash.__hash__
     len(frozenset([with_hash]))
 
 
 def test_hash_dict():
-    with_hash = With_hash()  #$ MISSING: arg1="SSA variable with_hash" func=With_hash.__hash__
+    with_hash = With_hash()  #$ MISSING: arg1="with_hash" func=With_hash.__hash__
     len(dict({with_hash: 0}))
 
 
@@ -261,12 +261,12 @@ class With_bool:
 
 
 def test_bool():
-    with_bool = With_bool()  #$ MISSING: arg1="SSA variable with_bool" func=With_bool.__bool__
+    with_bool = With_bool()  #$ MISSING: arg1="with_bool" func=With_bool.__bool__
     bool(with_bool)
 
 
 def test_bool_if():
-    with_bool = With_bool()  #$ MISSING: arg1="SSA variable with_bool" func=With_bool.__bool__
+    with_bool = With_bool()  #$ MISSING: arg1="with_bool" func=With_bool.__bool__
     if with_bool:
         pass
 
@@ -282,7 +282,7 @@ class With_getattr:
 
 
 def test_getattr():
-    with_getattr = With_getattr()  #$ MISSING: arg1="SSA variable with_getattr" func=With_getattr.__getattr__
+    with_getattr = With_getattr()  #$ MISSING: arg1="with_getattr" func=With_getattr.__getattr__
     with_getattr.arg2  #$ MISSING: arg2="with_getattr.arg2" func=With_getattr.__getattr__
 
 
@@ -296,7 +296,7 @@ class With_getattribute:
 
 
 def test_getattribute():
-    with_getattribute = With_getattribute()  #$ MISSING: arg1="SSA variable with_getattribute" func=With_getattribute.__getattribute__
+    with_getattribute = With_getattribute()  #$ MISSING: arg1="with_getattribute" func=With_getattribute.__getattribute__
     with_getattribute.arg2  #$ MISSING: arg2 func=With_getattribute.__getattribute__
 
 
@@ -310,7 +310,7 @@ class With_setattr:
 
 
 def test_setattr():
-    with_setattr = With_setattr()  #$ MISSING: arg1="SSA variable with_setattr" func=With_setattr.__setattr__
+    with_setattr = With_setattr()  #$ MISSING: arg1="with_setattr" func=With_setattr.__setattr__
     arg3 = ""  #$ MISSING: arg3 func=With_setattr.__setattr__
     with_setattr.arg2 = arg3  #$ MISSING: arg2 func=With_setattr.__setattr__
 
@@ -324,7 +324,7 @@ class With_delattr:
 
 
 def test_delattr():
-    with_delattr = With_delattr()  #$ MISSING: arg1="SSA variable with_delattr" func=With_delattr.__delattr__
+    with_delattr = With_delattr()  #$ MISSING: arg1="with_delattr" func=With_delattr.__delattr__
     del with_delattr.arg2  #$ MISSING: arg2 func=With_delattr.__delattr__
 
 
@@ -337,7 +337,7 @@ class With_dir:
 
 
 def test_dir():
-    with_dir = With_dir()  #$ MISSING: arg1="SSA variable with_dir" func=With_dir.__dir__
+    with_dir = With_dir()  #$ MISSING: arg1="with_dir" func=With_dir.__dir__
     dir(with_dir)
 
 
@@ -360,7 +360,7 @@ def test_get():
     class arg3:
         pass
 
-    with_get = With_get()  #$ MISSING: arg1="SSA variable with_get" func=With_get.__get__
+    with_get = With_get()  #$ MISSING: arg1="with_get" func=With_get.__get__
     arg3.attr = with_get
     arg2 = arg3()  #$ MISSING: arg2 func=With_get.__get__
     arg2.attr
@@ -376,7 +376,7 @@ class With_set:
 
 
 def test_set():
-    with_set = With_set()  #$ MISSING: arg1="SSA variable with_set" func=With_set.__set__
+    with_set = With_set()  #$ MISSING: arg1="with_set" func=With_set.__set__
     Owner.attr = with_set
     arg2 = Owner()  #$ MISSING: arg2 func=With_set.__set__
     arg3 = ""  #$ MISSING: arg3 func=With_set.__set__
@@ -392,7 +392,7 @@ class With_delete:
 
 
 def test_delete():
-    with_delete = With_delete()  #$ MISSING: arg1="SSA variable with_delete" func=With_delete.__delete__
+    with_delete = With_delete()  #$ MISSING: arg1="with_delete" func=With_delete.__delete__
     Owner.attr = with_delete
     arg2 = Owner()  #$ MISSING: arg2 func=With_delete.__delete__
     del arg2.attr
@@ -408,7 +408,7 @@ class With_set_name:
 
 
 def test_set_name():
-    with_set_name = With_set_name()  #$ MISSING: arg1="SSA variable with_set_name" func=With_set_name.__set_name__
+    with_set_name = With_set_name()  #$ MISSING: arg1="with_set_name" func=With_set_name.__set_name__
     type("arg2", (object,), dict(arg3=with_set_name))  #$ MISSING: arg2 arg3 func=With_set_name.__set_name__
 
 
@@ -462,7 +462,7 @@ class With_instancecheck:
 
 
 def test_instancecheck():
-    with_instancecheck = With_instancecheck()  #$ MISSING: arg1="SSA variable with_instancecheck" func=With_instancecheck.__instancecheck__
+    with_instancecheck = With_instancecheck()  #$ MISSING: arg1="with_instancecheck" func=With_instancecheck.__instancecheck__
     arg2 = ""  #$ MISSING: arg2 func=With_instancecheck.__instancecheck__
     isinstance(arg2, with_instancecheck)
 
@@ -477,7 +477,7 @@ class With_subclasscheck:
 
 
 def test_subclasscheck():
-    with_subclasscheck = With_subclasscheck()  #$ MISSING: arg1="SSA variable with_subclasscheck" func=With_subclasscheck.__subclasscheck__
+    with_subclasscheck = With_subclasscheck()  #$ MISSING: arg1="with_subclasscheck" func=With_subclasscheck.__subclasscheck__
     arg2 = object  #$ MISSING: arg2 func=With_subclasscheck.__subclasscheck__
     issubclass(arg2, with_subclasscheck)
 
@@ -506,7 +506,7 @@ class With_call:
 
 
 def test_call():
-    with_call = With_call()  #$ arg1="SSA variable with_call" func=With_call.__call__
+    with_call = With_call()  #$ arg1="with_call" func=With_call.__call__
     with_call()
 
 
@@ -520,17 +520,17 @@ class With_len:
 
 
 def test_len():
-    with_len = With_len()  #$ MISSING: arg1="SSA variable with_len" func=With_len.__len__
+    with_len = With_len()  #$ MISSING: arg1="with_len" func=With_len.__len__
     len(with_len)
 
 
 def test_len_bool():
-    with_len = With_len()  #$ MISSING: arg1="SSA variable with_len" func=With_len.__len__
+    with_len = With_len()  #$ MISSING: arg1="with_len" func=With_len.__len__
     bool(with_len)
 
 
 def test_len_if():
-    with_len = With_len()  #$ MISSING: arg1="SSA variable with_len" func=With_len.__len__
+    with_len = With_len()  #$ MISSING: arg1="with_len" func=With_len.__len__
     if with_len:
         pass
 
@@ -545,7 +545,7 @@ class With_getitem:
 
 
 def test_getitem():
-    with_getitem = With_getitem() #$ MISSING: arg1="SSA variable with_getitem" func=With_getitem.__getitem__
+    with_getitem = With_getitem() #$ MISSING: arg1="with_getitem" func=With_getitem.__getitem__
     arg2 = 0
     with_getitem[arg2] #$ MISSING: arg2 func=With_getitem.__getitem__
 
@@ -560,7 +560,7 @@ class With_setitem:
 
 
 def test_setitem():
-    with_setitem = With_setitem()  #$ MISSING: arg1="SSA variable with_setitem" func=With_setitem.__setitem__
+    with_setitem = With_setitem()  #$ MISSING: arg1="with_setitem" func=With_setitem.__setitem__
     arg2 = 0
     arg3 = ""
     with_setitem[arg2] = arg3  #$ MISSING: arg2 arg3 func=With_setitem.__setitem__
@@ -575,7 +575,7 @@ class With_delitem:
 
 
 def test_delitem():
-    with_delitem = With_delitem()  #$ MISSING: arg1="SSA variable with_delitem" func=With_delitem.__delitem__
+    with_delitem = With_delitem()  #$ MISSING: arg1="with_delitem" func=With_delitem.__delitem__
     arg2 = 0
     del with_delitem[arg2]  #$ MISSING: arg2 func=With_delitem.__delitem__
 
@@ -590,7 +590,7 @@ class With_missing(dict):
 
 
 def test_missing():
-    with_missing = With_missing()  #$ MISSING: arg1="SSA variable with_missing" func=With_missing.__missing__
+    with_missing = With_missing()  #$ MISSING: arg1="with_missing" func=With_missing.__missing__
     arg2 = 0  #$ MISSING: arg2 func=With_missing.__missing__
     with_missing[arg2]
 
@@ -604,7 +604,7 @@ class With_iter:
 
 
 def test_iter():
-    with_iter = With_iter()  #$ MISSING: arg1="SSA variable with_iter" func=With_iter.__iter__
+    with_iter = With_iter()  #$ MISSING: arg1="with_iter" func=With_iter.__iter__
     [x for x in with_iter]
 
 
@@ -617,7 +617,7 @@ class With_reversed:
 
 
 def test_reversed():
-    with_reversed = With_reversed()  #$ MISSING: arg1="SSA variable with_reversed" func=With_reversed.__reversed__
+    with_reversed = With_reversed()  #$ MISSING: arg1="with_reversed" func=With_reversed.__reversed__
     reversed(with_reversed)
 
 
@@ -631,7 +631,7 @@ class With_contains:
 
 
 def test_contains():
-    with_contains = With_contains()  #$ MISSING: arg1="SSA variable with_contains" func=With_contains.__contains__
+    with_contains = With_contains()  #$ MISSING: arg1="with_contains" func=With_contains.__contains__
     arg2 = 0  #$ MISSING: arg2 func=With_contains.__contains__
     arg2 in with_contains
 
@@ -647,7 +647,7 @@ class With_add:
 
 
 def test_add():
-    with_add = With_add()  #$ MISSING: arg1="SSA variable with_add" func=With_add.__add__
+    with_add = With_add()  #$ MISSING: arg1="with_add" func=With_add.__add__
     arg2 = with_add
     with_add + arg2  #$ MISSING: arg2 func=With_add.__add__
 
@@ -662,7 +662,7 @@ class With_sub:
 
 
 def test_sub():
-    with_sub = With_sub()  #$ MISSING: arg1="SSA variable with_sub" func=With_sub.__sub__
+    with_sub = With_sub()  #$ MISSING: arg1="with_sub" func=With_sub.__sub__
     arg2 = with_sub
     with_sub - arg2  #$ MISSING: arg2 func=With_sub.__sub__
 
@@ -677,7 +677,7 @@ class With_mul:
 
 
 def test_mul():
-    with_mul = With_mul()  #$ MISSING: arg1="SSA variable with_mul" func=With_mul.__mul__
+    with_mul = With_mul()  #$ MISSING: arg1="with_mul" func=With_mul.__mul__
     arg2 = with_mul
     with_mul * arg2  #$ MISSING: arg2 func=With_mul.__mul__
 
@@ -692,7 +692,7 @@ class With_matmul:
 
 
 def test_matmul():
-    with_matmul = With_matmul()  #$ MISSING: arg1="SSA variable with_matmul" func=With_matmul.__matmul__
+    with_matmul = With_matmul()  #$ MISSING: arg1="with_matmul" func=With_matmul.__matmul__
     arg2 = with_matmul
     with_matmul @ arg2  #$ MISSING: arg2 func=With_matmul.__matmul__
 
@@ -707,7 +707,7 @@ class With_truediv:
 
 
 def test_truediv():
-    with_truediv = With_truediv()  #$ MISSING: arg1="SSA variable with_truediv" func=With_truediv.__truediv__
+    with_truediv = With_truediv()  #$ MISSING: arg1="with_truediv" func=With_truediv.__truediv__
     arg2 = with_truediv
     with_truediv / arg2  #$ MISSING: arg2 func=With_truediv.__truediv__
 
@@ -722,7 +722,7 @@ class With_floordiv:
 
 
 def test_floordiv():
-    with_floordiv = With_floordiv()  #$ MISSING: arg1="SSA variable with_floordiv" func=With_floordiv.__floordiv__
+    with_floordiv = With_floordiv()  #$ MISSING: arg1="with_floordiv" func=With_floordiv.__floordiv__
     arg2 = with_floordiv
     with_floordiv // arg2  #$ MISSING: arg2 func=With_floordiv.__floordiv__
 
@@ -737,7 +737,7 @@ class With_mod:
 
 
 def test_mod():
-    with_mod = With_mod()  #$ MISSING: arg1="SSA variable with_mod" func=With_mod.__mod__
+    with_mod = With_mod()  #$ MISSING: arg1="with_mod" func=With_mod.__mod__
     arg2 = with_mod
     with_mod % arg2  #$ MISSING: arg2 func=With_mod.__mod__
 
@@ -752,7 +752,7 @@ class With_divmod:
 
 
 def test_divmod():
-    with_divmod = With_divmod()  #$ MISSING: arg1="SSA variable with_divmod" func=With_divmod.__divmod__
+    with_divmod = With_divmod()  #$ MISSING: arg1="with_divmod" func=With_divmod.__divmod__
     arg2 = With_divmod  #$ MISSING: arg2 func=With_divmod.__divmod__
     divmod(with_divmod, arg2)
 
@@ -767,13 +767,13 @@ class With_pow:
 
 
 def test_pow():
-    with_pow = With_pow()  #$ MISSING: arg1="SSA variable with_pow" func=With_pow.__pow__
+    with_pow = With_pow()  #$ MISSING: arg1="with_pow" func=With_pow.__pow__
     arg2 = with_pow
     pow(with_pow, arg2)  #$ MISSING: arg2 func=With_pow.__pow__
 
 
 def test_pow_op():
-    with_pow = With_pow()  #$ MISSING: arg1="SSA variable with_pow" func=With_pow.__pow__
+    with_pow = With_pow()  #$ MISSING: arg1="with_pow" func=With_pow.__pow__
     arg2 = with_pow
     with_pow ** arg2  #$ MISSING: arg2 func=With_pow.__pow__
 
@@ -788,7 +788,7 @@ class With_lshift:
 
 
 def test_lshift():
-    with_lshift = With_lshift()  #$ MISSING: arg1="SSA variable with_lshift" func=With_lshift.__lshift__
+    with_lshift = With_lshift()  #$ MISSING: arg1="with_lshift" func=With_lshift.__lshift__
     arg2 = with_lshift
     with_lshift << arg2  #$ MISSING: arg2 func=With_lshift.__lshift__
 
@@ -803,7 +803,7 @@ class With_rshift:
 
 
 def test_rshift():
-    with_rshift = With_rshift()  #$ MISSING: arg1="SSA variable with_rshift" func=With_rshift.__rshift__
+    with_rshift = With_rshift()  #$ MISSING: arg1="with_rshift" func=With_rshift.__rshift__
     arg2 = with_rshift
     with_rshift >> arg2  #$ MISSING: arg2 func=With_rshift.__rshift__
 
@@ -818,7 +818,7 @@ class With_and:
 
 
 def test_and():
-    with_and = With_and()  #$ MISSING: arg1="SSA variable with_and" func=With_and.__and__
+    with_and = With_and()  #$ MISSING: arg1="with_and" func=With_and.__and__
     arg2 = with_and
     with_and & arg2  #$ MISSING: arg2 func=With_and.__and__
 
@@ -833,7 +833,7 @@ class With_xor:
 
 
 def test_xor():
-    with_xor = With_xor()  #$ MISSING: arg1="SSA variable with_xor" func=With_xor.__xor__
+    with_xor = With_xor()  #$ MISSING: arg1="with_xor" func=With_xor.__xor__
     arg2 = with_xor
     with_xor ^ arg2  #$ MISSING: arg2 func=With_xor.__xor__
 
@@ -848,7 +848,7 @@ class With_or:
 
 
 def test_or():
-    with_or = With_or()  #$ MISSING: arg1="SSA variable with_or" func=With_or.__or__
+    with_or = With_or()  #$ MISSING: arg1="with_or" func=With_or.__or__
     arg2 = with_or
     with_or | arg2  #$ MISSING: arg2 func=With_or.__or__
 
@@ -863,7 +863,7 @@ class With_radd:
 
 
 def test_radd():
-    with_radd = With_radd()  #$ MISSING: arg1="SSA variable with_radd" func=With_radd.__radd__
+    with_radd = With_radd()  #$ MISSING: arg1="with_radd" func=With_radd.__radd__
     arg2 = ""  #$ MISSING: arg2 func=With_radd.__radd__
     arg2 + with_radd
 
@@ -878,7 +878,7 @@ class With_rsub:
 
 
 def test_rsub():
-    with_rsub = With_rsub()  #$ MISSING: arg1="SSA variable with_rsub" func=With_rsub.__rsub__
+    with_rsub = With_rsub()  #$ MISSING: arg1="with_rsub" func=With_rsub.__rsub__
     arg2 = ""  #$ MISSING: arg2 func=With_rsub.__rsub__
     arg2 - with_rsub
 
@@ -893,7 +893,7 @@ class With_rmul:
 
 
 def test_rmul():
-    with_rmul = With_rmul()  #$ MISSING: arg1="SSA variable with_rmul" func=With_rmul.__rmul__
+    with_rmul = With_rmul()  #$ MISSING: arg1="with_rmul" func=With_rmul.__rmul__
     arg2 = ""  #$ MISSING: arg2 func=With_rmul.__rmul__
     arg2 * with_rmul
 
@@ -908,7 +908,7 @@ class With_rmatmul:
 
 
 def test_rmatmul():
-    with_rmatmul = With_rmatmul()  #$ MISSING: arg1="SSA variable with_rmatmul" func=With_rmatmul.__rmatmul__
+    with_rmatmul = With_rmatmul()  #$ MISSING: arg1="with_rmatmul" func=With_rmatmul.__rmatmul__
     arg2 = ""  #$ MISSING: arg2 func=With_rmatmul.__rmatmul__
     arg2 @ with_rmatmul
 
@@ -923,7 +923,7 @@ class With_rtruediv:
 
 
 def test_rtruediv():
-    with_rtruediv = With_rtruediv()  #$ MISSING: arg1="SSA variable with_rtruediv" func=With_rtruediv.__rtruediv__
+    with_rtruediv = With_rtruediv()  #$ MISSING: arg1="with_rtruediv" func=With_rtruediv.__rtruediv__
     arg2 = ""  #$ MISSING: arg2 func=With_rtruediv.__rtruediv__
     arg2 / with_rtruediv
 
@@ -938,7 +938,7 @@ class With_rfloordiv:
 
 
 def test_rfloordiv():
-    with_rfloordiv = With_rfloordiv()  #$ MISSING: arg1="SSA variable with_rfloordiv" func=With_rfloordiv.__rfloordiv__
+    with_rfloordiv = With_rfloordiv()  #$ MISSING: arg1="with_rfloordiv" func=With_rfloordiv.__rfloordiv__
     arg2 = ""  #$ MISSING: arg2 func=With_rfloordiv.__rfloordiv__
     arg2 // with_rfloordiv
 
@@ -953,7 +953,7 @@ class With_rmod:
 
 
 def test_rmod():
-    with_rmod = With_rmod()  #$ MISSING: arg1="SSA variable with_rmod" func=With_rmod.__rmod__
+    with_rmod = With_rmod()  #$ MISSING: arg1="with_rmod" func=With_rmod.__rmod__
     arg2 = {}  #$ MISSING: arg2 func=With_rmod.__rmod__
     arg2 % with_rmod
 
@@ -968,7 +968,7 @@ class With_rdivmod:
 
 
 def test_rdivmod():
-    with_rdivmod = With_rdivmod()  #$ MISSING: arg1="SSA variable with_rdivmod" func=With_rdivmod.__rdivmod__
+    with_rdivmod = With_rdivmod()  #$ MISSING: arg1="with_rdivmod" func=With_rdivmod.__rdivmod__
     arg2 = ""  #$ MISSING: arg2 func=With_rdivmod.__rdivmod__
     divmod(arg2, with_rdivmod)
 
@@ -983,13 +983,13 @@ class With_rpow:
 
 
 def test_rpow():
-    with_rpow = With_rpow()  #$ MISSING: arg1="SSA variable with_rpow" func=With_rpow.__rpow__
+    with_rpow = With_rpow()  #$ MISSING: arg1="with_rpow" func=With_rpow.__rpow__
     arg2 = ""  #$ MISSING: arg2 func=With_rpow.__rpow__
     pow(arg2, with_rpow)
 
 
 def test_rpow_op():
-    with_rpow = With_rpow()  #$ MISSING: arg1="SSA variable with_rpow" func=With_rpow.__rpow__
+    with_rpow = With_rpow()  #$ MISSING: arg1="with_rpow" func=With_rpow.__rpow__
     arg2 = ""  #$ MISSING: arg2 func=With_rpow.__rpow__
     arg2 ** with_rpow
 
@@ -1004,7 +1004,7 @@ class With_rlshift:
 
 
 def test_rlshift():
-    with_rlshift = With_rlshift()  #$ MISSING: arg1="SSA variable with_rlshift" func=With_rlshift.__rlshift__
+    with_rlshift = With_rlshift()  #$ MISSING: arg1="with_rlshift" func=With_rlshift.__rlshift__
     arg2 = ""  #$ MISSING: arg2 func=With_rlshift.__rlshift__
     arg2 << with_rlshift
 
@@ -1019,7 +1019,7 @@ class With_rrshift:
 
 
 def test_rrshift():
-    with_rrshift = With_rrshift()  #$ MISSING: arg1="SSA variable with_rrshift" func=With_rrshift.__rrshift__
+    with_rrshift = With_rrshift()  #$ MISSING: arg1="with_rrshift" func=With_rrshift.__rrshift__
     arg2 = ""  #$ MISSING: arg2 func=With_rrshift.__rrshift__
     arg2 >> with_rrshift
 
@@ -1034,7 +1034,7 @@ class With_rand:
 
 
 def test_rand():
-    with_rand = With_rand()  #$ MISSING: arg1="SSA variable with_rand" func=With_rand.__rand__
+    with_rand = With_rand()  #$ MISSING: arg1="with_rand" func=With_rand.__rand__
     arg2 = ""  #$ MISSING: arg2 func=With_rand.__rand__
     arg2 & with_rand
 
@@ -1049,7 +1049,7 @@ class With_rxor:
 
 
 def test_rxor():
-    with_rxor = With_rxor()  #$ MISSING: arg1="SSA variable with_rxor" func=With_rxor.__rxor__
+    with_rxor = With_rxor()  #$ MISSING: arg1="with_rxor" func=With_rxor.__rxor__
     arg2 = ""  #$ MISSING: arg2 func=With_rxor.__rxor__
     arg2 ^ with_rxor
 
@@ -1064,7 +1064,7 @@ class With_ror:
 
 
 def test_ror():
-    with_ror = With_ror()  #$ MISSING: arg1="SSA variable with_ror" func=With_ror.__ror__
+    with_ror = With_ror()  #$ MISSING: arg1="with_ror" func=With_ror.__ror__
     arg2 = ""  #$ MISSING: arg2 func=With_ror.__ror__
     arg2 | with_ror
 
@@ -1079,7 +1079,7 @@ class With_iadd:
 
 
 def test_iadd():
-    with_iadd = With_iadd()  #$ MISSING: arg1="SSA variable with_iadd" func=With_iadd.__iadd__
+    with_iadd = With_iadd()  #$ MISSING: arg1="with_iadd" func=With_iadd.__iadd__
     arg2 = with_iadd  #$ MISSING: arg2 func=With_iadd.__iadd__
     with_iadd += arg2
 
@@ -1094,7 +1094,7 @@ class With_isub:
 
 
 def test_isub():
-    with_isub = With_isub()  #$ MISSING: arg1="SSA variable with_isub" func=With_isub.__isub__
+    with_isub = With_isub()  #$ MISSING: arg1="with_isub" func=With_isub.__isub__
     arg2 = with_isub  #$ MISSING: arg2 func=With_isub.__isub__
     with_isub -= arg2
 
@@ -1109,7 +1109,7 @@ class With_imul:
 
 
 def test_imul():
-    with_imul = With_imul()  #$ MISSING: arg1="SSA variable with_imul" func=With_imul.__imul__
+    with_imul = With_imul()  #$ MISSING: arg1="with_imul" func=With_imul.__imul__
     arg2 = with_imul  #$ MISSING: arg2 func=With_imul.__imul__
     with_imul *= arg2
 
@@ -1124,7 +1124,7 @@ class With_imatmul:
 
 
 def test_imatmul():
-    with_imatmul = With_imatmul()  #$ MISSING: arg1="SSA variable with_imatmul" func=With_imatmul.__imatmul__
+    with_imatmul = With_imatmul()  #$ MISSING: arg1="with_imatmul" func=With_imatmul.__imatmul__
     arg2 = with_imatmul  #$ MISSING: arg2 func=With_imatmul.__imatmul__
     with_imatmul @= arg2
 
@@ -1139,7 +1139,7 @@ class With_itruediv:
 
 
 def test_itruediv():
-    with_itruediv = With_itruediv()  #$ MISSING: arg1="SSA variable with_itruediv" func=With_itruediv.__itruediv__
+    with_itruediv = With_itruediv()  #$ MISSING: arg1="with_itruediv" func=With_itruediv.__itruediv__
     arg2 = with_itruediv  #$ MISSING: arg2 func=With_itruediv.__itruediv__
     with_itruediv /= arg2
 
@@ -1154,7 +1154,7 @@ class With_ifloordiv:
 
 
 def test_ifloordiv():
-    with_ifloordiv = With_ifloordiv()  #$ MISSING: arg1="SSA variable with_ifloordiv" func=With_ifloordiv.__ifloordiv__
+    with_ifloordiv = With_ifloordiv()  #$ MISSING: arg1="with_ifloordiv" func=With_ifloordiv.__ifloordiv__
     arg2 = with_ifloordiv  #$ MISSING: arg2 func=With_ifloordiv.__ifloordiv__
     with_ifloordiv //= arg2
 
@@ -1169,7 +1169,7 @@ class With_imod:
 
 
 def test_imod():
-    with_imod = With_imod()  #$ MISSING: arg1="SSA variable with_imod" func=With_imod.__imod__
+    with_imod = With_imod()  #$ MISSING: arg1="with_imod" func=With_imod.__imod__
     arg2 = with_imod  #$ MISSING: arg2 func=With_imod.__imod__
     with_imod %= arg2
 
@@ -1184,7 +1184,7 @@ class With_ipow:
 
 
 def test_ipow():
-    with_ipow = With_ipow()  #$ MISSING: arg1="SSA variable with_ipow" func=With_ipow.__ipow__
+    with_ipow = With_ipow()  #$ MISSING: arg1="with_ipow" func=With_ipow.__ipow__
     arg2 = with_ipow  #$ MISSING: arg2 func=With_ipow.__ipow__
     with_ipow **= arg2
 
@@ -1199,7 +1199,7 @@ class With_ilshift:
 
 
 def test_ilshift():
-    with_ilshift = With_ilshift()  #$ MISSING: arg1="SSA variable with_ilshift" func=With_ilshift.__ilshift__
+    with_ilshift = With_ilshift()  #$ MISSING: arg1="with_ilshift" func=With_ilshift.__ilshift__
     arg2 = with_ilshift  #$ MISSING: arg2 func=With_ilshift.__ilshift__
     with_ilshift <<= arg2
 
@@ -1214,7 +1214,7 @@ class With_irshift:
 
 
 def test_irshift():
-    with_irshift = With_irshift()  #$ MISSING: arg1="SSA variable with_irshift" func=With_irshift.__irshift__
+    with_irshift = With_irshift()  #$ MISSING: arg1="with_irshift" func=With_irshift.__irshift__
     arg2 = with_irshift  #$ MISSING: arg2 func=With_irshift.__irshift__
     with_irshift >>= arg2
 
@@ -1229,7 +1229,7 @@ class With_iand:
 
 
 def test_iand():
-    with_iand = With_iand()  #$ MISSING: arg1="SSA variable with_iand" func=With_iand.__iand__
+    with_iand = With_iand()  #$ MISSING: arg1="with_iand" func=With_iand.__iand__
     arg2 = with_iand  #$ MISSING: arg2 func=With_iand.__iand__
     with_iand &= arg2
 
@@ -1244,7 +1244,7 @@ class With_ixor:
 
 
 def test_ixor():
-    with_ixor = With_ixor()  #$ MISSING: arg1="SSA variable with_ixor" func=With_ixor.__ixor__
+    with_ixor = With_ixor()  #$ MISSING: arg1="with_ixor" func=With_ixor.__ixor__
     arg2 = with_ixor  #$ MISSING: arg2 func=With_ixor.__ixor__
     with_ixor ^= arg2
 
@@ -1259,7 +1259,7 @@ class With_ior:
 
 
 def test_ior():
-    with_ior = With_ior()  #$ MISSING: arg1="SSA variable with_ior" func=With_ior.__ior__
+    with_ior = With_ior()  #$ MISSING: arg1="with_ior" func=With_ior.__ior__
     arg2 = with_ior  #$ MISSING: arg2 func=With_ior.__ior__
     with_ior |= arg2
 
@@ -1273,7 +1273,7 @@ class With_neg:
 
 
 def test_neg():
-    with_neg = With_neg()  #$ MISSING: arg1="SSA variable with_neg" func=With_neg.__neg__
+    with_neg = With_neg()  #$ MISSING: arg1="with_neg" func=With_neg.__neg__
     -with_neg
 
 
@@ -1286,7 +1286,7 @@ class With_pos:
 
 
 def test_pos():
-    with_pos = With_pos()  #$ MISSING: arg1="SSA variable with_pos" func=With_pos.__pos__
+    with_pos = With_pos()  #$ MISSING: arg1="with_pos" func=With_pos.__pos__
     +with_pos
 
 
@@ -1299,7 +1299,7 @@ class With_abs:
 
 
 def test_abs():
-    with_abs = With_abs()  #$ MISSING: arg1="SSA variable with_abs" func=With_abs.__abs__
+    with_abs = With_abs()  #$ MISSING: arg1="with_abs" func=With_abs.__abs__
     abs(with_abs)
 
 
@@ -1312,7 +1312,7 @@ class With_invert:
 
 
 def test_invert():
-    with_invert = With_invert()  #$ MISSING: arg1="SSA variable with_invert" func=With_invert.__invert__
+    with_invert = With_invert()  #$ MISSING: arg1="with_invert" func=With_invert.__invert__
     ~with_invert
 
 
@@ -1325,7 +1325,7 @@ class With_complex:
 
 
 def test_complex():
-    with_complex = With_complex()  #$ MISSING: arg1="SSA variable with_complex" func=With_complex.__complex__
+    with_complex = With_complex()  #$ MISSING: arg1="with_complex" func=With_complex.__complex__
     complex(with_complex)
 
 
@@ -1338,7 +1338,7 @@ class With_int:
 
 
 def test_int():
-    with_int = With_int()  #$ MISSING: arg1="SSA variable with_int" func=With_int.__int__
+    with_int = With_int()  #$ MISSING: arg1="with_int" func=With_int.__int__
     int(with_int)
 
 
@@ -1351,7 +1351,7 @@ class With_float:
 
 
 def test_float():
-    with_float = With_float()  #$ MISSING: arg1="SSA variable with_float" func=With_float.__float__
+    with_float = With_float()  #$ MISSING: arg1="with_float" func=With_float.__float__
     float(with_float)
 
 
@@ -1364,37 +1364,37 @@ class With_index:
 
 
 def test_index_slicing():
-    with_index = With_index()  #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
+    with_index = With_index()  #$ MISSING: arg1="with_index" func=With_index.__index__
     [0][with_index:1]
 
 
 def test_index_bin():
-    with_index = With_index()  #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
+    with_index = With_index()  #$ MISSING: arg1="with_index" func=With_index.__index__
     bin(with_index)
 
 
 def test_index_hex():
-    with_index = With_index()  #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
+    with_index = With_index()  #$ MISSING: arg1="with_index" func=With_index.__index__
     hex(with_index)
 
 
 def test_index_oct():
-    with_index = With_index()  #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
+    with_index = With_index()  #$ MISSING: arg1="with_index" func=With_index.__index__
     oct(with_index)
 
 
 def test_index_int():
-    with_index = With_index()  #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
+    with_index = With_index()  #$ MISSING: arg1="with_index" func=With_index.__index__
     int(with_index)
 
 
 def test_index_float():
-    with_index = With_index()  #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
+    with_index = With_index()  #$ MISSING: arg1="with_index" func=With_index.__index__
     float(with_index)
 
 
 def test_index_complex():
-    with_index = With_index()  #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__
+    with_index = With_index()  #$ MISSING: arg1="with_index" func=With_index.__index__
     complex(with_index)
 
 
@@ -1407,7 +1407,7 @@ class With_round:
 
 
 def test_round():
-    with_round = With_round()  #$ MISSING: arg1="SSA variable with_round" func=With_round.__round__
+    with_round = With_round()  #$ MISSING: arg1="with_round" func=With_round.__round__
     round(with_round)
 
 
@@ -1420,7 +1420,7 @@ class With_trunc:
 
 
 def test_trunc():
-    with_trunc = With_trunc()  #$ MISSING: arg1="SSA variable with_trunc" func=With_trunc.__trunc__
+    with_trunc = With_trunc()  #$ MISSING: arg1="with_trunc" func=With_trunc.__trunc__
     import math
 
     math.trunc(with_trunc)
@@ -1435,7 +1435,7 @@ class With_floor:
 
 
 def test_floor():
-    with_floor = With_floor()  #$ MISSING: arg1="SSA variable with_floor" func=With_floor.__floor__
+    with_floor = With_floor()  #$ MISSING: arg1="with_floor" func=With_floor.__floor__
     import math
 
     math.floor(with_floor)
@@ -1450,7 +1450,7 @@ class With_ceil:
 
 
 def test_ceil():
-    with_ceil = With_ceil()  #$ MISSING: arg1="SSA variable with_ceil" func=With_ceil.__ceil__
+    with_ceil = With_ceil()  #$ MISSING: arg1="with_ceil" func=With_ceil.__ceil__
     import math
 
     math.ceil(with_ceil)
@@ -1503,7 +1503,7 @@ class With_await:
 
 
 async def atest_await():
-    with_await = With_await()  #$ MISSING: arg1="SSA variable with_await" func=With_await.__await__
+    with_await = With_await()  #$ MISSING: arg1="with_await" func=With_await.__await__
     await (with_await)
 
 
@@ -1525,7 +1525,7 @@ class With_aiter:
 
 
 async def atest_aiter():
-    with_aiter = With_aiter()  #$ MISSING: arg1="SSA variable with_aiter" func=With_aiter.__aiter__
+    with_aiter = With_aiter()  #$ MISSING: arg1="with_aiter" func=With_aiter.__aiter__
     async for x in with_aiter:
         pass
 
@@ -1542,7 +1542,7 @@ class With_anext:
 
 
 async def atest_anext():
-    with_anext = With_anext()  #$ MISSING: arg1="SSA variable with_anext" func=With_anext.__anext__
+    with_anext = With_anext()  #$ MISSING: arg1="with_anext" func=With_anext.__anext__
     async for x in with_anext:
         pass
 
@@ -1559,7 +1559,7 @@ class With_aenter:
 
 
 async def atest_aenter():
-    with_aenter = With_aenter()  #$ MISSING: arg1="SSA variable with_aenter" func=With_aenter.__aenter__
+    with_aenter = With_aenter()  #$ MISSING: arg1="with_aenter" func=With_aenter.__aenter__
     async with with_aenter:
         pass
 
@@ -1578,6 +1578,6 @@ class With_aexit:
 
 
 async def atest_aexit():
-    with_aexit = With_aexit()  #$ MISSING: arg1="SSA variable with_aexit" func=With_aexit.__aexit__
+    with_aexit = With_aexit()  #$ MISSING: arg1="with_aexit" func=With_aexit.__aexit__
     async with with_aexit:
         pass

python/ql/test/experimental/dataflow/coverage/localFlow.expected

@@ -1,17 +1,16 @@
-| test.py:41:1:41:33 | GSSA Variable NONSOURCE | test.py:42:10:42:18 | ControlFlowNode for NONSOURCE |
-| test.py:41:1:41:33 | GSSA Variable SINK | test.py:44:5:44:8 | ControlFlowNode for SINK |
-| test.py:41:1:41:33 | GSSA Variable SOURCE | test.py:42:21:42:26 | ControlFlowNode for SOURCE |
-| test.py:42:5:42:5 | SSA variable x | test.py:43:9:43:9 | ControlFlowNode for x |
-| test.py:42:10:42:26 | ControlFlowNode for Tuple | test.py:42:5:42:5 | SSA variable x |
-| test.py:43:5:43:5 | SSA variable y | test.py:44:10:44:10 | ControlFlowNode for y |
-| test.py:43:9:43:12 | ControlFlowNode for Subscript | test.py:43:5:43:5 | SSA variable y |
-| test.py:208:1:208:53 | GSSA Variable SINK | test.py:210:5:210:8 | ControlFlowNode for SINK |
-| test.py:208:1:208:53 | GSSA Variable SOURCE | test.py:209:25:209:30 | ControlFlowNode for SOURCE |
-| test.py:209:5:209:5 | SSA variable x | test.py:210:10:210:10 | ControlFlowNode for x |
-| test.py:209:9:209:68 | ControlFlowNode for .0 | test.py:209:9:209:68 | SSA variable .0 |
-| test.py:209:9:209:68 | ControlFlowNode for ListComp | test.py:209:5:209:5 | SSA variable x |
-| test.py:209:9:209:68 | SSA variable .0 | test.py:209:9:209:68 | ControlFlowNode for .0 |
-| test.py:209:16:209:16 | SSA variable v | test.py:209:45:209:45 | ControlFlowNode for v |
-| test.py:209:40:209:40 | SSA variable u | test.py:209:56:209:56 | ControlFlowNode for u |
-| test.py:209:51:209:51 | SSA variable z | test.py:209:67:209:67 | ControlFlowNode for z |
-| test.py:209:62:209:62 | SSA variable y | test.py:209:10:209:10 | ControlFlowNode for y |
+| test.py:41:1:41:33 | Entry node for Function test_tuple_with_local_flow | test.py:42:10:42:18 | ControlFlowNode for NONSOURCE |
+| test.py:41:1:41:33 | Entry node for Function test_tuple_with_local_flow | test.py:42:21:42:26 | ControlFlowNode for SOURCE |
+| test.py:41:1:41:33 | Entry node for Function test_tuple_with_local_flow | test.py:44:5:44:8 | ControlFlowNode for SINK |
+| test.py:42:5:42:5 | ControlFlowNode for x | test.py:43:9:43:9 | ControlFlowNode for x |
+| test.py:42:10:42:26 | ControlFlowNode for Tuple | test.py:42:5:42:5 | ControlFlowNode for x |
+| test.py:43:5:43:5 | ControlFlowNode for y | test.py:44:10:44:10 | ControlFlowNode for y |
+| test.py:43:9:43:12 | ControlFlowNode for Subscript | test.py:43:5:43:5 | ControlFlowNode for y |
+| test.py:208:1:208:53 | Entry node for Function test_nested_comprehension_deep_with_local_flow | test.py:209:25:209:30 | ControlFlowNode for SOURCE |
+| test.py:208:1:208:53 | Entry node for Function test_nested_comprehension_deep_with_local_flow | test.py:210:5:210:8 | ControlFlowNode for SINK |
+| test.py:209:5:209:5 | ControlFlowNode for x | test.py:210:10:210:10 | ControlFlowNode for x |
+| test.py:209:9:209:68 | ControlFlowNode for .0 | test.py:209:9:209:68 | ControlFlowNode for .0 |
+| test.py:209:9:209:68 | ControlFlowNode for ListComp | test.py:209:5:209:5 | ControlFlowNode for x |
+| test.py:209:16:209:16 | ControlFlowNode for v | test.py:209:45:209:45 | ControlFlowNode for v |
+| test.py:209:40:209:40 | ControlFlowNode for u | test.py:209:56:209:56 | ControlFlowNode for u |
+| test.py:209:51:209:51 | ControlFlowNode for z | test.py:209:67:209:67 | ControlFlowNode for z |
+| test.py:209:62:209:62 | ControlFlowNode for y | test.py:209:10:209:10 | ControlFlowNode for y |

python/ql/test/experimental/dataflow/enclosing-callable/EnclosingCallable.expected

@@ -1,3 +1,4 @@
+| class_example.py:0:0:0:0 | Module class_example | class_example.py:0:0:0:0 | Entry node for Module class_example |
 | class_example.py:0:0:0:0 | Module class_example | class_example.py:1:1:1:3 | ControlFlowNode for wat |
 | class_example.py:0:0:0:0 | Module class_example | class_example.py:1:7:1:7 | ControlFlowNode for IntegerLiteral |
 | class_example.py:0:0:0:0 | Module class_example | class_example.py:3:1:3:10 | ControlFlowNode for ClassExpr |
@@ -12,12 +13,14 @@
 | class_example.py:0:0:0:0 | Module class_example | class_example.py:7:1:7:23 | ControlFlowNode for print() |
 | class_example.py:0:0:0:0 | Module class_example | class_example.py:7:7:7:17 | ControlFlowNode for Str |
 | class_example.py:0:0:0:0 | Module class_example | class_example.py:7:20:7:22 | ControlFlowNode for wat |
+| generator.py:0:0:0:0 | Module generator | generator.py:0:0:0:0 | Entry node for Module generator |
 | generator.py:0:0:0:0 | Module generator | generator.py:1:1:1:23 | ControlFlowNode for FunctionExpr |
 | generator.py:0:0:0:0 | Module generator | generator.py:1:5:1:18 | ControlFlowNode for generator_func |
 | generator.py:1:1:1:23 | Function generator_func | generator.py:1:20:1:21 | ControlFlowNode for xs |
 | generator.py:1:1:1:23 | Function generator_func | generator.py:2:12:2:26 | ControlFlowNode for .0 |
 | generator.py:1:1:1:23 | Function generator_func | generator.py:2:12:2:26 | ControlFlowNode for .0 |
 | generator.py:1:1:1:23 | Function generator_func | generator.py:2:12:2:26 | ControlFlowNode for ListComp |
+| generator.py:1:1:1:23 | Function generator_func | generator.py:2:12:2:26 | Entry node for Function listcomp |
 | generator.py:1:1:1:23 | Function generator_func | generator.py:2:13:2:13 | ControlFlowNode for Yield |
 | generator.py:1:1:1:23 | Function generator_func | generator.py:2:13:2:13 | ControlFlowNode for x |
 | generator.py:1:1:1:23 | Function generator_func | generator.py:2:19:2:19 | ControlFlowNode for x |

python/ql/test/experimental/dataflow/import-star/global.expected

@@ -1,15 +1,33 @@
+| deux.py:0:0:0:0 | Entry node for Module deux | deux.py:2:1:2:5 | ControlFlowNode for print |
+| deux.py:0:0:0:0 | Entry node for Module deux | deux.py:2:7:2:9 | ControlFlowNode for foo |
+| test1.py:0:0:0:0 | Entry node for Module test1 | test1.py:2:1:2:5 | ControlFlowNode for print |
+| test1.py:0:0:0:0 | Entry node for Module test1 | test1.py:2:7:2:9 | ControlFlowNode for foo |
+| test2.py:0:0:0:0 | Entry node for Module test2 | test2.py:2:1:2:5 | ControlFlowNode for print |
+| test2.py:0:0:0:0 | Entry node for Module test2 | test2.py:2:7:2:9 | ControlFlowNode for foo |
+| test3.py:1:17:1:19 | ControlFlowNode for ImportMember | test3.py:1:17:1:19 | ControlFlowNode for foo |
 | test3.py:1:17:1:19 | ControlFlowNode for ImportMember | test3.py:2:7:2:9 | ControlFlowNode for foo |
+| test3.py:1:17:1:19 | ControlFlowNode for foo | test3.py:2:7:2:9 | ControlFlowNode for foo |
 | three.py:1:1:1:3 | ControlFlowNode for foo | test1.py:2:7:2:9 | ControlFlowNode for foo |
 | three.py:1:1:1:3 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for ImportMember |
+| three.py:1:1:1:3 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for foo |
 | three.py:1:1:1:3 | ControlFlowNode for foo | test3.py:2:7:2:9 | ControlFlowNode for foo |
 | three.py:1:1:1:3 | ControlFlowNode for foo | two.py:2:7:2:9 | ControlFlowNode for foo |
 | three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test1.py:2:7:2:9 | ControlFlowNode for foo |
 | three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test3.py:1:17:1:19 | ControlFlowNode for ImportMember |
+| three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test3.py:1:17:1:19 | ControlFlowNode for foo |
 | three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test3.py:2:7:2:9 | ControlFlowNode for foo |
+| three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | three.py:1:1:1:3 | ControlFlowNode for foo |
 | three.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | two.py:2:7:2:9 | ControlFlowNode for foo |
 | trois.py:1:1:1:3 | ControlFlowNode for foo | deux.py:2:7:2:9 | ControlFlowNode for foo |
 | trois.py:1:1:1:3 | ControlFlowNode for foo | test2.py:2:7:2:9 | ControlFlowNode for foo |
 | trois.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | deux.py:2:7:2:9 | ControlFlowNode for foo |
 | trois.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | test2.py:2:7:2:9 | ControlFlowNode for foo |
+| trois.py:1:7:1:7 | ControlFlowNode for IntegerLiteral | trois.py:1:1:1:3 | ControlFlowNode for foo |
+| two.py:0:0:0:0 | Entry node for Module two | test3.py:1:17:1:19 | ControlFlowNode for ImportMember |
+| two.py:0:0:0:0 | Entry node for Module two | test3.py:1:17:1:19 | ControlFlowNode for foo |
+| two.py:0:0:0:0 | Entry node for Module two | test3.py:2:7:2:9 | ControlFlowNode for foo |
+| two.py:0:0:0:0 | Entry node for Module two | two.py:2:1:2:5 | ControlFlowNode for print |
+| two.py:0:0:0:0 | Entry node for Module two | two.py:2:7:2:9 | ControlFlowNode for foo |
 | two.py:2:7:2:9 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for ImportMember |
+| two.py:2:7:2:9 | ControlFlowNode for foo | test3.py:1:17:1:19 | ControlFlowNode for foo |
 | two.py:2:7:2:9 | ControlFlowNode for foo | test3.py:2:7:2:9 | ControlFlowNode for foo |

python/ql/test/experimental/dataflow/module-initialization/localFlow.ql

@@ -11,7 +11,10 @@ module ImportTimeLocalFlowTest implements FlowTestSig {
     nodeFrom.getLocation().getFile().getBaseName() = "multiphase.py" and
     // results are displayed next to `nodeTo`, so we need a line to write on
     nodeTo.getLocation().getStartLine() > 0 and
-    nodeTo.asVar() instanceof GlobalSsaVariable and
+    exists(GlobalSsaVariable g |
+      nodeTo.asCfgNode() = g.getDefinition().(EssaNodeDefinition).getDefiningNode()
+    ) and
+    // nodeTo.asVar() instanceof GlobalSsaVariable and
     DP::PhaseDependentFlow<DP::LocalFlow::localFlowStep/2>::importTimeStep(nodeFrom, nodeTo)
   }
 }

python/ql/test/experimental/dataflow/module-initialization/multiphase.py

@@ -1,40 +1,40 @@
-import sys  #$ importTimeFlow="ImportExpr -> GSSA Variable sys"
-import os  #$ importTimeFlow="ImportExpr -> GSSA Variable os"
+import sys  #$ importTimeFlow="ImportExpr -> sys"
+import os  #$ importTimeFlow="ImportExpr -> os"
 
 sys.path.append(os.path.dirname(os.path.dirname((__file__))))
-from testlib import expects #$ importTimeFlow="ImportMember -> GSSA Variable expects"
+from testlib import expects #$ importTimeFlow="ImportMember -> expects"
 
 # These are defined so that we can evaluate the test code.
-NONSOURCE = "not a source"  #$ importTimeFlow="'not a source' -> GSSA Variable NONSOURCE"
-SOURCE = "source"  #$ importTimeFlow="'source' -> GSSA Variable SOURCE"
+NONSOURCE = "not a source"  #$ importTimeFlow="'not a source' -> NONSOURCE"
+SOURCE = "source"  #$ importTimeFlow="'source' -> SOURCE"
 
 
-def is_source(x):  #$ importTimeFlow="FunctionExpr -> GSSA Variable is_source"
+def is_source(x):  #$ importTimeFlow="FunctionExpr -> is_source"
     return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
 
 
-def SINK(x):  #$ importTimeFlow="FunctionExpr -> GSSA Variable SINK"
+def SINK(x):  #$ importTimeFlow="FunctionExpr -> SINK"
     if is_source(x):  #$ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-17 -> is_source"
         print("OK")  #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-18 -> print"
     else:
         print("Unexpected flow", x)  #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-20 -> print"
 
 
-def SINK_F(x):  #$ importTimeFlow="FunctionExpr -> GSSA Variable SINK_F"
+def SINK_F(x):  #$ importTimeFlow="FunctionExpr -> SINK_F"
     if is_source(x):  #$ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-24 -> is_source"
         print("Unexpected flow", x)  #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-25 -> print"
     else:
         print("OK")  #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-27 -> print"
 
-def set_foo():  #$ importTimeFlow="FunctionExpr -> GSSA Variable set_foo"
+def set_foo():  #$ importTimeFlow="FunctionExpr -> set_foo"
     global foo
     foo = SOURCE  #$ runtimeFlow="ModuleVariableNode in Module multiphase for SOURCE, l:-31 -> SOURCE" # missing final definition of foo
 
-foo = NONSOURCE  #$ importTimeFlow="NONSOURCE -> GSSA Variable foo"
+foo = NONSOURCE  #$ importTimeFlow="NONSOURCE -> foo"
 set_foo()
 
 @expects(2)
-def test_phases():  #$ importTimeFlow="expects(..)(..), l:-1 -> GSSA Variable test_phases"
+def test_phases():  #$ importTimeFlow="expects(..)(..), l:-1 -> test_phases"
     global foo
     SINK(foo)  #$ runtimeFlow="ModuleVariableNode in Module multiphase for SINK, l:-39 -> SINK" runtimeFlow="ModuleVariableNode in Module multiphase for foo, l:-39 -> foo"
     foo = NONSOURCE  #$ runtimeFlow="ModuleVariableNode in Module multiphase for NONSOURCE, l:-40 -> NONSOURCE"

python/ql/test/experimental/dataflow/strange-essaflow/testFlow.expected

@@ -1,6 +1,6 @@
 os_import
-| test.py:2:8:2:9 | GSSA Variable os |
+| test.py:2:8:2:9 | ControlFlowNode for os |
 flowstep
 jumpStep
-| test.py:2:8:2:9 | GSSA Variable os | test.py:0:0:0:0 | ModuleVariableNode in Module test for os |
+| test.py:2:8:2:9 | ControlFlowNode for os | test.py:0:0:0:0 | ModuleVariableNode in Module test for os |
 essaFlowStep

python/ql/test/experimental/dataflow/strange-essaflow/testFlow.ql

@@ -2,17 +2,17 @@ import python
 import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate
 
-/** Gets the EssaNode that holds the module imported by the fully qualified module name `name` */
-DataFlow::EssaNode module_import(string name) {
-  exists(Variable var, Import imp, Alias alias |
+/** Gets the `CfgNode` that holds the module imported by the fully qualified module name `name`. */
+DataFlow::CfgNode module_import(string name) {
+  exists(Variable var, AssignmentDefinition def, Import imp, Alias alias |
+    var = def.getSourceVariable() and
+    result.getNode() = def.getDefiningNode() and
     alias = imp.getAName() and
-    alias.getAsname() = var.getAStore() and
-    (
-      name = alias.getValue().(ImportMember).getImportedModuleName()
-      or
-      name = alias.getValue().(ImportExpr).getImportedModuleName()
-    ) and
-    result.getVar().(AssignmentDefinition).getSourceVariable() = var
+    alias.getAsname() = var.getAStore()
+  |
+    name = alias.getValue().(ImportMember).getImportedModuleName()
+    or
+    name = alias.getValue().(ImportExpr).getImportedModuleName()
   )
 }
 

python/ql/test/experimental/dataflow/summaries/summaries.expected

@@ -1,55 +1,55 @@
 edges
-| summaries.py:32:1:32:7 | GSSA Variable tainted | summaries.py:33:6:33:12 | ControlFlowNode for tainted |
-| summaries.py:32:11:32:26 | ControlFlowNode for identity() | summaries.py:32:1:32:7 | GSSA Variable tainted |
+| summaries.py:32:1:32:7 | ControlFlowNode for tainted | summaries.py:33:6:33:12 | ControlFlowNode for tainted |
+| summaries.py:32:11:32:26 | ControlFlowNode for identity() | summaries.py:32:1:32:7 | ControlFlowNode for tainted |
 | summaries.py:32:20:32:25 | ControlFlowNode for SOURCE | summaries.py:32:11:32:26 | ControlFlowNode for identity() |
-| summaries.py:36:1:36:14 | GSSA Variable tainted_lambda | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda |
-| summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | summaries.py:36:1:36:14 | GSSA Variable tainted_lambda |
+| summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda |
+| summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda |
 | summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() |
-| summaries.py:44:1:44:12 | GSSA Variable tainted_list | summaries.py:45:6:45:20 | ControlFlowNode for Subscript |
-| summaries.py:44:1:44:12 | GSSA Variable tainted_list [List element] | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] |
-| summaries.py:44:16:44:33 | ControlFlowNode for reversed() | summaries.py:44:1:44:12 | GSSA Variable tainted_list |
-| summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | summaries.py:44:1:44:12 | GSSA Variable tainted_list [List element] |
+| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list | summaries.py:45:6:45:20 | ControlFlowNode for Subscript |
+| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] |
+| summaries.py:44:16:44:33 | ControlFlowNode for reversed() | summaries.py:44:1:44:12 | ControlFlowNode for tainted_list |
+| summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] |
 | summaries.py:44:25:44:32 | ControlFlowNode for List | summaries.py:44:16:44:33 | ControlFlowNode for reversed() |
 | summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] |
 | summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List |
 | summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List [List element] |
 | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | summaries.py:45:6:45:20 | ControlFlowNode for Subscript |
-| summaries.py:51:1:51:14 | GSSA Variable tainted_mapped [List element] | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] |
-| summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | summaries.py:51:1:51:14 | GSSA Variable tainted_mapped [List element] |
+| summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] |
+| summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] |
 | summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] |
 | summaries.py:51:39:51:44 | ControlFlowNode for SOURCE | summaries.py:51:38:51:45 | ControlFlowNode for List [List element] |
 | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | summaries.py:52:6:52:22 | ControlFlowNode for Subscript |
-| summaries.py:57:1:57:23 | GSSA Variable tainted_mapped_explicit [List element] | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] |
-| summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | summaries.py:57:1:57:23 | GSSA Variable tainted_mapped_explicit [List element] |
+| summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] |
+| summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] |
 | summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] |
 | summaries.py:57:56:57:61 | ControlFlowNode for SOURCE | summaries.py:57:55:57:62 | ControlFlowNode for List [List element] |
 | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | summaries.py:58:6:58:31 | ControlFlowNode for Subscript |
-| summaries.py:60:1:60:22 | GSSA Variable tainted_mapped_summary [List element] | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] |
-| summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | summaries.py:60:1:60:22 | GSSA Variable tainted_mapped_summary [List element] |
+| summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] |
+| summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] |
 | summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] |
 | summaries.py:60:46:60:51 | ControlFlowNode for SOURCE | summaries.py:60:45:60:52 | ControlFlowNode for List [List element] |
 | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | summaries.py:61:6:61:30 | ControlFlowNode for Subscript |
-| summaries.py:63:1:63:12 | GSSA Variable tainted_list [List element] | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] |
-| summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | summaries.py:63:1:63:12 | GSSA Variable tainted_list [List element] |
+| summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] |
+| summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] |
 | summaries.py:63:35:63:40 | ControlFlowNode for SOURCE | summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] |
 | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | summaries.py:64:6:64:20 | ControlFlowNode for Subscript |
-| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist | summaries.py:68:6:68:26 | ControlFlowNode for Subscript |
-| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist [List element] | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] |
-| summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist [List element] |
-| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist |
+| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | summaries.py:68:6:68:26 | ControlFlowNode for Subscript |
+| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] |
+| summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] |
+| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist |
 | summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] |
 | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | summaries.py:68:6:68:26 | ControlFlowNode for Subscript |
 nodes
-| summaries.py:32:1:32:7 | GSSA Variable tainted | semmle.label | GSSA Variable tainted |
+| summaries.py:32:1:32:7 | ControlFlowNode for tainted | semmle.label | ControlFlowNode for tainted |
 | summaries.py:32:11:32:26 | ControlFlowNode for identity() | semmle.label | ControlFlowNode for identity() |
 | summaries.py:32:20:32:25 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
 | summaries.py:33:6:33:12 | ControlFlowNode for tainted | semmle.label | ControlFlowNode for tainted |
-| summaries.py:36:1:36:14 | GSSA Variable tainted_lambda | semmle.label | GSSA Variable tainted_lambda |
+| summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda | semmle.label | ControlFlowNode for tainted_lambda |
 | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | semmle.label | ControlFlowNode for apply_lambda() |
 | summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
 | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda | semmle.label | ControlFlowNode for tainted_lambda |
-| summaries.py:44:1:44:12 | GSSA Variable tainted_list | semmle.label | GSSA Variable tainted_list |
-| summaries.py:44:1:44:12 | GSSA Variable tainted_list [List element] | semmle.label | GSSA Variable tainted_list [List element] |
+| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list | semmle.label | ControlFlowNode for tainted_list |
+| summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] |
 | summaries.py:44:16:44:33 | ControlFlowNode for reversed() | semmle.label | ControlFlowNode for reversed() |
 | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | semmle.label | ControlFlowNode for reversed() [List element] |
 | summaries.py:44:25:44:32 | ControlFlowNode for List | semmle.label | ControlFlowNode for List |
@@ -57,31 +57,31 @@ nodes
 | summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
 | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] |
 | summaries.py:45:6:45:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| summaries.py:51:1:51:14 | GSSA Variable tainted_mapped [List element] | semmle.label | GSSA Variable tainted_mapped [List element] |
+| summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] | semmle.label | ControlFlowNode for tainted_mapped [List element] |
 | summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | semmle.label | ControlFlowNode for list_map() [List element] |
 | summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
 | summaries.py:51:39:51:44 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
 | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | semmle.label | ControlFlowNode for tainted_mapped [List element] |
 | summaries.py:52:6:52:22 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| summaries.py:57:1:57:23 | GSSA Variable tainted_mapped_explicit [List element] | semmle.label | GSSA Variable tainted_mapped_explicit [List element] |
+| summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] | semmle.label | ControlFlowNode for tainted_mapped_explicit [List element] |
 | summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | semmle.label | ControlFlowNode for list_map() [List element] |
 | summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
 | summaries.py:57:56:57:61 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
 | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | semmle.label | ControlFlowNode for tainted_mapped_explicit [List element] |
 | summaries.py:58:6:58:31 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| summaries.py:60:1:60:22 | GSSA Variable tainted_mapped_summary [List element] | semmle.label | GSSA Variable tainted_mapped_summary [List element] |
+| summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] | semmle.label | ControlFlowNode for tainted_mapped_summary [List element] |
 | summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | semmle.label | ControlFlowNode for list_map() [List element] |
 | summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
 | summaries.py:60:46:60:51 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
 | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | semmle.label | ControlFlowNode for tainted_mapped_summary [List element] |
 | summaries.py:61:6:61:30 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| summaries.py:63:1:63:12 | GSSA Variable tainted_list [List element] | semmle.label | GSSA Variable tainted_list [List element] |
+| summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] |
 | summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | semmle.label | ControlFlowNode for append_to_list() [List element] |
 | summaries.py:63:35:63:40 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
 | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] |
 | summaries.py:64:6:64:20 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist | semmle.label | GSSA Variable tainted_resultlist |
-| summaries.py:67:1:67:18 | GSSA Variable tainted_resultlist [List element] | semmle.label | GSSA Variable tainted_resultlist [List element] |
+| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | semmle.label | ControlFlowNode for tainted_resultlist |
+| summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] | semmle.label | ControlFlowNode for tainted_resultlist [List element] |
 | summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | semmle.label | ControlFlowNode for json_loads() [List element] |
 | summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
 | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | semmle.label | ControlFlowNode for tainted_resultlist [List element] |

python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected

@@ -1,5 +1,5 @@
-| test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:6:4:12 | ControlFlowNode for tainted |
-| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | GSSA Variable tainted |
-| test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | GSSA Variable func |
-| test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:10:8:21 | ControlFlowNode for also_tainted |
-| test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:7:5:7:16 | SSA variable also_tainted |
+| test.py:3:1:3:7 | ControlFlowNode for tainted | test.py:4:6:4:12 | ControlFlowNode for tainted |
+| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | ControlFlowNode for tainted |
+| test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | ControlFlowNode for func |
+| test.py:7:5:7:16 | ControlFlowNode for also_tainted | test.py:8:10:8:21 | ControlFlowNode for also_tainted |
+| test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:7:5:7:16 | ControlFlowNode for also_tainted |

python/ql/test/experimental/dataflow/typetracking-summaries/summaries.py

@@ -6,10 +6,8 @@ tainted = TTS_identity(tracked)  # $ tracked
 tainted  # $ tracked
 
 # Lambda summary
-# I think the missing result is expected because type tracking
-# is not allowed to flow back out of a call.
 tainted_lambda = TTS_apply_lambda(lambda x: x, tracked)  # $ tracked
-tainted_lambda  # $ MISSING: tracked
+tainted_lambda  # $ tracked
 
 # A lambda that directly introduces taint
 bad_lambda = TTS_apply_lambda(lambda x: tracked, 1)  # $ tracked

python/ql/test/experimental/dataflow/typetracking/moduleattr.expected

@@ -3,9 +3,9 @@ module_tracker
 module_attr_tracker
 | import_as_attr.py:0:0:0:0 | ModuleVariableNode in Module import_as_attr for attr_ref |
 | import_as_attr.py:1:20:1:35 | ControlFlowNode for ImportMember |
-| import_as_attr.py:1:28:1:35 | GSSA Variable attr_ref |
-| import_as_attr.py:3:1:3:1 | GSSA Variable x |
+| import_as_attr.py:1:28:1:35 | ControlFlowNode for attr_ref |
+| import_as_attr.py:3:1:3:1 | ControlFlowNode for x |
 | import_as_attr.py:3:5:3:12 | ControlFlowNode for attr_ref |
-| import_as_attr.py:5:1:5:10 | GSSA Variable attr_ref |
-| import_as_attr.py:6:5:6:5 | SSA variable y |
+| import_as_attr.py:5:1:5:10 | Entry node for Function fun |
+| import_as_attr.py:6:5:6:5 | ControlFlowNode for y |
 | import_as_attr.py:6:9:6:16 | ControlFlowNode for attr_ref |

python/ql/test/experimental/dataflow/typetracking/tracked.ql

@@ -26,7 +26,7 @@ module TrackedTest implements TestSig {
       not e.getLocation().getStartLine() = 0 and
       // We do not wish to annotate scope entry definitions,
       // as they do not appear in the source code.
-      not e.asVar() instanceof ScopeEntryDefinition and
+      not e.asCfgNode() = any(ScopeEntryDefinition def).getDefiningNode() and
       tag = "tracked" and
       location = e.getLocation() and
       value = t.getAttr() and

python/ql/test/experimental/import-resolution/ModuleExport.expected

@@ -1,58 +1,58 @@
 | attr_clash.__init__ | __file__ | attr_clash/__init__.py:6:6:6:13 | ControlFlowNode for __file__ |
-| attr_clash.__init__ | __name__ | attr_clash/__init__.py:0:0:0:0 | GSSA Variable __name__ |
-| attr_clash.__init__ | __package__ | attr_clash/__init__.py:0:0:0:0 | GSSA Variable __package__ |
-| attr_clash.__init__ | clashing_attr | attr_clash/__init__.py:4:1:4:13 | GSSA Variable clashing_attr |
+| attr_clash.__init__ | __name__ | attr_clash/__init__.py:0:0:0:0 | Entry node for Module attr_clash.__init__ |
+| attr_clash.__init__ | __package__ | attr_clash/__init__.py:0:0:0:0 | Entry node for Module attr_clash.__init__ |
+| attr_clash.__init__ | clashing_attr | attr_clash/__init__.py:4:1:4:13 | ControlFlowNode for clashing_attr |
 | attr_clash.__init__ | enter | attr_clash/__init__.py:2:1:2:5 | ControlFlowNode for enter |
 | attr_clash.__init__ | exit | attr_clash/__init__.py:6:1:6:4 | ControlFlowNode for exit |
 | attr_clash.clashing_attr | __file__ | attr_clash/clashing_attr.py:4:6:4:13 | ControlFlowNode for __file__ |
-| attr_clash.clashing_attr | __name__ | attr_clash/clashing_attr.py:0:0:0:0 | GSSA Variable __name__ |
-| attr_clash.clashing_attr | __package__ | attr_clash/clashing_attr.py:0:0:0:0 | GSSA Variable __package__ |
+| attr_clash.clashing_attr | __name__ | attr_clash/clashing_attr.py:0:0:0:0 | Entry node for Module attr_clash.clashing_attr |
+| attr_clash.clashing_attr | __package__ | attr_clash/clashing_attr.py:0:0:0:0 | Entry node for Module attr_clash.clashing_attr |
 | attr_clash.clashing_attr | enter | attr_clash/clashing_attr.py:2:1:2:5 | ControlFlowNode for enter |
 | attr_clash.clashing_attr | exit | attr_clash/clashing_attr.py:4:1:4:4 | ControlFlowNode for exit |
 | attr_clash.non_clashing_submodule | __file__ | attr_clash/non_clashing_submodule.py:4:6:4:13 | ControlFlowNode for __file__ |
-| attr_clash.non_clashing_submodule | __name__ | attr_clash/non_clashing_submodule.py:0:0:0:0 | GSSA Variable __name__ |
-| attr_clash.non_clashing_submodule | __package__ | attr_clash/non_clashing_submodule.py:0:0:0:0 | GSSA Variable __package__ |
+| attr_clash.non_clashing_submodule | __name__ | attr_clash/non_clashing_submodule.py:0:0:0:0 | Entry node for Module attr_clash.non_clashing_submodule |
+| attr_clash.non_clashing_submodule | __package__ | attr_clash/non_clashing_submodule.py:0:0:0:0 | Entry node for Module attr_clash.non_clashing_submodule |
 | attr_clash.non_clashing_submodule | enter | attr_clash/non_clashing_submodule.py:2:1:2:5 | ControlFlowNode for enter |
 | attr_clash.non_clashing_submodule | exit | attr_clash/non_clashing_submodule.py:4:1:4:4 | ControlFlowNode for exit |
 | bar | __file__ | bar.py:6:6:6:13 | ControlFlowNode for __file__ |
-| bar | __name__ | bar.py:0:0:0:0 | GSSA Variable __name__ |
-| bar | __package__ | bar.py:0:0:0:0 | GSSA Variable __package__ |
-| bar | bar_attr | bar.py:4:1:4:8 | GSSA Variable bar_attr |
+| bar | __name__ | bar.py:0:0:0:0 | Entry node for Module bar |
+| bar | __package__ | bar.py:0:0:0:0 | Entry node for Module bar |
+| bar | bar_attr | bar.py:4:1:4:8 | ControlFlowNode for bar_attr |
 | bar | enter | bar.py:2:1:2:5 | ControlFlowNode for enter |
 | bar | exit | bar.py:6:1:6:4 | ControlFlowNode for exit |
 | baz | __file__ | baz.py:6:6:6:13 | ControlFlowNode for __file__ |
-| baz | __name__ | baz.py:0:0:0:0 | GSSA Variable __name__ |
-| baz | __package__ | baz.py:0:0:0:0 | GSSA Variable __package__ |
-| baz | baz_attr | baz.py:4:1:4:8 | GSSA Variable baz_attr |
+| baz | __name__ | baz.py:0:0:0:0 | Entry node for Module baz |
+| baz | __package__ | baz.py:0:0:0:0 | Entry node for Module baz |
+| baz | baz_attr | baz.py:4:1:4:8 | ControlFlowNode for baz_attr |
 | baz | enter | baz.py:2:1:2:5 | ControlFlowNode for enter |
 | baz | exit | baz.py:6:1:6:4 | ControlFlowNode for exit |
 | block_flow_check | SOURCE | block_flow_check.py:12:25:12:30 | ControlFlowNode for SOURCE |
 | block_flow_check | __file__ | block_flow_check.py:14:6:14:13 | ControlFlowNode for __file__ |
-| block_flow_check | __name__ | block_flow_check.py:0:0:0:0 | GSSA Variable __name__ |
-| block_flow_check | __package__ | block_flow_check.py:0:0:0:0 | GSSA Variable __package__ |
+| block_flow_check | __name__ | block_flow_check.py:0:0:0:0 | Entry node for Module block_flow_check |
+| block_flow_check | __package__ | block_flow_check.py:0:0:0:0 | Entry node for Module block_flow_check |
 | block_flow_check | check | block_flow_check.py:12:1:12:5 | ControlFlowNode for check |
 | block_flow_check | enter | block_flow_check.py:2:1:2:5 | ControlFlowNode for enter |
 | block_flow_check | exit | block_flow_check.py:14:1:14:4 | ControlFlowNode for exit |
 | block_flow_check | globals | block_flow_check.py:12:33:12:39 | ControlFlowNode for globals |
 | block_flow_check | object | block_flow_check.py:4:14:4:19 | ControlFlowNode for object |
-| block_flow_check | staticmethod | block_flow_check.py:0:0:0:0 | GSSA Variable staticmethod |
+| block_flow_check | staticmethod | block_flow_check.py:0:0:0:0 | Entry node for Module block_flow_check |
 | foo | __file__ | foo.py:14:6:14:13 | ControlFlowNode for __file__ |
-| foo | __name__ | foo.py:0:0:0:0 | GSSA Variable __name__ |
-| foo | __package__ | foo.py:0:0:0:0 | GSSA Variable __package__ |
-| foo | __private_foo_attr | foo.py:8:1:8:18 | GSSA Variable __private_foo_attr |
+| foo | __name__ | foo.py:0:0:0:0 | Entry node for Module foo |
+| foo | __package__ | foo.py:0:0:0:0 | Entry node for Module foo |
+| foo | __private_foo_attr | foo.py:8:1:8:18 | ControlFlowNode for __private_foo_attr |
 | foo | bar_reexported | foo.py:11:8:11:10 | ControlFlowNode for ImportExpr |
 | foo | bar_reexported | foo.py:12:34:12:47 | ControlFlowNode for bar_reexported |
 | foo | check | foo.py:12:1:12:5 | ControlFlowNode for check |
 | foo | enter | foo.py:2:1:2:5 | ControlFlowNode for enter |
 | foo | exit | foo.py:14:1:14:4 | ControlFlowNode for exit |
-| foo | foo_attr | foo.py:5:1:5:8 | GSSA Variable foo_attr |
+| foo | foo_attr | foo.py:5:1:5:8 | ControlFlowNode for foo_attr |
 | foo | globals | foo.py:12:71:12:77 | ControlFlowNode for globals |
 | generous_export | Exception | generous_export.py:16:11:16:19 | ControlFlowNode for Exception |
 | generous_export | SOURCE | generous_export.py:15:11:15:16 | ControlFlowNode for SOURCE |
 | generous_export | SOURCE | generous_export.py:20:25:20:30 | ControlFlowNode for SOURCE |
 | generous_export | __file__ | generous_export.py:22:6:22:13 | ControlFlowNode for __file__ |
-| generous_export | __name__ | generous_export.py:0:0:0:0 | GSSA Variable __name__ |
-| generous_export | __package__ | generous_export.py:0:0:0:0 | GSSA Variable __package__ |
+| generous_export | __name__ | generous_export.py:0:0:0:0 | Entry node for Module generous_export |
+| generous_export | __package__ | generous_export.py:0:0:0:0 | Entry node for Module generous_export |
 | generous_export | check | generous_export.py:20:1:20:5 | ControlFlowNode for check |
 | generous_export | enter | generous_export.py:2:1:2:5 | ControlFlowNode for enter |
 | generous_export | eval | generous_export.py:10:4:10:7 | ControlFlowNode for eval |
@@ -60,43 +60,43 @@
 | generous_export | globals | generous_export.py:20:33:20:39 | ControlFlowNode for globals |
 | generous_export | object | generous_export.py:4:14:4:19 | ControlFlowNode for object |
 | generous_export | print | generous_export.py:15:5:15:9 | ControlFlowNode for print |
-| generous_export | staticmethod | generous_export.py:0:0:0:0 | GSSA Variable staticmethod |
-| has_defined_all | __all__ | has_defined_all.py:7:1:7:7 | GSSA Variable __all__ |
+| generous_export | staticmethod | generous_export.py:0:0:0:0 | Entry node for Module generous_export |
+| has_defined_all | __all__ | has_defined_all.py:7:1:7:7 | ControlFlowNode for __all__ |
 | has_defined_all | __file__ | has_defined_all.py:9:6:9:13 | ControlFlowNode for __file__ |
-| has_defined_all | __name__ | has_defined_all.py:0:0:0:0 | GSSA Variable __name__ |
-| has_defined_all | __package__ | has_defined_all.py:0:0:0:0 | GSSA Variable __package__ |
-| has_defined_all | all_defined_bar | has_defined_all.py:5:1:5:15 | GSSA Variable all_defined_bar |
-| has_defined_all | all_defined_foo | has_defined_all.py:4:1:4:15 | GSSA Variable all_defined_foo |
+| has_defined_all | __name__ | has_defined_all.py:0:0:0:0 | Entry node for Module has_defined_all |
+| has_defined_all | __package__ | has_defined_all.py:0:0:0:0 | Entry node for Module has_defined_all |
+| has_defined_all | all_defined_bar | has_defined_all.py:5:1:5:15 | ControlFlowNode for all_defined_bar |
+| has_defined_all | all_defined_foo | has_defined_all.py:4:1:4:15 | ControlFlowNode for all_defined_foo |
 | has_defined_all | enter | has_defined_all.py:2:1:2:5 | ControlFlowNode for enter |
 | has_defined_all | exit | has_defined_all.py:9:1:9:4 | ControlFlowNode for exit |
-| has_defined_all_copy | __all__ | has_defined_all_copy.py:9:1:9:7 | GSSA Variable __all__ |
+| has_defined_all_copy | __all__ | has_defined_all_copy.py:9:1:9:7 | ControlFlowNode for __all__ |
 | has_defined_all_copy | __file__ | has_defined_all_copy.py:11:6:11:13 | ControlFlowNode for __file__ |
-| has_defined_all_copy | __name__ | has_defined_all_copy.py:0:0:0:0 | GSSA Variable __name__ |
-| has_defined_all_copy | __package__ | has_defined_all_copy.py:0:0:0:0 | GSSA Variable __package__ |
-| has_defined_all_copy | all_defined_bar_copy | has_defined_all_copy.py:7:1:7:20 | GSSA Variable all_defined_bar_copy |
-| has_defined_all_copy | all_defined_foo_copy | has_defined_all_copy.py:6:1:6:20 | GSSA Variable all_defined_foo_copy |
+| has_defined_all_copy | __name__ | has_defined_all_copy.py:0:0:0:0 | Entry node for Module has_defined_all_copy |
+| has_defined_all_copy | __package__ | has_defined_all_copy.py:0:0:0:0 | Entry node for Module has_defined_all_copy |
+| has_defined_all_copy | all_defined_bar_copy | has_defined_all_copy.py:7:1:7:20 | ControlFlowNode for all_defined_bar_copy |
+| has_defined_all_copy | all_defined_foo_copy | has_defined_all_copy.py:6:1:6:20 | ControlFlowNode for all_defined_foo_copy |
 | has_defined_all_copy | enter | has_defined_all_copy.py:4:1:4:5 | ControlFlowNode for enter |
 | has_defined_all_copy | exit | has_defined_all_copy.py:11:1:11:4 | ControlFlowNode for exit |
 | has_defined_all_indirection | __file__ | has_defined_all_indirection.py:6:6:6:13 | ControlFlowNode for __file__ |
-| has_defined_all_indirection | __name__ | has_defined_all_indirection.py:0:0:0:0 | GSSA Variable __name__ |
-| has_defined_all_indirection | __package__ | has_defined_all_indirection.py:0:0:0:0 | GSSA Variable __package__ |
-| has_defined_all_indirection | all_defined_foo_copy | has_defined_all_copy.py:6:1:6:20 | GSSA Variable all_defined_foo_copy |
+| has_defined_all_indirection | __name__ | has_defined_all_indirection.py:0:0:0:0 | Entry node for Module has_defined_all_indirection |
+| has_defined_all_indirection | __package__ | has_defined_all_indirection.py:0:0:0:0 | Entry node for Module has_defined_all_indirection |
+| has_defined_all_indirection | all_defined_foo_copy | has_defined_all_copy.py:6:1:6:20 | ControlFlowNode for all_defined_foo_copy |
 | has_defined_all_indirection | enter | has_defined_all_indirection.py:2:1:2:5 | ControlFlowNode for enter |
 | has_defined_all_indirection | exit | has_defined_all_indirection.py:6:1:6:4 | ControlFlowNode for exit |
 | if_then_else | __file__ | if_then_else.py:16:6:16:13 | ControlFlowNode for __file__ |
-| if_then_else | __name__ | if_then_else.py:0:0:0:0 | GSSA Variable __name__ |
-| if_then_else | __package__ | if_then_else.py:0:0:0:0 | GSSA Variable __package__ |
+| if_then_else | __name__ | if_then_else.py:0:0:0:0 | Entry node for Module if_then_else |
+| if_then_else | __package__ | if_then_else.py:0:0:0:0 | Entry node for Module if_then_else |
 | if_then_else | enter | if_then_else.py:2:1:2:5 | ControlFlowNode for enter |
 | if_then_else | eval | if_then_else.py:11:8:11:11 | ControlFlowNode for eval |
 | if_then_else | exit | if_then_else.py:16:1:16:4 | ControlFlowNode for exit |
-| if_then_else | if_then_else_defined | if_then_else.py:7:5:7:24 | GSSA Variable if_then_else_defined |
-| if_then_else | if_then_else_defined | if_then_else.py:12:9:12:28 | GSSA Variable if_then_else_defined |
-| if_then_else | if_then_else_defined | if_then_else.py:14:9:14:28 | GSSA Variable if_then_else_defined |
+| if_then_else | if_then_else_defined | if_then_else.py:7:5:7:24 | ControlFlowNode for if_then_else_defined |
+| if_then_else | if_then_else_defined | if_then_else.py:12:9:12:28 | ControlFlowNode for if_then_else_defined |
+| if_then_else | if_then_else_defined | if_then_else.py:14:9:14:28 | ControlFlowNode for if_then_else_defined |
 | if_then_else_refined | SOURCE | if_then_else_refined.py:11:11:11:16 | ControlFlowNode for SOURCE |
 | if_then_else_refined | SOURCE | if_then_else_refined.py:13:11:13:16 | ControlFlowNode for SOURCE |
 | if_then_else_refined | __file__ | if_then_else_refined.py:19:6:19:13 | ControlFlowNode for __file__ |
-| if_then_else_refined | __name__ | if_then_else_refined.py:0:0:0:0 | GSSA Variable __name__ |
-| if_then_else_refined | __package__ | if_then_else_refined.py:0:0:0:0 | GSSA Variable __package__ |
+| if_then_else_refined | __name__ | if_then_else_refined.py:0:0:0:0 | Entry node for Module if_then_else_refined |
+| if_then_else_refined | __package__ | if_then_else_refined.py:0:0:0:0 | Entry node for Module if_then_else_refined |
 | if_then_else_refined | check | if_then_else_refined.py:17:1:17:5 | ControlFlowNode for check |
 | if_then_else_refined | enter | if_then_else_refined.py:4:1:4:5 | ControlFlowNode for enter |
 | if_then_else_refined | eval | if_then_else_refined.py:10:4:10:7 | ControlFlowNode for eval |
@@ -104,21 +104,21 @@
 | if_then_else_refined | globals | if_then_else_refined.py:17:24:17:30 | ControlFlowNode for globals |
 | if_then_else_refined | src | if_then_else_refined.py:17:19:17:21 | ControlFlowNode for src |
 | package.__init__ | __file__ | package/__init__.py:7:6:7:13 | ControlFlowNode for __file__ |
-| package.__init__ | __name__ | package/__init__.py:0:0:0:0 | GSSA Variable __name__ |
-| package.__init__ | __package__ | package/__init__.py:0:0:0:0 | GSSA Variable __package__ |
-| package.__init__ | attr_used_in_subpackage | package/__init__.py:4:1:4:23 | GSSA Variable attr_used_in_subpackage |
+| package.__init__ | __name__ | package/__init__.py:0:0:0:0 | Entry node for Module package.__init__ |
+| package.__init__ | __package__ | package/__init__.py:0:0:0:0 | Entry node for Module package.__init__ |
+| package.__init__ | attr_used_in_subpackage | package/__init__.py:4:1:4:23 | ControlFlowNode for attr_used_in_subpackage |
 | package.__init__ | enter | package/__init__.py:2:1:2:5 | ControlFlowNode for enter |
 | package.__init__ | exit | package/__init__.py:7:1:7:4 | ControlFlowNode for exit |
-| package.__init__ | package_attr | package/__init__.py:5:1:5:12 | GSSA Variable package_attr |
+| package.__init__ | package_attr | package/__init__.py:5:1:5:12 | ControlFlowNode for package_attr |
 | package.subpackage2.__init__ | __file__ | package/subpackage2/__init__.py:6:6:6:13 | ControlFlowNode for __file__ |
-| package.subpackage2.__init__ | __name__ | package/subpackage2/__init__.py:0:0:0:0 | GSSA Variable __name__ |
-| package.subpackage2.__init__ | __package__ | package/subpackage2/__init__.py:0:0:0:0 | GSSA Variable __package__ |
+| package.subpackage2.__init__ | __name__ | package/subpackage2/__init__.py:0:0:0:0 | Entry node for Module package.subpackage2.__init__ |
+| package.subpackage2.__init__ | __package__ | package/subpackage2/__init__.py:0:0:0:0 | Entry node for Module package.subpackage2.__init__ |
 | package.subpackage2.__init__ | enter | package/subpackage2/__init__.py:2:1:2:5 | ControlFlowNode for enter |
 | package.subpackage2.__init__ | exit | package/subpackage2/__init__.py:6:1:6:4 | ControlFlowNode for exit |
-| package.subpackage2.__init__ | subpackage2_attr | package/subpackage2/__init__.py:4:1:4:16 | GSSA Variable subpackage2_attr |
+| package.subpackage2.__init__ | subpackage2_attr | package/subpackage2/__init__.py:4:1:4:16 | ControlFlowNode for subpackage2_attr |
 | package.subpackage.__init__ | __file__ | package/subpackage/__init__.py:14:6:14:13 | ControlFlowNode for __file__ |
-| package.subpackage.__init__ | __name__ | package/subpackage/__init__.py:0:0:0:0 | GSSA Variable __name__ |
-| package.subpackage.__init__ | __package__ | package/subpackage/__init__.py:0:0:0:0 | GSSA Variable __package__ |
+| package.subpackage.__init__ | __name__ | package/subpackage/__init__.py:0:0:0:0 | Entry node for Module package.subpackage.__init__ |
+| package.subpackage.__init__ | __package__ | package/subpackage/__init__.py:0:0:0:0 | Entry node for Module package.subpackage.__init__ |
 | package.subpackage.__init__ | check | package/subpackage/__init__.py:12:1:12:5 | ControlFlowNode for check |
 | package.subpackage.__init__ | enter | package/subpackage/__init__.py:2:1:2:5 | ControlFlowNode for enter |
 | package.subpackage.__init__ | exit | package/subpackage/__init__.py:14:1:14:4 | ControlFlowNode for exit |
@@ -126,31 +126,31 @@
 | package.subpackage.__init__ | imported_attr | package/subpackage/__init__.py:7:16:7:55 | ControlFlowNode for ImportMember |
 | package.subpackage.__init__ | imported_attr | package/subpackage/__init__.py:8:24:8:36 | ControlFlowNode for imported_attr |
 | package.subpackage.__init__ | irrelevant_attr | package/subpackage/__init__.py:11:24:11:38 | ControlFlowNode for ImportMember |
-| package.subpackage.__init__ | irrelevant_attr | package/subpackage/__init__.py:11:24:11:38 | GSSA Variable irrelevant_attr |
+| package.subpackage.__init__ | irrelevant_attr | package/subpackage/__init__.py:11:24:11:38 | ControlFlowNode for irrelevant_attr |
 | package.subpackage.__init__ | submodule | package/subpackage/__init__.py:12:35:12:43 | ControlFlowNode for submodule |
-| package.subpackage.__init__ | subpackage_attr | package/subpackage/__init__.py:4:1:4:15 | GSSA Variable subpackage_attr |
+| package.subpackage.__init__ | subpackage_attr | package/subpackage/__init__.py:4:1:4:15 | ControlFlowNode for subpackage_attr |
 | package.subpackage.submodule | __file__ | package/subpackage/submodule.py:7:6:7:13 | ControlFlowNode for __file__ |
-| package.subpackage.submodule | __name__ | package/subpackage/submodule.py:0:0:0:0 | GSSA Variable __name__ |
-| package.subpackage.submodule | __package__ | package/subpackage/submodule.py:0:0:0:0 | GSSA Variable __package__ |
+| package.subpackage.submodule | __name__ | package/subpackage/submodule.py:0:0:0:0 | Entry node for Module package.subpackage.submodule |
+| package.subpackage.submodule | __package__ | package/subpackage/submodule.py:0:0:0:0 | Entry node for Module package.subpackage.submodule |
 | package.subpackage.submodule | enter | package/subpackage/submodule.py:2:1:2:5 | ControlFlowNode for enter |
 | package.subpackage.submodule | exit | package/subpackage/submodule.py:7:1:7:4 | ControlFlowNode for exit |
-| package.subpackage.submodule | irrelevant_attr | package/subpackage/submodule.py:5:1:5:15 | GSSA Variable irrelevant_attr |
-| package.subpackage.submodule | submodule_attr | package/subpackage/submodule.py:4:1:4:14 | GSSA Variable submodule_attr |
+| package.subpackage.submodule | irrelevant_attr | package/subpackage/submodule.py:5:1:5:15 | ControlFlowNode for irrelevant_attr |
+| package.subpackage.submodule | submodule_attr | package/subpackage/submodule.py:4:1:4:14 | ControlFlowNode for submodule_attr |
 | refined | SOURCE | refined.py:12:25:12:30 | ControlFlowNode for SOURCE |
 | refined | __file__ | refined.py:14:6:14:13 | ControlFlowNode for __file__ |
-| refined | __name__ | refined.py:0:0:0:0 | GSSA Variable __name__ |
-| refined | __package__ | refined.py:0:0:0:0 | GSSA Variable __package__ |
+| refined | __name__ | refined.py:0:0:0:0 | Entry node for Module refined |
+| refined | __package__ | refined.py:0:0:0:0 | Entry node for Module refined |
 | refined | check | refined.py:12:1:12:5 | ControlFlowNode for check |
 | refined | enter | refined.py:2:1:2:5 | ControlFlowNode for enter |
 | refined | exit | refined.py:14:1:14:4 | ControlFlowNode for exit |
 | refined | globals | refined.py:12:33:12:39 | ControlFlowNode for globals |
 | refined | object | refined.py:4:14:4:19 | ControlFlowNode for object |
 | simplistic_reexport | __file__ | simplistic_reexport.py:19:6:19:13 | ControlFlowNode for __file__ |
-| simplistic_reexport | __name__ | simplistic_reexport.py:0:0:0:0 | GSSA Variable __name__ |
-| simplistic_reexport | __package__ | simplistic_reexport.py:0:0:0:0 | GSSA Variable __package__ |
+| simplistic_reexport | __name__ | simplistic_reexport.py:0:0:0:0 | Entry node for Module simplistic_reexport |
+| simplistic_reexport | __package__ | simplistic_reexport.py:0:0:0:0 | Entry node for Module simplistic_reexport |
 | simplistic_reexport | bar_attr | simplistic_reexport.py:6:17:6:24 | ControlFlowNode for ImportMember |
 | simplistic_reexport | bar_attr | simplistic_reexport.py:10:19:10:26 | ControlFlowNode for bar_attr |
-| simplistic_reexport | baz_attr | baz.py:4:1:4:8 | GSSA Variable baz_attr |
+| simplistic_reexport | baz_attr | baz.py:4:1:4:8 | ControlFlowNode for baz_attr |
 | simplistic_reexport | baz_attr | simplistic_reexport.py:17:19:17:26 | ControlFlowNode for baz_attr |
 | simplistic_reexport | check | simplistic_reexport.py:17:1:17:5 | ControlFlowNode for check |
 | simplistic_reexport | enter | baz.py:2:1:2:5 | ControlFlowNode for enter |

python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected

@@ -1,199 +1,199 @@
 edges
-| TarSlipImprov.py:15:1:15:3 | GSSA Variable tar | TarSlipImprov.py:17:5:17:10 | GSSA Variable member |
-| TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:15:1:15:3 | GSSA Variable tar |
-| TarSlipImprov.py:17:5:17:10 | GSSA Variable member | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member |
+| TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member |
+| TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar |
+| TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member |
 | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result |
 | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result |
-| TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | TarSlipImprov.py:28:9:28:14 | SSA variable member |
-| TarSlipImprov.py:28:9:28:14 | SSA variable member | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member |
+| TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member |
+| TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member |
 | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result |
 | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result |
-| TarSlipImprov.py:38:1:38:3 | GSSA Variable tar | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar |
-| TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:38:1:38:3 | GSSA Variable tar |
+| TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar |
+| TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar |
 | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile |
 | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() |
-| TarSlipImprov.py:43:6:43:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:43:43:43:45 | GSSA Variable tar |
-| TarSlipImprov.py:43:43:43:45 | GSSA Variable tar | TarSlipImprov.py:44:9:44:13 | GSSA Variable entry |
-| TarSlipImprov.py:44:9:44:13 | GSSA Variable entry | TarSlipImprov.py:47:21:47:25 | ControlFlowNode for entry |
-| TarSlipImprov.py:54:6:54:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:54:43:54:45 | GSSA Variable tar |
-| TarSlipImprov.py:54:43:54:45 | GSSA Variable tar | TarSlipImprov.py:56:9:56:13 | GSSA Variable entry |
-| TarSlipImprov.py:56:9:56:13 | GSSA Variable entry | TarSlipImprov.py:58:21:58:25 | ControlFlowNode for entry |
-| TarSlipImprov.py:88:6:88:43 | ControlFlowNode for Attribute() | TarSlipImprov.py:88:48:88:50 | GSSA Variable tar |
-| TarSlipImprov.py:88:48:88:50 | GSSA Variable tar | TarSlipImprov.py:91:5:91:7 | ControlFlowNode for tar |
-| TarSlipImprov.py:111:1:111:3 | GSSA Variable tar | TarSlipImprov.py:115:9:115:11 | ControlFlowNode for tar |
-| TarSlipImprov.py:111:7:111:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:111:1:111:3 | GSSA Variable tar |
-| TarSlipImprov.py:123:6:123:29 | ControlFlowNode for Attribute() | TarSlipImprov.py:123:34:123:36 | GSSA Variable tar |
-| TarSlipImprov.py:123:34:123:36 | GSSA Variable tar | TarSlipImprov.py:124:9:124:13 | GSSA Variable entry |
-| TarSlipImprov.py:124:9:124:13 | GSSA Variable entry | TarSlipImprov.py:125:36:125:40 | ControlFlowNode for entry |
-| TarSlipImprov.py:129:6:129:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:129:31:129:33 | GSSA Variable tar |
-| TarSlipImprov.py:129:31:129:33 | GSSA Variable tar | TarSlipImprov.py:130:5:130:7 | ControlFlowNode for tar |
-| TarSlipImprov.py:133:1:133:3 | GSSA Variable tar | TarSlipImprov.py:134:1:134:3 | ControlFlowNode for tar |
-| TarSlipImprov.py:133:7:133:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:133:1:133:3 | GSSA Variable tar |
-| TarSlipImprov.py:141:6:141:29 | ControlFlowNode for Attribute() | TarSlipImprov.py:141:34:141:36 | GSSA Variable tar |
-| TarSlipImprov.py:141:34:141:36 | GSSA Variable tar | TarSlipImprov.py:142:9:142:13 | GSSA Variable entry |
-| TarSlipImprov.py:142:9:142:13 | GSSA Variable entry | TarSlipImprov.py:143:36:143:40 | ControlFlowNode for entry |
-| TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | TarSlipImprov.py:151:55:151:56 | SSA variable tf |
+| TarSlipImprov.py:43:6:43:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:43:43:43:45 | ControlFlowNode for tar |
+| TarSlipImprov.py:43:43:43:45 | ControlFlowNode for tar | TarSlipImprov.py:44:9:44:13 | ControlFlowNode for entry |
+| TarSlipImprov.py:44:9:44:13 | ControlFlowNode for entry | TarSlipImprov.py:47:21:47:25 | ControlFlowNode for entry |
+| TarSlipImprov.py:54:6:54:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:54:43:54:45 | ControlFlowNode for tar |
+| TarSlipImprov.py:54:43:54:45 | ControlFlowNode for tar | TarSlipImprov.py:56:9:56:13 | ControlFlowNode for entry |
+| TarSlipImprov.py:56:9:56:13 | ControlFlowNode for entry | TarSlipImprov.py:58:21:58:25 | ControlFlowNode for entry |
+| TarSlipImprov.py:88:6:88:43 | ControlFlowNode for Attribute() | TarSlipImprov.py:88:48:88:50 | ControlFlowNode for tar |
+| TarSlipImprov.py:88:48:88:50 | ControlFlowNode for tar | TarSlipImprov.py:91:5:91:7 | ControlFlowNode for tar |
+| TarSlipImprov.py:111:1:111:3 | ControlFlowNode for tar | TarSlipImprov.py:115:9:115:11 | ControlFlowNode for tar |
+| TarSlipImprov.py:111:7:111:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:111:1:111:3 | ControlFlowNode for tar |
+| TarSlipImprov.py:123:6:123:29 | ControlFlowNode for Attribute() | TarSlipImprov.py:123:34:123:36 | ControlFlowNode for tar |
+| TarSlipImprov.py:123:34:123:36 | ControlFlowNode for tar | TarSlipImprov.py:124:9:124:13 | ControlFlowNode for entry |
+| TarSlipImprov.py:124:9:124:13 | ControlFlowNode for entry | TarSlipImprov.py:125:36:125:40 | ControlFlowNode for entry |
+| TarSlipImprov.py:129:6:129:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:129:31:129:33 | ControlFlowNode for tar |
+| TarSlipImprov.py:129:31:129:33 | ControlFlowNode for tar | TarSlipImprov.py:130:5:130:7 | ControlFlowNode for tar |
+| TarSlipImprov.py:133:1:133:3 | ControlFlowNode for tar | TarSlipImprov.py:134:1:134:3 | ControlFlowNode for tar |
+| TarSlipImprov.py:133:7:133:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:133:1:133:3 | ControlFlowNode for tar |
+| TarSlipImprov.py:141:6:141:29 | ControlFlowNode for Attribute() | TarSlipImprov.py:141:34:141:36 | ControlFlowNode for tar |
+| TarSlipImprov.py:141:34:141:36 | ControlFlowNode for tar | TarSlipImprov.py:142:9:142:13 | ControlFlowNode for entry |
+| TarSlipImprov.py:142:9:142:13 | ControlFlowNode for entry | TarSlipImprov.py:143:36:143:40 | ControlFlowNode for entry |
+| TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf |
 | TarSlipImprov.py:151:22:151:49 | ControlFlowNode for Attribute() | TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() |
-| TarSlipImprov.py:151:55:151:56 | SSA variable tf | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf |
+| TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf |
 | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() |
-| TarSlipImprov.py:157:9:157:14 | SSA variable tar_cm | TarSlipImprov.py:162:20:162:23 | SSA variable tarc |
-| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | TarSlipImprov.py:157:9:157:14 | SSA variable tar_cm |
-| TarSlipImprov.py:159:9:159:14 | SSA variable tar_cm | TarSlipImprov.py:162:20:162:23 | SSA variable tarc |
-| TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | TarSlipImprov.py:159:9:159:14 | SSA variable tar_cm |
+| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc |
+| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm |
+| TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc |
+| TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm |
 | TarSlipImprov.py:159:26:159:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() |
-| TarSlipImprov.py:162:20:162:23 | SSA variable tarc | TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc |
-| TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:176:36:176:38 | GSSA Variable tar |
-| TarSlipImprov.py:176:36:176:38 | GSSA Variable tar | TarSlipImprov.py:177:9:177:13 | GSSA Variable entry |
-| TarSlipImprov.py:177:9:177:13 | GSSA Variable entry | TarSlipImprov.py:178:36:178:40 | ControlFlowNode for entry |
-| TarSlipImprov.py:182:6:182:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:182:36:182:38 | GSSA Variable tar |
-| TarSlipImprov.py:182:36:182:38 | GSSA Variable tar | TarSlipImprov.py:183:9:183:13 | GSSA Variable entry |
-| TarSlipImprov.py:183:9:183:13 | GSSA Variable entry | TarSlipImprov.py:184:21:184:25 | ControlFlowNode for entry |
-| TarSlipImprov.py:188:1:188:3 | GSSA Variable tar | TarSlipImprov.py:189:1:189:3 | ControlFlowNode for tar |
-| TarSlipImprov.py:188:7:188:27 | ControlFlowNode for Attribute() | TarSlipImprov.py:188:1:188:3 | GSSA Variable tar |
-| TarSlipImprov.py:193:6:193:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:193:36:193:38 | GSSA Variable tar |
-| TarSlipImprov.py:193:36:193:38 | GSSA Variable tar | TarSlipImprov.py:194:49:194:51 | ControlFlowNode for tar |
-| TarSlipImprov.py:210:6:210:43 | ControlFlowNode for Attribute() | TarSlipImprov.py:210:48:210:50 | GSSA Variable tar |
-| TarSlipImprov.py:210:48:210:50 | GSSA Variable tar | TarSlipImprov.py:211:5:211:7 | ControlFlowNode for tar |
-| TarSlipImprov.py:231:6:231:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:231:43:231:52 | GSSA Variable corpus_tar |
-| TarSlipImprov.py:231:43:231:52 | GSSA Variable corpus_tar | TarSlipImprov.py:233:9:233:9 | GSSA Variable f |
-| TarSlipImprov.py:233:9:233:9 | GSSA Variable f | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f |
+| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc |
+| TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar |
+| TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry |
+| TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry | TarSlipImprov.py:178:36:178:40 | ControlFlowNode for entry |
+| TarSlipImprov.py:182:6:182:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:182:36:182:38 | ControlFlowNode for tar |
+| TarSlipImprov.py:182:36:182:38 | ControlFlowNode for tar | TarSlipImprov.py:183:9:183:13 | ControlFlowNode for entry |
+| TarSlipImprov.py:183:9:183:13 | ControlFlowNode for entry | TarSlipImprov.py:184:21:184:25 | ControlFlowNode for entry |
+| TarSlipImprov.py:188:1:188:3 | ControlFlowNode for tar | TarSlipImprov.py:189:1:189:3 | ControlFlowNode for tar |
+| TarSlipImprov.py:188:7:188:27 | ControlFlowNode for Attribute() | TarSlipImprov.py:188:1:188:3 | ControlFlowNode for tar |
+| TarSlipImprov.py:193:6:193:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:193:36:193:38 | ControlFlowNode for tar |
+| TarSlipImprov.py:193:36:193:38 | ControlFlowNode for tar | TarSlipImprov.py:194:49:194:51 | ControlFlowNode for tar |
+| TarSlipImprov.py:210:6:210:43 | ControlFlowNode for Attribute() | TarSlipImprov.py:210:48:210:50 | ControlFlowNode for tar |
+| TarSlipImprov.py:210:48:210:50 | ControlFlowNode for tar | TarSlipImprov.py:211:5:211:7 | ControlFlowNode for tar |
+| TarSlipImprov.py:231:6:231:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar |
+| TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar | TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f |
+| TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f |
 | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | TarSlipImprov.py:236:44:236:50 | ControlFlowNode for members |
 | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members |
-| TarSlipImprov.py:258:6:258:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:258:31:258:33 | GSSA Variable tar |
-| TarSlipImprov.py:258:31:258:33 | GSSA Variable tar | TarSlipImprov.py:259:9:259:13 | GSSA Variable entry |
-| TarSlipImprov.py:259:9:259:13 | GSSA Variable entry | TarSlipImprov.py:261:25:261:29 | ControlFlowNode for entry |
-| TarSlipImprov.py:264:6:264:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:264:43:264:45 | GSSA Variable tar |
-| TarSlipImprov.py:264:43:264:45 | GSSA Variable tar | TarSlipImprov.py:265:9:265:13 | GSSA Variable entry |
-| TarSlipImprov.py:265:9:265:13 | GSSA Variable entry | TarSlipImprov.py:268:21:268:25 | ControlFlowNode for entry |
-| TarSlipImprov.py:271:6:271:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:271:44:271:46 | GSSA Variable tar |
-| TarSlipImprov.py:271:44:271:46 | GSSA Variable tar | TarSlipImprov.py:272:9:272:13 | GSSA Variable entry |
-| TarSlipImprov.py:272:9:272:13 | GSSA Variable entry | TarSlipImprov.py:274:25:274:29 | ControlFlowNode for entry |
-| TarSlipImprov.py:276:6:276:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:276:43:276:45 | GSSA Variable tar |
-| TarSlipImprov.py:276:43:276:45 | GSSA Variable tar | TarSlipImprov.py:277:9:277:13 | GSSA Variable entry |
-| TarSlipImprov.py:277:9:277:13 | GSSA Variable entry | TarSlipImprov.py:280:21:280:25 | ControlFlowNode for entry |
-| TarSlipImprov.py:283:6:283:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:283:56:283:58 | GSSA Variable tar |
-| TarSlipImprov.py:283:56:283:58 | GSSA Variable tar | TarSlipImprov.py:284:5:284:7 | ControlFlowNode for tar |
-| TarSlipImprov.py:287:1:287:3 | GSSA Variable tar | TarSlipImprov.py:288:49:288:51 | ControlFlowNode for tar |
-| TarSlipImprov.py:287:7:287:28 | ControlFlowNode for Attribute() | TarSlipImprov.py:287:1:287:3 | GSSA Variable tar |
-| TarSlipImprov.py:292:1:292:3 | GSSA Variable tar | TarSlipImprov.py:293:1:293:3 | ControlFlowNode for tar |
-| TarSlipImprov.py:292:7:292:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:292:1:292:3 | GSSA Variable tar |
-| TarSlipImprov.py:300:6:300:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:300:56:300:58 | GSSA Variable tar |
-| TarSlipImprov.py:300:56:300:58 | GSSA Variable tar | TarSlipImprov.py:301:49:301:51 | ControlFlowNode for tar |
-| TarSlipImprov.py:304:1:304:3 | GSSA Variable tar | TarSlipImprov.py:306:5:306:10 | GSSA Variable member |
-| TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:304:1:304:3 | GSSA Variable tar |
-| TarSlipImprov.py:306:5:306:10 | GSSA Variable member | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member |
+| TarSlipImprov.py:258:6:258:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar |
+| TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry |
+| TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | TarSlipImprov.py:261:25:261:29 | ControlFlowNode for entry |
+| TarSlipImprov.py:264:6:264:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:264:43:264:45 | ControlFlowNode for tar |
+| TarSlipImprov.py:264:43:264:45 | ControlFlowNode for tar | TarSlipImprov.py:265:9:265:13 | ControlFlowNode for entry |
+| TarSlipImprov.py:265:9:265:13 | ControlFlowNode for entry | TarSlipImprov.py:268:21:268:25 | ControlFlowNode for entry |
+| TarSlipImprov.py:271:6:271:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:271:44:271:46 | ControlFlowNode for tar |
+| TarSlipImprov.py:271:44:271:46 | ControlFlowNode for tar | TarSlipImprov.py:272:9:272:13 | ControlFlowNode for entry |
+| TarSlipImprov.py:272:9:272:13 | ControlFlowNode for entry | TarSlipImprov.py:274:25:274:29 | ControlFlowNode for entry |
+| TarSlipImprov.py:276:6:276:38 | ControlFlowNode for Attribute() | TarSlipImprov.py:276:43:276:45 | ControlFlowNode for tar |
+| TarSlipImprov.py:276:43:276:45 | ControlFlowNode for tar | TarSlipImprov.py:277:9:277:13 | ControlFlowNode for entry |
+| TarSlipImprov.py:277:9:277:13 | ControlFlowNode for entry | TarSlipImprov.py:280:21:280:25 | ControlFlowNode for entry |
+| TarSlipImprov.py:283:6:283:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:283:56:283:58 | ControlFlowNode for tar |
+| TarSlipImprov.py:283:56:283:58 | ControlFlowNode for tar | TarSlipImprov.py:284:5:284:7 | ControlFlowNode for tar |
+| TarSlipImprov.py:287:1:287:3 | ControlFlowNode for tar | TarSlipImprov.py:288:49:288:51 | ControlFlowNode for tar |
+| TarSlipImprov.py:287:7:287:28 | ControlFlowNode for Attribute() | TarSlipImprov.py:287:1:287:3 | ControlFlowNode for tar |
+| TarSlipImprov.py:292:1:292:3 | ControlFlowNode for tar | TarSlipImprov.py:293:1:293:3 | ControlFlowNode for tar |
+| TarSlipImprov.py:292:7:292:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:292:1:292:3 | ControlFlowNode for tar |
+| TarSlipImprov.py:300:6:300:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:300:56:300:58 | ControlFlowNode for tar |
+| TarSlipImprov.py:300:56:300:58 | ControlFlowNode for tar | TarSlipImprov.py:301:49:301:51 | ControlFlowNode for tar |
+| TarSlipImprov.py:304:1:304:3 | ControlFlowNode for tar | TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member |
+| TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:304:1:304:3 | ControlFlowNode for tar |
+| TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member |
 | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | TarSlipImprov.py:310:49:310:54 | ControlFlowNode for result |
 | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result |
 nodes
-| TarSlipImprov.py:15:1:15:3 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:17:5:17:10 | GSSA Variable member | semmle.label | GSSA Variable member |
+| TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
 | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
 | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
 | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
 | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | semmle.label | ControlFlowNode for tarfile |
-| TarSlipImprov.py:28:9:28:14 | SSA variable member | semmle.label | SSA variable member |
+| TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
 | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
 | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
 | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
-| TarSlipImprov.py:38:1:38:3 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | semmle.label | ControlFlowNode for members_filter1() |
 | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:43:6:43:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:43:43:43:45 | GSSA Variable tar | semmle.label | GSSA Variable tar |
-| TarSlipImprov.py:44:9:44:13 | GSSA Variable entry | semmle.label | GSSA Variable entry |
+| TarSlipImprov.py:43:43:43:45 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
+| TarSlipImprov.py:44:9:44:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:47:21:47:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:54:6:54:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:54:43:54:45 | GSSA Variable tar | semmle.label | GSSA Variable tar |
-| TarSlipImprov.py:56:9:56:13 | GSSA Variable entry | semmle.label | GSSA Variable entry |
+| TarSlipImprov.py:54:43:54:45 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
+| TarSlipImprov.py:56:9:56:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:58:21:58:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:88:6:88:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:88:48:88:50 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:88:48:88:50 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:91:5:91:7 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
-| TarSlipImprov.py:111:1:111:3 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:111:1:111:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:111:7:111:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | TarSlipImprov.py:115:9:115:11 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:123:6:123:29 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:123:34:123:36 | GSSA Variable tar | semmle.label | GSSA Variable tar |
-| TarSlipImprov.py:124:9:124:13 | GSSA Variable entry | semmle.label | GSSA Variable entry |
+| TarSlipImprov.py:123:34:123:36 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
+| TarSlipImprov.py:124:9:124:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:125:36:125:40 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:129:6:129:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:129:31:129:33 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:129:31:129:33 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:130:5:130:7 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
-| TarSlipImprov.py:133:1:133:3 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:133:1:133:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:133:7:133:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | TarSlipImprov.py:134:1:134:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:141:6:141:29 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:141:34:141:36 | GSSA Variable tar | semmle.label | GSSA Variable tar |
-| TarSlipImprov.py:142:9:142:13 | GSSA Variable entry | semmle.label | GSSA Variable entry |
+| TarSlipImprov.py:141:34:141:36 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
+| TarSlipImprov.py:142:9:142:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:143:36:143:40 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | semmle.label | ControlFlowNode for closing() |
 | TarSlipImprov.py:151:22:151:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:151:55:151:56 | SSA variable tf | semmle.label | SSA variable tf |
+| TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | semmle.label | ControlFlowNode for tf |
 | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | semmle.label | ControlFlowNode for tf |
-| TarSlipImprov.py:157:9:157:14 | SSA variable tar_cm | semmle.label | SSA variable tar_cm |
+| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | semmle.label | ControlFlowNode for tar_cm |
 | TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | semmle.label | ControlFlowNode for py2_tarxz() |
-| TarSlipImprov.py:159:9:159:14 | SSA variable tar_cm | semmle.label | SSA variable tar_cm |
+| TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | semmle.label | ControlFlowNode for tar_cm |
 | TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | semmle.label | ControlFlowNode for closing() |
 | TarSlipImprov.py:159:26:159:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:162:20:162:23 | SSA variable tarc | semmle.label | SSA variable tarc |
+| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | semmle.label | ControlFlowNode for tarc |
 | TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc | semmle.label | ControlFlowNode for tarc |
 | TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:176:36:176:38 | GSSA Variable tar | semmle.label | GSSA Variable tar |
-| TarSlipImprov.py:177:9:177:13 | GSSA Variable entry | semmle.label | GSSA Variable entry |
+| TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
+| TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:178:36:178:40 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:182:6:182:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:182:36:182:38 | GSSA Variable tar | semmle.label | GSSA Variable tar |
-| TarSlipImprov.py:183:9:183:13 | GSSA Variable entry | semmle.label | GSSA Variable entry |
+| TarSlipImprov.py:182:36:182:38 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
+| TarSlipImprov.py:183:9:183:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:184:21:184:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
-| TarSlipImprov.py:188:1:188:3 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:188:1:188:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:188:7:188:27 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | TarSlipImprov.py:189:1:189:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:193:6:193:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:193:36:193:38 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:193:36:193:38 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:194:49:194:51 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:210:6:210:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:210:48:210:50 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:210:48:210:50 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:211:5:211:7 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:231:6:231:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:231:43:231:52 | GSSA Variable corpus_tar | semmle.label | GSSA Variable corpus_tar |
-| TarSlipImprov.py:233:9:233:9 | GSSA Variable f | semmle.label | GSSA Variable f |
+| TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar | semmle.label | ControlFlowNode for corpus_tar |
+| TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
 | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | semmle.label | [post] ControlFlowNode for members |
 | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
 | TarSlipImprov.py:236:44:236:50 | ControlFlowNode for members | semmle.label | ControlFlowNode for members |
 | TarSlipImprov.py:254:1:254:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | TarSlipImprov.py:258:6:258:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:258:31:258:33 | GSSA Variable tar | semmle.label | GSSA Variable tar |
-| TarSlipImprov.py:259:9:259:13 | GSSA Variable entry | semmle.label | GSSA Variable entry |
+| TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
+| TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:261:25:261:29 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:264:6:264:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:264:43:264:45 | GSSA Variable tar | semmle.label | GSSA Variable tar |
-| TarSlipImprov.py:265:9:265:13 | GSSA Variable entry | semmle.label | GSSA Variable entry |
+| TarSlipImprov.py:264:43:264:45 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
+| TarSlipImprov.py:265:9:265:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:268:21:268:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:271:6:271:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:271:44:271:46 | GSSA Variable tar | semmle.label | GSSA Variable tar |
-| TarSlipImprov.py:272:9:272:13 | GSSA Variable entry | semmle.label | GSSA Variable entry |
+| TarSlipImprov.py:271:44:271:46 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
+| TarSlipImprov.py:272:9:272:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:274:25:274:29 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:276:6:276:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:276:43:276:45 | GSSA Variable tar | semmle.label | GSSA Variable tar |
-| TarSlipImprov.py:277:9:277:13 | GSSA Variable entry | semmle.label | GSSA Variable entry |
+| TarSlipImprov.py:276:43:276:45 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
+| TarSlipImprov.py:277:9:277:13 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:280:21:280:25 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | TarSlipImprov.py:283:6:283:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:283:56:283:58 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:283:56:283:58 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:284:5:284:7 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
-| TarSlipImprov.py:287:1:287:3 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:287:1:287:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:287:7:287:28 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | TarSlipImprov.py:288:49:288:51 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
-| TarSlipImprov.py:292:1:292:3 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:292:1:292:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:292:7:292:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | TarSlipImprov.py:293:1:293:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:300:6:300:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:300:56:300:58 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:300:56:300:58 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:301:49:301:51 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
-| TarSlipImprov.py:304:1:304:3 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| TarSlipImprov.py:304:1:304:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| TarSlipImprov.py:306:5:306:10 | GSSA Variable member | semmle.label | GSSA Variable member |
+| TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
 | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
 | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
 | TarSlipImprov.py:310:49:310:54 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |

python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/ZipSlip.expected

@@ -1,39 +1,39 @@
 edges
-| zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | zipslip_bad.py:8:36:8:39 | SSA variable zipf |
-| zipslip_bad.py:8:36:8:39 | SSA variable zipf | zipslip_bad.py:10:13:10:17 | SSA variable entry |
-| zipslip_bad.py:10:13:10:17 | SSA variable entry | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry |
-| zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | zipslip_bad.py:14:33:14:36 | SSA variable zipf |
-| zipslip_bad.py:14:33:14:36 | SSA variable zipf | zipslip_bad.py:16:13:16:17 | SSA variable entry |
-| zipslip_bad.py:16:13:16:17 | SSA variable entry | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry |
-| zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | zipslip_bad.py:20:32:20:35 | SSA variable zipf |
-| zipslip_bad.py:20:32:20:35 | SSA variable zipf | zipslip_bad.py:22:13:22:17 | SSA variable entry |
-| zipslip_bad.py:22:13:22:17 | SSA variable entry | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry |
-| zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | zipslip_bad.py:27:27:27:34 | SSA variable filelist |
-| zipslip_bad.py:27:27:27:34 | SSA variable filelist | zipslip_bad.py:29:13:29:13 | SSA variable x |
-| zipslip_bad.py:29:13:29:13 | SSA variable x | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x |
-| zipslip_bad.py:34:5:34:12 | SSA variable filelist | zipslip_bad.py:35:9:35:9 | SSA variable x |
-| zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | zipslip_bad.py:34:5:34:12 | SSA variable filelist |
-| zipslip_bad.py:35:9:35:9 | SSA variable x | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x |
+| zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | zipslip_bad.py:8:36:8:39 | ControlFlowNode for zipf |
+| zipslip_bad.py:8:36:8:39 | ControlFlowNode for zipf | zipslip_bad.py:10:13:10:17 | ControlFlowNode for entry |
+| zipslip_bad.py:10:13:10:17 | ControlFlowNode for entry | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry |
+| zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | zipslip_bad.py:14:33:14:36 | ControlFlowNode for zipf |
+| zipslip_bad.py:14:33:14:36 | ControlFlowNode for zipf | zipslip_bad.py:16:13:16:17 | ControlFlowNode for entry |
+| zipslip_bad.py:16:13:16:17 | ControlFlowNode for entry | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry |
+| zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | zipslip_bad.py:20:32:20:35 | ControlFlowNode for zipf |
+| zipslip_bad.py:20:32:20:35 | ControlFlowNode for zipf | zipslip_bad.py:22:13:22:17 | ControlFlowNode for entry |
+| zipslip_bad.py:22:13:22:17 | ControlFlowNode for entry | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry |
+| zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | zipslip_bad.py:27:27:27:34 | ControlFlowNode for filelist |
+| zipslip_bad.py:27:27:27:34 | ControlFlowNode for filelist | zipslip_bad.py:29:13:29:13 | ControlFlowNode for x |
+| zipslip_bad.py:29:13:29:13 | ControlFlowNode for x | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x |
+| zipslip_bad.py:34:5:34:12 | ControlFlowNode for filelist | zipslip_bad.py:35:9:35:9 | ControlFlowNode for x |
+| zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | zipslip_bad.py:34:5:34:12 | ControlFlowNode for filelist |
+| zipslip_bad.py:35:9:35:9 | ControlFlowNode for x | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x |
 nodes
 | zipslip_bad.py:8:10:8:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipslip_bad.py:8:36:8:39 | SSA variable zipf | semmle.label | SSA variable zipf |
-| zipslip_bad.py:10:13:10:17 | SSA variable entry | semmle.label | SSA variable entry |
+| zipslip_bad.py:8:36:8:39 | ControlFlowNode for zipf | semmle.label | ControlFlowNode for zipf |
+| zipslip_bad.py:10:13:10:17 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | zipslip_bad.py:11:25:11:29 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | zipslip_bad.py:14:10:14:28 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipslip_bad.py:14:33:14:36 | SSA variable zipf | semmle.label | SSA variable zipf |
-| zipslip_bad.py:16:13:16:17 | SSA variable entry | semmle.label | SSA variable entry |
+| zipslip_bad.py:14:33:14:36 | ControlFlowNode for zipf | semmle.label | ControlFlowNode for zipf |
+| zipslip_bad.py:16:13:16:17 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | zipslip_bad.py:17:26:17:30 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | zipslip_bad.py:20:10:20:27 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipslip_bad.py:20:32:20:35 | SSA variable zipf | semmle.label | SSA variable zipf |
-| zipslip_bad.py:22:13:22:17 | SSA variable entry | semmle.label | SSA variable entry |
+| zipslip_bad.py:20:32:20:35 | ControlFlowNode for zipf | semmle.label | ControlFlowNode for zipf |
+| zipslip_bad.py:22:13:22:17 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | zipslip_bad.py:23:29:23:33 | ControlFlowNode for entry | semmle.label | ControlFlowNode for entry |
 | zipslip_bad.py:27:10:27:22 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipslip_bad.py:27:27:27:34 | SSA variable filelist | semmle.label | SSA variable filelist |
-| zipslip_bad.py:29:13:29:13 | SSA variable x | semmle.label | SSA variable x |
+| zipslip_bad.py:27:27:27:34 | ControlFlowNode for filelist | semmle.label | ControlFlowNode for filelist |
+| zipslip_bad.py:29:13:29:13 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
 | zipslip_bad.py:30:25:30:25 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| zipslip_bad.py:34:5:34:12 | SSA variable filelist | semmle.label | SSA variable filelist |
+| zipslip_bad.py:34:5:34:12 | ControlFlowNode for filelist | semmle.label | ControlFlowNode for filelist |
 | zipslip_bad.py:34:16:34:28 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipslip_bad.py:35:9:35:9 | SSA variable x | semmle.label | SSA variable x |
+| zipslip_bad.py:35:9:35:9 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
 | zipslip_bad.py:37:32:37:32 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
 subpaths
 #select

python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected

@@ -1,12 +1,12 @@
 edges
-| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | UnsafeUnpack.py:5:26:5:32 | GSSA Variable request |
-| UnsafeUnpack.py:5:26:5:32 | GSSA Variable request | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request |
-| UnsafeUnpack.py:11:7:11:14 | SSA variable filename | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() |
+| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request |
+| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request |
+| UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:11:7:11:14 | SSA variable filename |
-| UnsafeUnpack.py:13:13:13:20 | SSA variable response | UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response |
-| UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | UnsafeUnpack.py:13:13:13:20 | SSA variable response |
+| UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename |
+| UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response |
+| UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response |
 | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | UnsafeUnpack.py:19:35:19:41 | ControlFlowNode for tarpath |
 | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath |
 | UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute |
@@ -14,65 +14,65 @@ edges
 | UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f |
 | UnsafeUnpack.py:33:50:33:65 | ControlFlowNode for local_ziped_path | UnsafeUnpack.py:34:23:34:38 | ControlFlowNode for local_ziped_path |
 | UnsafeUnpack.py:47:20:47:34 | ControlFlowNode for compressed_file | UnsafeUnpack.py:48:23:48:37 | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:51:1:51:15 | GSSA Variable compressed_file | UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:51:19:51:36 | ControlFlowNode for Attribute() | UnsafeUnpack.py:51:1:51:15 | GSSA Variable compressed_file |
-| UnsafeUnpack.py:65:1:65:15 | GSSA Variable compressed_file | UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:65:19:65:31 | ControlFlowNode for Attribute | UnsafeUnpack.py:65:1:65:15 | GSSA Variable compressed_file |
-| UnsafeUnpack.py:79:1:79:12 | GSSA Variable url_filename | UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:79:1:79:12 | GSSA Variable url_filename | UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | UnsafeUnpack.py:79:1:79:12 | GSSA Variable url_filename |
-| UnsafeUnpack.py:81:1:81:8 | GSSA Variable response | UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response |
-| UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:81:1:81:8 | GSSA Variable response |
+| UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file | UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file |
+| UnsafeUnpack.py:51:19:51:36 | ControlFlowNode for Attribute() | UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file |
+| UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file | UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file |
+| UnsafeUnpack.py:65:19:65:31 | ControlFlowNode for Attribute | UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file |
+| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() |
+| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() |
+| UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename |
+| UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response |
+| UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response |
 | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:87:23:87:29 | ControlFlowNode for tarpath |
 | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath |
 | UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f |
 | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | UnsafeUnpack.py:105:35:105:42 | ControlFlowNode for savepath |
-| UnsafeUnpack.py:103:23:103:27 | SSA variable chunk | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk |
+| UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk |
 | UnsafeUnpack.py:103:32:103:44 | ControlFlowNode for Attribute | UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript |
 | UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:103:23:103:27 | SSA variable chunk |
+| UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk |
 | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath |
 | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile |
-| UnsafeUnpack.py:108:13:108:18 | SSA variable myfile | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile |
+| UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile |
 | UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | UnsafeUnpack.py:108:13:108:18 | SSA variable myfile |
+| UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile |
 | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | UnsafeUnpack.py:112:35:112:43 | ControlFlowNode for file_path |
 | UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path |
 | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f |
-| UnsafeUnpack.py:116:17:116:21 | SSA variable ufile | UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile |
+| UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile | UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile |
 | UnsafeUnpack.py:116:27:116:39 | ControlFlowNode for Attribute | UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:116:17:116:21 | SSA variable ufile |
-| UnsafeUnpack.py:118:19:118:26 | SSA variable filename | UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename |
-| UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | UnsafeUnpack.py:118:19:118:26 | SSA variable filename |
+| UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile |
+| UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename | UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename |
+| UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename |
 | UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:119:19:119:36 | SSA variable uploaded_file_path | UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path |
-| UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | UnsafeUnpack.py:119:19:119:36 | SSA variable uploaded_file_path |
+| UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path | UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path |
+| UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path |
 | UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:140:1:140:19 | GSSA Variable unsafe_filename_tar | UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar |
-| UnsafeUnpack.py:140:23:140:35 | ControlFlowNode for Attribute | UnsafeUnpack.py:140:1:140:19 | GSSA Variable unsafe_filename_tar |
-| UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | UnsafeUnpack.py:141:56:141:58 | GSSA Variable tar |
+| UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar | UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar |
+| UnsafeUnpack.py:140:23:140:35 | ControlFlowNode for Attribute | UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar |
+| UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar |
 | UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:141:56:141:58 | GSSA Variable tar | UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar |
+| UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar | UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar |
 | UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath |
-| UnsafeUnpack.py:158:23:158:27 | SSA variable chunk | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk |
+| UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk |
 | UnsafeUnpack.py:158:32:158:44 | ControlFlowNode for Attribute | UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript |
 | UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:158:23:158:27 | SSA variable chunk |
+| UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk |
 | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath |
 | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile |
-| UnsafeUnpack.py:161:19:161:21 | SSA variable tar | UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar |
-| UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | UnsafeUnpack.py:161:19:161:21 | SSA variable tar |
+| UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar |
+| UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar |
 | UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:163:23:163:28 | SSA variable member | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member |
-| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | UnsafeUnpack.py:163:23:163:28 | SSA variable member |
+| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member |
+| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member |
 | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result |
 | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result |
-| UnsafeUnpack.py:171:1:171:8 | GSSA Variable response | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response |
-| UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:171:1:171:8 | GSSA Variable response |
+| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response |
+| UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response |
 | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath |
 | UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath |
 | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute |
@@ -83,12 +83,12 @@ edges
 | UnsafeUnpack.py:201:29:201:31 | ControlFlowNode for tmp | UnsafeUnpack.py:201:29:201:36 | ControlFlowNode for Attribute |
 nodes
 | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| UnsafeUnpack.py:5:26:5:32 | GSSA Variable request | semmle.label | GSSA Variable request |
-| UnsafeUnpack.py:11:7:11:14 | SSA variable filename | semmle.label | SSA variable filename |
+| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
 | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:13:13:13:20 | SSA variable response | semmle.label | SSA variable response |
+| UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
 | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath |
 | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
@@ -100,15 +100,15 @@ nodes
 | UnsafeUnpack.py:34:23:34:38 | ControlFlowNode for local_ziped_path | semmle.label | ControlFlowNode for local_ziped_path |
 | UnsafeUnpack.py:47:20:47:34 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
 | UnsafeUnpack.py:48:23:48:37 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:51:1:51:15 | GSSA Variable compressed_file | semmle.label | GSSA Variable compressed_file |
+| UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
 | UnsafeUnpack.py:51:19:51:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:65:1:65:15 | GSSA Variable compressed_file | semmle.label | GSSA Variable compressed_file |
+| UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
 | UnsafeUnpack.py:65:19:65:31 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:79:1:79:12 | GSSA Variable url_filename | semmle.label | GSSA Variable url_filename |
+| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | semmle.label | ControlFlowNode for url_filename |
 | UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:81:1:81:8 | GSSA Variable response | semmle.label | GSSA Variable response |
+| UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
 | UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath |
 | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
@@ -117,14 +117,14 @@ nodes
 | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:87:23:87:29 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath |
 | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath |
-| UnsafeUnpack.py:103:23:103:27 | SSA variable chunk | semmle.label | SSA variable chunk |
+| UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk |
 | UnsafeUnpack.py:103:32:103:44 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | semmle.label | ControlFlowNode for wfile |
 | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk |
 | UnsafeUnpack.py:105:35:105:42 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath |
-| UnsafeUnpack.py:108:13:108:18 | SSA variable myfile | semmle.label | SSA variable myfile |
+| UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | semmle.label | ControlFlowNode for myfile |
 | UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
@@ -132,39 +132,39 @@ nodes
 | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | semmle.label | ControlFlowNode for myfile |
 | UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:112:35:112:43 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
-| UnsafeUnpack.py:116:17:116:21 | SSA variable ufile | semmle.label | SSA variable ufile |
+| UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile | semmle.label | ControlFlowNode for ufile |
 | UnsafeUnpack.py:116:27:116:39 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:118:19:118:26 | SSA variable filename | semmle.label | SSA variable filename |
+| UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
 | UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | semmle.label | ControlFlowNode for ufile |
 | UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:119:19:119:36 | SSA variable uploaded_file_path | semmle.label | SSA variable uploaded_file_path |
+| UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path | semmle.label | ControlFlowNode for uploaded_file_path |
 | UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
 | UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path | semmle.label | ControlFlowNode for uploaded_file_path |
-| UnsafeUnpack.py:140:1:140:19 | GSSA Variable unsafe_filename_tar | semmle.label | GSSA Variable unsafe_filename_tar |
+| UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar | semmle.label | ControlFlowNode for unsafe_filename_tar |
 | UnsafeUnpack.py:140:23:140:35 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | semmle.label | ControlFlowNode for unsafe_filename_tar |
-| UnsafeUnpack.py:141:56:141:58 | GSSA Variable tar | semmle.label | GSSA Variable tar |
+| UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath |
-| UnsafeUnpack.py:158:23:158:27 | SSA variable chunk | semmle.label | SSA variable chunk |
+| UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk |
 | UnsafeUnpack.py:158:32:158:44 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | semmle.label | ControlFlowNode for wfile |
 | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk |
-| UnsafeUnpack.py:161:19:161:21 | SSA variable tar | semmle.label | SSA variable tar |
+| UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath |
-| UnsafeUnpack.py:163:23:163:28 | SSA variable member | semmle.label | SSA variable member |
+| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
 | UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
 | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
 | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
 | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
-| UnsafeUnpack.py:171:1:171:8 | GSSA Variable response | semmle.label | GSSA Variable response |
+| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
 | UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath |
 | UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |

python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected

@@ -1,78 +1,78 @@
 edges
-| AirspeedSsti.py:2:26:2:32 | ControlFlowNode for ImportMember | AirspeedSsti.py:2:26:2:32 | GSSA Variable request |
-| AirspeedSsti.py:2:26:2:32 | GSSA Variable request | AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request |
-| AirspeedSsti.py:10:5:10:12 | SSA variable template | AirspeedSsti.py:11:30:11:37 | ControlFlowNode for template |
+| AirspeedSsti.py:2:26:2:32 | ControlFlowNode for ImportMember | AirspeedSsti.py:2:26:2:32 | ControlFlowNode for request |
+| AirspeedSsti.py:2:26:2:32 | ControlFlowNode for request | AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request |
+| AirspeedSsti.py:10:5:10:12 | ControlFlowNode for template | AirspeedSsti.py:11:30:11:37 | ControlFlowNode for template |
 | AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request | AirspeedSsti.py:10:16:10:27 | ControlFlowNode for Attribute |
 | AirspeedSsti.py:10:16:10:27 | ControlFlowNode for Attribute | AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() |
-| AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | AirspeedSsti.py:10:5:10:12 | SSA variable template |
-| CheetahSinks.py:1:26:1:32 | ControlFlowNode for ImportMember | CheetahSinks.py:1:26:1:32 | GSSA Variable request |
-| CheetahSinks.py:1:26:1:32 | GSSA Variable request | CheetahSinks.py:10:16:10:22 | ControlFlowNode for request |
-| CheetahSinks.py:1:26:1:32 | GSSA Variable request | CheetahSinks.py:21:16:21:22 | ControlFlowNode for request |
-| CheetahSinks.py:10:5:10:12 | SSA variable template | CheetahSinks.py:11:21:11:28 | ControlFlowNode for template |
+| AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | AirspeedSsti.py:10:5:10:12 | ControlFlowNode for template |
+| CheetahSinks.py:1:26:1:32 | ControlFlowNode for ImportMember | CheetahSinks.py:1:26:1:32 | ControlFlowNode for request |
+| CheetahSinks.py:1:26:1:32 | ControlFlowNode for request | CheetahSinks.py:10:16:10:22 | ControlFlowNode for request |
+| CheetahSinks.py:1:26:1:32 | ControlFlowNode for request | CheetahSinks.py:21:16:21:22 | ControlFlowNode for request |
+| CheetahSinks.py:10:5:10:12 | ControlFlowNode for template | CheetahSinks.py:11:21:11:28 | ControlFlowNode for template |
 | CheetahSinks.py:10:16:10:22 | ControlFlowNode for request | CheetahSinks.py:10:16:10:27 | ControlFlowNode for Attribute |
 | CheetahSinks.py:10:16:10:27 | ControlFlowNode for Attribute | CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() |
-| CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() | CheetahSinks.py:10:5:10:12 | SSA variable template |
-| CheetahSinks.py:21:5:21:12 | SSA variable template | CheetahSinks.py:22:20:22:27 | ControlFlowNode for template |
+| CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() | CheetahSinks.py:10:5:10:12 | ControlFlowNode for template |
+| CheetahSinks.py:21:5:21:12 | ControlFlowNode for template | CheetahSinks.py:22:20:22:27 | ControlFlowNode for template |
 | CheetahSinks.py:21:16:21:22 | ControlFlowNode for request | CheetahSinks.py:21:16:21:27 | ControlFlowNode for Attribute |
 | CheetahSinks.py:21:16:21:27 | ControlFlowNode for Attribute | CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() |
-| CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() | CheetahSinks.py:21:5:21:12 | SSA variable template |
-| ChevronSsti.py:1:26:1:32 | ControlFlowNode for ImportMember | ChevronSsti.py:1:26:1:32 | GSSA Variable request |
-| ChevronSsti.py:1:26:1:32 | GSSA Variable request | ChevronSsti.py:10:16:10:22 | ControlFlowNode for request |
-| ChevronSsti.py:10:5:10:12 | SSA variable template | ChevronSsti.py:11:27:11:34 | ControlFlowNode for template |
+| CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() | CheetahSinks.py:21:5:21:12 | ControlFlowNode for template |
+| ChevronSsti.py:1:26:1:32 | ControlFlowNode for ImportMember | ChevronSsti.py:1:26:1:32 | ControlFlowNode for request |
+| ChevronSsti.py:1:26:1:32 | ControlFlowNode for request | ChevronSsti.py:10:16:10:22 | ControlFlowNode for request |
+| ChevronSsti.py:10:5:10:12 | ControlFlowNode for template | ChevronSsti.py:11:27:11:34 | ControlFlowNode for template |
 | ChevronSsti.py:10:16:10:22 | ControlFlowNode for request | ChevronSsti.py:10:16:10:27 | ControlFlowNode for Attribute |
 | ChevronSsti.py:10:16:10:27 | ControlFlowNode for Attribute | ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() |
-| ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | ChevronSsti.py:10:5:10:12 | SSA variable template |
-| DjangoTemplates.py:6:8:6:14 | ControlFlowNode for request | DjangoTemplates.py:8:5:8:12 | SSA variable template |
-| DjangoTemplates.py:8:5:8:12 | SSA variable template | DjangoTemplates.py:9:18:9:25 | ControlFlowNode for template |
-| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for ImportMember | FlaskTemplate.py:1:26:1:32 | GSSA Variable request |
-| FlaskTemplate.py:1:26:1:32 | GSSA Variable request | FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request |
-| FlaskTemplate.py:1:26:1:32 | GSSA Variable request | FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request |
-| FlaskTemplate.py:1:26:1:32 | GSSA Variable request | FlaskTemplate.py:17:41:17:47 | ControlFlowNode for request |
+| ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | ChevronSsti.py:10:5:10:12 | ControlFlowNode for template |
+| DjangoTemplates.py:6:8:6:14 | ControlFlowNode for request | DjangoTemplates.py:8:5:8:12 | ControlFlowNode for template |
+| DjangoTemplates.py:8:5:8:12 | ControlFlowNode for template | DjangoTemplates.py:9:18:9:25 | ControlFlowNode for template |
+| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for ImportMember | FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request |
+| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request |
+| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request |
+| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | FlaskTemplate.py:17:41:17:47 | ControlFlowNode for request |
 | FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute |
 | FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute |
 | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | FlaskTemplate.py:11:39:11:66 | ControlFlowNode for Attribute() |
 | FlaskTemplate.py:17:41:17:47 | ControlFlowNode for request | FlaskTemplate.py:17:41:17:52 | ControlFlowNode for Attribute |
 | FlaskTemplate.py:17:41:17:52 | ControlFlowNode for Attribute | FlaskTemplate.py:17:41:17:68 | ControlFlowNode for Attribute() |
-| JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | JinjaSsti.py:9:5:9:12 | SSA variable template |
-| JinjaSsti.py:9:5:9:12 | SSA variable template | JinjaSsti.py:10:25:10:32 | ControlFlowNode for template |
-| JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | JinjaSsti.py:19:5:19:12 | SSA variable template |
-| JinjaSsti.py:19:5:19:12 | SSA variable template | JinjaSsti.py:20:28:20:35 | ControlFlowNode for template |
-| MakoSsti.py:6:10:6:16 | ControlFlowNode for request | MakoSsti.py:8:5:8:12 | SSA variable template |
-| MakoSsti.py:8:5:8:12 | SSA variable template | MakoSsti.py:9:27:9:34 | ControlFlowNode for template |
-| TRender.py:5:13:5:19 | ControlFlowNode for request | TRender.py:6:5:6:12 | SSA variable template |
-| TRender.py:6:5:6:12 | SSA variable template | TRender.py:7:24:7:31 | ControlFlowNode for template |
+| JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | JinjaSsti.py:9:5:9:12 | ControlFlowNode for template |
+| JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | JinjaSsti.py:10:25:10:32 | ControlFlowNode for template |
+| JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | JinjaSsti.py:19:5:19:12 | ControlFlowNode for template |
+| JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | JinjaSsti.py:20:28:20:35 | ControlFlowNode for template |
+| MakoSsti.py:6:10:6:16 | ControlFlowNode for request | MakoSsti.py:8:5:8:12 | ControlFlowNode for template |
+| MakoSsti.py:8:5:8:12 | ControlFlowNode for template | MakoSsti.py:9:27:9:34 | ControlFlowNode for template |
+| TRender.py:5:13:5:19 | ControlFlowNode for request | TRender.py:6:5:6:12 | ControlFlowNode for template |
+| TRender.py:6:5:6:12 | ControlFlowNode for template | TRender.py:7:24:7:31 | ControlFlowNode for template |
 nodes
 | AirspeedSsti.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| AirspeedSsti.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request |
-| AirspeedSsti.py:10:5:10:12 | SSA variable template | semmle.label | SSA variable template |
+| AirspeedSsti.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| AirspeedSsti.py:10:5:10:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | AirspeedSsti.py:10:16:10:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | AirspeedSsti.py:11:30:11:37 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | CheetahSinks.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| CheetahSinks.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
-| CheetahSinks.py:10:5:10:12 | SSA variable template | semmle.label | SSA variable template |
+| CheetahSinks.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| CheetahSinks.py:10:5:10:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | CheetahSinks.py:10:16:10:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | CheetahSinks.py:10:16:10:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | CheetahSinks.py:11:21:11:28 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
-| CheetahSinks.py:21:5:21:12 | SSA variable template | semmle.label | SSA variable template |
+| CheetahSinks.py:21:5:21:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | CheetahSinks.py:21:16:21:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | CheetahSinks.py:21:16:21:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | CheetahSinks.py:22:20:22:27 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | ChevronSsti.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| ChevronSsti.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
-| ChevronSsti.py:10:5:10:12 | SSA variable template | semmle.label | SSA variable template |
+| ChevronSsti.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| ChevronSsti.py:10:5:10:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | ChevronSsti.py:10:16:10:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | ChevronSsti.py:10:16:10:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | ChevronSsti.py:11:27:11:34 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | DjangoTemplates.py:6:8:6:14 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| DjangoTemplates.py:8:5:8:12 | SSA variable template | semmle.label | SSA variable template |
+| DjangoTemplates.py:8:5:8:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | DjangoTemplates.py:9:18:9:25 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | FlaskTemplate.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| FlaskTemplate.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
+| FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
@@ -81,16 +81,16 @@ nodes
 | FlaskTemplate.py:17:41:17:52 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | FlaskTemplate.py:17:41:17:68 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| JinjaSsti.py:9:5:9:12 | SSA variable template | semmle.label | SSA variable template |
+| JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | JinjaSsti.py:10:25:10:32 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| JinjaSsti.py:19:5:19:12 | SSA variable template | semmle.label | SSA variable template |
+| JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | JinjaSsti.py:20:28:20:35 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | MakoSsti.py:6:10:6:16 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| MakoSsti.py:8:5:8:12 | SSA variable template | semmle.label | SSA variable template |
+| MakoSsti.py:8:5:8:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | MakoSsti.py:9:27:9:34 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | TRender.py:5:13:5:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| TRender.py:6:5:6:12 | SSA variable template | semmle.label | SSA variable template |
+| TRender.py:6:5:6:12 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 | TRender.py:7:24:7:31 | ControlFlowNode for template | semmle.label | ControlFlowNode for template |
 subpaths
 #select

python/ql/test/experimental/query-tests/Security/CWE-079/EmailXss.expected

@@ -1,46 +1,46 @@
 edges
-| flask_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | flask_mail.py:1:19:1:25 | GSSA Variable request |
-| flask_mail.py:1:19:1:25 | GSSA Variable request | flask_mail.py:13:22:13:28 | ControlFlowNode for request |
-| flask_mail.py:1:19:1:25 | GSSA Variable request | flask_mail.py:18:14:18:20 | ControlFlowNode for request |
-| flask_mail.py:1:19:1:25 | GSSA Variable request | flask_mail.py:31:24:31:30 | ControlFlowNode for request |
+| flask_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | flask_mail.py:1:19:1:25 | ControlFlowNode for request |
+| flask_mail.py:1:19:1:25 | ControlFlowNode for request | flask_mail.py:13:22:13:28 | ControlFlowNode for request |
+| flask_mail.py:1:19:1:25 | ControlFlowNode for request | flask_mail.py:18:14:18:20 | ControlFlowNode for request |
+| flask_mail.py:1:19:1:25 | ControlFlowNode for request | flask_mail.py:31:24:31:30 | ControlFlowNode for request |
 | flask_mail.py:13:22:13:28 | ControlFlowNode for request | flask_mail.py:13:22:13:41 | ControlFlowNode for Subscript |
 | flask_mail.py:13:22:13:28 | ControlFlowNode for request | flask_mail.py:18:14:18:33 | ControlFlowNode for Subscript |
 | flask_mail.py:18:14:18:20 | ControlFlowNode for request | flask_mail.py:18:14:18:33 | ControlFlowNode for Subscript |
 | flask_mail.py:31:24:31:30 | ControlFlowNode for request | flask_mail.py:31:24:31:43 | ControlFlowNode for Subscript |
-| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | sendgrid_mail.py:1:19:1:25 | GSSA Variable request |
-| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request |
-| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request |
-| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request |
+| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request |
+| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request |
+| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request |
+| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request |
 | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | sendgrid_mail.py:14:22:14:49 | ControlFlowNode for Subscript |
 | sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request | sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript |
 | sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript | sendgrid_mail.py:26:22:26:62 | ControlFlowNode for HtmlContent() |
 | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | sendgrid_mail.py:37:41:37:68 | ControlFlowNode for Subscript |
-| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for ImportMember | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request |
-| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request |
-| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request |
-| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request |
+| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for ImportMember | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request |
+| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request |
+| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request |
+| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request |
 | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:16:26:16:79 | ControlFlowNode for Attribute() |
 | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:25:27:77 | ControlFlowNode for Attribute() |
 | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() |
 | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:25:27:77 | ControlFlowNode for Attribute() |
 | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() |
 | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() |
-| smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_subparts.py:2:26:2:32 | GSSA Variable request |
-| smtplib_bad_subparts.py:2:26:2:32 | GSSA Variable request | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request |
-| smtplib_bad_subparts.py:17:5:17:8 | SSA variable name | smtplib_bad_subparts.py:20:5:20:8 | SSA variable html |
-| smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | smtplib_bad_subparts.py:17:5:17:8 | SSA variable name |
-| smtplib_bad_subparts.py:20:5:20:8 | SSA variable html | smtplib_bad_subparts.py:24:22:24:25 | ControlFlowNode for html |
-| smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_via_attach.py:2:26:2:32 | GSSA Variable request |
-| smtplib_bad_via_attach.py:2:26:2:32 | GSSA Variable request | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request |
-| smtplib_bad_via_attach.py:20:5:20:8 | SSA variable name | smtplib_bad_via_attach.py:23:5:23:8 | SSA variable html |
-| smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | smtplib_bad_via_attach.py:20:5:20:8 | SSA variable name |
-| smtplib_bad_via_attach.py:23:5:23:8 | SSA variable html | smtplib_bad_via_attach.py:27:22:27:25 | ControlFlowNode for html |
+| smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for request |
+| smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for request | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request |
+| smtplib_bad_subparts.py:17:5:17:8 | ControlFlowNode for name | smtplib_bad_subparts.py:20:5:20:8 | ControlFlowNode for html |
+| smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | smtplib_bad_subparts.py:17:5:17:8 | ControlFlowNode for name |
+| smtplib_bad_subparts.py:20:5:20:8 | ControlFlowNode for html | smtplib_bad_subparts.py:24:22:24:25 | ControlFlowNode for html |
+| smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for request |
+| smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for request | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request |
+| smtplib_bad_via_attach.py:20:5:20:8 | ControlFlowNode for name | smtplib_bad_via_attach.py:23:5:23:8 | ControlFlowNode for html |
+| smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | smtplib_bad_via_attach.py:20:5:20:8 | ControlFlowNode for name |
+| smtplib_bad_via_attach.py:23:5:23:8 | ControlFlowNode for html | smtplib_bad_via_attach.py:27:22:27:25 | ControlFlowNode for html |
 nodes
 | django_mail.py:14:48:14:82 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | django_mail.py:23:30:23:64 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | django_mail.py:25:32:25:66 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | flask_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| flask_mail.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request |
+| flask_mail.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_mail.py:13:22:13:28 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_mail.py:13:22:13:41 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | flask_mail.py:18:14:18:20 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
@@ -48,7 +48,7 @@ nodes
 | flask_mail.py:31:24:31:30 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_mail.py:31:24:31:43 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request |
+| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | sendgrid_mail.py:14:22:14:49 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | sendgrid_mail.py:26:22:26:62 | ControlFlowNode for HtmlContent() | semmle.label | ControlFlowNode for HtmlContent() |
@@ -57,7 +57,7 @@ nodes
 | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | sendgrid_mail.py:37:41:37:68 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | semmle.label | GSSA Variable request |
+| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | sendgrid_via_mail_send_post_request_body_bad.py:16:26:16:79 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | sendgrid_via_mail_send_post_request_body_bad.py:27:25:27:77 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
@@ -65,16 +65,16 @@ nodes
 | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| smtplib_bad_subparts.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request |
-| smtplib_bad_subparts.py:17:5:17:8 | SSA variable name | semmle.label | SSA variable name |
+| smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| smtplib_bad_subparts.py:17:5:17:8 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
 | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| smtplib_bad_subparts.py:20:5:20:8 | SSA variable html | semmle.label | SSA variable html |
+| smtplib_bad_subparts.py:20:5:20:8 | ControlFlowNode for html | semmle.label | ControlFlowNode for html |
 | smtplib_bad_subparts.py:24:22:24:25 | ControlFlowNode for html | semmle.label | ControlFlowNode for html |
 | smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| smtplib_bad_via_attach.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request |
-| smtplib_bad_via_attach.py:20:5:20:8 | SSA variable name | semmle.label | SSA variable name |
+| smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| smtplib_bad_via_attach.py:20:5:20:8 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
 | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| smtplib_bad_via_attach.py:23:5:23:8 | SSA variable html | semmle.label | SSA variable html |
+| smtplib_bad_via_attach.py:23:5:23:8 | ControlFlowNode for html | semmle.label | ControlFlowNode for html |
 | smtplib_bad_via_attach.py:27:22:27:25 | ControlFlowNode for html | semmle.label | ControlFlowNode for html |
 subpaths
 #select

python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected

@@ -1,106 +1,106 @@
 edges
-| xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | xslt.py:3:26:3:32 | GSSA Variable request |
-| xslt.py:3:26:3:32 | GSSA Variable request | xslt.py:10:17:10:23 | ControlFlowNode for request |
-| xslt.py:10:5:10:13 | SSA variable xsltQuery | xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery |
+| xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | xslt.py:3:26:3:32 | ControlFlowNode for request |
+| xslt.py:3:26:3:32 | ControlFlowNode for request | xslt.py:10:17:10:23 | ControlFlowNode for request |
+| xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery | xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery |
 | xslt.py:10:17:10:23 | ControlFlowNode for request | xslt.py:10:17:10:28 | ControlFlowNode for Attribute |
 | xslt.py:10:17:10:28 | ControlFlowNode for Attribute | xslt.py:10:17:10:43 | ControlFlowNode for Attribute() |
-| xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | xslt.py:10:5:10:13 | SSA variable xsltQuery |
-| xslt.py:11:5:11:13 | SSA variable xslt_root | xslt.py:14:29:14:37 | ControlFlowNode for xslt_root |
-| xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | xslt.py:11:5:11:13 | SSA variable xslt_root |
+| xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery |
+| xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | xslt.py:14:29:14:37 | ControlFlowNode for xslt_root |
+| xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | xslt.py:11:5:11:13 | ControlFlowNode for xslt_root |
 | xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() |
-| xsltInjection.py:3:26:3:32 | ControlFlowNode for ImportMember | xsltInjection.py:3:26:3:32 | GSSA Variable request |
-| xsltInjection.py:3:26:3:32 | GSSA Variable request | xsltInjection.py:10:17:10:23 | ControlFlowNode for request |
-| xsltInjection.py:3:26:3:32 | GSSA Variable request | xsltInjection.py:17:17:17:23 | ControlFlowNode for request |
-| xsltInjection.py:3:26:3:32 | GSSA Variable request | xsltInjection.py:26:17:26:23 | ControlFlowNode for request |
-| xsltInjection.py:3:26:3:32 | GSSA Variable request | xsltInjection.py:35:17:35:23 | ControlFlowNode for request |
-| xsltInjection.py:3:26:3:32 | GSSA Variable request | xsltInjection.py:44:17:44:23 | ControlFlowNode for request |
-| xsltInjection.py:10:5:10:13 | SSA variable xsltQuery | xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery |
+| xsltInjection.py:3:26:3:32 | ControlFlowNode for ImportMember | xsltInjection.py:3:26:3:32 | ControlFlowNode for request |
+| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:10:17:10:23 | ControlFlowNode for request |
+| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:17:17:17:23 | ControlFlowNode for request |
+| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:26:17:26:23 | ControlFlowNode for request |
+| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:35:17:35:23 | ControlFlowNode for request |
+| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:44:17:44:23 | ControlFlowNode for request |
+| xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery | xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery |
 | xsltInjection.py:10:17:10:23 | ControlFlowNode for request | xsltInjection.py:10:17:10:28 | ControlFlowNode for Attribute |
 | xsltInjection.py:10:17:10:28 | ControlFlowNode for Attribute | xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() |
-| xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | xsltInjection.py:10:5:10:13 | SSA variable xsltQuery |
-| xsltInjection.py:11:5:11:13 | SSA variable xslt_root | xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root |
-| xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | xsltInjection.py:11:5:11:13 | SSA variable xslt_root |
+| xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery |
+| xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root |
+| xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root |
 | xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() |
-| xsltInjection.py:17:5:17:13 | SSA variable xsltQuery | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery |
+| xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery |
 | xsltInjection.py:17:17:17:23 | ControlFlowNode for request | xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute |
 | xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute | xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() |
-| xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | xsltInjection.py:17:5:17:13 | SSA variable xsltQuery |
-| xsltInjection.py:18:5:18:13 | SSA variable xslt_root | xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root |
-| xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | xsltInjection.py:18:5:18:13 | SSA variable xslt_root |
+| xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery |
+| xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root |
+| xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root |
 | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() |
-| xsltInjection.py:26:5:26:13 | SSA variable xsltQuery | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery |
+| xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery |
 | xsltInjection.py:26:17:26:23 | ControlFlowNode for request | xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute |
 | xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute | xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() |
-| xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | xsltInjection.py:26:5:26:13 | SSA variable xsltQuery |
-| xsltInjection.py:27:5:27:13 | SSA variable xslt_root | xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root |
-| xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | xsltInjection.py:27:5:27:13 | SSA variable xslt_root |
+| xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery |
+| xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root |
+| xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root |
 | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() |
-| xsltInjection.py:35:5:35:13 | SSA variable xsltQuery | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery |
+| xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery |
 | xsltInjection.py:35:17:35:23 | ControlFlowNode for request | xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute |
 | xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute | xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() |
-| xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | xsltInjection.py:35:5:35:13 | SSA variable xsltQuery |
-| xsltInjection.py:36:5:36:13 | SSA variable xslt_root | xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root |
-| xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | xsltInjection.py:36:5:36:13 | SSA variable xslt_root |
+| xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery |
+| xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root |
+| xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root |
 | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() |
-| xsltInjection.py:44:5:44:13 | SSA variable xsltQuery | xsltInjection.py:45:5:45:15 | SSA variable xsltStrings |
+| xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings |
 | xsltInjection.py:44:17:44:23 | ControlFlowNode for request | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute |
 | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() |
-| xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | xsltInjection.py:44:5:44:13 | SSA variable xsltQuery |
-| xsltInjection.py:45:5:45:15 | SSA variable xsltStrings | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings |
-| xsltInjection.py:46:5:46:13 | SSA variable xslt_root | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root |
-| xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | xsltInjection.py:46:5:46:13 | SSA variable xslt_root |
+| xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery |
+| xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings |
+| xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root |
+| xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root |
 | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() |
 nodes
 | xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| xslt.py:3:26:3:32 | GSSA Variable request | semmle.label | GSSA Variable request |
-| xslt.py:10:5:10:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery |
+| xslt.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xslt.py:10:17:10:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | xslt.py:10:17:10:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| xslt.py:11:5:11:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root |
+| xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
 | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xslt.py:14:29:14:37 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
 | xsltInjection.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| xsltInjection.py:3:26:3:32 | GSSA Variable request | semmle.label | GSSA Variable request |
-| xsltInjection.py:10:5:10:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery |
+| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xsltInjection.py:10:17:10:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | xsltInjection.py:10:17:10:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| xsltInjection.py:11:5:11:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root |
+| xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
 | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
-| xsltInjection.py:17:5:17:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery |
+| xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xsltInjection.py:17:17:17:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| xsltInjection.py:18:5:18:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root |
+| xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
 | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
-| xsltInjection.py:26:5:26:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery |
+| xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xsltInjection.py:26:17:26:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| xsltInjection.py:27:5:27:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root |
+| xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
 | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
-| xsltInjection.py:35:5:35:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery |
+| xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xsltInjection.py:35:17:35:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| xsltInjection.py:36:5:36:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root |
+| xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
 | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
-| xsltInjection.py:44:5:44:13 | SSA variable xsltQuery | semmle.label | SSA variable xsltQuery |
+| xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
 | xsltInjection.py:44:17:44:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| xsltInjection.py:45:5:45:15 | SSA variable xsltStrings | semmle.label | SSA variable xsltStrings |
-| xsltInjection.py:46:5:46:13 | SSA variable xslt_root | semmle.label | SSA variable xslt_root |
+| xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | semmle.label | ControlFlowNode for xsltStrings |
+| xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
 | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | semmle.label | ControlFlowNode for xsltStrings |
 | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |

python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected

@@ -1,40 +1,40 @@
 edges
-| django_bad.py:5:5:5:14 | SSA variable rfs_header | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header |
-| django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | django_bad.py:5:5:5:14 | SSA variable rfs_header |
-| django_bad.py:12:5:12:14 | SSA variable rfs_header | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header |
-| django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | django_bad.py:12:5:12:14 | SSA variable rfs_header |
-| flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:1:29:1:35 | GSSA Variable request |
-| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:9:18:9:24 | ControlFlowNode for request |
-| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:19:18:19:24 | ControlFlowNode for request |
-| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:27:18:27:24 | ControlFlowNode for request |
-| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:35:18:35:24 | ControlFlowNode for request |
-| flask_bad.py:9:5:9:14 | SSA variable rfs_header | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header |
-| flask_bad.py:9:18:9:24 | ControlFlowNode for request | flask_bad.py:9:5:9:14 | SSA variable rfs_header |
-| flask_bad.py:19:5:19:14 | SSA variable rfs_header | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header |
-| flask_bad.py:19:18:19:24 | ControlFlowNode for request | flask_bad.py:19:5:19:14 | SSA variable rfs_header |
-| flask_bad.py:27:5:27:14 | SSA variable rfs_header | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header |
-| flask_bad.py:27:18:27:24 | ControlFlowNode for request | flask_bad.py:27:5:27:14 | SSA variable rfs_header |
-| flask_bad.py:35:5:35:14 | SSA variable rfs_header | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header |
-| flask_bad.py:35:18:35:24 | ControlFlowNode for request | flask_bad.py:35:5:35:14 | SSA variable rfs_header |
+| django_bad.py:5:5:5:14 | ControlFlowNode for rfs_header | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header |
+| django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | django_bad.py:5:5:5:14 | ControlFlowNode for rfs_header |
+| django_bad.py:12:5:12:14 | ControlFlowNode for rfs_header | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header |
+| django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | django_bad.py:12:5:12:14 | ControlFlowNode for rfs_header |
+| flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:1:29:1:35 | ControlFlowNode for request |
+| flask_bad.py:1:29:1:35 | ControlFlowNode for request | flask_bad.py:9:18:9:24 | ControlFlowNode for request |
+| flask_bad.py:1:29:1:35 | ControlFlowNode for request | flask_bad.py:19:18:19:24 | ControlFlowNode for request |
+| flask_bad.py:1:29:1:35 | ControlFlowNode for request | flask_bad.py:27:18:27:24 | ControlFlowNode for request |
+| flask_bad.py:1:29:1:35 | ControlFlowNode for request | flask_bad.py:35:18:35:24 | ControlFlowNode for request |
+| flask_bad.py:9:5:9:14 | ControlFlowNode for rfs_header | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header |
+| flask_bad.py:9:18:9:24 | ControlFlowNode for request | flask_bad.py:9:5:9:14 | ControlFlowNode for rfs_header |
+| flask_bad.py:19:5:19:14 | ControlFlowNode for rfs_header | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header |
+| flask_bad.py:19:18:19:24 | ControlFlowNode for request | flask_bad.py:19:5:19:14 | ControlFlowNode for rfs_header |
+| flask_bad.py:27:5:27:14 | ControlFlowNode for rfs_header | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header |
+| flask_bad.py:27:18:27:24 | ControlFlowNode for request | flask_bad.py:27:5:27:14 | ControlFlowNode for rfs_header |
+| flask_bad.py:35:5:35:14 | ControlFlowNode for rfs_header | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header |
+| flask_bad.py:35:18:35:24 | ControlFlowNode for request | flask_bad.py:35:5:35:14 | ControlFlowNode for rfs_header |
 nodes
-| django_bad.py:5:5:5:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header |
+| django_bad.py:5:5:5:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| django_bad.py:12:5:12:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header |
+| django_bad.py:12:5:12:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| flask_bad.py:1:29:1:35 | GSSA Variable request | semmle.label | GSSA Variable request |
-| flask_bad.py:9:5:9:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header |
+| flask_bad.py:1:29:1:35 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| flask_bad.py:9:5:9:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 | flask_bad.py:9:18:9:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_bad.py:19:5:19:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header |
+| flask_bad.py:19:5:19:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 | flask_bad.py:19:18:19:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_bad.py:27:5:27:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header |
+| flask_bad.py:27:5:27:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 | flask_bad.py:27:18:27:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_bad.py:35:5:35:14 | SSA variable rfs_header | semmle.label | SSA variable rfs_header |
+| flask_bad.py:35:5:35:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 | flask_bad.py:35:18:35:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 subpaths

python/ql/test/experimental/query-tests/Security/CWE-1236/CsvInjection.expected

@@ -1,26 +1,26 @@
 edges
-| csv_bad.py:9:19:9:25 | ControlFlowNode for ImportMember | csv_bad.py:9:19:9:25 | GSSA Variable request |
-| csv_bad.py:9:19:9:25 | GSSA Variable request | csv_bad.py:16:16:16:22 | ControlFlowNode for request |
-| csv_bad.py:9:19:9:25 | GSSA Variable request | csv_bad.py:24:16:24:22 | ControlFlowNode for request |
-| csv_bad.py:16:5:16:12 | SSA variable csv_data | csv_bad.py:18:24:18:31 | ControlFlowNode for csv_data |
-| csv_bad.py:16:5:16:12 | SSA variable csv_data | csv_bad.py:19:25:19:32 | ControlFlowNode for csv_data |
+| csv_bad.py:9:19:9:25 | ControlFlowNode for ImportMember | csv_bad.py:9:19:9:25 | ControlFlowNode for request |
+| csv_bad.py:9:19:9:25 | ControlFlowNode for request | csv_bad.py:16:16:16:22 | ControlFlowNode for request |
+| csv_bad.py:9:19:9:25 | ControlFlowNode for request | csv_bad.py:24:16:24:22 | ControlFlowNode for request |
+| csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data | csv_bad.py:18:24:18:31 | ControlFlowNode for csv_data |
+| csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data | csv_bad.py:19:25:19:32 | ControlFlowNode for csv_data |
 | csv_bad.py:16:16:16:22 | ControlFlowNode for request | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute |
 | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() |
-| csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() | csv_bad.py:16:5:16:12 | SSA variable csv_data |
-| csv_bad.py:24:5:24:12 | SSA variable csv_data | csv_bad.py:25:46:25:53 | ControlFlowNode for csv_data |
+| csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() | csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data |
+| csv_bad.py:24:5:24:12 | ControlFlowNode for csv_data | csv_bad.py:25:46:25:53 | ControlFlowNode for csv_data |
 | csv_bad.py:24:16:24:22 | ControlFlowNode for request | csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute |
 | csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute | csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() |
-| csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() | csv_bad.py:24:5:24:12 | SSA variable csv_data |
+| csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() | csv_bad.py:24:5:24:12 | ControlFlowNode for csv_data |
 nodes
 | csv_bad.py:9:19:9:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| csv_bad.py:9:19:9:25 | GSSA Variable request | semmle.label | GSSA Variable request |
-| csv_bad.py:16:5:16:12 | SSA variable csv_data | semmle.label | SSA variable csv_data |
+| csv_bad.py:9:19:9:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data | semmle.label | ControlFlowNode for csv_data |
 | csv_bad.py:16:16:16:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | csv_bad.py:18:24:18:31 | ControlFlowNode for csv_data | semmle.label | ControlFlowNode for csv_data |
 | csv_bad.py:19:25:19:32 | ControlFlowNode for csv_data | semmle.label | ControlFlowNode for csv_data |
-| csv_bad.py:24:5:24:12 | SSA variable csv_data | semmle.label | SSA variable csv_data |
+| csv_bad.py:24:5:24:12 | ControlFlowNode for csv_data | semmle.label | ControlFlowNode for csv_data |
 | csv_bad.py:24:16:24:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |

python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected

@@ -1,27 +1,27 @@
 edges
-| samples.py:2:26:2:32 | ControlFlowNode for ImportMember | samples.py:2:26:2:32 | GSSA Variable request |
-| samples.py:2:26:2:32 | GSSA Variable request | samples.py:9:25:9:31 | ControlFlowNode for request |
-| samples.py:2:26:2:32 | GSSA Variable request | samples.py:16:25:16:31 | ControlFlowNode for request |
-| samples.py:9:5:9:14 | SSA variable user_input | samples.py:10:59:10:68 | ControlFlowNode for user_input |
-| samples.py:9:18:9:47 | ControlFlowNode for escape() | samples.py:9:5:9:14 | SSA variable user_input |
+| samples.py:2:26:2:32 | ControlFlowNode for ImportMember | samples.py:2:26:2:32 | ControlFlowNode for request |
+| samples.py:2:26:2:32 | ControlFlowNode for request | samples.py:9:25:9:31 | ControlFlowNode for request |
+| samples.py:2:26:2:32 | ControlFlowNode for request | samples.py:16:25:16:31 | ControlFlowNode for request |
+| samples.py:9:5:9:14 | ControlFlowNode for user_input | samples.py:10:59:10:68 | ControlFlowNode for user_input |
+| samples.py:9:18:9:47 | ControlFlowNode for escape() | samples.py:9:5:9:14 | ControlFlowNode for user_input |
 | samples.py:9:25:9:31 | ControlFlowNode for request | samples.py:9:25:9:36 | ControlFlowNode for Attribute |
 | samples.py:9:25:9:36 | ControlFlowNode for Attribute | samples.py:9:25:9:46 | ControlFlowNode for Attribute() |
 | samples.py:9:25:9:46 | ControlFlowNode for Attribute() | samples.py:9:18:9:47 | ControlFlowNode for escape() |
-| samples.py:16:5:16:14 | SSA variable user_input | samples.py:20:62:20:71 | ControlFlowNode for user_input |
-| samples.py:16:18:16:47 | ControlFlowNode for escape() | samples.py:16:5:16:14 | SSA variable user_input |
+| samples.py:16:5:16:14 | ControlFlowNode for user_input | samples.py:20:62:20:71 | ControlFlowNode for user_input |
+| samples.py:16:18:16:47 | ControlFlowNode for escape() | samples.py:16:5:16:14 | ControlFlowNode for user_input |
 | samples.py:16:25:16:31 | ControlFlowNode for request | samples.py:16:25:16:36 | ControlFlowNode for Attribute |
 | samples.py:16:25:16:36 | ControlFlowNode for Attribute | samples.py:16:25:16:46 | ControlFlowNode for Attribute() |
 | samples.py:16:25:16:46 | ControlFlowNode for Attribute() | samples.py:16:18:16:47 | ControlFlowNode for escape() |
 nodes
 | samples.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| samples.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request |
-| samples.py:9:5:9:14 | SSA variable user_input | semmle.label | SSA variable user_input |
+| samples.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| samples.py:9:5:9:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input |
 | samples.py:9:18:9:47 | ControlFlowNode for escape() | semmle.label | ControlFlowNode for escape() |
 | samples.py:9:25:9:31 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | samples.py:9:25:9:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | samples.py:9:25:9:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | samples.py:10:59:10:68 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input |
-| samples.py:16:5:16:14 | SSA variable user_input | semmle.label | SSA variable user_input |
+| samples.py:16:5:16:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input |
 | samples.py:16:18:16:47 | ControlFlowNode for escape() | semmle.label | ControlFlowNode for escape() |
 | samples.py:16:25:16:31 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | samples.py:16:25:16:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |

python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.expected

@@ -1,9 +1,9 @@
 edges
-| TimingAttackAgainstHash.py:26:5:26:13 | SSA variable signature | TimingAttackAgainstHash.py:27:24:27:32 | ControlFlowNode for signature |
-| TimingAttackAgainstHash.py:26:17:26:41 | ControlFlowNode for Attribute() | TimingAttackAgainstHash.py:26:5:26:13 | SSA variable signature |
+| TimingAttackAgainstHash.py:26:5:26:13 | ControlFlowNode for signature | TimingAttackAgainstHash.py:27:24:27:32 | ControlFlowNode for signature |
+| TimingAttackAgainstHash.py:26:17:26:41 | ControlFlowNode for Attribute() | TimingAttackAgainstHash.py:26:5:26:13 | ControlFlowNode for signature |
 | TimingAttackAgainstHash.py:30:12:30:47 | ControlFlowNode for Attribute() | TimingAttackAgainstHash.py:37:19:37:48 | ControlFlowNode for sign() |
 nodes
-| TimingAttackAgainstHash.py:26:5:26:13 | SSA variable signature | semmle.label | SSA variable signature |
+| TimingAttackAgainstHash.py:26:5:26:13 | ControlFlowNode for signature | semmle.label | ControlFlowNode for signature |
 | TimingAttackAgainstHash.py:26:17:26:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | TimingAttackAgainstHash.py:27:24:27:32 | ControlFlowNode for signature | semmle.label | ControlFlowNode for signature |
 | TimingAttackAgainstHash.py:30:12:30:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |