Expose invoke nodes for external API sinks

Revert "Merge pull request #4969 from asgerf/js/angular-dom-santizier-from-core"
This reverts commit bdfb81064d, reversing changes made to 2a8a2832e2.
2026-05-20 22:27:18 +02:00 · 2021-03-05 21:37:28 +00:00 · 2021-02-05 12:33:07 +00:00 · 2021-02-05 12:33:07 +00:00 · 2021-02-05 12:33:07 +00:00 · 2021-02-05 12:33:07 +00:00
57 changed files with 517 additions and 3846 deletions
--- a/benjamin-button.md
+++ b/benjamin-button.md
@@ -0,0 +1,51 @@
+# benjamin-buttons.md
+
+This file describes the changes that have been applied to
+the library to make it behave as if it was younger.
+
+## TaintedPath.ql
+
+Sinks added between 2020-01-01 and 2020-10-06 have been removed. Found by looking at:
+
+- the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
+
+Sinks added between 2018-08-02 and 2020-01-01 have been removed. Found by looking at:
+
+- the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+pathinjection
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+tainted-path
+
+Sinks from the "graceful-fs" and "fs-extra" (added before the open-sourcing squash).
+
+## Xss.ql
+
+Sinks added between 2020-01-01 and 2020-10-06 have been removed. Found by looking at:
+
+- the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
+
+- recursive type tracking for `jQuery::dollar`, `DOM::domValueRef`.
+
+## SqlInjection.ql
+
+Sinks added between 2020-01-01 and 2020-10-06 have been removed. Found by looking at:
+
+- the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-089
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
+
+Sinks added between 2018-08-02 and 2020-01-01 have been removed. Found by looking at:
+
+- the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-089
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sql
+
+TypeTracking in SQL.qll (added before the open-sourcing squash)
+
+The model of `mssql` and `sequelize` (added before the open-sourcing squash)
+
+## PseudoProperties
+
+Pseudo-properties (`$name$`) used in type-tracking and global dataflow configurations have been disabled.
+Found by searching for `"\$.*\$"`.
--- a/javascript/ql/src/semmle/javascript/DOM.qll
+++ b/javascript/ql/src/semmle/javascript/DOM.qll
@@ -346,13 +346,6 @@ module DOM {
          call.getNumArgument() = 1 and
          forex(InferredType t | t = call.getArgument(0).analyze().getAType() | t = TTNumber())
        )
-        or
-        // A `this` node from a callback given to a `$().each(callback)` call.
-        // purposely not using JQuery::MethodCall to avoid `jquery.each()`.
-        exists(DataFlow::CallNode eachCall | eachCall = JQuery::objectRef().getAMethodCall("each") |
-          this = DataFlow::thisNode(eachCall.getCallback(0).getFunction()) or
-          this = eachCall.getABoundCallbackParameter(0, 1)
-        )
      }
    }
  }
@@ -367,8 +360,6 @@ module DOM {
    or
    t.start() and
    result = domValueRef().getAMethodCall(["item", "namedItem"])
-    or
-    exists(DataFlow::TypeTracker t2 | result = domValueRef(t2).track(t2, t))
  }

  /** Gets a data flow node that may refer to a value from the DOM. */
--- a/javascript/ql/src/semmle/javascript/Promises.qll
+++ b/javascript/ql/src/semmle/javascript/Promises.qll
@@ -147,12 +147,12 @@ module Promises {
  /**
   * Gets the pseudo-field used to describe resolved values in a promise.
   */
-  string valueProp() { result = "$PromiseResolveField$" }
+  string valueProp() { none() }

  /**
   * Gets the pseudo-field used to describe rejected values in a promise.
   */
-  string errorProp() { result = "$PromiseRejectField$" }
+  string errorProp() { none() }
 }

 /**
--- a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
@@ -608,10 +608,10 @@ abstract class AdditionalFlowStep extends DataFlow::Node {
 */
 module PseudoProperties {
  bindingset[s]
-  private string pseudoProperty(string s) { result = "$" + s + "$" }
+  private string pseudoProperty(string s) { none() }

  bindingset[s, v]
-  private string pseudoProperty(string s, string v) { result = "$" + s + "|" + v + "$" }
+  private string pseudoProperty(string s, string v) { none() }

  /**
   * Gets a pseudo-property for the location of elements in a `Set`
--- a/javascript/ql/src/semmle/javascript/frameworks/Angular2.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Angular2.qll
@@ -121,7 +121,7 @@ module Angular2 {

  /** Gets a reference to a `DomSanitizer` object. */
  DataFlow::SourceNode domSanitizer() {
-    result.hasUnderlyingType(["@angular/platform-browser", "@angular/core"], "DomSanitizer")
+    result.hasUnderlyingType("@angular/platform-browser", "DomSanitizer")
  }

  /** A value that is about to be promoted to a trusted HTML or CSS value. */
--- a/javascript/ql/src/semmle/javascript/frameworks/Express.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Express.qll
@@ -861,28 +861,6 @@ module Express {
    override string getCredentialsKind() { result = kind }
  }

-  /** A call to `response.sendFile`, considered as a file system access. */
-  private class ResponseSendFileAsFileSystemAccess extends FileSystemReadAccess,
-    DataFlow::MethodCallNode {
-    ResponseSendFileAsFileSystemAccess() {
-      exists(string name | name = "sendFile" or name = "sendfile" |
-        calls(any(ResponseExpr res).flow(), name)
-      )
-    }
-
-    override DataFlow::Node getADataNode() { none() }
-
-    override DataFlow::Node getAPathArgument() { result = getArgument(0) }
-
-    override DataFlow::Node getRootPathArgument() {
-      result = this.(DataFlow::CallNode).getOptionArgument(1, "root")
-    }
-
-    override predicate isUpwardNavigationRejected(DataFlow::Node argument) {
-      argument = getAPathArgument()
-    }
-  }
-
  /**
   * A function that flows to a route setup.
   */
--- a/javascript/ql/src/semmle/javascript/frameworks/Files.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Files.qll
@@ -4,23 +4,6 @@

 import javascript

-/**
- * A call that can produce a file name.
- */
-abstract private class FileNameProducer extends DataFlow::Node {
-  /**
-   * Gets a file name produced by this producer.
-   */
-  abstract DataFlow::Node getAFileName();
-}
-
-/**
- * A node that contains a file name, and is produced by a `ProducesFileNames`.
- */
-private class ProducedFileName extends FileNameSource {
-  ProducedFileName() { this = any(FileNameProducer producer).getAFileName() }
-}
-
 /**
 * A file name from the `walk-sync` library.
 */
@@ -144,311 +127,3 @@ private class FastGlobFileNameSource extends FileNameSource {
  FastGlobFileNameSource() { this = fastGlobFileNameSource(DataFlow::TypeTracker::end()) }
 }

-/**
- * Classes and predicates for modelling the `fstream` library (https://www.npmjs.com/package/fstream).
- */
-private module FStream {
-  /**
-   * Gets a reference to a method in the `fstream` library.
-   */
-  private DataFlow::SourceNode getAnFStreamProperty(boolean writer) {
-    exists(DataFlow::SourceNode mod, string readOrWrite, string subMod |
-      mod = DataFlow::moduleImport("fstream") and
-      (
-        readOrWrite = "Reader" and writer = false
-        or
-        readOrWrite = "Writer" and writer = true
-      ) and
-      (subMod = "File" or subMod = "Dir" or subMod = "Link" or subMod = "Proxy")
-    |
-      result = mod.getAPropertyRead(readOrWrite) or
-      result = mod.getAPropertyRead(readOrWrite).getAPropertyRead(subMod) or
-      result = mod.getAPropertyRead(subMod).getAPropertyRead(readOrWrite)
-    )
-  }
-
-  /**
-   * An invocation of a method defined in the `fstream` library.
-   */
-  private class FStream extends FileSystemAccess, DataFlow::InvokeNode {
-    boolean writer;
-
-    FStream() { this = getAnFStreamProperty(writer).getAnInvocation() }
-
-    override DataFlow::Node getAPathArgument() {
-      result = getOptionArgument(0, "path")
-      or
-      not exists(getOptionArgument(0, "path")) and
-      result = getArgument(0)
-    }
-  }
-
-  /**
-   * An invocation of an `fstream` method that writes to a file.
-   */
-  private class FStreamWriter extends FileSystemWriteAccess, FStream {
-    FStreamWriter() { writer = true }
-
-    override DataFlow::Node getADataNode() { none() }
-  }
-
-  /**
-   * An invocation of an `fstream` method that reads a file.
-   */
-  private class FStreamReader extends FileSystemReadAccess, FStream {
-    FStreamReader() { writer = false }
-
-    override DataFlow::Node getADataNode() { none() }
-  }
-}
-
-/**
- * A call to the library `write-file-atomic`.
- */
-private class WriteFileAtomic extends FileSystemWriteAccess, DataFlow::CallNode {
-  WriteFileAtomic() {
-    this = DataFlow::moduleImport("write-file-atomic").getACall()
-    or
-    this = DataFlow::moduleMember("write-file-atomic", "sync").getACall()
-  }
-
-  override DataFlow::Node getAPathArgument() { result = getArgument(0) }
-
-  override DataFlow::Node getADataNode() { result = getArgument(1) }
-}
-
-/**
- * A call to the library `recursive-readdir`.
- */
-private class RecursiveReadDir extends FileSystemAccess, FileNameProducer, DataFlow::CallNode {
-  RecursiveReadDir() { this = DataFlow::moduleImport("recursive-readdir").getACall() }
-
-  override DataFlow::Node getAPathArgument() { result = getArgument(0) }
-
-  override DataFlow::Node getAFileName() { result = trackFileSource(DataFlow::TypeTracker::end()) }
-
-  private DataFlow::SourceNode trackFileSource(DataFlow::TypeTracker t) {
-    t.start() and result = getCallback([1 .. 2]).getParameter(1)
-    or
-    t.startInPromise() and not exists(getCallback([1 .. 2])) and result = this
-    or
-    // Tracking out of a promise
-    exists(DataFlow::TypeTracker t2 |
-      result = PromiseTypeTracking::promiseStep(trackFileSource(t2), t, t2)
-    )
-  }
-}
-
-/**
- * Classes and predicates for modelling the `jsonfile` library (https://www.npmjs.com/package/jsonfile).
- */
-private module JSONFile {
-  /**
-   * A reader for JSON files.
-   */
-  class JSONFileReader extends FileSystemReadAccess, DataFlow::CallNode {
-    JSONFileReader() {
-      this =
-        DataFlow::moduleMember("jsonfile", any(string s | s = "readFile" or s = "readFileSync"))
-            .getACall()
-    }
-
-    override DataFlow::Node getAPathArgument() { result = getArgument(0) }
-
-    override DataFlow::Node getADataNode() { result = trackRead(DataFlow::TypeTracker::end()) }
-
-    private DataFlow::SourceNode trackRead(DataFlow::TypeTracker t) {
-      this.getCalleeName() = "readFile" and
-      (
-        t.start() and result = getCallback([1 .. 2]).getParameter(1)
-        or
-        t.startInPromise() and not exists(getCallback([1 .. 2])) and result = this
-      )
-      or
-      t.start() and
-      this.getCalleeName() = "readFileSync" and
-      result = this
-      or
-      // Tracking out of a promise
-      exists(DataFlow::TypeTracker t2 |
-        result = PromiseTypeTracking::promiseStep(trackRead(t2), t, t2)
-      )
-    }
-  }
-
-  /**
-   * A writer for JSON files.
-   */
-  class JSONFileWriter extends FileSystemWriteAccess, DataFlow::CallNode {
-    JSONFileWriter() {
-      this =
-        DataFlow::moduleMember("jsonfile", any(string s | s = "writeFile" or s = "writeFileSync"))
-            .getACall()
-    }
-
-    override DataFlow::Node getAPathArgument() { result = getArgument(0) }
-
-    override DataFlow::Node getADataNode() { result = getArgument(1) }
-  }
-}
-
-/**
- * A call to the library `load-json-file`.
- */
-private class LoadJsonFile extends FileSystemReadAccess, DataFlow::CallNode {
-  LoadJsonFile() {
-    this = DataFlow::moduleImport("load-json-file").getACall()
-    or
-    this = DataFlow::moduleMember("load-json-file", "sync").getACall()
-  }
-
-  override DataFlow::Node getAPathArgument() { result = getArgument(0) }
-
-  override DataFlow::Node getADataNode() { result = trackRead(DataFlow::TypeTracker::end()) }
-
-  private DataFlow::SourceNode trackRead(DataFlow::TypeTracker t) {
-    this.getCalleeName() = "sync" and t.start() and result = this
-    or
-    not this.getCalleeName() = "sync" and t.startInPromise() and result = this
-    or
-    // Tracking out of a promise
-    exists(DataFlow::TypeTracker t2 |
-      result = PromiseTypeTracking::promiseStep(trackRead(t2), t, t2)
-    )
-  }
-}
-
-/**
- * A call to the library `write-json-file`.
- */
-private class WriteJsonFile extends FileSystemWriteAccess, DataFlow::CallNode {
-  WriteJsonFile() {
-    this = DataFlow::moduleImport("write-json-file").getACall()
-    or
-    this = DataFlow::moduleMember("write-json-file", "sync").getACall()
-  }
-
-  override DataFlow::Node getAPathArgument() { result = getArgument(0) }
-
-  override DataFlow::Node getADataNode() { result = getArgument(1) }
-}
-
-/**
- * A call to the library `walkdir`.
- */
-private class WalkDir extends FileNameProducer, FileSystemAccess, DataFlow::CallNode {
-  WalkDir() {
-    this = DataFlow::moduleImport("walkdir").getACall()
-    or
-    this = DataFlow::moduleMember("walkdir", "sync").getACall()
-    or
-    this = DataFlow::moduleMember("walkdir", "async").getACall()
-  }
-
-  override DataFlow::Node getAPathArgument() { result = getArgument(0) }
-
-  override DataFlow::Node getAFileName() { result = trackFileSource(DataFlow::TypeTracker::end()) }
-
-  private DataFlow::SourceNode trackFileSource(DataFlow::TypeTracker t) {
-    not this.getCalleeName() = any(string s | s = "sync" or s = "async") and
-    t.start() and
-    (
-      result = getCallback(getNumArgument() - 1).getParameter(0)
-      or
-      result = getAMethodCall(EventEmitter::on()).getCallback(1).getParameter(0)
-    )
-    or
-    t.start() and this.getCalleeName() = "sync" and result = this
-    or
-    t.startInPromise() and this.getCalleeName() = "async" and result = this
-    or
-    // Tracking out of a promise
-    exists(DataFlow::TypeTracker t2 |
-      result = PromiseTypeTracking::promiseStep(trackFileSource(t2), t, t2)
-    )
-  }
-}
-
-/**
- * A call to the library `globule`.
- */
-private class Globule extends FileNameProducer, FileSystemAccess, DataFlow::CallNode {
-  Globule() {
-    this = DataFlow::moduleMember("globule", "find").getACall()
-    or
-    this = DataFlow::moduleMember("globule", "match").getACall()
-    or
-    this = DataFlow::moduleMember("globule", "isMatch").getACall()
-    or
-    this = DataFlow::moduleMember("globule", "mapping").getACall()
-    or
-    this = DataFlow::moduleMember("globule", "findMapping").getACall()
-  }
-
-  override DataFlow::Node getAPathArgument() {
-    (this.getCalleeName() = "match" or this.getCalleeName() = "isMatch") and
-    result = getArgument(1)
-    or
-    this.getCalleeName() = "mapping" and
-    (
-      result = getAnArgument() and not exists(result.getALocalSource().getAPropertyWrite("src"))
-      or
-      result = getAnArgument().getALocalSource().getAPropertyWrite("src").getRhs()
-    )
-  }
-
-  override DataFlow::Node getAFileName() {
-    result = this and
-    (
-      this.getCalleeName() = "find" or
-      this.getCalleeName() = "match" or
-      this.getCalleeName() = "findMapping" or
-      this.getCalleeName() = "mapping"
-    )
-  }
-}
-
-/**
- * A file system access made by a NodeJS library.
- * This class models multiple NodeJS libraries that access files.
- */
-private class LibraryAccess extends FileSystemAccess, DataFlow::InvokeNode {
-  int pathArgument; // The index of the path argument.
-
-  LibraryAccess() {
-    pathArgument = 0 and
-    (
-      this = DataFlow::moduleImport("path-exists").getACall()
-      or
-      this = DataFlow::moduleImport("rimraf").getACall()
-      or
-      this = DataFlow::moduleImport("readdirp").getACall()
-      or
-      this = DataFlow::moduleImport("walker").getACall()
-      or
-      this =
-        DataFlow::moduleMember("node-dir",
-          any(string s |
-            s = "readFiles" or
-            s = "readFilesStream" or
-            s = "files" or
-            s = "promiseFiles" or
-            s = "subdirs" or
-            s = "paths"
-          )).getACall()
-    )
-    or
-    pathArgument = 0 and
-    this =
-      DataFlow::moduleMember("vinyl-fs", any(string s | s = "src" or s = "dest" or s = "symlink"))
-          .getACall()
-    or
-    pathArgument = [0 .. 1] and
-    (
-      this = DataFlow::moduleImport("ncp").getACall() or
-      this = DataFlow::moduleMember("ncp", "ncp").getACall()
-    )
-  }
-
-  override DataFlow::Node getAPathArgument() { result = getArgument(pathArgument) }
-}
--- a/javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
@@ -6,146 +6,120 @@ import javascript

 module NoSQL {
  /** An expression that is interpreted as a NoSQL query. */
-  abstract class Query extends Expr {
-    /** Gets an expression that is interpreted as a code operator in this query. */
-    DataFlow::Node getACodeOperator() { none() }
-  }
-}
-
-/**
- * Gets a value that has been assigned to the "$where" property of an object that flows to `queryArg`.
- */
-private DataFlow::Node getADollarWhereProperty(API::Node queryArg) {
-  result = queryArg.getMember("$where").getARhs()
+  abstract class Query extends Expr { }
 }

 /**
 * Provides classes modeling the MongoDB library.
 */
 private module MongoDB {
+  /**
+   * Gets an import of MongoDB.
+   */
+  DataFlow::ModuleImportNode mongodb() { result.getPath() = "mongodb" }
+
  /**
   * Gets an access to `mongodb.MongoClient`.
   */
-  private API::Node getAMongoClient() {
-    result = API::moduleImport("mongodb").getMember("MongoClient")
+  private DataFlow::SourceNode getAMongoClient(DataFlow::TypeTracker t) {
+    t.start() and
+    result = mongodb().getAPropertyRead("MongoClient")
    or
-    result = getAMongoDbCallback().getParameter(1) and
-    not result.getAnImmediateUse().(DataFlow::ParameterNode).getName() = "db" // mongodb v2 provides a `Db` here
-  }
-
-  /** Gets an API-graph node that refers to a `connect` callback. */
-  private API::Node getAMongoDbCallback() {
-    result = getAMongoClient().getMember("connect").getLastParameter()
+    exists(DataFlow::TypeTracker t2 | result = getAMongoClient(t2).track(t2, t))
  }

  /**
-   * Gets an API-graph node that may refer to a MongoDB database connection.
+   * Gets an access to `mongodb.MongoClient`.
   */
-  private API::Node getAMongoDb() {
-    result = getAMongoClient().getMember("db").getReturn()
+  DataFlow::SourceNode getAMongoClient() { result = getAMongoClient(DataFlow::TypeTracker::end()) }
+
+  /** Gets a data flow node that leads to a `connect` callback. */
+  private DataFlow::SourceNode getAMongoDbCallback(DataFlow::TypeBackTracker t) {
+    t.start() and
+    result = getAMongoClient().getAMemberCall("connect").getArgument(1).getALocalSource()
    or
-    result = getAMongoDbCallback().getParameter(1) and
-    not result.getAnImmediateUse().(DataFlow::ParameterNode).getName() = "client" // mongodb v3 provides a `Mongoclient` here
+    exists(DataFlow::TypeBackTracker t2 | result = getAMongoDbCallback(t2).backtrack(t2, t))
+  }
+
+  /** Gets a data flow node that leads to a `connect` callback. */
+  private DataFlow::FunctionNode getAMongoDbCallback() {
+    result = getAMongoDbCallback(DataFlow::TypeBackTracker::end())
+  }
+
+  /**
+   * Gets an expression that may refer to a MongoDB database connection.
+   */
+  private DataFlow::SourceNode getAMongoDb(DataFlow::TypeTracker t) {
+    t.start() and
+    result = getAMongoDbCallback().getParameter(1)
+    or
+    exists(DataFlow::TypeTracker t2 | result = getAMongoDb(t2).track(t2, t))
+  }
+
+  /**
+   * Gets an expression that may refer to a MongoDB database connection.
+   */
+  DataFlow::SourceNode getAMongoDb() { result = getAMongoDb(DataFlow::TypeTracker::end()) }
+
+  /**
+   * A data flow node that may hold a MongoDB collection.
+   */
+  abstract class Collection extends DataFlow::SourceNode { }
+
+  /**
+   * A collection resulting from calling `Db.collection(...)`.
+   */
+  private class CollectionFromDb extends Collection {
+    CollectionFromDb() {
+      this = getAMongoDb().getAMethodCall("collection")
+      or
+      this = getAMongoDb().getAMethodCall("collection").getCallback(1).getParameter(0)
+    }
+  }
+
+  /**
+   * A collection based on the type `mongodb.Collection`.
+   *
+   * Note that this also covers `mongoose` models since they are subtypes
+   * of `mongodb.Collection`.
+   */
+  private class CollectionFromType extends Collection {
+    CollectionFromType() { hasUnderlyingType("mongodb", "Collection") }
  }

  /** Gets a data flow node referring to a MongoDB collection. */
-  private API::Node getACollection() {
-    // A collection resulting from calling `Db.collection(...)`.
-    exists(API::Node collection | collection = getAMongoDb().getMember("collection").getReturn() |
-      result = collection
-      or
-      result = collection.getParameter(1).getParameter(0)
-    )
+  private DataFlow::SourceNode getACollection(DataFlow::TypeTracker t) {
+    t.start() and
+    result instanceof Collection
    or
-    // note that this also covers `mongoose` models since they are subtypes of `mongodb.Collection`
-    result = API::Node::ofType("mongodb", "Collection")
+    exists(DataFlow::TypeTracker t2 | result = getACollection(t2).track(t2, t))
  }

+  /** Gets a data flow node referring to a MongoDB collection. */
+  DataFlow::SourceNode getACollection() { result = getACollection(DataFlow::TypeTracker::end()) }
+
  /** A call to a MongoDB query method. */
-  private class QueryCall extends DatabaseAccess, API::CallNode {
+  private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
    int queryArgIdx;

    QueryCall() {
-      exists(string method |
-        CollectionMethodSignatures::interpretsArgumentAsQuery(method, queryArgIdx) and
-        this = getACollection().getMember(method).getACall()
+      exists(string m | this = getACollection().getAMethodCall(m) |
+        m = "count" and queryArgIdx = 0
+        or
+        m = "distinct" and queryArgIdx = 1
+        or
+        m = "find" and queryArgIdx = 0
      )
    }

    override DataFlow::Node getAQueryArgument() { result = getArgument(queryArgIdx) }
-
-    DataFlow::Node getACodeOperator() {
-      result = getADollarWhereProperty(getParameter(queryArgIdx))
-    }
  }

  /**
   * An expression that is interpreted as a MongoDB query.
   */
  class Query extends NoSQL::Query {
-    QueryCall qc;
-
-    Query() { this = qc.getAQueryArgument().asExpr() }
-
-    override DataFlow::Node getACodeOperator() { result = qc.getACodeOperator() }
-  }
-
-  /**
-   * Provides signatures for the Collection methods.
-   */
-  module CollectionMethodSignatures {
-    /**
-     * Holds if Collection method `name` interprets parameter `n` as a query.
-     */
-    predicate interpretsArgumentAsQuery(string name, int n) {
-      // FilterQuery
-      (
-        name = "aggregate" and n = 0
-        or
-        name = "count" and n = 0
-        or
-        name = "countDocuments" and n = 0
-        or
-        name = "deleteMany" and n = 0
-        or
-        name = "deleteOne" and n = 0
-        or
-        name = "distinct" and n = 1
-        or
-        name = "find" and n = 0
-        or
-        name = "findOne" and n = 0
-        or
-        name = "findOneAndDelete" and n = 0
-        or
-        name = "findOneAndRemove" and n = 0
-        or
-        name = "findOneAndReplace" and n = 0
-        or
-        name = "findOneAndUpdate" and n = 0
-        or
-        name = "remove" and n = 0
-        or
-        name = "replaceOne" and n = 0
-        or
-        name = "update" and n = 0
-        or
-        name = "updateMany" and n = 0
-        or
-        name = "updateOne" and n = 0
-      )
-      or
-      // UpdateQuery
-      (
-        name = "findOneAndUpdate" and n = 1
-        or
-        name = "update" and n = 1
-        or
-        name = "updateMany" and n = 1
-        or
-        name = "updateOne" and n = 1
-      )
-    }
+    Query() { this = any(QueryCall qc).getAQueryArgument().asExpr() }
  }
 }

@@ -156,443 +130,20 @@ private module Mongoose {
  /**
   * Gets an import of Mongoose.
   */
-  API::Node getAMongooseInstance() { result = API::moduleImport("mongoose") }
+  DataFlow::ModuleImportNode getAMongooseInstance() { result.getPath() = "mongoose" }

  /**
-   * Gets a reference to `mongoose.createConnection`.
+   * Gets a call to `mongoose.createConnection`.
   */
-  API::Node createConnection() { result = getAMongooseInstance().getMember("createConnection") }
-
-  /**
-   * A Mongoose function.
-   */
-  private class MongooseFunction extends API::Node {
-    /**
-     * Gets the API-graph node for the result from this function (if the function returns a `Query`).
-     */
-    abstract API::Node getQueryReturn();
-
-    /**
-     * Holds if this function returns a `Query` that evaluates to one or
-     * more Documents (`asArray` is false if it evaluates to a single
-     * Document).
-     */
-    abstract predicate returnsDocumentQuery(boolean asArray);
-
-    /**
-     * Gets an argument that this function interprets as a query.
-     */
-    abstract API::Node getQueryArgument();
+  DataFlow::CallNode createConnection() {
+    result = getAMongooseInstance().getAMemberCall("createConnection")
  }

  /**
-   * Provides classes modeling the Mongoose Model class
+   * A Mongoose collection object.
   */
-  module Model {
-    private class ModelFunction extends MongooseFunction {
-      string methodName;
-
-      ModelFunction() { this = getModelObject().getMember(methodName) }
-
-      override API::Node getQueryReturn() {
-        MethodSignatures::returnsQuery(methodName) and result = this.getReturn()
-      }
-
-      override predicate returnsDocumentQuery(boolean asArray) {
-        MethodSignatures::returnsDocumentQuery(methodName, asArray)
-      }
-
-      override API::Node getQueryArgument() {
-        exists(int n |
-          MethodSignatures::interpretsArgumentAsQuery(methodName, n) and
-          result = this.getParameter(n)
-        )
-      }
-    }
-
-    /**
-     * Gets a API-graph node referring to a Mongoose Model object.
-     */
-    private API::Node getModelObject() {
-      result = getAMongooseInstance().getMember("model").getReturn()
-      or
-      exists(API::Node conn | conn = createConnection().getReturn() |
-        result = conn.getMember("model").getReturn() or
-        result = conn.getMember("models").getAMember()
-      )
-      or
-      result = API::Node::ofType("mongoose", "Model")
-    }
-
-    /**
-     * Provides signatures for the Model methods.
-     */
-    module MethodSignatures {
-      /**
-       * Holds if Model method `name` interprets parameter `n` as a query.
-       */
-      predicate interpretsArgumentAsQuery(string name, int n) {
-        // implement lots of the MongoDB collection interface
-        MongoDB::CollectionMethodSignatures::interpretsArgumentAsQuery(name, n)
-        or
-        name = "find" + ["ById", "One"] + "AndUpdate" and n = 1
-        or
-        name in ["delete" + ["Many", "One"], "geoSearch", "remove", "replaceOne", "where"] and
-        n = 0
-        or
-        name in [
-            "find" + ["", "ById", "One"],
-            "find" + ["ById", "One"] + "And" + ["Delete", "Remove", "Update"],
-            "update" + ["", "Many", "One"]
-          ] and
-        n = 0
-      }
-
-      /**
-       * Holds if Model method `name` returns a Query.
-       */
-      predicate returnsQuery(string name) {
-        name = "$where" or
-        name = "count" or
-        name = "countDocuments" or
-        name = "deleteMany" or
-        name = "deleteOne" or
-        name = "find" or
-        name = "findById" or
-        name = "findByIdAndDelete" or
-        name = "findByIdAndRemove" or
-        name = "findByIdAndUpdate" or
-        name = "findOne" or
-        name = "findOneAndDelete" or
-        name = "findOneAndRemove" or
-        name = "findOneAndReplace" or
-        name = "findOneAndUpdate" or
-        name = "geosearch" or
-        name = "remove" or
-        name = "replaceOne" or
-        name = "update" or
-        name = "updateMany" or
-        name = "updateOne" or
-        name = "where"
-      }
-
-      /**
-       * Holds if Document method `name` returns a query that results in
-       * one or more documents, the documents are wrapped in an array
-       * if `asArray` is true.
-       */
-      predicate returnsDocumentQuery(string name, boolean asArray) {
-        asArray = false and name = "findOne"
-        or
-        asArray = true and name = "find"
-      }
-    }
-  }
-
-  /**
-   * Provides classes modeling the Mongoose Query class
-   */
-  module Query {
-    private class QueryFunction extends MongooseFunction {
-      string methodName;
-
-      QueryFunction() { this = getAMongooseQuery().getMember(methodName) }
-
-      override API::Node getQueryReturn() {
-        MethodSignatures::returnsQuery(methodName) and result = this.getReturn()
-      }
-
-      override predicate returnsDocumentQuery(boolean asArray) {
-        MethodSignatures::returnsDocumentQuery(methodName, asArray)
-      }
-
-      override API::Node getQueryArgument() {
-        exists(int n |
-          MethodSignatures::interpretsArgumentAsQuery(methodName, n) and
-          result = this.getParameter(n)
-        )
-      }
-    }
-
-    private class NewQueryFunction extends MongooseFunction {
-      NewQueryFunction() { this = getAMongooseInstance().getMember("Query") }
-
-      override API::Node getQueryReturn() { result = this.getInstance() }
-
-      override predicate returnsDocumentQuery(boolean asArray) { none() }
-
-      override API::Node getQueryArgument() { result = this.getParameter(2) }
-    }
-
-    /**
-     * Gets a data flow node referring to a Mongoose query object.
-     */
-    API::Node getAMongooseQuery() {
-      result = any(MongooseFunction f).getQueryReturn()
-      or
-      result = API::Node::ofType("mongoose", "Query")
-      or
-      result =
-        getAMongooseQuery()
-            .getMember(any(string name | MethodSignatures::returnsQuery(name)))
-            .getReturn()
-    }
-
-    /**
-     * Provides signatures for the Query methods.
-     */
-    module MethodSignatures {
-      /**
-       * Holds if Query method `name` interprets parameter `n` as a query.
-       */
-      predicate interpretsArgumentAsQuery(string name, int n) {
-        n = 0 and
-        (
-          name = "and" or
-          name = "count" or
-          name = "countDocuments" or
-          name = "deleteMany" or
-          name = "deleteOne" or
-          name = "elemMatch" or
-          name = "find" or
-          name = "findOne" or
-          name = "findOneAndDelete" or
-          name = "findOneAndRemove" or
-          name = "findOneAndReplace" or
-          name = "findOneAndUpdate" or
-          name = "merge" or
-          name = "nor" or
-          name = "or" or
-          name = "remove" or
-          name = "replaceOne" or
-          name = "setQuery" or
-          name = "setUpdate" or
-          name = "update" or
-          name = "updateMany" or
-          name = "updateOne" or
-          name = "where"
-        )
-        or
-        n = 1 and
-        (
-          name = "distinct" or
-          name = "findOneAndUpdate" or
-          name = "update" or
-          name = "updateMany" or
-          name = "updateOne"
-        )
-      }
-
-      /**
-       * Holds if Query method `name` returns a Query.
-       */
-      predicate returnsQuery(string name) {
-        name = "$where" or
-        name = "J" or
-        name = "all" or
-        name = "and" or
-        name = "batchsize" or
-        name = "box" or
-        name = "center" or
-        name = "centerSphere" or
-        name = "circle" or
-        name = "collation" or
-        name = "comment" or
-        name = "count" or
-        name = "countDocuments" or
-        name = "distinct" or
-        name = "elemMatch" or
-        name = "equals" or
-        name = "error" or
-        name = "estimatedDocumentCount" or
-        name = "exists" or
-        name = "explain" or
-        name = "find" or
-        name = "findById" or
-        name = "findOne" or
-        name = "findOneAndRemove" or
-        name = "findOneAndUpdate" or
-        name = "geometry" or
-        name = "get" or
-        name = "gt" or
-        name = "gte" or
-        name = "hint" or
-        name = "in" or
-        name = "intersects" or
-        name = "lean" or
-        name = "limit" or
-        name = "lt" or
-        name = "lte" or
-        name = "map" or
-        name = "map" or
-        name = "maxDistance" or
-        name = "maxTimeMS" or
-        name = "maxscan" or
-        name = "mod" or
-        name = "ne" or
-        name = "near" or
-        name = "nearSphere" or
-        name = "nin" or
-        name = "or" or
-        name = "orFail" or
-        name = "polygon" or
-        name = "populate" or
-        name = "read" or
-        name = "readConcern" or
-        name = "regexp" or
-        name = "remove" or
-        name = "select" or
-        name = "session" or
-        name = "set" or
-        name = "setOptions" or
-        name = "setQuery" or
-        name = "setUpdate" or
-        name = "size" or
-        name = "skip" or
-        name = "slaveOk" or
-        name = "slice" or
-        name = "snapshot" or
-        name = "sort" or
-        name = "update" or
-        name = "w" or
-        name = "where" or
-        name = "within" or
-        name = "wtimeout"
-      }
-
-      /**
-       * Holds if Query method `name` returns a query that results in
-       * one or more documents, the documents are wrapped in an array
-       * if `asArray` is true.
-       */
-      predicate returnsDocumentQuery(string name, boolean asArray) {
-        asArray = false and name = "findOne"
-        or
-        asArray = true and name = "find"
-      }
-    }
-  }
-
-  /**
-   * Provides classes modeling the Mongoose Document class
-   */
-  module Document {
-    private class DocumentFunction extends MongooseFunction {
-      string methodName;
-
-      DocumentFunction() { this = getAMongooseDocument().getMember(methodName) }
-
-      override API::Node getQueryReturn() {
-        MethodSignatures::returnsQuery(methodName) and result = this.getReturn()
-      }
-
-      override predicate returnsDocumentQuery(boolean asArray) {
-        MethodSignatures::returnsDocumentQuery(methodName, asArray)
-      }
-
-      override API::Node getQueryArgument() {
-        exists(int n |
-          MethodSignatures::interpretsArgumentAsQuery(methodName, n) and
-          result = this.getParameter(n)
-        )
-      }
-    }
-
-    /**
-     * A Mongoose Document that is retrieved from the backing database.
-     */
-    class RetrievedDocument extends API::Node {
-      RetrievedDocument() {
-        exists(boolean asArray, API::Node param |
-          exists(MongooseFunction func |
-            func.returnsDocumentQuery(asArray) and
-            param = func.getLastParameter().getParameter(1)
-          )
-          or
-          exists(API::Node f |
-            f = Query::getAMongooseQuery().getMember("then") and
-            param = f.getParameter(0).getParameter(0)
-            or
-            f = Query::getAMongooseQuery().getMember("exec") and
-            param = f.getParameter(0).getParameter(1)
-          |
-            exists(DataFlow::MethodCallNode pred |
-              // limitation: look at the previous method call	
-              Query::MethodSignatures::returnsDocumentQuery(pred.getMethodName(), asArray) and
-              pred.getAMethodCall() = f.getACall()
-            )
-          )
-        |
-          asArray = false and this = param
-          or
-          asArray = true and
-          // limitation: look for direct accesses
-          this = param.getUnknownMember()
-        )
-      }
-    }
-
-    /**
-     * Gets a data flow node referring to a Mongoose Document object.
-     */
-    private API::Node getAMongooseDocument() {
-      result instanceof RetrievedDocument
-      or
-      result = API::Node::ofType("mongoose", "Document")
-      or
-      result =
-        getAMongooseDocument()
-            .getMember(any(string name | MethodSignatures::returnsDocument(name)))
-            .getReturn()
-    }
-
-    private module MethodSignatures {
-      /**
-       * Holds if Document method `name` returns a Query.
-       */
-      predicate returnsQuery(string name) {
-        // Documents are subtypes of Models
-        Model::MethodSignatures::returnsQuery(name) or
-        name = "replaceOne" or
-        name = "update" or
-        name = "updateOne"
-      }
-
-      /**
-       * Holds if Document method `name` interprets parameter `n` as a query.
-       */
-      predicate interpretsArgumentAsQuery(string name, int n) {
-        // Documents are subtypes of Models
-        Model::MethodSignatures::interpretsArgumentAsQuery(name, n)
-        or
-        n = 0 and
-        (
-          name = "replaceOne" or
-          name = "update" or
-          name = "updateOne"
-        )
-      }
-
-      /**
-       * Holds if Document method `name` returns a query that results in
-       * one or more documents, the documents are wrapped in an array
-       * if `asArray` is true.
-       */
-      predicate returnsDocumentQuery(string name, boolean asArray) {
-        // Documents are subtypes of Models
-        Model::MethodSignatures::returnsDocumentQuery(name, asArray)
-      }
-
-      /**
-       * Holds if Document method `name` returns a Document.
-       */
-      predicate returnsDocument(string name) {
-        name = "depopulate" or
-        name = "init" or
-        name = "populate" or
-        name = "overwrite"
-      }
-    }
+  class Model extends MongoDB::Collection {
+    Model() { this = getAMongooseInstance().getAMemberCall("model") }
  }

  /**
@@ -602,9 +153,7 @@ private module Mongoose {
    string kind;

    Credentials() {
-      exists(string prop |
-        this = createConnection().getParameter(3).getMember(prop).getARhs().asExpr()
-      |
+      exists(string prop | this = createConnection().getOptionArgument(3, prop).asExpr() |
        prop = "user" and kind = "user name"
        or
        prop = "pass" and kind = "password"
@@ -613,222 +162,4 @@ private module Mongoose {

    override string getCredentialsKind() { result = kind }
  }
-
-  /**
-   * An expression that is interpreted as a (part of a) MongoDB query.
-   */
-  class MongoDBQueryPart extends NoSQL::Query {
-    MongooseFunction f;
-
-    MongoDBQueryPart() { this = f.getQueryArgument().getARhs().asExpr() }
-
-    override DataFlow::Node getACodeOperator() {
-      result = getADollarWhereProperty(f.getQueryArgument())
-    }
-  }
-
-  /**
-   * An evaluation of a MongoDB query.
-   */
-  class ShorthandQueryEvaluation extends DatabaseAccess, DataFlow::InvokeNode {
-    MongooseFunction f;
-
-    ShorthandQueryEvaluation() {
-      this = f.getACall() and
-      // shorthand for execution: provide a callback
-      exists(f.getQueryReturn()) and
-      exists(this.getCallback(this.getNumArgument() - 1))
-    }
-
-    override DataFlow::Node getAQueryArgument() {
-      // NB: the complete information is not easily accessible for deeply chained calls
-      f.getQueryArgument().getARhs() = result
-    }
-  }
-
-  class ExplicitQueryEvaluation extends DatabaseAccess {
-    ExplicitQueryEvaluation() {
-      // explicit execution using a Query method call
-      Query::getAMongooseQuery().getMember(["exec", "then", "catch"]).getACall() = this
-    }
-
-    override DataFlow::Node getAQueryArgument() {
-      // NB: the complete information is not easily accessible for deeply chained calls
-      none()
-    }
-  }
-}
-
-/**
- * Provides classes modeling the Minimongo library.
- */
-private module Minimongo {
-  /**
-   * Provides signatures for the Collection methods.
-   */
-  module CollectionMethodSignatures {
-    /**
-     * Holds if Collection method `name` interprets parameter `n` as a query.
-     */
-    predicate interpretsArgumentAsQuery(string m, int queryArgIdx) {
-      // implements most of the MongoDB interface
-      MongoDB::CollectionMethodSignatures::interpretsArgumentAsQuery(m, queryArgIdx)
-    }
-  }
-
-  /** A call to a Minimongo query method. */
-  private class QueryCall extends DatabaseAccess, API::CallNode {
-    int queryArgIdx;
-
-    QueryCall() {
-      exists(string m |
-        this =
-          API::moduleImport("minimongo")
-              .getAMember()
-              .getReturn()
-              .getAMember()
-              .getMember(m)
-              .getACall() and
-        CollectionMethodSignatures::interpretsArgumentAsQuery(m, queryArgIdx)
-      )
-    }
-
-    override DataFlow::Node getAQueryArgument() { result = getArgument(queryArgIdx) }
-
-    DataFlow::Node getACodeOperator() {
-      result = getADollarWhereProperty(getParameter(queryArgIdx))
-    }
-  }
-
-  /**
-   * An expression that is interpreted as a Minimongo query.
-   */
-  class Query extends NoSQL::Query {
-    QueryCall qc;
-
-    Query() { this = qc.getAQueryArgument().asExpr() }
-
-    override DataFlow::Node getACodeOperator() { result = qc.getACodeOperator() }
-  }
-}
-
-/**
- * Provides classes modeling the MarsDB library.
- */
-private module MarsDB {
-  /** A call to a MarsDB query method. */
-  private class QueryCall extends DatabaseAccess, API::CallNode {
-    int queryArgIdx;
-
-    QueryCall() {
-      exists(string m |
-        this =
-          API::moduleImport("marsdb").getMember("Collection").getInstance().getMember(m).getACall() and
-        // implements parts of the Minimongo interface
-        Minimongo::CollectionMethodSignatures::interpretsArgumentAsQuery(m, queryArgIdx)
-      )
-    }
-
-    override DataFlow::Node getAQueryArgument() { result = getArgument(queryArgIdx) }
-
-    DataFlow::Node getACodeOperator() {
-      result = getADollarWhereProperty(getParameter(queryArgIdx))
-    }
-  }
-
-  /**
-   * An expression that is interpreted as a MarsDB query.
-   */
-  class Query extends NoSQL::Query {
-    QueryCall qc;
-
-    Query() { this = qc.getAQueryArgument().asExpr() }
-
-    override DataFlow::Node getACodeOperator() { result = qc.getACodeOperator() }
-  }
-}
-
-/**
- * Provides classes modeling the `Node Redis` library.
- *
- * Redis is an in-memory key-value store and not a database,
- * but `Node Redis` can be exploited similarly to a NoSQL database by giving a method an array as argument instead of a string.
- * As an example the below two invocations of `client.set` are equivalent:
- *
- * ```
- * const redis = require("redis");
- * const client = redis.createClient();
- * client.set("key", "value");
- * client.set(["key", "value"]);
- * ```
- *
- * ioredis is a very similar library. However, ioredis does not support array arguments in the same way, and is therefore not vulnerable to the same kind of type confusion.
- */
-private module Redis {
-  /**
-   * Gets a `Node Redis` client.
-   */
-  private API::Node client() {
-    result = API::moduleImport("redis").getMember("createClient").getReturn()
-    or
-    result = API::moduleImport("redis").getMember("RedisClient").getInstance()
-    or
-    result = client().getMember("duplicate").getReturn()
-    or
-    result = client().getMember("duplicate").getLastParameter().getParameter(1)
-  }
-
-  /**
-   * Gets a (possibly chained) reference to a batch operation object.
-   * These have the same API as a redis client, except the calls are chained, and the sequence is terminated with a `.exec` call.
-   */
-  private API::Node multi() {
-    result = client().getMember(["multi", "batch"]).getReturn()
-    or
-    result = multi().getAMember().getReturn()
-  }
-
-  /**
-   * Gets a `Node Redis` client instance. Either a client created using `createClient()`, or a batch operation object.
-   */
-  private API::Node redis() { result = [client(), multi()] }
-
-  /**
-   * Provides signatures for the query methods from Node Redis.
-   */
-  module QuerySignatures {
-    /**
-     * Holds if `method` interprets parameter `argIndex` as a key, and a later parameter determines a value/field.
-     * Thereby the method is vulnerable if parameter `argIndex` is unexpectedly an array instead of a string, as an attacker can control arguments to Redis that the attacker was not supposed to control.
-     *
-     * Only setters and similar methods are included.
-     * For getter-like methods it is not generally possible to gain access "outside" of where you are supposed to have access,
-     * it is at most possible to get a Redis call to return more results than expected (e.g. by adding more members to [`geohash`](https://redis.io/commands/geohash)).
-     */
-    predicate argumentIsAmbiguousKey(string method, int argIndex) {
-      method =
-        [
-          "set", "publish", "append", "bitfield", "decrby", "getset", "hincrby", "hincrbyfloat",
-          "hset", "hsetnx", "incrby", "incrbyfloat", "linsert", "lpush", "lpushx", "lset", "ltrim",
-          "rename", "renamenx", "rpushx", "setbit", "setex", "smove", "zincrby", "zinterstore",
-          "hdel", "lpush", "pfadd", "rpush", "sadd", "sdiffstore", "srem"
-        ] and
-      argIndex = 0
-      or
-      method = ["bitop", "hmset", "mset", "msetnx", "geoadd"] and
-      argIndex in [0 .. any(DataFlow::InvokeNode invk).getNumArgument() - 1]
-    }
-  }
-
-  /**
-   * An expression that is interpreted as a key in a Node Redis call.
-   */
-  class RedisKeyArgument extends NoSQL::Query {
-    RedisKeyArgument() {
-      exists(string method, int argIndex |
-        QuerySignatures::argumentIsAmbiguousKey(method, argIndex) and
-        this = redis().getMember(method).getParameter(argIndex).getARhs().asExpr()
-      )
-    }
-  }
 }
--- a/javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
@@ -447,36 +447,11 @@ module NodeJSLib {
   */
  module FS {
    /**
-     * A member `member` from module `fs` or its drop-in replacements `graceful-fs`, `fs-extra`, `original-fs`.
+     * A member `member` from module `fs`.
     */
    DataFlow::SourceNode moduleMember(string member) {
-      result = fsModule(DataFlow::TypeTracker::end()).getAPropertyRead(member)
-    }
-
-    private DataFlow::SourceNode fsModule(DataFlow::TypeTracker t) {
-      exists(string moduleName |
-        moduleName = ["mz/fs", "original-fs", "fs-extra", "graceful-fs", "fs"]
-      |
-        result = DataFlow::moduleImport(moduleName)
-        or
-        // extra support for flexible names
-        result.asExpr().(Require).getArgument(0).mayHaveStringValue(moduleName)
-      ) and
-      t.start()
-      or
-      exists(DataFlow::TypeTracker t2, DataFlow::SourceNode pred | pred = fsModule(t2) |
-        result = pred.track(t2, t)
-        or
-        t.continue() = t2 and
-        exists(DataFlow::CallNode promisifyAllCall |
-          result = promisifyAllCall and
-          pred.flowsTo(promisifyAllCall.getArgument(0)) and
-          promisifyAllCall =
-            [
-              DataFlow::moduleMember("bluebird", "promisifyAll"),
-              DataFlow::moduleImport("util-promisifyall")
-            ].getACall()
-        )
+      exists(string moduleName | moduleName = ["fs"] |
+        result = DataFlow::moduleMember(moduleName, member)
      )
    }
  }
@@ -487,7 +462,7 @@ module NodeJSLib {
  private class NodeJSFileSystemAccess extends FileSystemAccess, DataFlow::CallNode {
    string methodName;

-    NodeJSFileSystemAccess() { this = maybePromisified(FS::moduleMember(methodName)).getACall() }
+    NodeJSFileSystemAccess() { this = FS::moduleMember(methodName).getACall() }

    /**
     * Gets the name of the called method.
--- a/javascript/ql/src/semmle/javascript/frameworks/SQL.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/SQL.qll
@@ -28,32 +28,38 @@ module SQL {
 * Provides classes modelling the (API compatible) `mysql` and `mysql2` packages.
 */
 private module MySql {
-  /** Gets the package name `mysql` or `mysql2`. */
-  API::Node mysql() { result = API::moduleImport(["mysql", "mysql2"]) }
+  private DataFlow::SourceNode mysql() { result = DataFlow::moduleImport(["mysql", "mysql2"]) }

-  /** Gets a reference to `mysql.createConnection`. */
-  API::Node createConnection() { result = mysql().getMember("createConnection") }
+  private DataFlow::CallNode createPool() { result = mysql().getAMemberCall("createPool") }

-  /** Gets a reference to `mysql.createPool`. */
-  API::Node createPool() { result = mysql().getMember("createPool") }
-
-  /** Gets a node that contains a MySQL pool created using `mysql.createPool()`. */
-  API::Node pool() { result = createPool().getReturn() }
-
-  /** Gets a data flow node that contains a freshly created MySQL connection instance. */
-  API::Node connection() {
-    result = createConnection().getReturn()
-    or
-    result = pool().getMember("getConnection").getParameter(0).getParameter(1)
+  /** Gets a reference to a MySQL pool. */
+  private DataFlow::SourceNode pool(DataFlow::TypeTracker t) {
+    t.start() and
+    result = createPool()
  }

+  /** Gets a reference to a MySQL pool. */
+  private DataFlow::SourceNode pool() { result = pool(DataFlow::TypeTracker::end()) }
+
+  /** Gets a call to `mysql.createConnection`. */
+  DataFlow::CallNode createConnection() { result = mysql().getAMemberCall("createConnection") }
+
+  /** Gets a reference to a MySQL connection instance. */
+  private DataFlow::SourceNode connection(DataFlow::TypeTracker t) {
+    t.start() and
+    (
+      result = createConnection()
+      or
+      result = pool().getAMethodCall("getConnection").getABoundCallbackParameter(0, 1)
+    )
+  }
+
+  /** Gets a reference to a MySQL connection instance. */
+  DataFlow::SourceNode connection() { result = connection(DataFlow::TypeTracker::end()) }
+
  /** A call to the MySql `query` method. */
  private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
-    QueryCall() {
-      exists(API::Node recv | recv = pool() or recv = connection() |
-        this = recv.getMember("query").getACall()
-      )
-    }
+    QueryCall() { this = [pool(), connection()].getAMethodCall("query") }

    override DataFlow::Node getAQueryArgument() { result = getArgument(0) }
  }
@@ -66,7 +72,7 @@ private module MySql {
  /** A call to the `escape` or `escapeId` method that performs SQL sanitization. */
  class EscapingSanitizer extends SQL::SqlSanitizer, MethodCallExpr {
    EscapingSanitizer() {
-      this = [mysql(), pool(), connection()].getMember(["escape", "escapeId"]).getACall().asExpr() and
+      this = [mysql(), pool(), connection()].getAMethodCall(["escape", "escapeId"]).asExpr() and
      input = this.getArgument(0) and
      output = this
    }
@@ -77,9 +83,8 @@ private module MySql {
    string kind;

    Credentials() {
-      exists(API::Node callee, string prop |
-        callee in [createConnection(), createPool()] and
-        this = callee.getParameter(0).getMember(prop).getARhs().asExpr() and
+      exists(string prop |
+        this = [createConnection(), createPool()].getOptionArgument(0, prop).asExpr() and
        (
          prop = "user" and kind = "user name"
          or
@@ -96,32 +101,23 @@ private module MySql {
 * Provides classes modelling the `pg` package.
 */
 private module Postgres {
-  /** Gets a reference to the `Client` constructor in the `pg` package, for example `require('pg').Client`. */
-  API::Node newClient() { result = API::moduleImport("pg").getMember("Client") }
-
-  /** Gets a freshly created Postgres client instance. */
-  API::Node client() {
-    result = newClient().getInstance()
-    or
-    // pool.connect(function(err, client) { ... })
-    result = pool().getMember("connect").getParameter(0).getParameter(1)
-  }
-
-  /** Gets a constructor that when invoked constructs a new connection pool. */
-  API::Node newPool() {
+  /** Gets an expression that constructs a new connection pool. */
+  DataFlow::InvokeNode newPool() {
    // new require('pg').Pool()
-    result = API::moduleImport("pg").getMember("Pool")
+    result = DataFlow::moduleImport("pg").getAConstructorInvocation("Pool")
    or
    // new require('pg-pool')
-    result = API::moduleImport("pg-pool")
+    result = DataFlow::moduleImport("pg-pool").getAnInstantiation()
  }

-  /** Gets an expression that constructs a new connection pool. */
-  API::Node pool() { result = newPool().getInstance() }
+  /** Gets a creation of a Postgres client. */
+  DataFlow::InvokeNode newClient() {
+    result = DataFlow::moduleImport("pg").getAConstructorInvocation("Client")
+  }

  /** A call to the Postgres `query` method. */
  private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
-    QueryCall() { this = [client(), pool()].getMember("query").getACall() }
+    QueryCall() { this = [newClient(), newPool()].getAMethodCall("query") }

    override DataFlow::Node getAQueryArgument() { result = getArgument(0) }
  }
@@ -136,13 +132,10 @@ private module Postgres {
    string kind;

    Credentials() {
-      exists(string prop |
-        this = [newClient(), newPool()].getParameter(0).getMember(prop).getARhs().asExpr() and
-        (
-          prop = "user" and kind = "user name"
-          or
-          prop = "password" and kind = prop
-        )
+      exists(string prop | this = [newClient(), newPool()].getOptionArgument(0, prop).asExpr() |
+        prop = "user" and kind = "user name"
+        or
+        prop = "password" and kind = prop
      )
    }

@@ -155,18 +148,27 @@ private module Postgres {
 */
 private module Sqlite {
  /** Gets a reference to the `sqlite3` module. */
-  API::Node sqlite() {
-    result = API::moduleImport("sqlite3")
+  DataFlow::SourceNode sqlite() {
+    result = DataFlow::moduleImport("sqlite3")
    or
-    result = sqlite().getMember("verbose").getReturn()
+    result = sqlite().getAMemberCall("verbose")
  }

  /** Gets an expression that constructs a Sqlite database instance. */
-  API::Node newDb() {
+  DataFlow::SourceNode newDb() {
    // new require('sqlite3').Database()
-    result = sqlite().getMember("Database").getInstance()
+    result = sqlite().getAConstructorInvocation("Database")
  }

+  /** Gets a data flow node referring to a Sqlite database instance. */
+  private DataFlow::SourceNode db(DataFlow::TypeTracker t) {
+    t.start() and
+    result = newDb()
+  }
+
+  /** Gets a data flow node referring to a Sqlite database instance. */
+  DataFlow::SourceNode db() { result = db(DataFlow::TypeTracker::end()) }
+
  /** A call to a Sqlite query method. */
  private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
    QueryCall() {
@@ -178,7 +180,7 @@ private module Sqlite {
        meth = "prepare" or
        meth = "run"
      |
-        this = newDb().getMember(meth).getACall()
+        this = db().getAMethodCall(meth)
      )
    }

@@ -190,225 +192,3 @@ private module Sqlite {
    QueryString() { this = any(QueryCall qc).getAQueryArgument().asExpr() }
  }
 }
-
-/**
- * Provides classes modelling the `mssql` package.
- */
-private module MsSql {
-  /** Gets a reference to the `mssql` module. */
-  API::Node mssql() { result = API::moduleImport("mssql") }
-
-  /** Gets an expression that creates a request object. */
-  API::Node request() {
-    // new require('mssql').Request()
-    result = mssql().getMember("Request").getInstance()
-    or
-    // request.input(...)
-    result = request().getMember("input").getReturn()
-  }
-
-  /** A tagged template evaluated as a query. */
-  private class QueryTemplateExpr extends DatabaseAccess, DataFlow::ValueNode {
-    override TaggedTemplateExpr astNode;
-
-    QueryTemplateExpr() {
-      mssql().getMember("query").getAUse() = DataFlow::valueNode(astNode.getTag())
-    }
-
-    override DataFlow::Node getAQueryArgument() {
-      result = DataFlow::valueNode(astNode.getTemplate().getAnElement())
-    }
-  }
-
-  /** A call to a MsSql query method. */
-  private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
-    QueryCall() { this = request().getMember(["query", "batch"]).getACall() }
-
-    override DataFlow::Node getAQueryArgument() { result = getArgument(0) }
-  }
-
-  /** An expression that is passed to a method that interprets it as SQL. */
-  class QueryString extends SQL::SqlString {
-    QueryString() {
-      exists(DatabaseAccess dba | dba instanceof QueryTemplateExpr or dba instanceof QueryCall |
-        this = dba.getAQueryArgument().asExpr()
-      )
-    }
-  }
-
-  /** An element of a query template, which is automatically sanitized. */
-  class QueryTemplateSanitizer extends SQL::SqlSanitizer {
-    QueryTemplateSanitizer() {
-      this = any(QueryTemplateExpr qte).getAQueryArgument().asExpr() and
-      input = this and
-      output = this
-    }
-  }
-
-  /** An expression that is passed as user name or password when creating a client or a pool. */
-  class Credentials extends CredentialsExpr {
-    string kind;
-
-    Credentials() {
-      exists(API::Node callee, string prop |
-        (
-          callee = mssql().getMember("connect")
-          or
-          callee = mssql().getMember("ConnectionPool")
-        ) and
-        this = callee.getParameter(0).getMember(prop).getARhs().asExpr() and
-        (
-          prop = "user" and kind = "user name"
-          or
-          prop = "password" and kind = prop
-        )
-      )
-    }
-
-    override string getCredentialsKind() { result = kind }
-  }
-}
-
-/**
- * Provides classes modelling the `sequelize` package.
- */
-private module Sequelize {
-  /** Gets an import of the `sequelize` module. */
-  API::Node sequelize() { result = API::moduleImport("sequelize") }
-
-  /** Gets an expression that creates an instance of the `Sequelize` class. */
-  API::Node newSequelize() { result = sequelize().getInstance() }
-
-  /** A call to `Sequelize.query`. */
-  private class QueryCall extends DatabaseAccess, DataFlow::MethodCallNode {
-    QueryCall() { this = newSequelize().getMember("query").getACall() }
-
-    override DataFlow::Node getAQueryArgument() { result = getArgument(0) }
-  }
-
-  /** An expression that is passed to `Sequelize.query` method and hence interpreted as SQL. */
-  class QueryString extends SQL::SqlString {
-    QueryString() { this = any(QueryCall qc).getAQueryArgument().asExpr() }
-  }
-
-  /**
-   * An expression that is passed as user name or password when creating an instance of the
-   * `Sequelize` class.
-   */
-  class Credentials extends CredentialsExpr {
-    string kind;
-
-    Credentials() {
-      exists(NewExpr ne, string prop |
-        ne = sequelize().getAnInstantiation().asExpr() and
-        (
-          this = ne.getArgument(1) and prop = "username"
-          or
-          this = ne.getArgument(2) and prop = "password"
-          or
-          ne.hasOptionArgument(ne.getNumArgument() - 1, prop, this)
-        ) and
-        (
-          prop = "username" and kind = "user name"
-          or
-          prop = "password" and kind = prop
-        )
-      )
-    }
-
-    override string getCredentialsKind() { result = kind }
-  }
-}
-
-/**
- * Provides classes modelling the Google Cloud Spanner library.
- */
-private module Spanner {
-  /**
-   * Gets a node that refers to the `Spanner` class
-   */
-  API::Node spanner() {
-    // older versions
-    result = API::moduleImport("@google-cloud/spanner")
-    or
-    // newer versions
-    result = API::moduleImport("@google-cloud/spanner").getMember("Spanner")
-  }
-
-  /**
-   * Gets a node that refers to an instance of the `Database` class.
-   */
-  API::Node database() {
-    result =
-      spanner().getReturn().getMember("instance").getReturn().getMember("database").getReturn()
-  }
-
-  /**
-   * Gets a node that refers to an instance of the `v1.SpannerClient` class.
-   */
-  API::Node v1SpannerClient() {
-    result = spanner().getMember("v1").getMember("SpannerClient").getInstance()
-  }
-
-  /**
-   * Gets a node that refers to a transaction object.
-   */
-  API::Node transaction() {
-    result = database().getMember("runTransaction").getParameter(0).getParameter(1)
-  }
-
-  /**
-   * A call to a Spanner method that executes a SQL query.
-   */
-  abstract class SqlExecution extends DatabaseAccess, DataFlow::InvokeNode {
-    /**
-     * Gets the position of the query argument; default is zero, which can be overridden
-     * by subclasses.
-     */
-    int getQueryArgumentPosition() { result = 0 }
-
-    override DataFlow::Node getAQueryArgument() {
-      result = getArgument(getQueryArgumentPosition()) or
-      result = getOptionArgument(getQueryArgumentPosition(), "sql")
-    }
-  }
-
-  /**
-   * A call to `Database.run`, `Database.runPartitionedUpdate` or `Database.runStream`.
-   */
-  class DatabaseRunCall extends SqlExecution {
-    DatabaseRunCall() {
-      this = database().getMember(["run", "runPartitionedUpdate", "runStream"]).getACall()
-    }
-  }
-
-  /**
-   * A call to `Transaction.run`, `Transaction.runStream` or `Transaction.runUpdate`.
-   */
-  class TransactionRunCall extends SqlExecution {
-    TransactionRunCall() {
-      this = transaction().getMember(["run", "runStream", "runUpdate"]).getACall()
-    }
-  }
-
-  /**
-   * A call to `v1.SpannerClient.executeSql` or `v1.SpannerClient.executeStreamingSql`.
-   */
-  class ExecuteSqlCall extends SqlExecution {
-    ExecuteSqlCall() {
-      this = v1SpannerClient().getMember(["executeSql", "executeStreamingSql"]).getACall()
-    }
-
-    override DataFlow::Node getAQueryArgument() {
-      // `executeSql` and `executeStreamingSql` do not accept query strings directly
-      result = getOptionArgument(0, "sql")
-    }
-  }
-
-  /**
-   * An expression that is interpreted as a SQL string.
-   */
-  class QueryString extends SQL::SqlString {
-    QueryString() { this = any(SqlExecution se).getAQueryArgument().asExpr() }
-  }
-}
--- a/javascript/ql/src/semmle/javascript/frameworks/TorrentLibraries.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/TorrentLibraries.qll
@@ -36,25 +36,7 @@ module ParseTorrent {
   * An access to user-controlled torrent information.
   */
  class UserControlledTorrentInfo extends RemoteFlowSource {
-    UserControlledTorrentInfo() {
-      exists(DataFlow::SourceNode ref, DataFlow::PropRead read |
-        ref = parsedTorrentRef() and
-        read = ref.getAPropertyRead() and
-        this = read
-      |
-        exists(string prop |
-          not (
-            prop = "private" or
-            prop = "infoHash" or
-            prop = "length"
-            // "pieceLength" and "lastPieceLength" are not guaranteed to be numbers as of commit ae3ad15d
-          ) and
-          read.getPropertyName() = prop
-        )
-        or
-        not exists(read.getPropertyName())
-      )
-    }
+    UserControlledTorrentInfo() { none() }

    override string getSourceType() { result = "torrent information" }
  }
--- a/javascript/ql/src/semmle/javascript/frameworks/jQuery.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/jQuery.qll
@@ -498,8 +498,6 @@ module JQuery {
  private DataFlow::SourceNode dollar(DataFlow::TypeTracker t) {
    t.start() and
    result = dollarSource()
-    or
-    exists(DataFlow::TypeTracker t2 | result = dollar(t2).track(t2, t))
  }

  /**
@@ -533,14 +531,6 @@ module JQuery {
      }
    }

-    /**
-     * A `this` node in a JQuery plugin function, which is a JQuery object.
-     */
-    private class JQueryPluginThisObject extends Range {
-      JQueryPluginThisObject() {
-        this = DataFlow::thisNode(any(JQueryPluginMethod method).getFunction())
-      }
-    }
  }

  /** A source of jQuery objects from the AST-based `JQueryObject` class. */
--- a/javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
@@ -137,13 +137,6 @@ module CodeInjection {
    }
  }

-  /**
-   * A code operator of a NoSQL query as a code injection sink.
-   */
-  class NoSQLCodeInjectionSink extends Sink {
-    NoSQLCodeInjectionSink() { any(NoSQL::Query q).getACodeOperator() = this }
-  }
-
  /**
   * The first argument to `Module.prototype._compile` from the Node.js built-in module `module`,
   * considered as a code-injection sink.
--- a/javascript/ql/src/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll
@@ -27,6 +27,8 @@ module ExternalAPIUsedWithUntrustedData {
     * have to scan over many irrelevant sinks in order to pick out the interesting ones.
     */
    abstract string getApiName();
+
+    abstract DataFlow::InvokeNode getInvokeNode();
  }

  /**
@@ -301,6 +303,8 @@ module ExternalAPIUsedWithUntrustedData {
    }

    override string getApiName() { result = invoke.getApiName() + " [param " + index + "]" }
+
+    override DataFlow::InvokeNode getInvokeNode() { result = invoke }
  }

  /** A spread argument or an unknown-index argument to an external API. */
@@ -317,6 +321,8 @@ module ExternalAPIUsedWithUntrustedData {
    }

    override string getApiName() { result = invoke.getApiName() + " [param *]" }
+
+    override DataFlow::InvokeNode getInvokeNode() { result = invoke }
  }

  /** A "named argument" to an external API call, seen as a sink. */
@@ -343,6 +349,8 @@ module ExternalAPIUsedWithUntrustedData {
    override string getApiName() {
      result = invoke.getApiName() + " [param " + index + " '" + prop + "']"
    }
+
+    override DataFlow::InvokeNode getInvokeNode() { result = invoke }
  }

  /** The return value from a direct callback to an external API call, seen as a sink */
@@ -359,6 +367,8 @@ module ExternalAPIUsedWithUntrustedData {
    override string getApiName() {
      result = invoke.getApiName() + " [callback " + index + " result]"
    }
+
+    override DataFlow::InvokeNode getInvokeNode() { result = invoke }
  }

  /** The return value from a named callback to an external API call, seen as a sink. */
@@ -379,5 +389,7 @@ module ExternalAPIUsedWithUntrustedData {
    override string getApiName() {
      result = invoke.getApiName() + " [callback " + index + " '" + prop + "' result]"
    }
+
+    override DataFlow::InvokeNode getInvokeNode() { result = invoke }
  }
 }
--- a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
@@ -55,7 +55,7 @@ module TaintedPath {
     * There are currently four flow labels, representing the different combinations of
     * normalization and absoluteness.
     */
-    abstract class PosixPath extends DataFlow::FlowLabel {
+    class PosixPath extends DataFlow::FlowLabel {
      Normalization normalization;
      Relativeness relativeness;

@@ -113,7 +113,7 @@ module TaintedPath {
    /**
     * A flow label representing an array of path elements that may include "..".
     */
-    abstract class SplitPath extends DataFlow::FlowLabel {
+    class SplitPath extends DataFlow::FlowLabel {
      SplitPath() { this = "splitPath" }
    }
  }
@@ -218,12 +218,12 @@ module TaintedPath {
      output = this
      or
      // non-global replace or replace of something other than /\.\./g, /[/]/g, or /[\.]/g.
-      this instanceof StringReplaceCall and
+      this.getCalleeName() = "replace" and
      input = getReceiver() and
      output = this and
      not exists(RegExpLiteral literal, RegExpTerm term |
-        this.(StringReplaceCall).getRegExp().asExpr() = literal and
-        this.(StringReplaceCall).isGlobal() and
+        getArgument(0).getALocalSource().asExpr() = literal and
+        literal.isGlobal() and
        literal.getRoot() = term
      |
        term.getAMatchedString() = "/" or
@@ -247,15 +247,16 @@ module TaintedPath {
  /**
   * A call that removes all instances of "../" in the prefix of the string.
   */
-  class DotDotSlashPrefixRemovingReplace extends StringReplaceCall {
+  class DotDotSlashPrefixRemovingReplace extends DataFlow::CallNode {
    DataFlow::Node input;
    DataFlow::Node output;

    DotDotSlashPrefixRemovingReplace() {
+      this.getCalleeName() = "replace" and
      input = getReceiver() and
      output = this and
      exists(RegExpLiteral literal, RegExpTerm term |
-        getRegExp().asExpr() = literal and
+        getArgument(0).getALocalSource().asExpr() = literal and
        (term instanceof RegExpStar or term instanceof RegExpPlus) and
        term.getChild(0) = getADotDotSlashMatcher()
      |
@@ -297,16 +298,17 @@ module TaintedPath {
  /**
   * A call that removes all "." or ".." from a path, without also removing all forward slashes.
   */
-  class DotRemovingReplaceCall extends StringReplaceCall {
+  class DotRemovingReplaceCall extends DataFlow::CallNode {
    DataFlow::Node input;
    DataFlow::Node output;

    DotRemovingReplaceCall() {
+      this.getCalleeName() = "replace" and
      input = getReceiver() and
      output = this and
-      isGlobal() and
      exists(RegExpLiteral literal, RegExpTerm term |
-        getRegExp().asExpr() = literal and
+        getArgument(0).getALocalSource().asExpr() = literal and
+        literal.isGlobal() and
        literal.getRoot() = term and
        not term.getAMatchedString() = "/"
      |
@@ -582,8 +584,6 @@ module TaintedPath {
      (
        this = fileSystemAccess.getAPathArgument() and
        not exists(fileSystemAccess.getRootPathArgument())
-        or
-        this = fileSystemAccess.getRootPathArgument()
      ) and
      not this = any(ResolvingPathCall call).getInput()
    }
@@ -624,13 +624,6 @@ module TaintedPath {
    AngularJSTemplateUrlSink() { this = any(AngularJS::CustomDirective d).getMember("templateUrl") }
  }

-  /**
-   * The path argument of a [send](https://www.npmjs.com/package/send) call, viewed as a sink.
-   */
-  class SendPathSink extends Sink, DataFlow::ValueNode {
-    SendPathSink() { this = DataFlow::moduleImport("send").getACall().getArgument(1) }
-  }
-
  /**
   * Holds if there is a step `src -> dst` mapping `srclabel` to `dstlabel` relevant for path traversal vulnerabilities.
   */
--- a/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
@@ -172,15 +172,6 @@ module DomBasedXss {
      this = any(Typeahead::TypeaheadSuggestionFunction f).getAReturn()
      or
      this = any(Handlebars::SafeString s).getAnArgument()
-      or
-      this = any(JQuery::MethodCall call | call.getMethodName() = "jGrowl").getArgument(0)
-      or
-      // A construction of a JSDOM object (server side DOM), where scripts are allowed.
-      exists(DataFlow::NewNode instance |
-        instance = API::moduleImport("jsdom").getMember("JSDOM").getInstance().getAnImmediateUse() and
-        this = instance.getArgument(0) and
-        instance.getOptionArgument(1, "runScripts").mayHaveStringValue("dangerously")
-      )
    }
  }

--- a/javascript/ql/test/ApiGraphs/async-await/VerifyAssertions.expected
+++ b/javascript/ql/test/ApiGraphs/async-await/VerifyAssertions.expected
@@ -0,0 +1 @@
+| index.js:4:60:4:137 | /* use  ... )))) */ | use (return (member copy (member exports (module fs-extra)))) has no outgoing edge labelled promised; it has no outgoing edges at all. |
--- a/javascript/ql/test/ApiGraphs/promises/VerifyAssertions.expected
+++ b/javascript/ql/test/ApiGraphs/promises/VerifyAssertions.expected
@@ -0,0 +1,3 @@
+| index.js:11:28:11:109 | /* def  ... )))) */ | def (return (member readFile (member exports (module promises)))) has no outgoing edge labelled promised; it has no outgoing edges at all. |
+| index.js:18:25:18:106 | /* use  ... )))) */ | use (return (member readFile (member exports (module fs-extra)))) has no outgoing edge labelled promised; it does have outgoing edges labelled member then. |
+| index.js:19:33:19:123 | /* def  ... )))) */ | def (return (member readFileAndEncode (member exports (module promises)))) has no outgoing edge labelled promised; it has no outgoing edges at all. |
--- a/javascript/ql/test/library-tests/Arrays/DataFlow.expected
+++ b/javascript/ql/test/library-tests/Arrays/DataFlow.expected
@@ -1,17 +1 @@
 | arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo |
-| arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] |
-| arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e |
-| arrays.js:2:16:2:23 | "source" | arrays.js:16:23:16:23 | e |
-| arrays.js:2:16:2:23 | "source" | arrays.js:20:8:20:16 | arr.pop() |
-| arrays.js:2:16:2:23 | "source" | arrays.js:52:10:52:10 | x |
-| arrays.js:2:16:2:23 | "source" | arrays.js:56:10:56:10 | x |
-| arrays.js:2:16:2:23 | "source" | arrays.js:60:10:60:10 | x |
-| arrays.js:2:16:2:23 | "source" | arrays.js:66:10:66:10 | x |
-| arrays.js:18:22:18:29 | "source" | arrays.js:18:50:18:50 | e |
-| arrays.js:22:15:22:22 | "source" | arrays.js:23:8:23:17 | arr2.pop() |
-| arrays.js:25:15:25:22 | "source" | arrays.js:26:8:26:17 | arr3.pop() |
-| arrays.js:29:21:29:28 | "source" | arrays.js:30:8:30:17 | arr4.pop() |
-| arrays.js:29:21:29:28 | "source" | arrays.js:33:8:33:17 | arr5.pop() |
-| arrays.js:29:21:29:28 | "source" | arrays.js:35:8:35:26 | arr5.slice(2).pop() |
-| arrays.js:29:21:29:28 | "source" | arrays.js:41:8:41:17 | arr6.pop() |
-| arrays.js:44:4:44:11 | "source" | arrays.js:45:10:45:18 | ary.pop() |
--- a/javascript/ql/test/library-tests/Generators/DataFlow.expected
+++ b/javascript/ql/test/library-tests/Generators/DataFlow.expected
@@ -0,0 +1,4 @@
+| library-tests/Generators/generators.js:9 | expected an alert, but found none | NOT OK |  |
+| library-tests/Generators/generators.js:18 | expected an alert, but found none | NOT OK |  |
+| library-tests/Generators/generators.js:23 | expected an alert, but found none | NOT OK |  |
+| library-tests/Generators/generators.js:42 | expected an alert, but found none | NOT OK |  |
--- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected
+++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected
@@ -2,17 +2,11 @@ dataFlow
 | a.js:1:15:1:23 | "tainted" | b.js:4:13:4:40 | whoKnow ... Tainted |
 | a.js:1:15:1:23 | "tainted" | b.js:6:13:6:13 | x |
 | a.js:2:15:2:28 | "also tainted" | b.js:5:13:5:29 | notTaintedTrustMe |
-| async.js:2:16:2:23 | "source" | async.js:8:15:8:27 | await async() |
 | async.js:2:16:2:23 | "source" | async.js:13:15:13:20 | sync() |
-| async.js:2:16:2:23 | "source" | async.js:27:17:27:17 | e |
 | async.js:2:16:2:23 | "source" | async.js:36:17:36:17 | e |
 | async.js:2:16:2:23 | "source" | async.js:41:17:41:17 | e |
 | async.js:2:16:2:23 | "source" | async.js:54:17:54:36 | unpack(pack(source)) |
-| async.js:79:16:79:23 | "source" | async.js:80:14:80:36 | (await  ... ce))).p |
-| async.js:79:16:79:23 | "source" | async.js:92:15:92:30 | await (getP(o3)) |
-| async.js:96:18:96:25 | "source" | async.js:101:15:101:27 | await readP() |
 | callback.js:16:14:16:21 | "source" | callback.js:13:14:13:14 | x |
-| callback.js:17:15:17:23 | "source2" | callback.js:13:14:13:14 | x |
 | callback.js:27:15:27:23 | "source3" | callback.js:13:14:13:14 | x |
 | destructuring.js:2:16:2:24 | "tainted" | destructuring.js:9:15:9:22 | tainted2 |
 | destructuring.js:19:15:19:23 | "tainted" | destructuring.js:14:15:14:15 | p |
@@ -47,12 +41,6 @@ dataFlow
 | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y |
 | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y |
 | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y |
-| promises.js:2:16:2:24 | "tainted" | promises.js:7:16:7:18 | val |
-| promises.js:2:16:2:24 | "tainted" | promises.js:38:32:38:32 | v |
-| promises.js:11:22:11:31 | "resolved" | promises.js:19:20:19:20 | v |
-| promises.js:12:22:12:31 | "rejected" | promises.js:21:20:21:20 | v |
-| promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v |
-| promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v |
 | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p |
 | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) |
 | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp |
@@ -65,7 +53,6 @@ dataFlow
 | tst2.js:6:24:6:37 | "also tainted" | tst2.js:11:15:11:24 | g(source2) |
 | tst6.mjs:12:14:12:21 | "source" | tst6.mjs:14:12:14:16 | a.m() |
 | tst6.mjs:16:15:16:23 | "source2" | tst6.mjs:18:13:18:24 | a.m.call(a2) |
-| tst.js:2:17:2:22 | "src1" | tst.js:28:20:28:22 | elt |
 | tst.js:2:17:2:22 | "src1" | tst.js:39:17:39:17 | x |
 | tst.js:2:17:2:22 | "src1" | tst.js:41:19:41:19 | x |
 | tst.js:2:17:2:22 | "src1" | tst.js:45:17:45:17 | x |
@@ -85,7 +72,6 @@ taintTracking
 | async.js:2:16:2:23 | "source" | async.js:8:15:8:27 | await async() |
 | async.js:2:16:2:23 | "source" | async.js:13:15:13:20 | sync() |
 | async.js:2:16:2:23 | "source" | async.js:14:15:14:26 | await sync() |
-| async.js:2:16:2:23 | "source" | async.js:27:17:27:17 | e |
 | async.js:2:16:2:23 | "source" | async.js:36:17:36:17 | e |
 | async.js:2:16:2:23 | "source" | async.js:41:17:41:17 | e |
 | async.js:2:16:2:23 | "source" | async.js:54:17:54:36 | unpack(pack(source)) |
@@ -135,8 +121,6 @@ taintTracking
 | promises.js:2:16:2:24 | "tainted" | promises.js:7:16:7:18 | val |
 | promises.js:2:16:2:24 | "tainted" | promises.js:38:32:38:32 | v |
 | promises.js:11:22:11:31 | "resolved" | promises.js:19:20:19:20 | v |
-| promises.js:12:22:12:31 | "rejected" | promises.js:21:20:21:20 | v |
-| promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v |
 | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v |
 | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p |
 | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) |
@@ -188,17 +172,11 @@ germanFlow
 | a.js:1:15:1:23 | "tainted" | b.js:4:13:4:40 | whoKnow ... Tainted |
 | a.js:1:15:1:23 | "tainted" | b.js:6:13:6:13 | x |
 | a.js:2:15:2:28 | "also tainted" | b.js:5:13:5:29 | notTaintedTrustMe |
-| async.js:2:16:2:23 | "source" | async.js:8:15:8:27 | await async() |
 | async.js:2:16:2:23 | "source" | async.js:13:15:13:20 | sync() |
-| async.js:2:16:2:23 | "source" | async.js:27:17:27:17 | e |
 | async.js:2:16:2:23 | "source" | async.js:36:17:36:17 | e |
 | async.js:2:16:2:23 | "source" | async.js:41:17:41:17 | e |
 | async.js:2:16:2:23 | "source" | async.js:54:17:54:36 | unpack(pack(source)) |
-| async.js:79:16:79:23 | "source" | async.js:80:14:80:36 | (await  ... ce))).p |
-| async.js:79:16:79:23 | "source" | async.js:92:15:92:30 | await (getP(o3)) |
-| async.js:96:18:96:25 | "source" | async.js:101:15:101:27 | await readP() |
 | callback.js:16:14:16:21 | "source" | callback.js:13:14:13:14 | x |
-| callback.js:17:15:17:23 | "source2" | callback.js:13:14:13:14 | x |
 | callback.js:27:15:27:23 | "source3" | callback.js:13:14:13:14 | x |
 | custom.js:1:14:1:26 | "verschmutzt" | custom.js:2:15:2:20 | quelle |
 | destructuring.js:2:16:2:24 | "tainted" | destructuring.js:9:15:9:22 | tainted2 |
@@ -234,12 +212,6 @@ germanFlow
 | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y |
 | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y |
 | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y |
-| promises.js:2:16:2:24 | "tainted" | promises.js:7:16:7:18 | val |
-| promises.js:2:16:2:24 | "tainted" | promises.js:38:32:38:32 | v |
-| promises.js:11:22:11:31 | "resolved" | promises.js:19:20:19:20 | v |
-| promises.js:12:22:12:31 | "rejected" | promises.js:21:20:21:20 | v |
-| promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v |
-| promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v |
 | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p |
 | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) |
 | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp |
@@ -252,7 +224,6 @@ germanFlow
 | tst2.js:6:24:6:37 | "also tainted" | tst2.js:11:15:11:24 | g(source2) |
 | tst6.mjs:12:14:12:21 | "source" | tst6.mjs:14:12:14:16 | a.m() |
 | tst6.mjs:16:15:16:23 | "source2" | tst6.mjs:18:13:18:24 | a.m.call(a2) |
-| tst.js:2:17:2:22 | "src1" | tst.js:28:20:28:22 | elt |
 | tst.js:2:17:2:22 | "src1" | tst.js:39:17:39:17 | x |
 | tst.js:2:17:2:22 | "src1" | tst.js:41:19:41:19 | x |
 | tst.js:2:17:2:22 | "src1" | tst.js:45:17:45:17 | x |
--- a/javascript/ql/test/library-tests/Promises/tests.expected
+++ b/javascript/ql/test/library-tests/Promises/tests.expected
@@ -204,199 +204,26 @@ test_PromiseDefinition_getACatchHandler
 | flow.js:119:2:119:48 | new Pro ... "BLA")) | flow.js:119:56:119:68 | x => resolved |
 | promises.js:10:18:17:4 | new Pro ... );\\n  }) | promises.js:23:18:25:3 | (v) =>  ...  v;\\n  } |
 flow
-| flow2.js:2:15:2:22 | "source" | flow2.js:6:8:6:13 | arr[0] |
-| flow2.js:2:15:2:22 | "source" | flow2.js:12:7:12:13 | tainted |
-| flow2.js:2:15:2:22 | "source" | flow2.js:16:7:16:14 | tainted2 |
+exclusiveTaintFlow
 | flow2.js:2:15:2:22 | "source" | flow2.js:23:7:23:14 | tainted4 |
 | flow2.js:2:15:2:22 | "source" | flow2.js:26:7:26:14 | tainted5 |
 | flow.js:2:15:2:22 | "source" | flow.js:5:7:5:14 | await p1 |
 | flow.js:2:15:2:22 | "source" | flow.js:8:7:8:14 | await p2 |
-| flow.js:2:15:2:22 | "source" | flow.js:17:8:17:8 | e |
 | flow.js:2:15:2:22 | "source" | flow.js:20:41:20:41 | x |
-| flow.js:2:15:2:22 | "source" | flow.js:26:79:26:79 | y |
 | flow.js:2:15:2:22 | "source" | flow.js:28:58:28:58 | z |
-| flow.js:2:15:2:22 | "source" | flow.js:32:67:32:67 | x |
 | flow.js:2:15:2:22 | "source" | flow.js:34:58:34:58 | a |
 | flow.js:2:15:2:22 | "source" | flow.js:38:29:38:29 | a |
-| flow.js:2:15:2:22 | "source" | flow.js:40:83:40:83 | x |
 | flow.js:2:15:2:22 | "source" | flow.js:44:92:44:92 | a |
 | flow.js:2:15:2:22 | "source" | flow.js:46:60:46:60 | a |
-| flow.js:2:15:2:22 | "source" | flow.js:48:54:48:54 | x |
 | flow.js:2:15:2:22 | "source" | flow.js:53:39:53:39 | v |
-| flow.js:2:15:2:22 | "source" | flow.js:58:24:58:24 | x |
-| flow.js:2:15:2:22 | "source" | flow.js:62:22:62:22 | x |
-| flow.js:2:15:2:22 | "source" | flow.js:70:8:70:8 | e |
-| flow.js:2:15:2:22 | "source" | flow.js:76:50:76:50 | e |
 | flow.js:2:15:2:22 | "source" | flow.js:79:20:79:20 | x |
-| flow.js:2:15:2:22 | "source" | flow.js:84:21:84:21 | e |
-| flow.js:2:15:2:22 | "source" | flow.js:89:45:89:45 | e |
-| flow.js:2:15:2:22 | "source" | flow.js:101:7:101:9 | foo |
 | flow.js:2:15:2:22 | "source" | flow.js:103:93:103:93 | x |
-| flow.js:2:15:2:22 | "source" | flow.js:105:95:105:95 | x |
-| flow.js:2:15:2:22 | "source" | flow.js:109:89:109:89 | x |
-| flow.js:2:15:2:22 | "source" | flow.js:113:87:113:87 | x |
 | flow.js:2:15:2:22 | "source" | flow.js:119:86:119:86 | x |
 | flow.js:2:15:2:22 | "source" | flow.js:123:58:123:58 | x |
-| flow.js:2:15:2:22 | "source" | flow.js:125:59:125:59 | x |
 | flow.js:2:15:2:22 | "source" | flow.js:129:69:129:69 | x |
 | flow.js:2:15:2:22 | "source" | flow.js:131:43:131:43 | x |
-| flow.js:136:15:136:22 | "source" | flow.js:142:7:142:19 | await async() |
-| flow.js:136:15:136:22 | "source" | flow.js:155:9:155:9 | e |
-exclusiveTaintFlow
-| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 |
 | flow.js:136:15:136:22 | "source" | flow.js:141:7:141:13 | async() |
+| flow.js:136:15:136:22 | "source" | flow.js:142:7:142:19 | await async() |
 | flow.js:160:15:160:22 | "source" | flow.js:164:39:164:39 | x |
 | flow.js:160:15:160:22 | "source" | flow.js:167:7:167:9 | foo |
-| interflow.js:3:18:3:25 | "source" | interflow.js:18:10:18:14 | error |
 typetrack
-| flow2.js:4:2:4:31 | Promise ... lean"]) | flow2.js:4:14:4:30 | [source, "clean"] | copy $PromiseResolveField$ |
-| flow2.js:4:2:4:31 | Promise ... lean"]) | flow2.js:4:14:4:30 | [source, "clean"] | store $PromiseResolveField$ |
-| flow2.js:4:39:4:41 | arr | flow2.js:4:2:4:31 | Promise ... lean"]) | load $PromiseResolveField$ |
-| flow2.js:10:25:10:60 | await P ... ource]) | flow2.js:10:31:10:60 | Promise ... ource]) | load $PromiseResolveField$ |
-| flow2.js:10:31:10:60 | Promise ... ource]) | flow2.js:10:43:10:59 | ["clean", source] | copy $PromiseResolveField$ |
-| flow2.js:10:31:10:60 | Promise ... ource]) | flow2.js:10:43:10:59 | ["clean", source] | store $PromiseResolveField$ |
-| flow2.js:14:27:14:79 | await P ... urce])) | flow2.js:14:33:14:79 | Promise ... urce])) | load $PromiseResolveField$ |
-| flow2.js:14:33:14:79 | Promise ... urce])) | flow2.js:14:49:14:78 | Promise ... ource]) | copy $PromiseResolveField$ |
-| flow2.js:14:33:14:79 | Promise ... urce])) | flow2.js:14:49:14:78 | Promise ... ource]) | store $PromiseResolveField$ |
-| flow2.js:14:49:14:78 | Promise ... ource]) | flow2.js:14:61:14:77 | ["clean", source] | copy $PromiseResolveField$ |
-| flow2.js:14:49:14:78 | Promise ... ource]) | flow2.js:14:61:14:77 | ["clean", source] | store $PromiseResolveField$ |
-| flow2.js:18:27:18:79 | await P ... urce)]) | flow2.js:18:33:18:79 | Promise ... urce)]) | load $PromiseResolveField$ |
-| flow2.js:18:33:18:79 | Promise ... urce)]) | flow2.js:18:45:18:78 | ["clean ... ource)] | copy $PromiseResolveField$ |
-| flow2.js:18:33:18:79 | Promise ... urce)]) | flow2.js:18:45:18:78 | ["clean ... ource)] | store $PromiseResolveField$ |
-| flow2.js:22:17:22:70 | await P ... urce)]) | flow2.js:22:23:22:70 | Promise ... urce)]) | load $PromiseResolveField$ |
-| flow2.js:22:23:22:70 | Promise ... urce)]) | flow2.js:22:46:22:68 | Promise ... source) | copy $PromiseResolveField$ |
-| flow2.js:22:23:22:70 | Promise ... urce)]) | flow2.js:22:46:22:68 | Promise ... source) | store $PromiseResolveField$ |
-| flow2.js:25:17:25:69 | await P ... urce)]) | flow2.js:25:23:25:69 | Promise ... urce)]) | load $PromiseResolveField$ |
-| flow2.js:25:23:25:69 | Promise ... urce)]) | flow2.js:25:45:25:67 | Promise ... source) | copy $PromiseResolveField$ |
-| flow2.js:25:23:25:69 | Promise ... urce)]) | flow2.js:25:45:25:67 | Promise ... source) | store $PromiseResolveField$ |
-| flow.js:20:2:20:43 | Promise ... ink(x)) | flow.js:20:36:20:42 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:20:2:20:43 | Promise ... ink(x)) | flow.js:20:36:20:42 | sink(x) | store $PromiseResolveField$ |
-| flow.js:20:31:20:31 | x | flow.js:20:2:20:24 | Promise ... source) | load $PromiseResolveField$ |
-| flow.js:22:2:22:56 | Promise ... ink(y)) | flow.js:22:36:22:41 | foo(x) | copy $PromiseResolveField$ |
-| flow.js:22:2:22:56 | Promise ... ink(y)) | flow.js:22:36:22:41 | foo(x) | store $PromiseResolveField$ |
-| flow.js:22:2:22:56 | Promise ... ink(y)) | flow.js:22:49:22:55 | sink(y) | copy $PromiseResolveField$ |
-| flow.js:22:2:22:56 | Promise ... ink(y)) | flow.js:22:49:22:55 | sink(y) | store $PromiseResolveField$ |
-| flow.js:22:31:22:31 | x | flow.js:22:2:22:24 | Promise ... source) | load $PromiseResolveField$ |
-| flow.js:24:2:24:68 | new Pro ... ink(x)) | flow.js:24:61:24:67 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:24:2:24:68 | new Pro ... ink(x)) | flow.js:24:61:24:67 | sink(x) | store $PromiseResolveField$ |
-| flow.js:24:56:24:56 | x | flow.js:24:2:24:49 | new Pro ... ource)) | load $PromiseResolveField$ |
-| flow.js:26:2:26:81 | new Pro ... ink(y)) | flow.js:26:61:26:66 | foo(x) | copy $PromiseResolveField$ |
-| flow.js:26:2:26:81 | new Pro ... ink(y)) | flow.js:26:61:26:66 | foo(x) | store $PromiseResolveField$ |
-| flow.js:26:2:26:81 | new Pro ... ink(y)) | flow.js:26:74:26:80 | sink(y) | copy $PromiseResolveField$ |
-| flow.js:26:2:26:81 | new Pro ... ink(y)) | flow.js:26:74:26:80 | sink(y) | store $PromiseResolveField$ |
-| flow.js:26:56:26:56 | x | flow.js:26:2:26:49 | new Pro ... ource)) | load $PromiseResolveField$ |
-| flow.js:28:2:28:60 | Promise ... ink(z)) | flow.js:28:53:28:59 | sink(z) | copy $PromiseResolveField$ |
-| flow.js:28:2:28:60 | Promise ... ink(z)) | flow.js:28:53:28:59 | sink(z) | store $PromiseResolveField$ |
-| flow.js:28:30:28:30 | x | flow.js:28:2:28:23 | Promise ... ("foo") | load $PromiseResolveField$ |
-| flow.js:28:48:28:48 | z | flow.js:28:2:28:41 | Promise ... source) | load $PromiseResolveField$ |
-| flow.js:30:2:30:60 | Promise ... ink(z)) | flow.js:30:53:30:59 | sink(z) | copy $PromiseResolveField$ |
-| flow.js:30:2:30:60 | Promise ... ink(z)) | flow.js:30:53:30:59 | sink(z) | store $PromiseResolveField$ |
-| flow.js:30:31:30:31 | x | flow.js:30:2:30:24 | Promise ... source) | load $PromiseResolveField$ |
-| flow.js:30:48:30:48 | z | flow.js:30:2:30:41 | Promise ...  "foo") | load $PromiseResolveField$ |
-| flow.js:32:2:32:69 | new Pro ... ink(x)) | flow.js:32:2:32:49 | new Pro ... ource)) | copy $PromiseResolveField$ |
-| flow.js:32:2:32:69 | new Pro ... ink(x)) | flow.js:32:62:32:68 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:32:2:32:69 | new Pro ... ink(x)) | flow.js:32:62:32:68 | sink(x) | store $PromiseResolveField$ |
-| flow.js:34:2:34:41 | Promise ... => { }) | flow.js:34:2:34:24 | Promise ... source) | copy $PromiseResolveField$ |
-| flow.js:34:2:34:60 | Promise ... ink(a)) | flow.js:34:53:34:59 | sink(a) | copy $PromiseResolveField$ |
-| flow.js:34:2:34:60 | Promise ... ink(a)) | flow.js:34:53:34:59 | sink(a) | store $PromiseResolveField$ |
-| flow.js:34:48:34:48 | a | flow.js:34:2:34:41 | Promise ... => { }) | load $PromiseResolveField$ |
-| flow.js:38:11:38:31 | p6.then ... ink(a)) | flow.js:38:24:38:30 | sink(a) | copy $PromiseResolveField$ |
-| flow.js:38:11:38:31 | p6.then ... ink(a)) | flow.js:38:24:38:30 | sink(a) | store $PromiseResolveField$ |
-| flow.js:40:2:40:85 | new Pro ... ink(x)) | flow.js:40:2:40:65 | new Pro ... => { }) | copy $PromiseResolveField$ |
-| flow.js:40:2:40:85 | new Pro ... ink(x)) | flow.js:40:78:40:84 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:40:2:40:85 | new Pro ... ink(x)) | flow.js:40:78:40:84 | sink(x) | store $PromiseResolveField$ |
-| flow.js:42:2:42:96 | new Pro ... ink(x)) | flow.js:42:2:42:76 | new Pro ... => { }) | copy $PromiseResolveField$ |
-| flow.js:42:2:42:96 | new Pro ... ink(x)) | flow.js:42:89:42:95 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:42:2:42:96 | new Pro ... ink(x)) | flow.js:42:89:42:95 | sink(x) | store $PromiseResolveField$ |
-| flow.js:44:2:44:41 | Promise ... => { }) | flow.js:44:2:44:24 | Promise ... source) | copy $PromiseResolveField$ |
-| flow.js:44:2:44:58 | Promise ... => { }) | flow.js:44:2:44:41 | Promise ... => { }) | copy $PromiseResolveField$ |
-| flow.js:44:2:44:75 | Promise ... => { }) | flow.js:44:2:44:58 | Promise ... => { }) | copy $PromiseResolveField$ |
-| flow.js:44:2:44:94 | Promise ... ink(a)) | flow.js:44:87:44:93 | sink(a) | copy $PromiseResolveField$ |
-| flow.js:44:2:44:94 | Promise ... ink(a)) | flow.js:44:87:44:93 | sink(a) | store $PromiseResolveField$ |
-| flow.js:44:82:44:82 | a | flow.js:44:2:44:75 | Promise ... => { }) | load $PromiseResolveField$ |
-| flow.js:46:2:46:43 | Promise ... => { }) | flow.js:46:2:46:24 | Promise ... source) | copy $PromiseResolveField$ |
-| flow.js:46:2:46:62 | Promise ... ink(a)) | flow.js:46:55:46:61 | sink(a) | copy $PromiseResolveField$ |
-| flow.js:46:2:46:62 | Promise ... ink(a)) | flow.js:46:55:46:61 | sink(a) | store $PromiseResolveField$ |
-| flow.js:46:50:46:50 | a | flow.js:46:2:46:43 | Promise ... => { }) | load $PromiseResolveField$ |
-| flow.js:48:2:48:56 | new Pro ... ink(x)) | flow.js:48:2:48:36 | new Pro ... urce }) | copy $PromiseResolveField$ |
-| flow.js:48:2:48:56 | new Pro ... ink(x)) | flow.js:48:49:48:55 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:48:2:48:56 | new Pro ... ink(x)) | flow.js:48:49:48:55 | sink(x) | store $PromiseResolveField$ |
-| flow.js:53:2:53:41 | createP ... ink(v)) | flow.js:53:34:53:40 | sink(v) | copy $PromiseResolveField$ |
-| flow.js:53:2:53:41 | createP ... ink(v)) | flow.js:53:34:53:40 | sink(v) | store $PromiseResolveField$ |
-| flow.js:53:29:53:29 | v | flow.js:53:2:53:22 | createP ... source) | load $PromiseResolveField$ |
-| flow.js:58:2:58:26 | p10.cat ... ink(x)) | flow.js:58:19:58:25 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:58:2:58:26 | p10.cat ... ink(x)) | flow.js:58:19:58:25 | sink(x) | store $PromiseResolveField$ |
-| flow.js:62:2:62:24 | p12.cat ... ink(x)) | flow.js:62:17:62:23 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:62:2:62:24 | p12.cat ... ink(x)) | flow.js:62:17:62:23 | sink(x) | store $PromiseResolveField$ |
-| flow.js:65:3:65:56 | await n ... ource)) | flow.js:65:9:65:56 | new Pro ... ource)) | load $PromiseResolveField$ |
-| flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:2:76:32 | chained ...  => {}) | copy $PromiseResolveField$ |
-| flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:45:76:51 | sink(e) | copy $PromiseResolveField$ |
-| flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:45:76:51 | sink(e) | store $PromiseResolveField$ |
-| flow.js:79:3:79:22 | p.then(x => sink(x)) | flow.js:79:15:79:21 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:79:3:79:22 | p.then(x => sink(x)) | flow.js:79:15:79:21 | sink(x) | store $PromiseResolveField$ |
-| flow.js:84:3:84:23 | p.catch ... ink(e)) | flow.js:84:16:84:22 | sink(e) | copy $PromiseResolveField$ |
-| flow.js:84:3:84:23 | p.catch ... ink(e)) | flow.js:84:16:84:22 | sink(e) | store $PromiseResolveField$ |
-| flow.js:89:3:89:47 | ("foo", ... ink(e)) | flow.js:89:3:89:27 | ("foo", ...  => {}) | copy $PromiseResolveField$ |
-| flow.js:89:3:89:47 | ("foo", ... ink(e)) | flow.js:89:40:89:46 | sink(e) | copy $PromiseResolveField$ |
-| flow.js:89:3:89:47 | ("foo", ... ink(e)) | flow.js:89:40:89:46 | sink(e) | store $PromiseResolveField$ |
-| flow.js:100:12:100:82 | await r ... urce))) | flow.js:100:18:100:82 | returns ... urce))) | load $PromiseResolveField$ |
-| flow.js:103:2:103:76 | new Pro ... ource}) | flow.js:103:2:103:48 | new Pro ... "BLA")) | copy $PromiseResolveField$ |
-| flow.js:103:2:103:95 | new Pro ... ink(x)) | flow.js:103:88:103:94 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:103:2:103:95 | new Pro ... ink(x)) | flow.js:103:88:103:94 | sink(x) | store $PromiseResolveField$ |
-| flow.js:103:83:103:83 | x | flow.js:103:2:103:76 | new Pro ... ource}) | load $PromiseResolveField$ |
-| flow.js:105:2:105:77 | new Pro ... ource}) | flow.js:105:2:105:48 | new Pro ... "BLA")) | copy $PromiseResolveField$ |
-| flow.js:105:2:105:97 | new Pro ... ink(x)) | flow.js:105:2:105:77 | new Pro ... ource}) | copy $PromiseResolveField$ |
-| flow.js:105:2:105:97 | new Pro ... ink(x)) | flow.js:105:90:105:96 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:105:2:105:97 | new Pro ... ink(x)) | flow.js:105:90:105:96 | sink(x) | store $PromiseResolveField$ |
-| flow.js:109:2:109:71 | new Pro ... jected) | flow.js:109:2:109:48 | new Pro ... "BLA")) | copy $PromiseResolveField$ |
-| flow.js:109:2:109:91 | new Pro ... ink(x)) | flow.js:109:2:109:71 | new Pro ... jected) | copy $PromiseResolveField$ |
-| flow.js:109:2:109:91 | new Pro ... ink(x)) | flow.js:109:84:109:90 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:109:2:109:91 | new Pro ... ink(x)) | flow.js:109:84:109:90 | sink(x) | store $PromiseResolveField$ |
-| flow.js:111:2:111:69 | new Pro ... jected) | flow.js:111:2:111:48 | new Pro ... "BLA")) | copy $PromiseResolveField$ |
-| flow.js:111:2:111:88 | new Pro ... ink(x)) | flow.js:111:81:111:87 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:111:2:111:88 | new Pro ... ink(x)) | flow.js:111:81:111:87 | sink(x) | store $PromiseResolveField$ |
-| flow.js:111:76:111:76 | x | flow.js:111:2:111:69 | new Pro ... jected) | load $PromiseResolveField$ |
-| flow.js:113:2:113:69 | new Pro ... jected) | flow.js:113:2:113:48 | new Pro ... "BLA")) | copy $PromiseResolveField$ |
-| flow.js:113:2:113:89 | new Pro ... ink(x)) | flow.js:113:2:113:69 | new Pro ... jected) | copy $PromiseResolveField$ |
-| flow.js:113:2:113:89 | new Pro ... ink(x)) | flow.js:113:82:113:88 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:113:2:113:89 | new Pro ... ink(x)) | flow.js:113:82:113:88 | sink(x) | store $PromiseResolveField$ |
-| flow.js:117:2:117:69 | new Pro ... solved) | flow.js:117:2:117:48 | new Pro ... "BLA")) | copy $PromiseResolveField$ |
-| flow.js:117:2:117:89 | new Pro ... ink(x)) | flow.js:117:2:117:69 | new Pro ... solved) | copy $PromiseResolveField$ |
-| flow.js:117:2:117:89 | new Pro ... ink(x)) | flow.js:117:82:117:88 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:117:2:117:89 | new Pro ... ink(x)) | flow.js:117:82:117:88 | sink(x) | store $PromiseResolveField$ |
-| flow.js:119:2:119:69 | new Pro ... solved) | flow.js:119:2:119:48 | new Pro ... "BLA")) | copy $PromiseResolveField$ |
-| flow.js:119:2:119:88 | new Pro ... ink(x)) | flow.js:119:81:119:87 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:119:2:119:88 | new Pro ... ink(x)) | flow.js:119:81:119:87 | sink(x) | store $PromiseResolveField$ |
-| flow.js:119:76:119:76 | x | flow.js:119:2:119:69 | new Pro ... solved) | load $PromiseResolveField$ |
-| flow.js:121:2:121:61 | Promise ... ink(x)) | flow.js:121:2:121:41 | Promise ... solved) | copy $PromiseResolveField$ |
-| flow.js:121:2:121:61 | Promise ... ink(x)) | flow.js:121:54:121:60 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:121:2:121:61 | Promise ... ink(x)) | flow.js:121:54:121:60 | sink(x) | store $PromiseResolveField$ |
-| flow.js:121:28:121:28 | x | flow.js:121:2:121:21 | Promise.resolve(123) | load $PromiseResolveField$ |
-| flow.js:123:2:123:60 | Promise ... ink(x)) | flow.js:123:53:123:59 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:123:2:123:60 | Promise ... ink(x)) | flow.js:123:53:123:59 | sink(x) | store $PromiseResolveField$ |
-| flow.js:123:28:123:28 | x | flow.js:123:2:123:21 | Promise.resolve(123) | load $PromiseResolveField$ |
-| flow.js:123:48:123:48 | x | flow.js:123:2:123:41 | Promise ... solved) | load $PromiseResolveField$ |
-| flow.js:125:2:125:61 | Promise ... ink(x)) | flow.js:125:2:125:41 | Promise ... jected) | copy $PromiseResolveField$ |
-| flow.js:125:2:125:61 | Promise ... ink(x)) | flow.js:125:54:125:60 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:125:2:125:61 | Promise ... ink(x)) | flow.js:125:54:125:60 | sink(x) | store $PromiseResolveField$ |
-| flow.js:125:28:125:28 | x | flow.js:125:2:125:21 | Promise.resolve(123) | load $PromiseResolveField$ |
-| flow.js:127:2:127:60 | Promise ... ink(x)) | flow.js:127:53:127:59 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:127:2:127:60 | Promise ... ink(x)) | flow.js:127:53:127:59 | sink(x) | store $PromiseResolveField$ |
-| flow.js:127:28:127:28 | x | flow.js:127:2:127:21 | Promise.resolve(123) | load $PromiseResolveField$ |
-| flow.js:127:48:127:48 | x | flow.js:127:2:127:41 | Promise ... jected) | load $PromiseResolveField$ |
-| flow.js:129:2:129:71 | new Pro ... ink(x)) | flow.js:129:64:129:70 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:129:2:129:71 | new Pro ... ink(x)) | flow.js:129:64:129:70 | sink(x) | store $PromiseResolveField$ |
-| flow.js:129:59:129:59 | x | flow.js:129:2:129:52 | new Pro ... olved)) | load $PromiseResolveField$ |
-| flow.js:131:2:131:45 | Promise ... ink(x)) | flow.js:131:38:131:44 | sink(x) | copy $PromiseResolveField$ |
-| flow.js:131:2:131:45 | Promise ... ink(x)) | flow.js:131:38:131:44 | sink(x) | store $PromiseResolveField$ |
-| flow.js:131:33:131:33 | x | flow.js:131:2:131:26 | Promise ... solved) | load $PromiseResolveField$ |
-| flow.js:142:7:142:19 | await async() | flow.js:142:13:142:19 | async() | load $PromiseResolveField$ |
-| flow.js:153:4:153:22 | await throwsAsync() | flow.js:153:10:153:22 | throwsAsync() | load $PromiseResolveField$ |
-| interflow.js:6:3:9:23 | loadScr ... eError) | interflow.js:6:3:8:26 | loadScr ... () { }) | copy $PromiseResolveField$ |
-| promises.js:33:19:35:6 | new Pro ... \\n    }) | promises.js:34:17:34:22 | source | copy $PromiseResolveField$ |
-| promises.js:33:19:35:6 | new Pro ... \\n    }) | promises.js:34:17:34:22 | source | store $PromiseResolveField$ |
-| promises.js:43:19:45:6 | Q.Promi ... \\n    }) | promises.js:44:17:44:22 | source | copy $PromiseResolveField$ |
-| promises.js:43:19:45:6 | Q.Promi ... \\n    }) | promises.js:44:17:44:22 | source | store $PromiseResolveField$ |
-| promises.js:71:34:71:36 | val | promises.js:71:5:71:27 | Promise ... source) | load $PromiseResolveField$ |
-| promises.js:72:48:72:50 | val | promises.js:72:5:72:41 | new Pro ... ource)) | load $PromiseResolveField$ |
-| promises.js:75:27:75:29 | val | promises.js:75:5:75:20 | resolver.promise | load $PromiseResolveField$ |
--- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
+++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
@@ -53,7 +53,6 @@ typeInferenceMismatch
 | exceptions.js:21:17:21:24 | source() | exceptions.js:24:10:24:21 | e.toString() |
 | exceptions.js:21:17:21:24 | source() | exceptions.js:25:10:25:18 | e.message |
 | exceptions.js:21:17:21:24 | source() | exceptions.js:26:10:26:19 | e.fileName |
-| exceptions.js:59:24:59:31 | source() | exceptions.js:61:12:61:12 | e |
 | exceptions.js:88:6:88:13 | source() | exceptions.js:11:10:11:10 | e |
 | exceptions.js:88:6:88:13 | source() | exceptions.js:32:10:32:10 | e |
 | exceptions.js:88:6:88:13 | source() | exceptions.js:33:10:33:21 | e.toString() |
--- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected
+++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected
@@ -32,7 +32,6 @@
 | constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:17:8:17:14 | c.param |
 | constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:25:8:25:14 | d.param |
 | exceptions.js:3:15:3:22 | source() | exceptions.js:5:10:5:10 | e |
-| exceptions.js:59:24:59:31 | source() | exceptions.js:61:12:61:12 | e |
 | exceptions.js:88:6:88:13 | source() | exceptions.js:11:10:11:10 | e |
 | exceptions.js:93:11:93:18 | source() | exceptions.js:95:10:95:10 | e |
 | exceptions.js:100:13:100:20 | source() | exceptions.js:102:12:102:12 | e |
--- a/javascript/ql/test/library-tests/TorrentLibraries/UserControlledTorrentInfo.expected
+++ b/javascript/ql/test/library-tests/TorrentLibraries/UserControlledTorrentInfo.expected
@@ -1,4 +0,0 @@
-| tst.js:6:2:6:12 | parsed.name |
-| tst.js:8:2:8:19 | parsed.pieceLength |
-| tst.js:14:2:14:25 | indirec ... ed.name |
-| tst.js:20:2:20:7 | t.name |
--- a/javascript/ql/test/library-tests/frameworks/Collections/test.expected
+++ b/javascript/ql/test/library-tests/frameworks/Collections/test.expected
@@ -1,28 +1,3 @@
 dataFlow
-| tst.js:2:16:2:23 | source() | tst.js:7:7:7:7 | e |
-| tst.js:2:16:2:23 | source() | tst.js:11:10:11:10 | e |
-| tst.js:2:16:2:23 | source() | tst.js:17:10:17:10 | v |
-| tst.js:2:16:2:23 | source() | tst.js:21:10:21:14 | value |
-| tst.js:2:16:2:23 | source() | tst.js:26:10:26:14 | value |
-| tst.js:2:16:2:23 | source() | tst.js:30:7:30:7 | e |
-| tst.js:2:16:2:23 | source() | tst.js:34:7:34:7 | e |
-| tst.js:2:16:2:23 | source() | tst.js:38:7:38:7 | e |
-| tst.js:2:16:2:23 | source() | tst.js:42:7:42:7 | e |
-| tst.js:2:16:2:23 | source() | tst.js:46:7:46:7 | e |
-| tst.js:2:16:2:23 | source() | tst.js:50:10:50:10 | e |
-| tst.js:2:16:2:23 | source() | tst.js:53:8:53:21 | map.get("key") |
-| tst.js:2:16:2:23 | source() | tst.js:59:8:59:22 | map2.get("foo") |
-| tst.js:2:16:2:23 | source() | tst.js:64:8:64:26 | map3.get(unknown()) |
-| tst.js:2:16:2:23 | source() | tst.js:69:8:69:26 | map3.get(unknown()) |
 typeTracking
 | tst.js:2:16:2:23 | source() | tst.js:2:16:2:23 | source() |
-| tst.js:2:16:2:23 | source() | tst.js:6:14:6:14 | e |
-| tst.js:2:16:2:23 | source() | tst.js:10:15:10:15 | e |
-| tst.js:2:16:2:23 | source() | tst.js:16:15:16:15 | v |
-| tst.js:2:16:2:23 | source() | tst.js:20:20:20:24 | value |
-| tst.js:2:16:2:23 | source() | tst.js:25:14:25:18 | value |
-| tst.js:2:16:2:23 | source() | tst.js:29:14:29:14 | e |
-| tst.js:2:16:2:23 | source() | tst.js:33:14:33:14 | e |
-| tst.js:2:16:2:23 | source() | tst.js:37:14:37:14 | e |
-| tst.js:2:16:2:23 | source() | tst.js:45:14:45:14 | e |
-| tst.js:2:16:2:23 | source() | tst.js:53:8:53:21 | map.get("key") |
--- a/javascript/ql/test/library-tests/frameworks/Concepts/FileAccess.expected
+++ b/javascript/ql/test/library-tests/frameworks/Concepts/FileAccess.expected
@@ -0,0 +1,3 @@
+getPathArgument
+getReadNode
+getWriteNode
--- a/javascript/ql/test/library-tests/frameworks/Concepts/FileNameSource.expected
+++ b/javascript/ql/test/library-tests/frameworks/Concepts/FileNameSource.expected
@@ -0,0 +1,9 @@
+| tst-file-names.js:7:1:7:10 | walkSync() |
+| tst-file-names.js:9:35:9:44 | stats.name |
+| tst-file-names.js:11:1:11:12 | glob.sync(_) |
+| tst-file-names.js:13:13:13:16 | name |
+| tst-file-names.js:15:22:15:25 | name |
+| tst-file-names.js:17:1:17:22 | new glo ... ).found |
+| tst-file-names.js:19:1:19:14 | globby.sync(_) |
+| tst-file-names.js:23:1:23:16 | fastGlob.sync(_) |
+| tst-file-names.js:29:27:29:30 | file |
--- a/javascript/ql/test/library-tests/frameworks/Concepts/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/Concepts/tests.expected
@@ -1,61 +1,7 @@
 getPathArgument
-| file-access.js:3:1:4:34 | fstream ... file"}) | file-access.js:4:19:4:32 | "path/to/file" |
-| file-access.js:8:1:9:24 | fstream ... o/dir") | file-access.js:9:11:9:23 | "path/to/dir" |
-| file-access.js:10:9:10:43 | fstream ... r/dir") | file-access.js:10:24:10:42 | "path/to/other/dir" |
-| file-access.js:15:1:15:60 | writeFi ... rr) {}) | file-access.js:15:17:15:28 | 'atmoic.txt' |
-| file-access.js:18:1:18:59 | writeFi ... tions]) | file-access.js:18:21:18:34 | "syncFile.txt" |
-| file-access.js:22:1:22:48 | recursi ... es) {}) | file-access.js:22:11:22:21 | "some/path" |
-| file-access.js:25:1:25:59 | jsonfil ... bj) {}) | file-access.js:25:19:25:34 | '/tmp/data.json' |
-| file-access.js:26:1:26:39 | jsonfil ... .json') | file-access.js:26:23:26:38 | '/tmp/data.json' |
-| file-access.js:28:1:28:60 | jsonfil ... rr) {}) | file-access.js:28:20:28:35 | '/tmp/data.json' |
-| file-access.js:29:1:29:45 | jsonfil ... ', obj) | file-access.js:29:24:29:39 | '/tmp/data.json' |
-| file-access.js:34:4:34:23 | pathExists('foo.js') | file-access.js:34:15:34:22 | 'foo.js' |
-| file-access.js:39:1:39:28 | rimraf( ...  => {}) | file-access.js:39:8:39:10 | "/" |
-| file-access.js:42:1:42:59 | dir.rea ... on(){}) | file-access.js:42:15:42:31 | "/some/directory" |
-| file-access.js:46:1:46:25 | vfs.src ... path"]) | file-access.js:46:9:46:24 | ["some", "path"] |
-| file-access.js:47:1:47:36 | vfs.des ... true }) | file-access.js:47:10:47:13 | './' |
-| file-access.js:51:1:51:36 | ncp("fr ... rr) {}) | file-access.js:51:5:51:10 | "from" |
-| file-access.js:51:1:51:36 | ncp("fr ... rr) {}) | file-access.js:51:13:51:16 | "to" |
-| file-access.js:56:23:56:46 | loadJso ... .json') | file-access.js:56:36:56:45 | 'foo.json' |
-| file-access.js:57:14:57:42 | loadJso ... .json') | file-access.js:57:32:57:41 | 'foo.json' |
-| file-access.js:62:5:62:42 | writeJs ...  true}) | file-access.js:62:19:62:28 | 'bar.json' |
-| file-access.js:63:2:63:60 | writeJs ... : " "}) | file-access.js:63:21:63:30 | 'bar.json' |
-| file-access.js:67:1:67:35 | readdir ... *.js'}) | file-access.js:67:10:67:12 | '.' |
-| file-access.js:70:1:72:2 | recursi ... es);\\n}) | file-access.js:70:11:70:29 | "directory/to/read" |
-| file-access.js:73:1:73:30 | recursi ... /read") | file-access.js:73:11:73:29 | "directory/to/read" |
-| file-access.js:75:1:75:29 | jsonfil ... .json') | file-access.js:75:19:75:28 | 'baz.json' |
-| file-access.js:79:2:81:3 | walk('. ... h);\\n\\t}) | file-access.js:79:7:79:11 | '../' |
-| file-access.js:82:16:82:26 | walk('../') | file-access.js:82:21:82:25 | '../' |
-| file-access.js:84:2:86:3 | walk.sy ... h);\\n\\t}) | file-access.js:84:12:84:16 | '../' |
-| file-access.js:87:14:87:29 | walk.sync('../') | file-access.js:87:24:87:28 | '../' |
-| file-access.js:88:21:88:37 | walk.async('../') | file-access.js:88:32:88:36 | '../' |
-| file-access.js:92:1:92:15 | walker('/etc/') | file-access.js:92:8:92:14 | '/etc/' |
-| tst-file-names.js:43:15:43:50 | globule ... o.js"]) | tst-file-names.js:43:40:43:49 | ["foo.js"] |
-| tst-file-names.js:44:12:44:49 | globule ... o.js"]) | tst-file-names.js:44:39:44:48 | ["foo.js"] |
-| tst-file-names.js:46:12:46:51 | globule ... .js"]}) | tst-file-names.js:46:34:46:49 | ["a.js", "b.js"] |
-| tst-file-names.js:47:12:47:52 | globule ... b.js"]) | tst-file-names.js:47:28:47:51 | ["foo/a ... /b.js"] |
 getReadNode
-| file-access.js:25:1:25:59 | jsonfil ... bj) {}) | file-access.js:25:52:25:54 | obj |
-| file-access.js:26:1:26:39 | jsonfil ... .json') | file-access.js:26:1:26:39 | jsonfil ... .json') |
-| file-access.js:56:23:56:46 | loadJso ... .json') | file-access.js:56:17:56:46 | await l ... .json') |
-| file-access.js:57:14:57:42 | loadJso ... .json') | file-access.js:57:14:57:42 | loadJso ... .json') |
-| file-access.js:75:1:75:29 | jsonfil ... .json') | file-access.js:75:36:75:38 | obj |
 getWriteNode
-| file-access.js:15:1:15:60 | writeFi ... rr) {}) | file-access.js:15:31:15:36 | 'Data' |
-| file-access.js:18:1:18:59 | writeFi ... tions]) | file-access.js:18:37:18:47 | "More data" |
-| file-access.js:28:1:28:60 | jsonfil ... rr) {}) | file-access.js:28:38:28:40 | obj |
-| file-access.js:29:1:29:45 | jsonfil ... ', obj) | file-access.js:29:42:29:44 | obj |
-| file-access.js:62:5:62:42 | writeJs ...  true}) | file-access.js:62:31:62:41 | {bar: true} |
-| file-access.js:63:2:63:60 | writeJs ... : " "}) | file-access.js:63:33:63:44 | {bar: false} |
 fileNameSource
-| file-access.js:22:39:22:43 | files |
-| file-access.js:70:47:70:51 | files |
-| file-access.js:73:37:73:42 | files2 |
-| file-access.js:79:23:79:26 | path |
-| file-access.js:83:30:83:37 | filename |
-| file-access.js:84:2:86:3 | walk.sy ... h);\\n\\t}) |
-| file-access.js:87:14:87:29 | walk.sync('../') |
-| file-access.js:88:15:88:37 | await w ... ('../') |
 | tst-file-names.js:7:1:7:10 | walkSync() |
 | tst-file-names.js:9:35:9:44 | stats.name |
 | tst-file-names.js:11:1:11:12 | glob.sync(_) |
@@ -63,21 +9,8 @@ fileNameSource
 | tst-file-names.js:15:22:15:25 | name |
 | tst-file-names.js:17:1:17:22 | new glo ... ).found |
 | tst-file-names.js:19:1:19:14 | globby.sync(_) |
-| tst-file-names.js:21:16:21:20 | files |
 | tst-file-names.js:23:1:23:16 | fastGlob.sync(_) |
-| tst-file-names.js:25:18:25:22 | files |
-| tst-file-names.js:27:24:27:28 | files |
 | tst-file-names.js:29:27:29:30 | file |
-| tst-file-names.js:32:34:32:38 | files |
-| tst-file-names.js:34:15:34:29 | await globby(_) |
-| tst-file-names.js:36:16:36:38 | await f ... sync(_) |
-| tst-file-names.js:38:16:38:57 | await f ...  => {}) |
-| tst-file-names.js:42:17:42:39 | globule ... /*.js') |
-| tst-file-names.js:43:15:43:50 | globule ... o.js"]) |
-| tst-file-names.js:45:12:45:42 | globule ... /*.js") |
-| tst-file-names.js:46:12:46:51 | globule ... .js"]}) |
-| tst-file-names.js:47:12:47:52 | globule ... b.js"]) |
-| tst-file-names.js:51:15:51:23 | await foo |
 persistentReadAccess_getAWrite
 | persistence.js:3:5:3:33 | localSt ... prop1') | persistence.js:2:5:2:37 | localSt ... 1', v1) |
 | persistence.js:6:5:6:35 | session ... prop2') | persistence.js:5:5:5:39 | session ... 2', v2) |
--- a/javascript/ql/test/library-tests/frameworks/Express/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/Express/tests.expected
@@ -790,15 +790,7 @@ test_isRequest
 | src/advanced-routehandler-registration.js:101:31:101:33 | req |
 | src/advanced-routehandler-registration.js:111:10:111:12 | req |
 | src/advanced-routehandler-registration.js:111:40:111:42 | req |
-| src/advanced-routehandler-registration.js:123:21:123:23 | req |
-| src/advanced-routehandler-registration.js:123:46:123:48 | req |
-| src/advanced-routehandler-registration.js:124:21:124:23 | req |
-| src/advanced-routehandler-registration.js:124:46:124:48 | req |
 | src/advanced-routehandler-registration.js:146:29:146:31 | req |
-| src/advanced-routehandler-registration.js:156:22:156:24 | req |
-| src/advanced-routehandler-registration.js:156:47:156:49 | req |
-| src/advanced-routehandler-registration.js:157:28:157:30 | req |
-| src/advanced-routehandler-registration.js:157:53:157:55 | req |
 | src/controllers/handler-in-bulk-require.js:1:45:1:47 | req |
 | src/csurf-example.js:20:28:20:30 | req |
 | src/csurf-example.js:22:35:22:37 | req |
@@ -1064,11 +1056,7 @@ test_ResponseExpr
 | src/advanced-routehandler-registration.js:101:36:101:38 | res | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") |
 | src/advanced-routehandler-registration.js:111:15:111:17 | res | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") |
 | src/advanced-routehandler-registration.js:111:45:111:47 | res | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") |
-| src/advanced-routehandler-registration.js:123:26:123:28 | res | src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:124:26:124:28 | res | src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) |
 | src/advanced-routehandler-registration.js:146:34:146:36 | res | src/advanced-routehandler-registration.js:146:28:146:50 | (req, r ... defined |
-| src/advanced-routehandler-registration.js:156:27:156:29 | res | src/advanced-routehandler-registration.js:156:21:156:50 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:157:33:157:35 | res | src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) |
 | src/controllers/handler-in-bulk-require.js:1:50:1:52 | res | src/controllers/handler-in-bulk-require.js:1:44:1:66 | (req, r ... defined |
 | src/csurf-example.js:20:33:20:35 | res | src/csurf-example.js:20:18:23:1 | functio ... () })\\n} |
 | src/csurf-example.js:22:3:22:5 | res | src/csurf-example.js:20:18:23:1 | functio ... () })\\n} |
@@ -1581,11 +1569,7 @@ test_RouteHandler_getAResponseExpr
 | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") | src/advanced-routehandler-registration.js:101:36:101:38 | res |
 | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") | src/advanced-routehandler-registration.js:111:15:111:17 | res |
 | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") | src/advanced-routehandler-registration.js:111:45:111:47 | res |
-| src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:123:26:123:28 | res |
-| src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:124:26:124:28 | res |
 | src/advanced-routehandler-registration.js:146:28:146:50 | (req, r ... defined | src/advanced-routehandler-registration.js:146:34:146:36 | res |
-| src/advanced-routehandler-registration.js:156:21:156:50 | (req, r ... og(req) | src/advanced-routehandler-registration.js:156:27:156:29 | res |
-| src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) | src/advanced-routehandler-registration.js:157:33:157:35 | res |
 | src/controllers/handler-in-bulk-require.js:1:44:1:66 | (req, r ... defined | src/controllers/handler-in-bulk-require.js:1:50:1:52 | res |
 | src/csurf-example.js:20:18:23:1 | functio ... () })\\n} | src/csurf-example.js:20:33:20:35 | res |
 | src/csurf-example.js:20:18:23:1 | functio ... () })\\n} | src/csurf-example.js:22:3:22:5 | res |
@@ -1721,11 +1705,7 @@ test_isResponse
 | src/advanced-routehandler-registration.js:101:36:101:38 | res |
 | src/advanced-routehandler-registration.js:111:15:111:17 | res |
 | src/advanced-routehandler-registration.js:111:45:111:47 | res |
-| src/advanced-routehandler-registration.js:123:26:123:28 | res |
-| src/advanced-routehandler-registration.js:124:26:124:28 | res |
 | src/advanced-routehandler-registration.js:146:34:146:36 | res |
-| src/advanced-routehandler-registration.js:156:27:156:29 | res |
-| src/advanced-routehandler-registration.js:157:33:157:35 | res |
 | src/controllers/handler-in-bulk-require.js:1:50:1:52 | res |
 | src/csurf-example.js:20:33:20:35 | res |
 | src/csurf-example.js:22:3:22:5 | res |
@@ -1888,13 +1868,9 @@ test_RouteSetup_getARouteHandler
 | src/advanced-routehandler-registration.js:118:1:118:30 | app.get ... utes.a) | src/route-collection.js:2:6:2:35 | (req, r ... og(req) |
 | src/advanced-routehandler-registration.js:119:1:119:30 | app.get ... utes.b) | src/advanced-routehandler-registration.js:119:14:119:29 | importedRoutes.b |
 | src/advanced-routehandler-registration.js:119:1:119:30 | app.get ... utes.b) | src/route-collection.js:3:6:3:35 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:125:29:125:41 | app.get(k, v) | src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:125:29:125:41 | app.get(k, v) | src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) |
 | src/advanced-routehandler-registration.js:125:29:125:41 | app.get(k, v) | src/advanced-routehandler-registration.js:125:20:125:20 | v |
 | src/advanced-routehandler-registration.js:125:29:125:41 | app.get(k, v) | src/advanced-routehandler-registration.js:125:23:125:23 | k |
-| src/advanced-routehandler-registration.js:126:1:126:32 | app.get ... t("a")) | src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) |
 | src/advanced-routehandler-registration.js:126:1:126:32 | app.get ... t("a")) | src/advanced-routehandler-registration.js:126:14:126:31 | routesMap.get("a") |
-| src/advanced-routehandler-registration.js:127:1:127:32 | app.get ... t("b")) | src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) |
 | src/advanced-routehandler-registration.js:127:1:127:32 | app.get ... t("b")) | src/advanced-routehandler-registration.js:127:14:127:31 | routesMap.get("b") |
 | src/advanced-routehandler-registration.js:135:2:135:53 | app.get ... andler) | src/advanced-routehandler-registration.js:135:10:135:28 | dynamicRequire.path |
 | src/advanced-routehandler-registration.js:135:2:135:53 | app.get ... andler) | src/advanced-routehandler-registration.js:135:31:135:52 | dynamic ... handler |
@@ -1907,13 +1883,9 @@ test_RouteSetup_getARouteHandler
 | src/advanced-routehandler-registration.js:150:2:150:14 | app.get(k, v) | src/advanced-routehandler-registration.js:150:10:150:10 | k |
 | src/advanced-routehandler-registration.js:150:2:150:14 | app.get(k, v) | src/advanced-routehandler-registration.js:150:13:150:13 | v |
 | src/advanced-routehandler-registration.js:153:1:153:41 | app.get ... KEY!")) | src/advanced-routehandler-registration.js:153:14:153:40 | routesM ... _KEY!") |
-| src/advanced-routehandler-registration.js:160:1:160:33 | app.get ... t("c")) | src/advanced-routehandler-registration.js:156:21:156:50 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:160:1:160:33 | app.get ... t("c")) | src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) |
 | src/advanced-routehandler-registration.js:160:1:160:33 | app.get ... t("c")) | src/advanced-routehandler-registration.js:160:14:160:32 | routesMap2.get("c") |
-| src/advanced-routehandler-registration.js:161:1:161:39 | app.get ... own())) | src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) |
 | src/advanced-routehandler-registration.js:161:1:161:39 | app.get ... own())) | src/advanced-routehandler-registration.js:161:14:161:38 | routesM ... nown()) |
 | src/advanced-routehandler-registration.js:162:1:162:23 | app.get ... nown()) | src/advanced-routehandler-registration.js:162:14:162:22 | unknown() |
-| src/advanced-routehandler-registration.js:163:1:163:33 | app.get ... t("f")) | src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) |
 | src/advanced-routehandler-registration.js:163:1:163:33 | app.get ... t("f")) | src/advanced-routehandler-registration.js:163:14:163:32 | routesMap2.get("f") |
 | src/auth.js:4:1:4:53 | app.use ... d' }})) | src/auth.js:4:9:4:52 | basicAu ... rd' }}) |
 | src/csurf-example.js:13:1:13:20 | app.use('/api', api) | src/csurf-example.js:10:11:10:27 | createApiRouter() |
@@ -2301,11 +2273,7 @@ test_RouteHandler
 | src/advanced-routehandler-registration.js:92:9:92:60 | (req, r ... tever") | src/advanced-routehandler-registration.js:92:10:92:12 | req | src/advanced-routehandler-registration.js:92:15:92:17 | res |
 | src/advanced-routehandler-registration.js:100:11:102:3 | functio ... s);\\n  } | src/advanced-routehandler-registration.js:100:20:100:22 | req | src/advanced-routehandler-registration.js:100:25:100:27 | res |
 | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") | src/advanced-routehandler-registration.js:111:10:111:12 | req | src/advanced-routehandler-registration.js:111:15:111:17 | res |
-| src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:123:21:123:23 | req | src/advanced-routehandler-registration.js:123:26:123:28 | res |
-| src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:124:21:124:23 | req | src/advanced-routehandler-registration.js:124:26:124:28 | res |
 | src/advanced-routehandler-registration.js:146:28:146:50 | (req, r ... defined | src/advanced-routehandler-registration.js:146:29:146:31 | req | src/advanced-routehandler-registration.js:146:34:146:36 | res |
-| src/advanced-routehandler-registration.js:156:21:156:50 | (req, r ... og(req) | src/advanced-routehandler-registration.js:156:22:156:24 | req | src/advanced-routehandler-registration.js:156:27:156:29 | res |
-| src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) | src/advanced-routehandler-registration.js:157:28:157:30 | req | src/advanced-routehandler-registration.js:157:33:157:35 | res |
 | src/controllers/handler-in-bulk-require.js:1:44:1:66 | (req, r ... defined | src/controllers/handler-in-bulk-require.js:1:45:1:47 | req | src/controllers/handler-in-bulk-require.js:1:50:1:52 | res |
 | src/csurf-example.js:20:18:23:1 | functio ... () })\\n} | src/csurf-example.js:20:28:20:30 | req | src/csurf-example.js:20:33:20:35 | res |
 | src/csurf-example.js:25:22:27:1 | functio ... ere')\\n} | src/csurf-example.js:25:32:25:34 | req | src/csurf-example.js:25:37:25:39 | res |
@@ -2496,15 +2464,7 @@ test_RequestExpr
 | src/advanced-routehandler-registration.js:101:31:101:33 | req | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") |
 | src/advanced-routehandler-registration.js:111:10:111:12 | req | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") |
 | src/advanced-routehandler-registration.js:111:40:111:42 | req | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") |
-| src/advanced-routehandler-registration.js:123:21:123:23 | req | src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:123:46:123:48 | req | src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:124:21:124:23 | req | src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:124:46:124:48 | req | src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) |
 | src/advanced-routehandler-registration.js:146:29:146:31 | req | src/advanced-routehandler-registration.js:146:28:146:50 | (req, r ... defined |
-| src/advanced-routehandler-registration.js:156:22:156:24 | req | src/advanced-routehandler-registration.js:156:21:156:50 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:156:47:156:49 | req | src/advanced-routehandler-registration.js:156:21:156:50 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:157:28:157:30 | req | src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) |
-| src/advanced-routehandler-registration.js:157:53:157:55 | req | src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) |
 | src/controllers/handler-in-bulk-require.js:1:45:1:47 | req | src/controllers/handler-in-bulk-require.js:1:44:1:66 | (req, r ... defined |
 | src/csurf-example.js:20:28:20:30 | req | src/csurf-example.js:20:18:23:1 | functio ... () })\\n} |
 | src/csurf-example.js:22:35:22:37 | req | src/csurf-example.js:20:18:23:1 | functio ... () })\\n} |
@@ -2623,15 +2583,7 @@ test_RouteHandler_getARequestExpr
 | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") | src/advanced-routehandler-registration.js:101:31:101:33 | req |
 | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") | src/advanced-routehandler-registration.js:111:10:111:12 | req |
 | src/advanced-routehandler-registration.js:111:9:111:60 | (req, r ... tever") | src/advanced-routehandler-registration.js:111:40:111:42 | req |
-| src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:123:21:123:23 | req |
-| src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:123:46:123:48 | req |
-| src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:124:21:124:23 | req |
-| src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:124:46:124:48 | req |
 | src/advanced-routehandler-registration.js:146:28:146:50 | (req, r ... defined | src/advanced-routehandler-registration.js:146:29:146:31 | req |
-| src/advanced-routehandler-registration.js:156:21:156:50 | (req, r ... og(req) | src/advanced-routehandler-registration.js:156:22:156:24 | req |
-| src/advanced-routehandler-registration.js:156:21:156:50 | (req, r ... og(req) | src/advanced-routehandler-registration.js:156:47:156:49 | req |
-| src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) | src/advanced-routehandler-registration.js:157:28:157:30 | req |
-| src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) | src/advanced-routehandler-registration.js:157:53:157:55 | req |
 | src/controllers/handler-in-bulk-require.js:1:44:1:66 | (req, r ... defined | src/controllers/handler-in-bulk-require.js:1:45:1:47 | req |
 | src/csurf-example.js:20:18:23:1 | functio ... () })\\n} | src/csurf-example.js:20:28:20:30 | req |
 | src/csurf-example.js:20:18:23:1 | functio ... () })\\n} | src/csurf-example.js:22:35:22:37 | req |
@@ -2705,15 +2657,7 @@ getRouteHandlerContainerStep
 | src/advanced-routehandler-registration.js:85:15:88:1 | {\\n  a:  ... (req)\\n} | src/advanced-routehandler-registration.js:87:6:87:35 | (req, r ... og(req) | src/advanced-routehandler-registration.js:90:20:90:29 | routes3[p] |
 | src/advanced-routehandler-registration.js:104:15:107:1 | {\\n  a:  ... (req)\\n} | src/advanced-routehandler-registration.js:105:6:105:35 | (req, r ... og(req) | src/advanced-routehandler-registration.js:109:20:109:29 | routes4[p] |
 | src/advanced-routehandler-registration.js:104:15:107:1 | {\\n  a:  ... (req)\\n} | src/advanced-routehandler-registration.js:106:6:106:35 | (req, r ... og(req) | src/advanced-routehandler-registration.js:109:20:109:29 | routes4[p] |
-| src/advanced-routehandler-registration.js:122:17:122:25 | new Map() | src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:125:20:125:20 | v |
-| src/advanced-routehandler-registration.js:122:17:122:25 | new Map() | src/advanced-routehandler-registration.js:123:20:123:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:126:14:126:31 | routesMap.get("a") |
-| src/advanced-routehandler-registration.js:122:17:122:25 | new Map() | src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:125:20:125:20 | v |
-| src/advanced-routehandler-registration.js:122:17:122:25 | new Map() | src/advanced-routehandler-registration.js:124:20:124:49 | (req, r ... og(req) | src/advanced-routehandler-registration.js:127:14:127:31 | routesMap.get("b") |
 | src/advanced-routehandler-registration.js:146:16:146:51 | { handl ... efined} | src/advanced-routehandler-registration.js:146:28:146:50 | (req, r ... defined | src/advanced-routehandler-registration.js:147:9:147:25 | handlers.handlerA |
-| src/advanced-routehandler-registration.js:155:18:155:26 | new Map() | src/advanced-routehandler-registration.js:156:21:156:50 | (req, r ... og(req) | src/advanced-routehandler-registration.js:160:14:160:32 | routesMap2.get("c") |
-| src/advanced-routehandler-registration.js:155:18:155:26 | new Map() | src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) | src/advanced-routehandler-registration.js:160:14:160:32 | routesMap2.get("c") |
-| src/advanced-routehandler-registration.js:155:18:155:26 | new Map() | src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) | src/advanced-routehandler-registration.js:161:14:161:38 | routesM ... nown()) |
-| src/advanced-routehandler-registration.js:155:18:155:26 | new Map() | src/advanced-routehandler-registration.js:157:27:157:56 | (req, r ... og(req) | src/advanced-routehandler-registration.js:163:14:163:32 | routesMap2.get("f") |
 | src/controllers/handler-in-bulk-require.js:1:18:1:68 | { path: ... fined } | src/controllers/handler-in-bulk-require.js:1:44:1:66 | (req, r ... defined | src/advanced-routehandler-registration.js:139:33:139:57 | bulkReq ... handler |
 | src/route-collection.js:1:18:4:1 | {\\n  a:  ... (req)\\n} | src/route-collection.js:2:6:2:35 | (req, r ... og(req) | src/advanced-routehandler-registration.js:116:14:116:30 | importedRoutes[p] |
 | src/route-collection.js:1:18:4:1 | {\\n  a:  ... (req)\\n} | src/route-collection.js:2:6:2:35 | (req, r ... og(req) | src/advanced-routehandler-registration.js:118:14:118:29 | importedRoutes.a |
--- a/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected
+++ b/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected
@@ -228,8 +228,6 @@ test_ReactComponent_getACandidatePropsValue
 | props.js:32:22:32:34 | "propFromJSX" |
 | props.js:34:33:34:53 | "propFr ... ructor" |
 | useHigherOrderComponent.jsx:5:33:5:37 | "red" |
-| useHigherOrderComponent.jsx:11:39:11:44 | "lazy" |
-| useHigherOrderComponent.jsx:17:40:17:46 | "lazy2" |
 test_ReactComponent
 | es5.js:1:31:11:1 | {\\n  dis ... ;\\n  }\\n} |
 | es5.js:18:33:22:1 | {\\n  ren ... ;\\n  }\\n} |
--- a/javascript/ql/test/library-tests/frameworks/SQL/Credentials.expected
+++ b/javascript/ql/test/library-tests/frameworks/SQL/Credentials.expected
@@ -4,8 +4,6 @@
 | mssql3.js:12:13:12:22 | 'password' | password |
 | mysql1.js:6:14:6:17 | 'me' | user name |
 | mysql1.js:7:14:7:21 | 'secret' | password |
-| mysql1a.js:10:9:10:12 | 'me' | user name |
-| mysql1a.js:11:13:11:20 | 'secret' | password |
 | mysql2.js:7:21:7:25 | 'bob' | user name |
 | mysql2.js:8:21:8:28 | 'secret' | password |
 | mysql2tst.js:8:9:8:14 | 'root' | user name |
--- a/javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected
+++ b/javascript/ql/test/library-tests/frameworks/SQL/SqlString.expected
@@ -6,7 +6,6 @@
 | mssql2.js:29:30:29:81 | 'create ...  table' |
 | mysql1.js:13:18:13:43 | 'SELECT ... lution' |
 | mysql1.js:18:18:22:1 | {\\n    s ... vid']\\n} |
-| mysql1a.js:17:18:17:43 | 'SELECT ... lution' |
 | mysql2.js:12:12:12:37 | 'SELECT ... lution' |
 | mysql2tst.js:14:3:14:62 | 'SELECT ... ` > 45' |
 | mysql2tst.js:23:3:23:56 | 'SELECT ... e` > ?' |
@@ -14,10 +13,7 @@
 | mysql4.js:14:18:14:20 | sql |
 | mysqlImport.js:3:18:5:1 | {\\n    s ... = ?',\\n} |
 | postgres1.js:37:21:37:24 | text |
-| postgres2.js:30:16:30:41 | 'SELECT ... number' |
 | postgres3.js:15:16:15:40 | 'SELECT ... s name' |
-| postgres5.js:8:21:8:25 | query |
-| postgresImport.js:4:18:4:43 | 'SELECT ... number' |
 | sequelize2.js:10:17:10:118 | 'SELECT ... Y name' |
 | sequelize.js:8:17:8:118 | 'SELECT ... Y name' |
 | sequelizeImport.js:3:17:3:118 | 'SELECT ... Y name' |
@@ -43,5 +39,4 @@
 | spanner.js:19:23:19:32 | "SQL code" |
 | spannerImport.js:4:8:4:17 | "SQL code" |
 | sqlite.js:7:8:7:45 | "UPDATE ... id = ?" |
-| sqliteArray.js:6:12:6:49 | "UPDATE ... id = ?" |
 | sqliteImport.js:2:8:2:44 | "UPDATE ... id = ?" |
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected
@@ -0,0 +1,17 @@
+| query-tests/Security/CWE-022/TaintedPath/TaintedPath.js:138 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js:12 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js:13 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js:14 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js:16 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js:17 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js:19 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js:24 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js:40 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js:41 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js:42 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js:7 | expected an alert, but found none | BAD: sending a file based on un-sanitized query parameters |  |
+| query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js:9 | expected an alert, but found none | BAD: same as above |  |
+| query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js:17 | expected an alert, but found none | BAD: doesn't help if user controls root |  |
+| query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js:24 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js:25 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-022/TaintedPath/torrents.js:7 | expected an alert, but found none | NOT OK |  |
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
--- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected
@@ -29,14 +29,6 @@ nodes
 | ZipSlipBad.js:8:37:8:44 | fileName |
 | ZipSlipBad.js:8:37:8:44 | fileName |
 | ZipSlipBad.js:8:37:8:44 | fileName |
-| ZipSlipBad.js:15:11:15:31 | fileName |
-| ZipSlipBad.js:15:11:15:31 | fileName |
-| ZipSlipBad.js:15:22:15:31 | entry.path |
-| ZipSlipBad.js:15:22:15:31 | entry.path |
-| ZipSlipBad.js:15:22:15:31 | entry.path |
-| ZipSlipBad.js:16:30:16:37 | fileName |
-| ZipSlipBad.js:16:30:16:37 | fileName |
-| ZipSlipBad.js:16:30:16:37 | fileName |
 | ZipSlipBad.js:22:11:22:31 | fileName |
 | ZipSlipBad.js:22:11:22:31 | fileName |
 | ZipSlipBad.js:22:22:22:31 | entry.path |
@@ -75,14 +67,6 @@ edges
 | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
 | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
 | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
-| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName |
-| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName |
-| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName |
-| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName |
-| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName |
-| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName |
-| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName |
-| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName |
 | ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName |
 | ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName |
 | ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName |
@@ -105,6 +89,5 @@ edges
 | TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | TarSlipBad.js:9:17:9:31 | header.linkname | item path |
 | ZipSlipBad2.js:6:22:6:29 | fileName | ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:6:22:6:29 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad2.js:5:37:5:46 | entry.path | item path |
 | ZipSlipBad.js:8:37:8:44 | fileName | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:8:37:8:44 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad.js:7:22:7:31 | entry.path | item path |
-| ZipSlipBad.js:16:30:16:37 | fileName | ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:16:30:16:37 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad.js:15:22:15:31 | entry.path | item path |
 | ZipSlipBad.js:23:28:23:35 | fileName | ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:23:28:23:35 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad.js:22:22:22:31 | entry.path | item path |
 | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | item path |
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected
@@ -0,0 +1,13 @@
+| query-tests/Security/CWE-079/DomBasedXss/express.js:6 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/DomBasedXss/jwt-server.js:10 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/DomBasedXss/react-use-context.js:10 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/DomBasedXss/react-use-context.js:16 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/DomBasedXss/tst3.js:4 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/DomBasedXss/tst3.js:5 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/DomBasedXss/tst3.js:7 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/DomBasedXss/tst3.js:9 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/DomBasedXss/tst3.js:10 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/DomBasedXss/tst.js:349 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/DomBasedXss/tst.js:356 | expected an alert, but found none | NOT OK. (this is a jQuery object) |  |
+| query-tests/Security/CWE-079/DomBasedXss/tst.js:360 | expected an alert, but found none | NOT OK. (this is a DOM-node); |  |
+| query-tests/Security/CWE-079/DomBasedXss/tst.js:363 | expected an alert, but found none | NOT OK. |  |
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
@@ -15,53 +15,50 @@ nodes
 | addEventListener.js:12:24:12:28 | event |
 | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:33 | event.data |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() |
+| angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params |
+| angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams |
+| angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters |
+| angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params |
+| angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
 | classnames.js:7:31:7:84 | `<span  ... <span>` |
 | classnames.js:7:31:7:84 | `<span  ... <span>` |
 | classnames.js:7:47:7:69 | classNa ... w.name) |
@@ -118,9 +115,6 @@ nodes
 | dates.js:18:31:18:66 | `Time i ... aint)}` |
 | dates.js:18:42:18:64 | datefor ...  taint) |
 | dates.js:18:59:18:63 | taint |
-| express.js:7:15:7:33 | req.param("wobble") |
-| express.js:7:15:7:33 | req.param("wobble") |
-| express.js:7:15:7:33 | req.param("wobble") |
 | jquery.js:2:7:2:40 | tainted |
 | jquery.js:2:7:2:40 | tainted |
 | jquery.js:2:17:2:33 | document.location |
@@ -154,14 +148,6 @@ nodes
 | jquery.js:16:38:16:52 | window.location |
 | jquery.js:16:38:16:52 | window.location |
 | jquery.js:16:38:16:63 | window. ... tring() |
-| jwt-server.js:7:9:7:35 | taint |
-| jwt-server.js:7:17:7:35 | req.param("wobble") |
-| jwt-server.js:7:17:7:35 | req.param("wobble") |
-| jwt-server.js:9:16:9:20 | taint |
-| jwt-server.js:9:55:9:61 | decoded |
-| jwt-server.js:11:19:11:25 | decoded |
-| jwt-server.js:11:19:11:29 | decoded.foo |
-| jwt-server.js:11:19:11:29 | decoded.foo |
 | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
 | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
 | nodemailer.js:13:50:13:66 | req.query.message |
@@ -214,12 +200,6 @@ nodes
 | react-native.js:8:18:8:24 | tainted |
 | react-native.js:9:27:9:33 | tainted |
 | react-native.js:9:27:9:33 | tainted |
-| react-use-context.js:10:22:10:32 | window.name |
-| react-use-context.js:10:22:10:32 | window.name |
-| react-use-context.js:10:22:10:32 | window.name |
-| react-use-context.js:16:26:16:36 | window.name |
-| react-use-context.js:16:26:16:36 | window.name |
-| react-use-context.js:16:26:16:36 | window.name |
 | react-use-state.js:4:9:4:49 | state |
 | react-use-state.js:4:10:4:14 | state |
 | react-use-state.js:4:38:4:48 | window.name |
@@ -322,27 +302,6 @@ nodes
 | translate.js:7:42:7:60 | target.substring(1) |
 | translate.js:9:27:9:50 | searchP ... 'term') |
 | translate.js:9:27:9:50 | searchP ... 'term') |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
-| tst3.js:2:23:2:74 | decodeU ... str(1)) |
-| tst3.js:2:42:2:56 | window.location |
-| tst3.js:2:42:2:56 | window.location |
-| tst3.js:2:42:2:63 | window. ... .search |
-| tst3.js:2:42:2:73 | window. ... bstr(1) |
-| tst3.js:4:25:4:28 | data |
-| tst3.js:4:25:4:32 | data.src |
-| tst3.js:4:25:4:32 | data.src |
-| tst3.js:5:26:5:29 | data |
-| tst3.js:5:26:5:31 | data.p |
-| tst3.js:5:26:5:31 | data.p |
-| tst3.js:7:32:7:35 | data |
-| tst3.js:7:32:7:37 | data.p |
-| tst3.js:7:32:7:37 | data.p |
-| tst3.js:9:37:9:40 | data |
-| tst3.js:9:37:9:42 | data.p |
-| tst3.js:9:37:9:42 | data.p |
-| tst3.js:10:38:10:41 | data |
-| tst3.js:10:38:10:43 | data.p |
-| tst3.js:10:38:10:43 | data.p |
 | tst.js:2:7:2:39 | target |
 | tst.js:2:7:2:39 | target |
 | tst.js:2:16:2:32 | document.location |
@@ -571,22 +530,6 @@ nodes
 | tst.js:343:5:343:17 | getUrl().hash |
 | tst.js:343:5:343:30 | getUrl( ... ring(1) |
 | tst.js:343:5:343:30 | getUrl( ... ring(1) |
-| tst.js:348:7:348:39 | target |
-| tst.js:348:16:348:32 | document.location |
-| tst.js:348:16:348:32 | document.location |
-| tst.js:348:16:348:39 | documen ... .search |
-| tst.js:349:12:349:17 | target |
-| tst.js:349:12:349:17 | target |
-| tst.js:355:10:355:42 | target |
-| tst.js:355:19:355:35 | document.location |
-| tst.js:355:19:355:35 | document.location |
-| tst.js:355:19:355:42 | documen ... .search |
-| tst.js:356:16:356:21 | target |
-| tst.js:356:16:356:21 | target |
-| tst.js:360:21:360:26 | target |
-| tst.js:360:21:360:26 | target |
-| tst.js:363:18:363:23 | target |
-| tst.js:363:18:363:23 | target |
 | tst.js:371:7:371:39 | target |
 | tst.js:371:16:371:32 | document.location |
 | tst.js:371:16:371:32 | document.location |
@@ -714,35 +657,34 @@ edges
 | addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event |
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment | angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') | angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') | angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') | angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path | angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') | angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:37:44:37:58 | this.router.url | angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') | angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
 | classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `<span  ... <span>` |
 | classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `<span  ... <span>` |
 | classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) |
@@ -792,7 +734,6 @@ edges
 | dates.js:18:42:18:64 | datefor ...  taint) | dates.js:18:31:18:66 | `Time i ... aint)}` |
 | dates.js:18:42:18:64 | datefor ...  taint) | dates.js:18:31:18:66 | `Time i ... aint)}` |
 | dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ...  taint) |
-| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") |
 | jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted |
 | jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted |
 | jquery.js:2:17:2:33 | document.location | jquery.js:2:17:2:40 | documen ... .search |
@@ -820,13 +761,6 @@ edges
 | jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() |
 | jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) |
 | jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) |
-| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint |
-| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint |
-| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint |
-| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded |
-| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded |
-| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo |
-| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo |
 | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
 | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
 | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
@@ -882,8 +816,6 @@ edges
 | react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted |
 | react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
 | react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
-| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name |
-| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name |
 | react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state |
 | react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state |
 | react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state |
@@ -970,26 +902,6 @@ edges
 | translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) |
 | translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') |
 | translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data |
-| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
-| tst3.js:2:42:2:56 | window.location | tst3.js:2:42:2:63 | window. ... .search |
-| tst3.js:2:42:2:56 | window.location | tst3.js:2:42:2:63 | window. ... .search |
-| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) |
-| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) |
-| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src |
-| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src |
-| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p |
-| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p |
-| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p |
-| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p |
-| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p |
-| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p |
-| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p |
-| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p |
 | tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target |
 | tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target |
 | tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target |
@@ -1056,7 +968,6 @@ edges
 | tst.js:70:3:70:19 | document.location | tst.js:70:3:70:26 | documen ... .search |
 | tst.js:70:3:70:19 | document.location | tst.js:70:3:70:26 | documen ... .search |
 | tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] |
-| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x |
 | tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x |
 | tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x |
 | tst.js:77:49:77:65 | document.location | tst.js:77:49:77:72 | documen ... .search |
@@ -1188,20 +1099,6 @@ edges
 | tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash |
 | tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) |
 | tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) |
-| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target |
-| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target |
-| tst.js:348:16:348:32 | document.location | tst.js:348:16:348:39 | documen ... .search |
-| tst.js:348:16:348:32 | document.location | tst.js:348:16:348:39 | documen ... .search |
-| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target |
-| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target |
-| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target |
-| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target |
-| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target |
-| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target |
-| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target |
-| tst.js:355:19:355:35 | document.location | tst.js:355:19:355:42 | documen ... .search |
-| tst.js:355:19:355:35 | document.location | tst.js:355:19:355:42 | documen ... .search |
-| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target |
 | tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target |
 | tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target |
 | tst.js:371:16:371:32 | document.location | tst.js:371:16:371:39 | documen ... .search |
@@ -1309,20 +1206,19 @@ edges
 | addEventListener.js:2:20:2:29 | event.data | addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:29 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:1:43:1:47 | event | user-provided value |
 | addEventListener.js:6:20:6:23 | data | addEventListener.js:5:43:5:48 | {data} | addEventListener.js:6:20:6:23 | data | Cross-site scripting vulnerability due to $@. | addEventListener.js:5:43:5:48 | {data} | user-provided value |
 | addEventListener.js:12:24:12:33 | event.data | addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:33 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:10:21:10:25 | event | user-provided value |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Cross-site scripting vulnerability due to $@. | angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | user-provided value |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:24:44:24:69 | this.ro ... .params | user-provided value |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:25:44:25:74 | this.ro ... yParams | user-provided value |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment | Cross-site scripting vulnerability due to $@. | angular2-client.ts:26:44:26:71 | this.ro ... ragment | user-provided value |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | user-provided value |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | user-provided value |
-| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:30:46:30:59 | map.get('foo') | user-provided value |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Cross-site scripting vulnerability due to $@. | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | user-provided value |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:34:44:34:80 | this.ro ... ameters | user-provided value |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | user-provided value |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:36:44:36:89 | this.ro ... .params | user-provided value |
-| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:38:44:38:58 | this.router.url | user-provided value |
-| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:40:45:40:59 | this.router.url | user-provided value |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | user-provided value |
+| angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href | angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href | Cross-site scripting vulnerability due to $@. | angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | user-provided value |
+| angular2-client.ts:23:44:23:73 | this.ro ... ams.foo | angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:23:44:23:69 | this.ro ... .params | user-provided value |
+| angular2-client.ts:24:44:24:78 | this.ro ... ams.foo | angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:24:44:24:74 | this.ro ... yParams | user-provided value |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment | angular2-client.ts:25:44:25:71 | this.ro ... ragment | angular2-client.ts:25:44:25:71 | this.ro ... ragment | Cross-site scripting vulnerability due to $@. | angular2-client.ts:25:44:25:71 | this.ro ... ragment | user-provided value |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') | angular2-client.ts:26:44:26:82 | this.ro ... ('foo') | angular2-client.ts:26:44:26:82 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:26:44:26:82 | this.ro ... ('foo') | user-provided value |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') | angular2-client.ts:27:44:27:87 | this.ro ... ('foo') | angular2-client.ts:27:44:27:87 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:27:44:27:87 | this.ro ... ('foo') | user-provided value |
+| angular2-client.ts:29:46:29:59 | map.get('foo') | angular2-client.ts:29:46:29:59 | map.get('foo') | angular2-client.ts:29:46:29:59 | map.get('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:29:46:29:59 | map.get('foo') | user-provided value |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path | angular2-client.ts:32:44:32:74 | this.ro ... 1].path | angular2-client.ts:32:44:32:74 | this.ro ... 1].path | Cross-site scripting vulnerability due to $@. | angular2-client.ts:32:44:32:74 | this.ro ... 1].path | user-provided value |
+| angular2-client.ts:33:44:33:82 | this.ro ... eters.x | angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:33:44:33:80 | this.ro ... ameters | user-provided value |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') | angular2-client.ts:34:44:34:91 | this.ro ... et('x') | angular2-client.ts:34:44:34:91 | this.ro ... et('x') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:34:44:34:91 | this.ro ... et('x') | user-provided value |
+| angular2-client.ts:35:44:35:91 | this.ro ... arams.x | angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:35:44:35:89 | this.ro ... .params | user-provided value |
+| angular2-client.ts:37:44:37:58 | this.router.url | angular2-client.ts:37:44:37:58 | this.router.url | angular2-client.ts:37:44:37:58 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:37:44:37:58 | this.router.url | user-provided value |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') | angular2-client.ts:41:44:41:76 | routeSn ... ('foo') | angular2-client.ts:41:44:41:76 | routeSn ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:41:44:41:76 | routeSn ... ('foo') | user-provided value |
 | classnames.js:7:31:7:84 | `<span  ... <span>` | classnames.js:7:58:7:68 | window.name | classnames.js:7:31:7:84 | `<span  ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:7:58:7:68 | window.name | user-provided value |
 | classnames.js:8:31:8:85 | `<span  ... <span>` | classnames.js:8:59:8:69 | window.name | classnames.js:8:31:8:85 | `<span  ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:8:59:8:69 | window.name | user-provided value |
 | classnames.js:9:31:9:85 | `<span  ... <span>` | classnames.js:9:59:9:69 | window.name | classnames.js:9:31:9:85 | `<span  ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:9:59:9:69 | window.name | user-provided value |
@@ -1334,14 +1230,12 @@ edges
 | dates.js:13:31:13:72 | `Time i ... time)}` | dates.js:9:36:9:50 | window.location | dates.js:13:31:13:72 | `Time i ... time)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:50 | window.location | user-provided value |
 | dates.js:16:31:16:69 | `Time i ... aint)}` | dates.js:9:36:9:50 | window.location | dates.js:16:31:16:69 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:50 | window.location | user-provided value |
 | dates.js:18:31:18:66 | `Time i ... aint)}` | dates.js:9:36:9:50 | window.location | dates.js:18:31:18:66 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:9:36:9:50 | window.location | user-provided value |
-| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") | Cross-site scripting vulnerability due to $@. | express.js:7:15:7:33 | req.param("wobble") | user-provided value |
 | jquery.js:7:5:7:34 | "<div i ... + "\\">" | jquery.js:2:17:2:40 | documen ... .search | jquery.js:7:5:7:34 | "<div i ... + "\\">" | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:40 | documen ... .search | user-provided value |
 | jquery.js:8:18:8:34 | "XSS: " + tainted | jquery.js:2:17:2:33 | document.location | jquery.js:8:18:8:34 | "XSS: " + tainted | Cross-site scripting vulnerability due to $@. | jquery.js:2:17:2:33 | document.location | user-provided value |
 | jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | jquery.js:10:13:10:20 | location | jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | Cross-site scripting vulnerability due to $@. | jquery.js:10:13:10:20 | location | user-provided value |
 | jquery.js:14:19:14:58 | decodeU ... n.hash) | jquery.js:14:38:14:52 | window.location | jquery.js:14:19:14:58 | decodeU ... n.hash) | Cross-site scripting vulnerability due to $@. | jquery.js:14:38:14:52 | window.location | user-provided value |
 | jquery.js:15:19:15:60 | decodeU ... search) | jquery.js:15:38:15:52 | window.location | jquery.js:15:19:15:60 | decodeU ... search) | Cross-site scripting vulnerability due to $@. | jquery.js:15:38:15:52 | window.location | user-provided value |
 | jquery.js:16:19:16:64 | decodeU ... ring()) | jquery.js:16:38:16:52 | window.location | jquery.js:16:19:16:64 | decodeU ... ring()) | Cross-site scripting vulnerability due to $@. | jquery.js:16:38:16:52 | window.location | user-provided value |
-| jwt-server.js:11:19:11:29 | decoded.foo | jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:11:19:11:29 | decoded.foo | Cross-site scripting vulnerability due to $@. | jwt-server.js:7:17:7:35 | req.param("wobble") | user-provided value |
 | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | HTML injection vulnerability due to $@. | nodemailer.js:13:50:13:66 | req.query.message | user-provided value |
 | optionalSanitizer.js:6:18:6:23 | target | optionalSanitizer.js:2:16:2:32 | document.location | optionalSanitizer.js:6:18:6:23 | target | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:2:16:2:32 | document.location | user-provided value |
 | optionalSanitizer.js:9:18:9:24 | tainted | optionalSanitizer.js:2:16:2:32 | document.location | optionalSanitizer.js:9:18:9:24 | tainted | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:2:16:2:32 | document.location | user-provided value |
@@ -1353,8 +1247,6 @@ edges
 | optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | optionalSanitizer.js:26:16:26:32 | document.location | optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:32 | document.location | user-provided value |
 | react-native.js:8:18:8:24 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:18:8:24 | tainted | Cross-site scripting vulnerability due to $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
 | react-native.js:9:27:9:33 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:9:27:9:33 | tainted | Cross-site scripting vulnerability due to $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
-| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:10:22:10:32 | window.name | user-provided value |
-| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:16:26:16:36 | window.name | user-provided value |
 | react-use-state.js:5:51:5:55 | state | react-use-state.js:4:38:4:48 | window.name | react-use-state.js:5:51:5:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:4:38:4:48 | window.name | user-provided value |
 | react-use-state.js:11:51:11:55 | state | react-use-state.js:10:14:10:24 | window.name | react-use-state.js:11:51:11:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:10:14:10:24 | window.name | user-provided value |
 | react-use-state.js:17:51:17:55 | state | react-use-state.js:16:20:16:30 | window.name | react-use-state.js:17:51:17:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:16:20:16:30 | window.name | user-provided value |
@@ -1376,11 +1268,6 @@ edges
 | string-manipulations.js:9:16:9:58 | String. ... n.href) | string-manipulations.js:9:36:9:52 | document.location | string-manipulations.js:9:16:9:58 | String. ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:9:36:9:52 | document.location | user-provided value |
 | string-manipulations.js:10:16:10:45 | String( ... n.href) | string-manipulations.js:10:23:10:39 | document.location | string-manipulations.js:10:16:10:45 | String( ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:10:23:10:39 | document.location | user-provided value |
 | translate.js:9:27:9:50 | searchP ... 'term') | translate.js:6:16:6:32 | document.location | translate.js:9:27:9:50 | searchP ... 'term') | Cross-site scripting vulnerability due to $@. | translate.js:6:16:6:32 | document.location | user-provided value |
-| tst3.js:4:25:4:32 | data.src | tst3.js:2:42:2:56 | window.location | tst3.js:4:25:4:32 | data.src | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
-| tst3.js:5:26:5:31 | data.p | tst3.js:2:42:2:56 | window.location | tst3.js:5:26:5:31 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
-| tst3.js:7:32:7:37 | data.p | tst3.js:2:42:2:56 | window.location | tst3.js:7:32:7:37 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
-| tst3.js:9:37:9:42 | data.p | tst3.js:2:42:2:56 | window.location | tst3.js:9:37:9:42 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
-| tst3.js:10:38:10:43 | data.p | tst3.js:2:42:2:56 | window.location | tst3.js:10:38:10:43 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
 | tst.js:5:18:5:23 | target | tst.js:2:16:2:32 | document.location | tst.js:5:18:5:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:2:16:2:32 | document.location | user-provided value |
 | tst.js:8:18:8:126 | "<OPTIO ... PTION>" | tst.js:8:37:8:53 | document.location | tst.js:8:18:8:126 | "<OPTIO ... PTION>" | Cross-site scripting vulnerability due to $@. | tst.js:8:37:8:53 | document.location | user-provided value |
 | tst.js:12:5:12:42 | '<div s ...  'px">' | tst.js:2:16:2:39 | documen ... .search | tst.js:12:5:12:42 | '<div s ...  'px">' | Cross-site scripting vulnerability due to $@. | tst.js:2:16:2:39 | documen ... .search | user-provided value |
@@ -1437,10 +1324,6 @@ edges
 | tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | Cross-site scripting vulnerability due to $@. | tst.js:316:35:316:42 | location | user-provided value |
 | tst.js:332:18:332:35 | params.get('name') | tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | Cross-site scripting vulnerability due to $@. | tst.js:327:18:327:34 | document.location | user-provided value |
 | tst.js:343:5:343:30 | getUrl( ... ring(1) | tst.js:341:20:341:36 | document.location | tst.js:343:5:343:30 | getUrl( ... ring(1) | Cross-site scripting vulnerability due to $@. | tst.js:341:20:341:36 | document.location | user-provided value |
-| tst.js:349:12:349:17 | target | tst.js:348:16:348:32 | document.location | tst.js:349:12:349:17 | target | Cross-site scripting vulnerability due to $@. | tst.js:348:16:348:32 | document.location | user-provided value |
-| tst.js:356:16:356:21 | target | tst.js:355:19:355:35 | document.location | tst.js:356:16:356:21 | target | Cross-site scripting vulnerability due to $@. | tst.js:355:19:355:35 | document.location | user-provided value |
-| tst.js:360:21:360:26 | target | tst.js:355:19:355:35 | document.location | tst.js:360:21:360:26 | target | Cross-site scripting vulnerability due to $@. | tst.js:355:19:355:35 | document.location | user-provided value |
-| tst.js:363:18:363:23 | target | tst.js:355:19:355:35 | document.location | tst.js:363:18:363:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:355:19:355:35 | document.location | user-provided value |
 | tst.js:374:18:374:23 | target | tst.js:371:16:371:32 | document.location | tst.js:374:18:374:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:371:16:371:32 | document.location | user-provided value |
 | tst.js:384:18:384:23 | target | tst.js:381:16:381:32 | document.location | tst.js:384:18:384:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:381:16:381:32 | document.location | user-provided value |
 | tst.js:386:18:386:29 | target.taint | tst.js:381:16:381:32 | document.location | tst.js:386:18:386:29 | target.taint | Cross-site scripting vulnerability due to $@. | tst.js:381:16:381:32 | document.location | user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
@@ -15,53 +15,50 @@ nodes
 | addEventListener.js:12:24:12:28 | event |
 | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:33 | event.data |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() |
+| angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params |
+| angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams |
+| angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters |
+| angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params |
+| angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
 | classnames.js:7:31:7:84 | `<span  ... <span>` |
 | classnames.js:7:31:7:84 | `<span  ... <span>` |
 | classnames.js:7:47:7:69 | classNa ... w.name) |
@@ -118,9 +115,6 @@ nodes
 | dates.js:18:31:18:66 | `Time i ... aint)}` |
 | dates.js:18:42:18:64 | datefor ...  taint) |
 | dates.js:18:59:18:63 | taint |
-| express.js:7:15:7:33 | req.param("wobble") |
-| express.js:7:15:7:33 | req.param("wobble") |
-| express.js:7:15:7:33 | req.param("wobble") |
 | jquery.js:2:7:2:40 | tainted |
 | jquery.js:2:7:2:40 | tainted |
 | jquery.js:2:17:2:33 | document.location |
@@ -154,21 +148,6 @@ nodes
 | jquery.js:16:38:16:52 | window.location |
 | jquery.js:16:38:16:52 | window.location |
 | jquery.js:16:38:16:63 | window. ... tring() |
-| jwt-server.js:7:9:7:35 | taint |
-| jwt-server.js:7:17:7:35 | req.param("wobble") |
-| jwt-server.js:7:17:7:35 | req.param("wobble") |
-| jwt-server.js:9:16:9:20 | taint |
-| jwt-server.js:9:55:9:61 | decoded |
-| jwt-server.js:11:19:11:25 | decoded |
-| jwt-server.js:11:19:11:29 | decoded.foo |
-| jwt-server.js:11:19:11:29 | decoded.foo |
-| jwt.js:4:36:4:39 | data |
-| jwt.js:4:36:4:39 | data |
-| jwt.js:5:9:5:34 | decoded |
-| jwt.js:5:19:5:34 | jwt_decode(data) |
-| jwt.js:5:30:5:33 | data |
-| jwt.js:6:14:6:20 | decoded |
-| jwt.js:6:14:6:20 | decoded |
 | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
 | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
 | nodemailer.js:13:50:13:66 | req.query.message |
@@ -221,12 +200,6 @@ nodes
 | react-native.js:8:18:8:24 | tainted |
 | react-native.js:9:27:9:33 | tainted |
 | react-native.js:9:27:9:33 | tainted |
-| react-use-context.js:10:22:10:32 | window.name |
-| react-use-context.js:10:22:10:32 | window.name |
-| react-use-context.js:10:22:10:32 | window.name |
-| react-use-context.js:16:26:16:36 | window.name |
-| react-use-context.js:16:26:16:36 | window.name |
-| react-use-context.js:16:26:16:36 | window.name |
 | react-use-state.js:4:9:4:49 | state |
 | react-use-state.js:4:10:4:14 | state |
 | react-use-state.js:4:38:4:48 | window.name |
@@ -329,27 +302,6 @@ nodes
 | translate.js:7:42:7:60 | target.substring(1) |
 | translate.js:9:27:9:50 | searchP ... 'term') |
 | translate.js:9:27:9:50 | searchP ... 'term') |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
-| tst3.js:2:23:2:74 | decodeU ... str(1)) |
-| tst3.js:2:42:2:56 | window.location |
-| tst3.js:2:42:2:56 | window.location |
-| tst3.js:2:42:2:63 | window. ... .search |
-| tst3.js:2:42:2:73 | window. ... bstr(1) |
-| tst3.js:4:25:4:28 | data |
-| tst3.js:4:25:4:32 | data.src |
-| tst3.js:4:25:4:32 | data.src |
-| tst3.js:5:26:5:29 | data |
-| tst3.js:5:26:5:31 | data.p |
-| tst3.js:5:26:5:31 | data.p |
-| tst3.js:7:32:7:35 | data |
-| tst3.js:7:32:7:37 | data.p |
-| tst3.js:7:32:7:37 | data.p |
-| tst3.js:9:37:9:40 | data |
-| tst3.js:9:37:9:42 | data.p |
-| tst3.js:9:37:9:42 | data.p |
-| tst3.js:10:38:10:41 | data |
-| tst3.js:10:38:10:43 | data.p |
-| tst3.js:10:38:10:43 | data.p |
 | tst.js:2:7:2:39 | target |
 | tst.js:2:7:2:39 | target |
 | tst.js:2:16:2:32 | document.location |
@@ -578,22 +530,6 @@ nodes
 | tst.js:343:5:343:17 | getUrl().hash |
 | tst.js:343:5:343:30 | getUrl( ... ring(1) |
 | tst.js:343:5:343:30 | getUrl( ... ring(1) |
-| tst.js:348:7:348:39 | target |
-| tst.js:348:16:348:32 | document.location |
-| tst.js:348:16:348:32 | document.location |
-| tst.js:348:16:348:39 | documen ... .search |
-| tst.js:349:12:349:17 | target |
-| tst.js:349:12:349:17 | target |
-| tst.js:355:10:355:42 | target |
-| tst.js:355:19:355:35 | document.location |
-| tst.js:355:19:355:35 | document.location |
-| tst.js:355:19:355:42 | documen ... .search |
-| tst.js:356:16:356:21 | target |
-| tst.js:356:16:356:21 | target |
-| tst.js:360:21:360:26 | target |
-| tst.js:360:21:360:26 | target |
-| tst.js:363:18:363:23 | target |
-| tst.js:363:18:363:23 | target |
 | tst.js:371:7:371:39 | target |
 | tst.js:371:16:371:32 | document.location |
 | tst.js:371:16:371:32 | document.location |
@@ -725,35 +661,34 @@ edges
 | addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event |
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:21:44:21:66 | \\u0275getDOM ... ation() | angular2-client.ts:21:44:21:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:23:44:23:69 | this.ro ... .params | angular2-client.ts:23:44:23:73 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:24:44:24:74 | this.ro ... yParams | angular2-client.ts:24:44:24:78 | this.ro ... ams.foo |
+| angular2-client.ts:25:44:25:71 | this.ro ... ragment | angular2-client.ts:25:44:25:71 | this.ro ... ragment |
+| angular2-client.ts:26:44:26:82 | this.ro ... ('foo') | angular2-client.ts:26:44:26:82 | this.ro ... ('foo') |
+| angular2-client.ts:27:44:27:87 | this.ro ... ('foo') | angular2-client.ts:27:44:27:87 | this.ro ... ('foo') |
+| angular2-client.ts:29:46:29:59 | map.get('foo') | angular2-client.ts:29:46:29:59 | map.get('foo') |
+| angular2-client.ts:32:44:32:74 | this.ro ... 1].path | angular2-client.ts:32:44:32:74 | this.ro ... 1].path |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:33:44:33:80 | this.ro ... ameters | angular2-client.ts:33:44:33:82 | this.ro ... eters.x |
+| angular2-client.ts:34:44:34:91 | this.ro ... et('x') | angular2-client.ts:34:44:34:91 | this.ro ... et('x') |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:35:44:35:89 | this.ro ... .params | angular2-client.ts:35:44:35:91 | this.ro ... arams.x |
+| angular2-client.ts:37:44:37:58 | this.router.url | angular2-client.ts:37:44:37:58 | this.router.url |
+| angular2-client.ts:41:44:41:76 | routeSn ... ('foo') | angular2-client.ts:41:44:41:76 | routeSn ... ('foo') |
 | classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `<span  ... <span>` |
 | classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `<span  ... <span>` |
 | classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) |
@@ -803,7 +738,6 @@ edges
 | dates.js:18:42:18:64 | datefor ...  taint) | dates.js:18:31:18:66 | `Time i ... aint)}` |
 | dates.js:18:42:18:64 | datefor ...  taint) | dates.js:18:31:18:66 | `Time i ... aint)}` |
 | dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ...  taint) |
-| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") |
 | jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted |
 | jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted |
 | jquery.js:2:17:2:33 | document.location | jquery.js:2:17:2:40 | documen ... .search |
@@ -831,19 +765,6 @@ edges
 | jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() |
 | jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) |
 | jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) |
-| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint |
-| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint |
-| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint |
-| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded |
-| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded |
-| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo |
-| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo |
-| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data |
-| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data |
-| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded |
-| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded |
-| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded |
-| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) |
 | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
 | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
 | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
@@ -899,8 +820,6 @@ edges
 | react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted |
 | react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
 | react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
-| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name |
-| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name |
 | react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state |
 | react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state |
 | react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state |
@@ -987,26 +906,6 @@ edges
 | translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) |
 | translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') |
 | translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data |
-| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data |
-| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
-| tst3.js:2:42:2:56 | window.location | tst3.js:2:42:2:63 | window. ... .search |
-| tst3.js:2:42:2:56 | window.location | tst3.js:2:42:2:63 | window. ... .search |
-| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) |
-| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) |
-| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src |
-| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src |
-| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p |
-| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p |
-| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p |
-| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p |
-| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p |
-| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p |
-| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p |
-| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p |
 | tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target |
 | tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target |
 | tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target |
@@ -1073,7 +972,6 @@ edges
 | tst.js:70:3:70:19 | document.location | tst.js:70:3:70:26 | documen ... .search |
 | tst.js:70:3:70:19 | document.location | tst.js:70:3:70:26 | documen ... .search |
 | tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] |
-| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x |
 | tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x |
 | tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x |
 | tst.js:77:49:77:65 | document.location | tst.js:77:49:77:72 | documen ... .search |
@@ -1205,20 +1103,6 @@ edges
 | tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash |
 | tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) |
 | tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) |
-| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target |
-| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target |
-| tst.js:348:16:348:32 | document.location | tst.js:348:16:348:39 | documen ... .search |
-| tst.js:348:16:348:32 | document.location | tst.js:348:16:348:39 | documen ... .search |
-| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target |
-| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target |
-| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target |
-| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target |
-| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target |
-| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target |
-| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target |
-| tst.js:355:19:355:35 | document.location | tst.js:355:19:355:42 | documen ... .search |
-| tst.js:355:19:355:35 | document.location | tst.js:355:19:355:42 | documen ... .search |
-| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target |
 | tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target |
 | tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target |
 | tst.js:371:16:371:32 | document.location | tst.js:371:16:371:39 | documen ... .search |
@@ -1327,5 +1211,4 @@ edges
 | winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) |
 | winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted |
 #select
-| jwt.js:6:14:6:20 | decoded | jwt.js:4:36:4:39 | data | jwt.js:6:14:6:20 | decoded | Cross-site scripting vulnerability due to $@. | jwt.js:4:36:4:39 | data | user-provided value |
 | typeahead.js:10:16:10:18 | loc | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | Cross-site scripting vulnerability due to $@. | typeahead.js:9:28:9:30 | loc | user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular2-client.ts
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular2-client.ts
@@ -1,4 +1,4 @@
-import { Component, OnInit, DomSanitizer as DomSanitizer2 } from '@angular/core';
+import { Component, OnInit } from '@angular/core';
 import { ɵgetDOM } from '@angular/common';
 import { ActivatedRoute, ActivatedRouteSnapshot, Router } from '@angular/router';
 import { DomSanitizer } from '@angular/platform-browser';
@@ -14,8 +14,7 @@ export class AppComponent implements OnInit {
  constructor(
    private route: ActivatedRoute,
    private sanitizer: DomSanitizer,
-    private router: Router,
-    private sanitizer2: DomSanitizer2
+    private router: Router
  ) {}

  ngOnInit() {
@@ -36,8 +35,6 @@ export class AppComponent implements OnInit {
    this.sanitizer.bypassSecurityTrustHtml(this.route.snapshot.url[1].parameterMap.params.x); // NOT OK

    this.sanitizer.bypassSecurityTrustHtml(this.router.url); // NOT OK
-
-    this.sanitizer2.bypassSecurityTrustHtml(this.router.url); // NOT OK
  }

  someMethod(routeSnapshot: ActivatedRouteSnapshot) {
--- a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.expected
@@ -0,0 +1,2 @@
+| query-tests/Security/CWE-079/ExceptionXss/exception-xss.js:149 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-079/ExceptionXss/exception-xss.js:175 | expected an alert, but found none | NOT OK |  |
--- a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected
@@ -68,19 +68,10 @@ nodes
 | exception-xss.js:146:12:146:28 | document.location |
 | exception-xss.js:146:12:146:28 | document.location |
 | exception-xss.js:146:12:146:35 | documen ... .search |
-| exception-xss.js:148:33:148:35 | foo |
-| exception-xss.js:148:55:148:55 | e |
-| exception-xss.js:149:18:149:18 | e |
-| exception-xss.js:149:18:149:18 | e |
 | exception-xss.js:153:8:153:10 | foo |
 | exception-xss.js:154:11:154:11 | e |
 | exception-xss.js:155:18:155:18 | e |
 | exception-xss.js:155:18:155:18 | e |
-| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) |
-| exception-xss.js:174:31:174:33 | foo |
-| exception-xss.js:174:53:174:53 | e |
-| exception-xss.js:175:18:175:18 | e |
-| exception-xss.js:175:18:175:18 | e |
 | exception-xss.js:180:10:180:22 | req.params.id |
 | exception-xss.js:180:10:180:22 | req.params.id |
 | exception-xss.js:180:26:180:30 | error |
@@ -148,22 +139,13 @@ edges
 | exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error |
 | exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error |
 | exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error |
-| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo |
 | exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo |
-| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo |
 | exception-xss.js:146:12:146:28 | document.location | exception-xss.js:146:12:146:35 | documen ... .search |
 | exception-xss.js:146:12:146:28 | document.location | exception-xss.js:146:12:146:35 | documen ... .search |
 | exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo |
-| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:55:148:55 | e |
-| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e |
-| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e |
 | exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e |
 | exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e |
 | exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e |
-| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:53:174:53 | e |
-| exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) |
-| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e |
-| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e |
 | exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error |
 | exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error |
 | exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error |
@@ -181,7 +163,5 @@ edges
 | exception-xss.js:119:12:119:28 | "Exception: " + e | exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:119:12:119:28 | "Exception: " + e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:117:11:117:23 | req.params.id | Exception text |
 | exception-xss.js:130:18:130:18 | e | exception-xss.js:125:45:125:61 | document.location | exception-xss.js:130:18:130:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:125:45:125:61 | document.location | Exception text |
 | exception-xss.js:138:19:138:23 | error | exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:138:19:138:23 | error | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:136:10:136:22 | req.params.id | Exception text |
-| exception-xss.js:149:18:149:18 | e | exception-xss.js:146:12:146:28 | document.location | exception-xss.js:149:18:149:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:146:12:146:28 | document.location | Exception text |
 | exception-xss.js:155:18:155:18 | e | exception-xss.js:146:12:146:28 | document.location | exception-xss.js:155:18:155:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:146:12:146:28 | document.location | Exception text |
-| exception-xss.js:175:18:175:18 | e | exception-xss.js:146:12:146:28 | document.location | exception-xss.js:175:18:175:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:146:12:146:28 | document.location | Exception text |
 | exception-xss.js:182:19:182:23 | error | exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:182:19:182:23 | error | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:180:10:180:22 | req.params.id | Exception text |
--- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
@@ -157,8 +157,6 @@ edges
 | promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x |
 | promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
 | promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
-| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
-| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
 | promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
 | promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
 | tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
--- a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.expected
@@ -0,0 +1 @@
+| query-tests/Security/CWE-079/StoredXss/xss-through-torrent.js:7 | expected an alert, but found none | NOT OK |  |
--- a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected
@@ -19,11 +19,6 @@ nodes
 | xss-through-filenames.js:35:29:35:34 | files2 |
 | xss-through-filenames.js:37:19:37:24 | files3 |
 | xss-through-filenames.js:37:19:37:24 | files3 |
-| xss-through-torrent.js:6:6:6:24 | name |
-| xss-through-torrent.js:6:13:6:24 | torrent.name |
-| xss-through-torrent.js:6:13:6:24 | torrent.name |
-| xss-through-torrent.js:7:11:7:14 | name |
-| xss-through-torrent.js:7:11:7:14 | name |
 edges
 | xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
 | xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
@@ -46,13 +41,8 @@ edges
 | xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 |
 | xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 |
 | xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) |
-| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name |
-| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name |
-| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name |
-| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name |
 #select
 | xss-through-filenames.js:8:18:8:23 | files1 | xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:7:43:7:48 | files1 | stored value |
 | xss-through-filenames.js:26:19:26:24 | files1 | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:25:43:25:48 | files1 | stored value |
 | xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:25:43:25:48 | files1 | stored value |
 | xss-through-filenames.js:37:19:37:24 | files3 | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:37:19:37:24 | files3 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:25:43:25:48 | files1 | stored value |
-| xss-through-torrent.js:7:11:7:14 | name | xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:7:11:7:14 | name | Stored cross-site scripting vulnerability due to $@. | xss-through-torrent.js:6:13:6:24 | torrent.name | stored value |
--- a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.expected
@@ -0,0 +1 @@
+| query-tests/Security/CWE-079/XssThroughDom/xss-through-dom.js:71 | expected an alert, but found none | NOT OK. |  |
--- a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected
@@ -38,9 +38,6 @@ nodes
 | xss-through-dom.js:64:30:64:40 | valMethod() |
 | xss-through-dom.js:64:30:64:40 | valMethod() |
 | xss-through-dom.js:64:30:64:40 | valMethod() |
-| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
-| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
-| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
 | xss-through-dom.js:73:9:73:41 | selector |
 | xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name |
 | xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name |
@@ -63,7 +60,6 @@ edges
 | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") |
 | xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") |
 | xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() |
-| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
 | xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector |
 | xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector |
 | xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector |
@@ -83,6 +79,5 @@ edges
 | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | DOM text |
 | xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:61:30:61:69 | $(docum ... value") | DOM text |
 | xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:64:30:64:40 | valMethod() | DOM text |
-| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | DOM text |
 | xss-through-dom.js:77:4:77:11 | selector | xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:77:4:77:11 | selector | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | DOM text |
 | xss-through-dom.js:79:4:79:34 | documen ... t.value | xss-through-dom.js:79:4:79:34 | documen ... t.value | xss-through-dom.js:79:4:79:34 | documen ... t.value | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:79:4:79:34 | documen ... t.value | DOM text |
--- a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected
@@ -7,17 +7,6 @@ nodes
 | typedClient.ts:14:24:14:32 | { id: v } |
 | typedClient.ts:14:24:14:32 | { id: v } |
 | typedClient.ts:14:30:14:30 | v |
-| typedClient.ts:21:7:21:32 | v |
-| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) |
-| typedClient.ts:21:22:21:29 | req.body |
-| typedClient.ts:21:22:21:29 | req.body |
-| typedClient.ts:21:22:21:31 | req.body.x |
-| typedClient.ts:22:27:22:35 | { id: v } |
-| typedClient.ts:22:27:22:35 | { id: v } |
-| typedClient.ts:22:33:22:33 | v |
-| typedClient.ts:23:27:23:35 | { id: v } |
-| typedClient.ts:23:27:23:35 | { id: v } |
-| typedClient.ts:23:33:23:33 | v |
 edges
 | typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v |
 | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v |
@@ -26,17 +15,5 @@ edges
 | typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
 | typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
 | typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
-| typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v |
-| typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v |
-| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v |
-| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x |
-| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x |
-| typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) |
-| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } |
-| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } |
-| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } |
-| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } |
 #select
 | typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on $@. | typedClient.ts:13:22:13:29 | req.body | a user-provided value |
-| typedClient.ts:22:27:22:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:22:27:22:35 | { id: v } | This query depends on $@. | typedClient.ts:21:22:21:29 | req.body | a user-provided value |
-| typedClient.ts:23:27:23:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:23:27:23:35 | { id: v } | This query depends on $@. | typedClient.ts:21:22:21:29 | req.body | a user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.expected
@@ -0,0 +1,59 @@
+| query-tests/Security/CWE-089/untyped/marsdb-flow-to.js:13 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/marsdb.js:15 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/minimongo.js:17 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongodb.js:64 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongodb.js:76 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongodb.js:84 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:23 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:29 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:32 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:41 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:44 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:47 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:50 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:53 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:56 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:59 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:62 | expected an alert, but found none | NOT OK: query is tainted by user-provided object value |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:65 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:67 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:68 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:71 | expected an alert, but found none | NOT OK - `.where()` on a Model. |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:72 | expected an alert, but found none | NOT OK - `.where()` on a Query. |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:73 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:74 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:75 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:77 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:82 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:83 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:85 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:87 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:89 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:92 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:94 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:96 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:111 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:113 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:116 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:117 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:118 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:119 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:120 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:122 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:123 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:124 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:125 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:126 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:127 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:128 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/mongoose.js:129 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/redis.js:10 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/redis.js:18 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/redis.js:19 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/redis.js:25 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/redis.js:30 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/redis.js:32 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/redis.js:39 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/redis.js:43 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/redis.js:46 | expected an alert, but found none | NOT OK |  |
+| query-tests/Security/CWE-089/untyped/tst2.js:8 | expected an alert, but found none | NOT OK |  |
--- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/DatabaseAccesses.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/DatabaseAccesses.expected
@@ -1,6 +1,3 @@
-| marsdb-flow-to.js:14:3:14:22 | db.myDoc.find(query) |
-| marsdb.js:16:3:16:17 | doc.find(query) |
-| minimongo.js:18:3:18:17 | doc.find(query) |
 | mongodb.js:18:7:18:21 | doc.find(query) |
 | mongodb.js:21:7:21:48 | doc.fin ... itle }) |
 | mongodb.js:24:7:24:53 | doc.fin ... r(1) }) |
@@ -8,34 +5,28 @@
 | mongodb.js:32:9:32:46 | doc.fin ... tle) }) |
 | mongodb.js:43:7:43:21 | doc.find(query) |
 | mongodb.js:54:7:54:21 | doc.find(query) |
-| mongodb.js:65:3:65:17 | doc.find(query) |
-| mongodb.js:73:5:77:27 | client\\n ...  tag }) |
-| mongodb.js:81:3:85:25 | importe ...  tag }) |
 | mongodb.js:98:5:98:19 | doc.find(query) |
 | mongodb.js:112:5:112:19 | doc.find(query) |
 | mongodb_bodySafe.js:18:7:18:21 | doc.find(query) |
 | mongodb_bodySafe.js:29:7:29:21 | doc.find(query) |
-| mongoose.js:63:2:63:34 | Documen ... then(X) |
-| mongoose.js:65:2:65:51 | Documen ... on(){}) |
-| mongoose.js:67:2:68:27 | new Mon ... on(){}) |
-| mongoose.js:71:5:78:9 | Documen ... .exec() |
-| mongoose.js:85:2:85:52 | Documen ... query)) |
-| mongoose.js:86:2:86:52 | Documen ... query)) |
-| mongoose.js:87:2:87:57 | Documen ... query)) |
-| mongoose.js:88:2:88:57 | Documen ... query)) |
-| mongoose.js:89:2:89:52 | Documen ... query)) |
-| mongoose.js:90:2:90:55 | Documen ... query)) |
+| mongoose.js:27:5:27:25 | Documen ... (query) |
+| mongoose.js:36:5:36:36 | Documen ...  query) |
+| mongoose.js:39:5:39:24 | Document.find(query) |
 | mongoose.js:92:2:92:52 | Documen ... query)) |
 | mongoose.js:93:2:93:49 | Documen ... query)) |
-| mongoose.js:94:2:94:57 | Documen ... query)) |
-| mongoose.js:95:2:95:54 | Documen ... query)) |
-| mongoose.js:96:2:96:52 | Documen ... query)) |
-| mongoose.js:97:2:97:52 | Documen ... query)) |
+| mongoose.js:94:2:94:17 | Document.find(X) |
+| mongoose.js:95:2:95:17 | Document.find(X) |
+| mongoose.js:96:2:96:17 | Document.find(X) |
+| mongoose.js:97:2:97:17 | Document.find(X) |
 | mongoose.js:99:2:99:50 | Documen ... query)) |
-| mongoose.js:113:2:113:53 | Documen ... () { }) |
+| mongoose.js:121:2:121:20 | Document.find(cond) |
+| mongoose.js:130:2:130:27 | Documen ... : id }) |
+| mongoose.js:131:2:131:36 | Documen ... id } }) |
+| mongooseJsonParse.js:23:5:23:24 | Document.find(query) |
+| mongooseModelClient.js:11:3:11:25 | MyModel ... d: v }) |
+| mongooseModelClient.js:12:3:12:35 | MyModel ... y.id }) |
+| mongooseModelClient.js:13:3:13:40 | MyModel ... id}` }) |
 | socketio.js:11:5:11:54 | db.run( ... ndle}`) |
-| tst2.js:7:3:7:62 | sql.que ... ms.id}` |
-| tst2.js:9:3:9:85 | new sql ...  + "'") |
 | tst3.js:9:3:11:4 | pool.qu ... ts\\n  }) |
 | tst3.js:16:3:18:4 | pool.qu ... ts\\n  }) |
 | tst4.js:8:3:8:67 | db.get( ...  + '"') |
--- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
@@ -1,25 +1,4 @@
 nodes
-| marsdb-flow-to.js:10:9:10:18 | query |
-| marsdb-flow-to.js:10:17:10:18 | {} |
-| marsdb-flow-to.js:11:17:11:24 | req.body |
-| marsdb-flow-to.js:11:17:11:24 | req.body |
-| marsdb-flow-to.js:11:17:11:30 | req.body.title |
-| marsdb-flow-to.js:14:17:14:21 | query |
-| marsdb-flow-to.js:14:17:14:21 | query |
-| marsdb.js:12:9:12:18 | query |
-| marsdb.js:12:17:12:18 | {} |
-| marsdb.js:13:17:13:24 | req.body |
-| marsdb.js:13:17:13:24 | req.body |
-| marsdb.js:13:17:13:30 | req.body.title |
-| marsdb.js:16:12:16:16 | query |
-| marsdb.js:16:12:16:16 | query |
-| minimongo.js:14:9:14:18 | query |
-| minimongo.js:14:17:14:18 | {} |
-| minimongo.js:15:17:15:24 | req.body |
-| minimongo.js:15:17:15:24 | req.body |
-| minimongo.js:15:17:15:30 | req.body.title |
-| minimongo.js:18:12:18:16 | query |
-| minimongo.js:18:12:18:16 | query |
 | mongodb.js:12:11:12:20 | query |
 | mongodb.js:12:19:12:20 | {} |
 | mongodb.js:13:19:13:26 | req.body |
@@ -41,21 +20,6 @@ nodes
 | mongodb.js:49:19:49:33 | req.query.title |
 | mongodb.js:54:16:54:20 | query |
 | mongodb.js:54:16:54:20 | query |
-| mongodb.js:59:8:59:17 | query |
-| mongodb.js:59:16:59:17 | {} |
-| mongodb.js:60:16:60:30 | req.query.title |
-| mongodb.js:60:16:60:30 | req.query.title |
-| mongodb.js:65:12:65:16 | query |
-| mongodb.js:65:12:65:16 | query |
-| mongodb.js:70:7:70:25 | tag |
-| mongodb.js:70:13:70:25 | req.query.tag |
-| mongodb.js:70:13:70:25 | req.query.tag |
-| mongodb.js:77:14:77:26 | { tags: tag } |
-| mongodb.js:77:14:77:26 | { tags: tag } |
-| mongodb.js:77:22:77:24 | tag |
-| mongodb.js:85:12:85:24 | { tags: tag } |
-| mongodb.js:85:12:85:24 | { tags: tag } |
-| mongodb.js:85:20:85:22 | tag |
 | mongodb.js:106:9:106:18 | query |
 | mongodb.js:106:17:106:18 | {} |
 | mongodb.js:107:17:107:29 | queries.title |
@@ -73,107 +37,20 @@ nodes
 | mongoose.js:21:19:21:26 | req.body |
 | mongoose.js:21:19:21:26 | req.body |
 | mongoose.js:21:19:21:32 | req.body.title |
-| mongoose.js:24:24:24:30 | [query] |
-| mongoose.js:24:24:24:30 | [query] |
-| mongoose.js:24:25:24:29 | query |
 | mongoose.js:27:20:27:24 | query |
 | mongoose.js:27:20:27:24 | query |
-| mongoose.js:30:25:30:29 | query |
-| mongoose.js:30:25:30:29 | query |
-| mongoose.js:33:24:33:28 | query |
-| mongoose.js:33:24:33:28 | query |
 | mongoose.js:36:31:36:35 | query |
 | mongoose.js:36:31:36:35 | query |
 | mongoose.js:39:19:39:23 | query |
 | mongoose.js:39:19:39:23 | query |
-| mongoose.js:42:22:42:26 | query |
-| mongoose.js:42:22:42:26 | query |
-| mongoose.js:45:31:45:35 | query |
-| mongoose.js:45:31:45:35 | query |
-| mongoose.js:48:31:48:35 | query |
-| mongoose.js:48:31:48:35 | query |
-| mongoose.js:51:31:51:35 | query |
-| mongoose.js:51:31:51:35 | query |
-| mongoose.js:54:25:54:29 | query |
-| mongoose.js:54:25:54:29 | query |
-| mongoose.js:57:21:57:25 | query |
-| mongoose.js:57:21:57:25 | query |
-| mongoose.js:60:25:60:29 | query |
-| mongoose.js:60:25:60:29 | query |
-| mongoose.js:63:21:63:25 | query |
-| mongoose.js:63:21:63:25 | query |
-| mongoose.js:65:32:65:36 | query |
-| mongoose.js:65:32:65:36 | query |
-| mongoose.js:67:27:67:31 | query |
-| mongoose.js:67:27:67:31 | query |
-| mongoose.js:68:8:68:12 | query |
-| mongoose.js:68:8:68:12 | query |
-| mongoose.js:71:20:71:24 | query |
-| mongoose.js:71:20:71:24 | query |
-| mongoose.js:72:16:72:20 | query |
-| mongoose.js:72:16:72:20 | query |
-| mongoose.js:73:8:73:12 | query |
-| mongoose.js:73:8:73:12 | query |
-| mongoose.js:74:7:74:11 | query |
-| mongoose.js:74:7:74:11 | query |
-| mongoose.js:75:16:75:20 | query |
-| mongoose.js:75:16:75:20 | query |
-| mongoose.js:77:10:77:14 | query |
-| mongoose.js:77:10:77:14 | query |
-| mongoose.js:82:46:82:50 | query |
-| mongoose.js:82:46:82:50 | query |
-| mongoose.js:83:47:83:51 | query |
-| mongoose.js:83:47:83:51 | query |
-| mongoose.js:85:46:85:50 | query |
-| mongoose.js:85:46:85:50 | query |
-| mongoose.js:87:51:87:55 | query |
-| mongoose.js:87:51:87:55 | query |
-| mongoose.js:89:46:89:50 | query |
-| mongoose.js:89:46:89:50 | query |
-| mongoose.js:92:46:92:50 | query |
-| mongoose.js:92:46:92:50 | query |
-| mongoose.js:94:51:94:55 | query |
-| mongoose.js:94:51:94:55 | query |
-| mongoose.js:96:46:96:50 | query |
-| mongoose.js:96:46:96:50 | query |
-| mongoose.js:111:14:111:18 | query |
-| mongoose.js:111:14:111:18 | query |
-| mongoose.js:113:31:113:35 | query |
-| mongoose.js:113:31:113:35 | query |
 | mongoose.js:115:6:115:22 | id |
 | mongoose.js:115:11:115:22 | req.query.id |
 | mongoose.js:115:11:115:22 | req.query.id |
 | mongoose.js:115:25:115:45 | cond |
 | mongoose.js:115:32:115:45 | req.query.cond |
 | mongoose.js:115:32:115:45 | req.query.cond |
-| mongoose.js:116:22:116:25 | cond |
-| mongoose.js:116:22:116:25 | cond |
-| mongoose.js:117:21:117:24 | cond |
-| mongoose.js:117:21:117:24 | cond |
-| mongoose.js:118:21:118:24 | cond |
-| mongoose.js:118:21:118:24 | cond |
-| mongoose.js:119:18:119:21 | cond |
-| mongoose.js:119:18:119:21 | cond |
-| mongoose.js:120:22:120:25 | cond |
-| mongoose.js:120:22:120:25 | cond |
 | mongoose.js:121:16:121:19 | cond |
 | mongoose.js:121:16:121:19 | cond |
-| mongoose.js:122:19:122:22 | cond |
-| mongoose.js:122:19:122:22 | cond |
-| mongoose.js:123:20:123:21 | id |
-| mongoose.js:123:20:123:21 | id |
-| mongoose.js:124:28:124:31 | cond |
-| mongoose.js:124:28:124:31 | cond |
-| mongoose.js:125:28:125:31 | cond |
-| mongoose.js:125:28:125:31 | cond |
-| mongoose.js:126:28:126:31 | cond |
-| mongoose.js:126:28:126:31 | cond |
-| mongoose.js:127:18:127:21 | cond |
-| mongoose.js:127:18:127:21 | cond |
-| mongoose.js:128:22:128:25 | cond |
-| mongoose.js:128:22:128:25 | cond |
-| mongoose.js:129:21:129:24 | cond |
-| mongoose.js:129:21:129:24 | cond |
 | mongoose.js:130:16:130:26 | { _id: id } |
 | mongoose.js:130:16:130:26 | { _id: id } |
 | mongoose.js:130:23:130:24 | id |
@@ -198,43 +75,11 @@ nodes
 | mongooseModelClient.js:12:22:12:29 | req.body |
 | mongooseModelClient.js:12:22:12:29 | req.body |
 | mongooseModelClient.js:12:22:12:32 | req.body.id |
-| redis.js:10:16:10:23 | req.body |
-| redis.js:10:16:10:23 | req.body |
-| redis.js:10:16:10:27 | req.body.key |
-| redis.js:10:16:10:27 | req.body.key |
-| redis.js:12:9:12:26 | key |
-| redis.js:12:15:12:22 | req.body |
-| redis.js:12:15:12:22 | req.body |
-| redis.js:12:15:12:26 | req.body.key |
-| redis.js:18:16:18:18 | key |
-| redis.js:18:16:18:18 | key |
-| redis.js:19:43:19:45 | key |
-| redis.js:19:43:19:45 | key |
-| redis.js:25:14:25:16 | key |
-| redis.js:25:14:25:16 | key |
-| redis.js:30:23:30:25 | key |
-| redis.js:30:23:30:25 | key |
-| redis.js:32:28:32:30 | key |
-| redis.js:32:28:32:30 | key |
-| redis.js:38:11:38:28 | key |
-| redis.js:38:17:38:24 | req.body |
-| redis.js:38:17:38:24 | req.body |
-| redis.js:38:17:38:28 | req.body.key |
-| redis.js:39:16:39:18 | key |
-| redis.js:39:16:39:18 | key |
-| redis.js:43:27:43:29 | key |
-| redis.js:43:27:43:29 | key |
-| redis.js:46:34:46:36 | key |
-| redis.js:46:34:46:36 | key |
 | socketio.js:10:25:10:30 | handle |
 | socketio.js:10:25:10:30 | handle |
 | socketio.js:11:12:11:53 | `INSERT ... andle}` |
 | socketio.js:11:12:11:53 | `INSERT ... andle}` |
 | socketio.js:11:46:11:51 | handle |
-| tst2.js:9:27:9:84 | "select ... d + "'" |
-| tst2.js:9:27:9:84 | "select ... d + "'" |
-| tst2.js:9:66:9:78 | req.params.id |
-| tst2.js:9:66:9:78 | req.params.id |
 | tst3.js:7:7:8:55 | query1 |
 | tst3.js:7:16:8:55 | "SELECT ...  PRICE" |
 | tst3.js:8:16:8:34 | req.params.category |
@@ -250,33 +95,6 @@ nodes
 | tst.js:10:46:10:58 | req.params.id |
 | tst.js:10:46:10:58 | req.params.id |
 edges
-| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query |
-| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query |
-| marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query |
-| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title |
-| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title |
-| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query |
-| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} |
-| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query |
-| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query |
-| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query |
-| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query |
-| marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query |
-| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title |
-| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title |
-| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query |
-| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} |
-| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query |
-| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query |
-| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query |
-| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query |
-| minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query |
-| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title |
-| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title |
-| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query |
-| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} |
-| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query |
-| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query |
 | mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query |
 | mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query |
 | mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query |
@@ -304,25 +122,6 @@ edges
 | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query |
 | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query |
 | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query |
-| mongodb.js:59:8:59:17 | query | mongodb.js:65:12:65:16 | query |
-| mongodb.js:59:8:59:17 | query | mongodb.js:65:12:65:16 | query |
-| mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query |
-| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query |
-| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query |
-| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} |
-| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} |
-| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query |
-| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query |
-| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query |
-| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query |
-| mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag |
-| mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag |
-| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag |
-| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag |
-| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } |
-| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } |
-| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } |
-| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } |
 | mongodb.js:106:9:106:18 | query | mongodb.js:112:14:112:18 | query |
 | mongodb.js:106:9:106:18 | query | mongodb.js:112:14:112:18 | query |
 | mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query |
@@ -345,174 +144,28 @@ edges
 | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
 | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
 | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:24:25:24:29 | query |
 | mongoose.js:20:11:20:20 | query | mongoose.js:27:20:27:24 | query |
 | mongoose.js:20:11:20:20 | query | mongoose.js:27:20:27:24 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:30:25:30:29 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:30:25:30:29 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:33:24:33:28 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:33:24:33:28 | query |
 | mongoose.js:20:11:20:20 | query | mongoose.js:36:31:36:35 | query |
 | mongoose.js:20:11:20:20 | query | mongoose.js:36:31:36:35 | query |
 | mongoose.js:20:11:20:20 | query | mongoose.js:39:19:39:23 | query |
 | mongoose.js:20:11:20:20 | query | mongoose.js:39:19:39:23 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:42:22:42:26 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:42:22:42:26 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:45:31:45:35 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:45:31:45:35 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:48:31:48:35 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:48:31:48:35 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:51:31:51:35 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:51:31:51:35 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:54:25:54:29 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:54:25:54:29 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:57:21:57:25 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:57:21:57:25 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:60:25:60:29 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:60:25:60:29 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:63:21:63:25 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:63:21:63:25 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:65:32:65:36 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:65:32:65:36 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:67:27:67:31 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:67:27:67:31 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:68:8:68:12 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:68:8:68:12 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:71:20:71:24 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:71:20:71:24 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:72:16:72:20 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:72:16:72:20 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:73:8:73:12 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:73:8:73:12 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:74:7:74:11 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:74:7:74:11 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:75:16:75:20 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:75:16:75:20 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:77:10:77:14 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:77:10:77:14 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:82:46:82:50 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:82:46:82:50 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:83:47:83:51 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:83:47:83:51 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:85:46:85:50 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:85:46:85:50 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:87:51:87:55 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:87:51:87:55 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:89:46:89:50 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:89:46:89:50 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:92:46:92:50 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:92:46:92:50 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:94:51:94:55 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:94:51:94:55 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:96:46:96:50 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:96:46:96:50 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:111:14:111:18 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:111:14:111:18 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:113:31:113:35 | query |
-| mongoose.js:20:11:20:20 | query | mongoose.js:113:31:113:35 | query |
 | mongoose.js:20:19:20:20 | {} | mongoose.js:20:11:20:20 | query |
 | mongoose.js:21:19:21:26 | req.body | mongoose.js:21:19:21:32 | req.body.title |
 | mongoose.js:21:19:21:26 | req.body | mongoose.js:21:19:21:32 | req.body.title |
 | mongoose.js:21:19:21:32 | req.body.title | mongoose.js:20:11:20:20 | query |
 | mongoose.js:21:19:21:32 | req.body.title | mongoose.js:20:19:20:20 | {} |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:24:25:24:29 | query |
 | mongoose.js:21:19:21:32 | req.body.title | mongoose.js:27:20:27:24 | query |
 | mongoose.js:21:19:21:32 | req.body.title | mongoose.js:27:20:27:24 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:30:25:30:29 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:30:25:30:29 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:33:24:33:28 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:33:24:33:28 | query |
 | mongoose.js:21:19:21:32 | req.body.title | mongoose.js:36:31:36:35 | query |
 | mongoose.js:21:19:21:32 | req.body.title | mongoose.js:36:31:36:35 | query |
 | mongoose.js:21:19:21:32 | req.body.title | mongoose.js:39:19:39:23 | query |
 | mongoose.js:21:19:21:32 | req.body.title | mongoose.js:39:19:39:23 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:42:22:42:26 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:42:22:42:26 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:45:31:45:35 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:45:31:45:35 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:48:31:48:35 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:48:31:48:35 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:51:31:51:35 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:51:31:51:35 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:54:25:54:29 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:54:25:54:29 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:57:21:57:25 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:57:21:57:25 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:60:25:60:29 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:60:25:60:29 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:63:21:63:25 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:63:21:63:25 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:65:32:65:36 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:65:32:65:36 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:67:27:67:31 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:67:27:67:31 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:68:8:68:12 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:68:8:68:12 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:71:20:71:24 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:71:20:71:24 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:72:16:72:20 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:72:16:72:20 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:73:8:73:12 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:73:8:73:12 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:74:7:74:11 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:74:7:74:11 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:75:16:75:20 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:75:16:75:20 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:77:10:77:14 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:77:10:77:14 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:82:46:82:50 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:82:46:82:50 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:83:47:83:51 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:83:47:83:51 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:85:46:85:50 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:85:46:85:50 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:87:51:87:55 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:87:51:87:55 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:89:46:89:50 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:89:46:89:50 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:92:46:92:50 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:92:46:92:50 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:94:51:94:55 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:94:51:94:55 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:96:46:96:50 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:96:46:96:50 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:111:14:111:18 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:111:14:111:18 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:113:31:113:35 | query |
-| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:113:31:113:35 | query |
-| mongoose.js:24:25:24:29 | query | mongoose.js:24:24:24:30 | [query] |
-| mongoose.js:24:25:24:29 | query | mongoose.js:24:24:24:30 | [query] |
-| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id |
-| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id |
 | mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id |
 | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id |
 | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond |
 | mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond |
 | mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond |
-| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond |
 | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond |
 | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond |
 | mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } |
@@ -538,40 +191,10 @@ edges
 | mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id |
 | mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } |
 | mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } |
-| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key |
-| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key |
-| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key |
-| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key |
-| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key |
-| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key |
-| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key |
-| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key |
-| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key |
-| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key |
-| redis.js:12:9:12:26 | key | redis.js:30:23:30:25 | key |
-| redis.js:12:9:12:26 | key | redis.js:30:23:30:25 | key |
-| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key |
-| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key |
-| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key |
-| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key |
-| redis.js:12:15:12:26 | req.body.key | redis.js:12:9:12:26 | key |
-| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key |
-| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key |
-| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key |
-| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key |
-| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key |
-| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key |
-| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key |
-| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key |
-| redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key |
 | socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle |
 | socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle |
 | socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` |
 | socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` |
-| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
-| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
-| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
-| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
 | tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 |
 | tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 |
 | tst3.js:7:16:8:55 | "SELECT ...  PRICE" | tst3.js:7:7:8:55 | query1 |
@@ -586,79 +209,20 @@ edges
 | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
 | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
 #select
-| marsdb-flow-to.js:14:17:14:21 | query | marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:14:17:14:21 | query | This query depends on $@. | marsdb-flow-to.js:11:17:11:24 | req.body | a user-provided value |
-| marsdb.js:16:12:16:16 | query | marsdb.js:13:17:13:24 | req.body | marsdb.js:16:12:16:16 | query | This query depends on $@. | marsdb.js:13:17:13:24 | req.body | a user-provided value |
-| minimongo.js:18:12:18:16 | query | minimongo.js:15:17:15:24 | req.body | minimongo.js:18:12:18:16 | query | This query depends on $@. | minimongo.js:15:17:15:24 | req.body | a user-provided value |
 | mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query depends on $@. | mongodb.js:13:19:13:26 | req.body | a user-provided value |
 | mongodb.js:32:18:32:45 | { title ... itle) } | mongodb.js:26:19:26:26 | req.body | mongodb.js:32:18:32:45 | { title ... itle) } | This query depends on $@. | mongodb.js:26:19:26:26 | req.body | a user-provided value |
 | mongodb.js:54:16:54:20 | query | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | This query depends on $@. | mongodb.js:49:19:49:33 | req.query.title | a user-provided value |
-| mongodb.js:65:12:65:16 | query | mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | This query depends on $@. | mongodb.js:60:16:60:30 | req.query.title | a user-provided value |
-| mongodb.js:77:14:77:26 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:77:14:77:26 | { tags: tag } | This query depends on $@. | mongodb.js:70:13:70:25 | req.query.tag | a user-provided value |
-| mongodb.js:85:12:85:24 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:85:12:85:24 | { tags: tag } | This query depends on $@. | mongodb.js:70:13:70:25 | req.query.tag | a user-provided value |
 | mongodb.js:112:14:112:18 | query | mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | This query depends on $@. | mongodb.js:107:17:107:29 | queries.title | a user-provided value |
 | mongodb_bodySafe.js:29:16:29:20 | query | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | This query depends on $@. | mongodb_bodySafe.js:24:19:24:33 | req.query.title | a user-provided value |
-| mongoose.js:24:24:24:30 | [query] | mongoose.js:21:19:21:26 | req.body | mongoose.js:24:24:24:30 | [query] | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
 | mongoose.js:27:20:27:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:27:20:27:24 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:30:25:30:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:30:25:30:29 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:33:24:33:28 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:33:24:33:28 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
 | mongoose.js:36:31:36:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:36:31:36:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
 | mongoose.js:39:19:39:23 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:39:19:39:23 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:42:22:42:26 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:42:22:42:26 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:45:31:45:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:45:31:45:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:48:31:48:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:48:31:48:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:51:31:51:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:51:31:51:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:54:25:54:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:54:25:54:29 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:57:21:57:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:57:21:57:25 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:60:25:60:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:60:25:60:29 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:63:21:63:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:63:21:63:25 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:65:32:65:36 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:65:32:65:36 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:67:27:67:31 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:67:27:67:31 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:68:8:68:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:68:8:68:12 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:71:20:71:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:71:20:71:24 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:72:16:72:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:72:16:72:20 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:73:8:73:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:73:8:73:12 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:74:7:74:11 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:74:7:74:11 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:75:16:75:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:75:16:75:20 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:77:10:77:14 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:77:10:77:14 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:82:46:82:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:82:46:82:50 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:83:47:83:51 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:83:47:83:51 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:85:46:85:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:85:46:85:50 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:87:51:87:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:87:51:87:55 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:89:46:89:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:89:46:89:50 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:92:46:92:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:92:46:92:50 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:94:51:94:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:94:51:94:55 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:96:46:96:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:96:46:96:50 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:111:14:111:18 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:111:14:111:18 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:113:31:113:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:113:31:113:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
-| mongoose.js:116:22:116:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:116:22:116:25 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:117:21:117:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:117:21:117:24 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:118:21:118:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:118:21:118:24 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:119:18:119:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:119:18:119:21 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:120:22:120:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:120:22:120:25 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
 | mongoose.js:121:16:121:19 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:121:16:121:19 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:122:19:122:22 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:122:19:122:22 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:123:20:123:21 | id | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:123:20:123:21 | id | This query depends on $@. | mongoose.js:115:11:115:22 | req.query.id | a user-provided value |
-| mongoose.js:124:28:124:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:124:28:124:31 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:125:28:125:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:125:28:125:31 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:126:28:126:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:126:28:126:31 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:127:18:127:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:127:18:127:21 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:128:22:128:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:128:22:128:25 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
-| mongoose.js:129:21:129:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:129:21:129:24 | cond | This query depends on $@. | mongoose.js:115:32:115:45 | req.query.cond | a user-provided value |
 | mongoose.js:130:16:130:26 | { _id: id } | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:130:16:130:26 | { _id: id } | This query depends on $@. | mongoose.js:115:11:115:22 | req.query.id | a user-provided value |
 | mongooseJsonParse.js:23:19:23:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:23:19:23:23 | query | This query depends on $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | a user-provided value |
 | mongooseModelClient.js:11:16:11:24 | { id: v } | mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:11:16:11:24 | { id: v } | This query depends on $@. | mongooseModelClient.js:10:22:10:29 | req.body | a user-provided value |
 | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | This query depends on $@. | mongooseModelClient.js:12:22:12:29 | req.body | a user-provided value |
-| redis.js:10:16:10:27 | req.body.key | redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | This query depends on $@. | redis.js:10:16:10:23 | req.body | a user-provided value |
-| redis.js:18:16:18:18 | key | redis.js:12:15:12:22 | req.body | redis.js:18:16:18:18 | key | This query depends on $@. | redis.js:12:15:12:22 | req.body | a user-provided value |
-| redis.js:19:43:19:45 | key | redis.js:12:15:12:22 | req.body | redis.js:19:43:19:45 | key | This query depends on $@. | redis.js:12:15:12:22 | req.body | a user-provided value |
-| redis.js:25:14:25:16 | key | redis.js:12:15:12:22 | req.body | redis.js:25:14:25:16 | key | This query depends on $@. | redis.js:12:15:12:22 | req.body | a user-provided value |
-| redis.js:30:23:30:25 | key | redis.js:12:15:12:22 | req.body | redis.js:30:23:30:25 | key | This query depends on $@. | redis.js:12:15:12:22 | req.body | a user-provided value |
-| redis.js:32:28:32:30 | key | redis.js:12:15:12:22 | req.body | redis.js:32:28:32:30 | key | This query depends on $@. | redis.js:12:15:12:22 | req.body | a user-provided value |
-| redis.js:39:16:39:18 | key | redis.js:38:17:38:24 | req.body | redis.js:39:16:39:18 | key | This query depends on $@. | redis.js:38:17:38:24 | req.body | a user-provided value |
-| redis.js:43:27:43:29 | key | redis.js:38:17:38:24 | req.body | redis.js:43:27:43:29 | key | This query depends on $@. | redis.js:38:17:38:24 | req.body | a user-provided value |
-| redis.js:46:34:46:36 | key | redis.js:38:17:38:24 | req.body | redis.js:46:34:46:36 | key | This query depends on $@. | redis.js:38:17:38:24 | req.body | a user-provided value |
 | socketio.js:11:12:11:53 | `INSERT ... andle}` | socketio.js:10:25:10:30 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | This query depends on $@. | socketio.js:10:25:10:30 | handle | a user-provided value |
-| tst2.js:9:27:9:84 | "select ... d + "'" | tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | This query depends on $@. | tst2.js:9:66:9:78 | req.params.id | a user-provided value |
 | tst3.js:9:14:9:19 | query1 | tst3.js:8:16:8:34 | req.params.category | tst3.js:9:14:9:19 | query1 | This query depends on $@. | tst3.js:8:16:8:34 | req.params.category | a user-provided value |
 | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | This query depends on $@. | tst4.js:8:46:8:60 | $routeParams.id | a user-provided value |
 | tst.js:10:10:10:64 | 'SELECT ... d + '"' | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | This query depends on $@. | tst.js:10:46:10:58 | req.params.id | a user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
@@ -1,18 +1,4 @@
 nodes
-| NoSQLCodeInjection.js:18:24:18:31 | req.body |
-| NoSQLCodeInjection.js:18:24:18:31 | req.body |
-| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:19:36:19:43 | req.body |
-| NoSQLCodeInjection.js:19:36:19:43 | req.body |
-| NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
-| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:22:36:22:43 | req.body |
-| NoSQLCodeInjection.js:22:36:22:43 | req.body |
-| NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
 | angularjs.js:10:22:10:29 | location |
 | angularjs.js:10:22:10:29 | location |
 | angularjs.js:10:22:10:36 | location.search |
@@ -175,18 +161,6 @@ nodes
 | tst.js:26:26:26:53 | locatio ... ring(1) |
 | tst.js:26:26:26:53 | locatio ... ring(1) |
 edges
-| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
-| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
-| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
-| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
-| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
 | angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
 | angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
 | angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
@@ -331,9 +305,6 @@ edges
 | tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
 | tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
 #select
-| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | $@ flows to here and is interpreted as code. | NoSQLCodeInjection.js:18:24:18:31 | req.body | User-provided value |
-| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | $@ flows to here and is interpreted as code. | NoSQLCodeInjection.js:19:36:19:43 | req.body | User-provided value |
-| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | $@ flows to here and is interpreted as code. | NoSQLCodeInjection.js:22:36:22:43 | req.body | User-provided value |
 | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:10:22:10:29 | location | User-provided value |
 | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:30 | location | angularjs.js:13:23:13:37 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:13:23:13:30 | location | User-provided value |
 | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:35 | location | angularjs.js:16:28:16:42 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:16:28:16:35 | location | User-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected
@@ -1,18 +1,4 @@
 nodes
-| NoSQLCodeInjection.js:18:24:18:31 | req.body |
-| NoSQLCodeInjection.js:18:24:18:31 | req.body |
-| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:19:36:19:43 | req.body |
-| NoSQLCodeInjection.js:19:36:19:43 | req.body |
-| NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
-| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:22:36:22:43 | req.body |
-| NoSQLCodeInjection.js:22:36:22:43 | req.body |
-| NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
 | angularjs.js:10:22:10:29 | location |
 | angularjs.js:10:22:10:29 | location |
 | angularjs.js:10:22:10:36 | location.search |
@@ -179,18 +165,6 @@ nodes
 | tst.js:26:26:26:53 | locatio ... ring(1) |
 | tst.js:26:26:26:53 | locatio ... ring(1) |
 edges
-| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
-| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
-| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
-| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
-| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
-| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
-| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
 | angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
 | angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
 | angularjs.js:10:22:10:29 | location | angularjs.js:10:22:10:36 | location.search |
--- a/javascript/ql/test/query-tests/Security/CWE-327/BadRandomness.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-327/BadRandomness.expected
@@ -1,18 +0,0 @@
-| bad-random.js:3:11:3:61 | crypto. ... s(1)[0] | Using addition on a $@ produces biased results. | bad-random.js:3:11:3:31 | crypto. ... ytes(1) | cryptographically secure random number |
-| bad-random.js:3:11:3:61 | crypto. ... s(1)[0] | Using addition on a $@ produces biased results. | bad-random.js:3:38:3:58 | crypto. ... ytes(1) | cryptographically secure random number |
-| bad-random.js:4:11:4:61 | crypto. ... s(1)[0] | Using multiplication on a $@ produces biased results. | bad-random.js:4:11:4:31 | crypto. ... ytes(1) | cryptographically secure random number |
-| bad-random.js:4:11:4:61 | crypto. ... s(1)[0] | Using multiplication on a $@ produces biased results. | bad-random.js:4:38:4:58 | crypto. ... ytes(1) | cryptographically secure random number |
-| bad-random.js:9:28:9:43 | buffer[i] / 25.6 | Using division and rounding the result on a $@ produces biased results. | bad-random.js:6:16:6:40 | crypto. ... (bytes) | cryptographically secure random number |
-| bad-random.js:11:17:11:31 | buffer[i] % 100 | Using modulo on a $@ produces biased results. | bad-random.js:6:16:6:40 | crypto. ... (bytes) | cryptographically secure random number |
-| bad-random.js:14:11:14:63 | Number( ... (0, 3)) | Using string concatenation on a $@ produces biased results. | bad-random.js:14:25:14:45 | crypto. ... ytes(3) | cryptographically secure random number |
-| bad-random.js:73:32:73:42 | byte / 25.6 | Using division and rounding the result on a $@ produces biased results. | bad-random.js:70:20:70:44 | crypto. ... (bytes) | cryptographically secure random number |
-| bad-random.js:75:21:75:30 | byte % 100 | Using modulo on a $@ produces biased results. | bad-random.js:70:20:70:44 | crypto. ... (bytes) | cryptographically secure random number |
-| bad-random.js:81:11:81:51 | secureR ... (10)[0] | Using addition on a $@ produces biased results. | bad-random.js:81:11:81:26 | secureRandom(10) | cryptographically secure random number |
-| bad-random.js:81:11:81:51 | secureR ... (10)[0] | Using addition on a $@ produces biased results. | bad-random.js:81:33:81:48 | secureRandom(10) | cryptographically secure random number |
-| bad-random.js:85:11:85:35 | goodRan ... Random2 | Using addition on a $@ produces biased results. | bad-random.js:83:23:83:38 | secureRandom(10) | cryptographically secure random number |
-| bad-random.js:85:11:85:35 | goodRan ... Random2 | Using addition on a $@ produces biased results. | bad-random.js:84:23:84:38 | secureRandom(10) | cryptographically secure random number |
-| bad-random.js:87:16:87:24 | bad + bad | Using addition on a $@ produces biased results. | bad-random.js:83:23:83:38 | secureRandom(10) | cryptographically secure random number |
-| bad-random.js:87:16:87:24 | bad + bad | Using addition on a $@ produces biased results. | bad-random.js:84:23:84:38 | secureRandom(10) | cryptographically secure random number |
-| bad-random.js:90:29:90:54 | secureR ...  / 25.6 | Using division and rounding the result on a $@ produces biased results. | bad-random.js:90:29:90:44 | secureRandom(10) | cryptographically secure random number |
-| bad-random.js:96:29:96:58 | crypto. ... ] / 100 | Using division and rounding the result on a $@ produces biased results. | bad-random.js:96:29:96:49 | crypto. ... ytes(1) | cryptographically secure random number |
-| bad-random.js:118:17:118:45 | crypto. ... 0] % 10 | Using modulo on a $@ produces biased results. | bad-random.js:118:17:118:37 | crypto. ... ytes(1) | cryptographically secure random number |
--- a/javascript/ql/test/query-tests/Security/CWE-770/MissingRateLimiting.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-770/MissingRateLimiting.expected
@@ -1,6 +1,3 @@
-| MissingRateLimiting.js:4:19:4:38 | functio ... ath);\\n} | This route handler performs $@, but is not rate-limited. | MissingRateLimiting.js:7:5:7:22 | res.sendFile(path) | a file system access |
-| MissingRateLimiting.js:25:19:25:20 | f1 | This route handler performs $@, but is not rate-limited. | MissingRateLimiting.js:13:5:13:22 | res.sendFile(path) | a file system access |
-| MissingRateLimiting.js:25:27:25:28 | f3 | This route handler performs $@, but is not rate-limited. | MissingRateLimiting.js:22:5:22:22 | res.sendFile(path) | a file system access |
 | tst.js:22:24:22:40 | expensiveHandler1 | This route handler performs $@, but is not rate-limited. | tst.js:14:40:14:46 | login() | authorization |
 | tst.js:35:20:35:36 | expensiveHandler1 | This route handler performs $@, but is not rate-limited. | tst.js:14:40:14:46 | login() | authorization |
 | tst.js:36:20:36:36 | expensiveHandler2 | This route handler performs $@, but is not rate-limited. | tst.js:15:40:15:73 | fs.writ ... quest") | a file system access |
--- a/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected
@@ -20,9 +20,6 @@ nodes
 | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" |
 | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" |
 | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" |
-| insecure-download.js:52:11:52:45 | "http:/ ... nknown" |
-| insecure-download.js:52:11:52:45 | "http:/ ... nknown" |
-| insecure-download.js:52:11:52:45 | "http:/ ... nknown" |
 edges
 | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:15:18:15:40 | buildTo ... llerUrl |
 | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:15:18:15:40 | buildTo ... llerUrl |
@@ -37,7 +34,6 @@ edges
 | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url |
 | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" |
 | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" |
-| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | insecure-download.js:52:11:52:45 | "http:/ ... nknown" |
 #select
 | insecure-download.js:5:16:5:28 | installer.url | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:5:16:5:28 | installer.url | $@ of sensitive file from $@. | insecure-download.js:5:9:5:44 | nugget( ... => { }) | Download | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | HTTP source |
 | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | $@ of sensitive file from $@. | insecure-download.js:30:5:30:43 | nugget( ... e.APK") | Download | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | HTTP source |
@@ -45,4 +41,3 @@ edges
 | insecure-download.js:39:26:39:28 | url | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:39:26:39:28 | url | $@ of sensitive file from $@. | insecure-download.js:39:5:39:46 | cp.exec ...  () {}) | Download | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | HTTP source |
 | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | $@ of sensitive file from $@. | insecure-download.js:41:5:41:42 | nugget( ... e.APK") | Download | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | HTTP source |
 | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | $@ of sensitive file from $@. | insecure-download.js:48:5:48:71 | nugget( ... => { }) | Download | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | HTTP source |
-| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | insecure-download.js:52:11:52:45 | "http:/ ... nknown" | insecure-download.js:52:11:52:45 | "http:/ ... nknown" | $@ of sensitive file from $@. | insecure-download.js:52:5:54:6 | $.get(" ... \\n    }) | Download | insecure-download.js:52:11:52:45 | "http:/ ... nknown" | HTTP source |
--- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
@@ -43,10 +43,6 @@ nodes
 | tst.js:58:19:58:52 | url.par ... ery.url |
 | tst.js:58:29:58:35 | req.url |
 | tst.js:58:29:58:35 | req.url |
-| tst.js:61:29:61:35 | tainted |
-| tst.js:61:29:61:35 | tainted |
-| tst.js:64:30:64:36 | tainted |
-| tst.js:64:30:64:36 | tainted |
 | tst.js:68:30:68:36 | tainted |
 | tst.js:68:30:68:36 | tainted |
 | tst.js:74:9:74:52 | tainted |
@@ -95,10 +91,6 @@ edges
 | tst.js:43:46:43:52 | tainted | tst.js:43:13:43:54 | `http:/ ... inted}` |
 | tst.js:45:50:45:56 | tainted | tst.js:45:13:45:56 | 'http:/ ... tainted |
 | tst.js:45:50:45:56 | tainted | tst.js:45:13:45:56 | 'http:/ ... tainted |
-| tst.js:58:9:58:52 | tainted | tst.js:61:29:61:35 | tainted |
-| tst.js:58:9:58:52 | tainted | tst.js:61:29:61:35 | tainted |
-| tst.js:58:9:58:52 | tainted | tst.js:64:30:64:36 | tainted |
-| tst.js:58:9:58:52 | tainted | tst.js:64:30:64:36 | tainted |
 | tst.js:58:9:58:52 | tainted | tst.js:68:30:68:36 | tainted |
 | tst.js:58:9:58:52 | tainted | tst.js:68:30:68:36 | tainted |
 | tst.js:58:19:58:42 | url.par ... , true) | tst.js:58:19:58:48 | url.par ... ).query |
@@ -126,7 +118,5 @@ edges
 | tst.js:41:5:41:52 | request ... nted}`) | tst.js:14:29:14:35 | req.url | tst.js:41:13:41:51 | `http:/ ... inted}` | The $@ of this request depends on $@. | tst.js:41:13:41:51 | `http:/ ... inted}` | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
 | tst.js:43:5:43:55 | request ... nted}`) | tst.js:14:29:14:35 | req.url | tst.js:43:13:43:54 | `http:/ ... inted}` | The $@ of this request depends on $@. | tst.js:43:13:43:54 | `http:/ ... inted}` | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
 | tst.js:45:5:45:57 | request ... ainted) | tst.js:14:29:14:35 | req.url | tst.js:45:13:45:56 | 'http:/ ... tainted | The $@ of this request depends on $@. | tst.js:45:13:45:56 | 'http:/ ... tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
-| tst.js:61:2:61:37 | client. ... inted}) | tst.js:58:29:58:35 | req.url | tst.js:61:29:61:35 | tainted | The $@ of this request depends on $@. | tst.js:61:29:61:35 | tainted | URL | tst.js:58:29:58:35 | req.url | a user-provided value |
-| tst.js:64:3:64:38 | client. ... inted}) | tst.js:58:29:58:35 | req.url | tst.js:64:30:64:36 | tainted | The $@ of this request depends on $@. | tst.js:64:30:64:36 | tainted | URL | tst.js:58:29:58:35 | req.url | a user-provided value |
 | tst.js:68:3:68:38 | client. ... inted}) | tst.js:58:29:58:35 | req.url | tst.js:68:30:68:36 | tainted | The $@ of this request depends on $@. | tst.js:68:30:68:36 | tainted | URL | tst.js:58:29:58:35 | req.url | a user-provided value |
 | tst.js:76:5:76:26 | JSDOM.f ... ainted) | tst.js:74:29:74:35 | req.url | tst.js:76:19:76:25 | tainted | The $@ of this request depends on $@. | tst.js:76:19:76:25 | tainted | URL | tst.js:74:29:74:35 | req.url | a user-provided value |
Author	SHA1	Message	Date
Henry Mercer	a5ecb6e8f9	Expose invoke nodes for external API sinks	2021-03-05 21:37:28 +00:00
Henry Mercer	e90e03f119	Revert "Merge pull request #4969 from asgerf/js/angular-dom-santizier-from-core" This reverts commit `bdfb81064d`, reversing changes made to `2a8a2832e2`.	2021-02-05 12:33:07 +00:00
Henry Mercer	47971537bc	Remove NoSQL sinks since September 2018	2021-02-05 12:33:07 +00:00
Esben Sparre Andreasen	c83edf9953	update (some) expected outputs	2021-02-05 12:33:07 +00:00
Esben Sparre Andreasen	7ca6f7a2d5	Remove additional Xss sinks	2021-02-05 12:33:07 +00:00
Esben Sparre Andreasen	24c8b4f7b9	Remove additional SQL sinks	2021-02-05 12:33:07 +00:00
Esben Sparre Andreasen	94940502d0	Remove additional path-injection sinks	2021-02-05 12:33:07 +00:00
Esben Sparre Andreasen	6d86a2e690	update expected output	2021-02-05 12:33:07 +00:00
Esben Sparre Andreasen	4ff1d71b07	Add benjamin-button.md	2021-02-05 12:33:07 +00:00
Esben Sparre Andreasen	6baf4c2a95	Remove pseudo-properties	2021-02-05 12:33:07 +00:00
Esben Sparre Andreasen	bb208ce5d2	Remove 2020 sinks from SqlInjection.ql	2021-02-05 12:33:07 +00:00
Esben Sparre Andreasen	afbc01f95e	Remove 2020 sinks from Xss.ql	2021-02-05 12:33:06 +00:00
Esben Sparre Andreasen	9832847921	Remove 2020 sinks from TaintedPath.ql	2021-02-05 12:33:06 +00:00
				`@@ -0,0 +1 @@`
				`\| index.js:4:60:4:137 \| /* use ... )))) */ \| use (return (member copy (member exports (module fs-extra)))) has no outgoing edge labelled promised; it has no outgoing edges at all. \|`
				`@@ -0,0 +1 @@`
				`\| query-tests/Security/CWE-079/StoredXss/xss-through-torrent.js:7 \| expected an alert, but found none \| NOT OK \| \|`
				`@@ -0,0 +1 @@`
				`\| query-tests/Security/CWE-079/XssThroughDom/xss-through-dom.js:71 \| expected an alert, but found none \| NOT OK. \| \|`