Initial plan

actions/ql/lib/CHANGELOG.md

@@ -1,9 +1,3 @@
-## 0.4.37
-
-### Minor Analysis Improvements
-
-* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
-
 ## 0.4.36
 
 ### Minor Analysis Improvements

actions/ql/lib/change-notes/2026-05-12-improved-alphanumeric-regex.md

@@ -1,5 +1,4 @@
-## 0.4.37
-
-### Minor Analysis Improvements
-
-* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
+---
+category: minorAnalysis
+---
+* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.

actions/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.37
+lastReleaseVersion: 0.4.36

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.38-dev
+version: 0.4.37-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/CHANGELOG.md

@@ -1,22 +1,3 @@
-## 0.6.29
-
-### Query Metadata Changes
-
-* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`.
-
-### Major Analysis Improvements
-
-* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query.
-
-### Minor Analysis Improvements
-
-* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`.
-* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes.
-
-### Bug Fixes
-
-* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.
-
 ## 0.6.28
 
 ### Query Metadata Changes

actions/ql/src/change-notes/2026-05-05-untrusted-checkout-high.md

@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query.

actions/ql/src/change-notes/2026-05-12-sha256-pinned-actions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes.

actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-alert.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`.

actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-helpfile.md

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.

actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-metadata.md

@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`.

actions/ql/src/change-notes/released/0.6.29.md

@@ -1,18 +0,0 @@
-## 0.6.29
-
-### Query Metadata Changes
-
-* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`.
-
-### Major Analysis Improvements
-
-* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query.
-
-### Minor Analysis Improvements
-
-* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`.
-* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes.
-
-### Bug Fixes
-
-* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.

actions/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.29
+lastReleaseVersion: 0.6.28

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.30-dev
+version: 0.6.29-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

config/identical-files.json

@@ -11,6 +11,10 @@
     "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll"
   ],
+  "Bound Java/C#": [
+    "java/ql/lib/semmle/code/java/dataflow/Bound.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll"
+  ],
   "ModulusAnalysis Java/C#": [
     "java/ql/lib/semmle/code/java/dataflow/ModulusAnalysis.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/ModulusAnalysis.qll"

cpp/ql/lib/CHANGELOG.md

@@ -1,19 +1,3 @@
-## 10.2.0
-
-### Deprecated APIs
-
-* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead.
-
-### New Features
-
-* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations.
-* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations.
-
-### Minor Analysis Improvements
-
-* Added flow source models for `scanf_s` and related functions.
-* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported.
-
 ## 10.1.1
 
 ### Minor Analysis Improvements

cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md

@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Added flow source models for `scanf_s` and related functions.
+* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported.

cpp/ql/lib/change-notes/2026-05-16-alias-template.md

@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations.

cpp/ql/lib/change-notes/2026-05-18-alias-type.md

@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead.

cpp/ql/lib/change-notes/2026-05-21-generated-from.md

@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations.

cpp/ql/lib/change-notes/released/10.2.0.md

@@ -1,15 +0,0 @@
-## 10.2.0
-
-### Deprecated APIs
-
-* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead.
-
-### New Features
-
-* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations.
-* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations.
-
-### Minor Analysis Improvements
-
-* Added flow source models for `scanf_s` and related functions.
-* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 10.2.0
+lastReleaseVersion: 10.1.1

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 10.2.1-dev
+version: 10.1.2-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll

@@ -276,45 +276,6 @@ private predicate isClassConstructedFrom(Class c, Class templateClass) {
   not c.isConstructedFrom(_) and c = templateClass
 }
 
-/** Gets the fully templated version of `c`. */
-private Class getFullyTemplatedClassOld(Class c) {
-  not c.isFromUninstantiatedTemplate(_) and
-  isClassConstructedFrom(c, result)
-}
-
-private TemplateClass getOriginalClassTemplate(TemplateClass tc) {
-  result = tc.getOriginalTemplate()
-  or
-  not exists(tc.getOriginalTemplate()) and
-  result = tc
-}
-
-/** Gets the fully templated version of `c`. */
-private Class getFullyTemplatedClassNew(Class c) {
-  not c.isFromUninstantiatedTemplate(_) and
-  exists(Class mid |
-    c.isConstructedFrom(mid)
-    or
-    not c.isConstructedFrom(_) and c = mid
-  |
-    result = getOriginalClassTemplate(mid)
-    or
-    not mid instanceof TemplateClass and mid = result
-  )
-}
-
-/** Gets the fully templated version of `c`. */
-private Class getFullyTemplatedClass(Class c) {
-  // The `Class::getOriginalTemplate` predicate was introduced in CodeQL
-  // version 2.25.6 and the upgrade script leaves the
-  // `class_template_generated_from` extensionals empty if the database
-  // was generated with an older extractor. So we use the old implementation
-  // if the `class_template_generated_from` extensional is empty.
-  if class_template_generated_from(_, _)
-  then result = getFullyTemplatedClassNew(c)
-  else result = getFullyTemplatedClassOld(c)
-}
-
 /**
  * Holds if `f` is an instantiation of a function template `templateFunc`, or
  * holds with `f = templateFunc` if `f` is not an instantiation of any function
@@ -331,7 +292,7 @@ private predicate isFunctionConstructedFrom(Function f, Function templateFunc) {
 }
 
 /** Gets the fully templated version of `f`. */
-private Function getFullyTemplatedFunctionOld(Function f) {
+Function getFullyTemplatedFunction(Function f) {
   not f.isFromUninstantiatedTemplate(_) and
   (
     exists(Class c, Class templateClass, int i |
@@ -345,46 +306,13 @@ private Function getFullyTemplatedFunctionOld(Function f) {
   )
 }
 
-private TemplateFunction getOriginalFunctionTemplate(TemplateFunction tf) {
-  result = tf.getOriginalTemplate()
-  or
-  not exists(tf.getOriginalTemplate()) and
-  result = tf
-}
-
-/** Gets the fully templated version of `f`. */
-private Function getFullyTemplatedFunctionNew(Function f) {
-  not f.isFromUninstantiatedTemplate(_) and
-  exists(Function mid |
-    f.isConstructedFrom(mid)
-    or
-    not f.isConstructedFrom(_) and f = mid
-  |
-    result = getOriginalFunctionTemplate(mid)
-    or
-    not mid instanceof TemplateFunction and mid = result
-  )
-}
-
-/** Gets the fully templated version of `f`. */
-Function getFullyTemplatedFunction(Function f) {
-  // The `Function::getOriginalTemplate` predicate was introduced in CodeQL
-  // version 2.25.6 and the upgrade script leaves the
-  // `function_template_generated_from` extensionals empty if the database
-  // was generated with an older extractor. So we use the old implementation
-  // if the `function_template_generated_from` extensional is empty.
-  if function_template_generated_from(_, _)
-  then result = getFullyTemplatedFunctionNew(f)
-  else result = getFullyTemplatedFunctionOld(f)
-}
-
 /** Prefixes `const` to `s` if `t` is const, or returns `s` otherwise. */
 bindingset[s, t]
 private string withConst(string s, Type t) {
   if t.isConst() then result = "const " + s else result = s
 }
 
-/** Prefixes `volatile` to `s` if `t` is volatile, or returns `s` otherwise. */
+/** Prefixes `volatile` to `s` if `t` is const, or returns `s` otherwise. */
 bindingset[s, t]
 private string withVolatile(string s, Type t) {
   if t.isVolatile() then result = "volatile " + s else result = s
@@ -562,7 +490,7 @@ pragma[nomagic]
 private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining) {
   // If there is a declaring type then we start by expanding the function templates
   exists(Class template |
-    template = getFullyTemplatedClass(f.getDeclaringType()) and
+    isClassConstructedFrom(f.getDeclaringType(), template) and
     remaining = getNumberOfSupportedClassTemplateArguments(template) and
     result = getTypeNameWithoutFunctionTemplates(f, n, 0)
   )
@@ -574,7 +502,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining
   or
   exists(string mid, TypeTemplateParameter tp, Class template |
     mid = getTypeNameWithoutClassTemplates(f, n, remaining + 1) and
-    template = getFullyTemplatedClass(f.getDeclaringType()) and
+    isClassConstructedFrom(f.getDeclaringType(), template) and
     tp = getSupportedClassTemplateArgument(template, remaining)
   |
     result = mid.replaceAll(tp.getName(), "class:" + remaining.toString())

cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll

@@ -61,13 +61,12 @@ private predicate discardElement(@element e) {
   // particular, been deleted), or the overlay has redefined the TRAP
   // file or tag it is in, or the overlay runner has re-extracted the same
   // source file (e.g. because a header it includes has changed).
-  not exists(@trap_or_tag t |
+  forall(@trap_or_tag t, string sourceFile |
     locallyInTrapOrTag(false, e, t) and
-    not locallyReachableTrapOrTag(true, _, t) and
-    exists(string sourceFile |
-      locallyReachableTrapOrTag(false, sourceFile, t) and
-      not overlayChangedFiles(sourceFile) and
-      not locallyReachableTrapOrTag(true, sourceFile, _)
-    )
+    locallyReachableTrapOrTag(false, sourceFile, t)
+  |
+    overlayChangedFiles(sourceFile) or
+    locallyReachableTrapOrTag(true, _, t) or
+    locallyReachableTrapOrTag(true, sourceFile, _)
   )
 }

cpp/ql/src/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.6.4
-
-No user-facing changes.
-
 ## 1.6.3
 
 ### Minor Analysis Improvements

cpp/ql/src/change-notes/released/1.6.4.md

@@ -1,3 +0,0 @@
-## 1.6.4
-
-No user-facing changes.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.4
+lastReleaseVersion: 1.6.3

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.6.5-dev
+version: 1.6.4-dev
 groups:
   - cpp
   - queries

cpp/ql/test/library-tests/dataflow/external-models/flow.expected

@@ -51,16 +51,13 @@ models
 | 50 | Summary: ; ; false; ymlStepGenerated; ; ; Argument[0]; ReturnValue; taint; df-generated |
 | 51 | Summary: ; ; false; ymlStepManual; ; ; Argument[0]; ReturnValue; taint; manual |
 | 52 | Summary: ; ; false; ymlStepManual_with_body; ; ; Argument[0]; ReturnValue; taint; manual |
-| 53 | Summary: ; TemplateClass1; true; templateFunction2<U,V>; (U,V); ; Argument[1]; ReturnValue; value; manual |
-| 54 | Summary: ; TemplateClass1<T>; false; templateFunction<U>; (T,U); ; Argument[0]; ReturnValue; value; manual |
-| 55 | Summary: ; TemplateClass2<T,U>; true; function; (U,T); ; Argument[1]; ReturnValue; value; manual |
-| 56 | Summary: Azure::Core::IO; BodyStream; true; Read; ; ; Argument[-1]; Argument[*0]; taint; manual |
-| 57 | Summary: Azure::Core::IO; BodyStream; true; ReadToCount; ; ; Argument[-1]; Argument[*0]; taint; manual |
-| 58 | Summary: Azure::Core::IO; BodyStream; true; ReadToEnd; ; ; Argument[-1]; ReturnValue.Element; taint; manual |
-| 59 | Summary: Azure; Nullable; true; Value; ; ; Argument[-1]; ReturnValue[*]; taint; manual |
-| 60 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
+| 53 | Summary: Azure::Core::IO; BodyStream; true; Read; ; ; Argument[-1]; Argument[*0]; taint; manual |
+| 54 | Summary: Azure::Core::IO; BodyStream; true; ReadToCount; ; ; Argument[-1]; Argument[*0]; taint; manual |
+| 55 | Summary: Azure::Core::IO; BodyStream; true; ReadToEnd; ; ; Argument[-1]; ReturnValue.Element; taint; manual |
+| 56 | Summary: Azure; Nullable; true; Value; ; ; Argument[-1]; ReturnValue[*]; taint; manual |
+| 57 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
 edges
-| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:60 |
+| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:57 |
 | asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:91:7:91:17 | recv_buffer | provenance | Src:MaD:32  |
 | asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:93:29:93:39 | *recv_buffer | provenance | Src:MaD:32 Sink:MaD:2 |
 | asio_streams.cpp:97:37:97:44 | call to source | asio_streams.cpp:98:7:98:14 | send_str | provenance | TaintFunction |
@@ -69,24 +66,24 @@ edges
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:101:7:101:17 | send_buffer | provenance |  |
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:2 |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance |  |
-| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:60 |
-| azure.cpp:62:10:62:14 | [summary param] this in Value | azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | provenance | MaD:59 |
-| azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | provenance | MaD:56 |
-| azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | provenance | MaD:57 |
-| azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | provenance | MaD:58 |
+| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:57 |
+| azure.cpp:62:10:62:14 | [summary param] this in Value | azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | provenance | MaD:56 |
+| azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | provenance | MaD:53 |
+| azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | provenance | MaD:54 |
+| azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | provenance | MaD:55 |
 | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue in ReadToEnd [element] | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:253:48:253:60 | *call to GetBodyStream | provenance | Src:MaD:29  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:257:5:257:8 | *resp | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:262:5:262:8 | *resp | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:266:38:266:41 | *resp | provenance |  |
 | azure.cpp:257:5:257:8 | *resp | azure.cpp:113:16:113:19 | [summary param] this in Read | provenance |  |
-| azure.cpp:257:5:257:8 | *resp | azure.cpp:257:16:257:21 | Read output argument | provenance | MaD:56 |
+| azure.cpp:257:5:257:8 | *resp | azure.cpp:257:16:257:21 | Read output argument | provenance | MaD:53 |
 | azure.cpp:257:16:257:21 | Read output argument | azure.cpp:258:10:258:16 | * ... | provenance |  |
 | azure.cpp:262:5:262:8 | *resp | azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | provenance |  |
-| azure.cpp:262:5:262:8 | *resp | azure.cpp:262:23:262:28 | ReadToCount output argument | provenance | MaD:57 |
+| azure.cpp:262:5:262:8 | *resp | azure.cpp:262:23:262:28 | ReadToCount output argument | provenance | MaD:54 |
 | azure.cpp:262:23:262:28 | ReadToCount output argument | azure.cpp:263:10:263:16 | * ... | provenance |  |
 | azure.cpp:266:38:266:41 | *resp | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | provenance |  |
-| azure.cpp:266:38:266:41 | *resp | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | MaD:58 |
+| azure.cpp:266:38:266:41 | *resp | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | MaD:55 |
 | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance |  |
 | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:267:10:267:12 | vec [element] | provenance |  |
 | azure.cpp:267:10:267:12 | vec [element] | azure.cpp:267:10:267:12 | vec | provenance |  |
@@ -103,11 +100,11 @@ edges
 | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | provenance | Src:MaD:26  |
 | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:282:21:282:23 | *call to get | provenance |  |
 | azure.cpp:282:21:282:23 | *call to get | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | provenance |  |
-| azure.cpp:282:21:282:23 | *call to get | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | MaD:58 |
+| azure.cpp:282:21:282:23 | *call to get | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | MaD:55 |
 | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:10:282:38 | call to ReadToEnd | provenance |  |
 | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance |  |
 | azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:62:10:62:14 | [summary param] this in Value | provenance |  |
-| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:289:63:289:65 | call to Value | provenance | MaD:59 |
+| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:289:63:289:65 | call to Value | provenance | MaD:56 |
 | azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:24:289:56 | call to GetHeader | provenance |  |
 | azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:32:289:40 | call to GetHeader | provenance | Src:MaD:30  |
 | azure.cpp:289:63:289:65 | call to Value | azure.cpp:289:63:289:65 | call to Value | provenance |  |
@@ -183,39 +180,6 @@ edges
 | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:119:10:119:11 | y2 | provenance | Sink:MaD:1 |
 | test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | provenance |  |
 | test.cpp:118:44:118:44 | *x | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | MaD:48 |
-| test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | provenance | MaD:54 |
-| test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | provenance | MaD:53 |
-| test.cpp:133:10:133:18 | call to ymlSource | test.cpp:133:10:133:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:133:10:133:18 | call to ymlSource | test.cpp:134:45:134:45 | x | provenance |  |
-| test.cpp:134:13:134:43 | call to templateFunction | test.cpp:134:13:134:43 | call to templateFunction | provenance |  |
-| test.cpp:134:13:134:43 | call to templateFunction | test.cpp:135:10:135:10 | y | provenance | Sink:MaD:1 |
-| test.cpp:134:45:134:45 | x | test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | provenance |  |
-| test.cpp:134:45:134:45 | x | test.cpp:134:13:134:43 | call to templateFunction | provenance | MaD:54 |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | provenance | MaD:55 |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | provenance | MaD:55 |
-| test.cpp:146:10:146:18 | call to ymlSource | test.cpp:146:10:146:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:146:10:146:18 | call to ymlSource | test.cpp:148:26:148:26 | x | provenance |  |
-| test.cpp:148:10:148:27 | call to function | test.cpp:148:10:148:27 | call to function | provenance |  |
-| test.cpp:148:10:148:27 | call to function | test.cpp:149:10:149:10 | z | provenance | Sink:MaD:1 |
-| test.cpp:148:26:148:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | provenance |  |
-| test.cpp:148:26:148:26 | x | test.cpp:148:10:148:27 | call to function | provenance | MaD:55 |
-| test.cpp:155:10:155:18 | call to ymlSource | test.cpp:155:10:155:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:155:10:155:18 | call to ymlSource | test.cpp:157:26:157:26 | x | provenance |  |
-| test.cpp:157:13:157:20 | call to function | test.cpp:157:13:157:20 | call to function | provenance |  |
-| test.cpp:157:13:157:20 | call to function | test.cpp:158:10:158:10 | z | provenance | Sink:MaD:1 |
-| test.cpp:157:26:157:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | provenance |  |
-| test.cpp:157:26:157:26 | x | test.cpp:157:13:157:20 | call to function | provenance | MaD:55 |
-| test.cpp:164:34:164:34 | x | test.cpp:165:69:165:69 | x | provenance |  |
-| test.cpp:165:12:165:64 | call to templateFunction2 | test.cpp:164:7:164:7 | *templateFunction3 | provenance |  |
-| test.cpp:165:12:165:64 | call to templateFunction2 | test.cpp:165:12:165:64 | call to templateFunction2 | provenance |  |
-| test.cpp:165:69:165:69 | x | test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | provenance |  |
-| test.cpp:165:69:165:69 | x | test.cpp:165:12:165:64 | call to templateFunction2 | provenance | MaD:53 |
-| test.cpp:170:10:170:18 | call to ymlSource | test.cpp:170:10:170:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:170:10:170:18 | call to ymlSource | test.cpp:172:51:172:51 | x | provenance |  |
-| test.cpp:172:13:172:44 | call to templateFunction3 | test.cpp:172:13:172:44 | call to templateFunction3 | provenance |  |
-| test.cpp:172:13:172:44 | call to templateFunction3 | test.cpp:173:10:173:10 | y | provenance | Sink:MaD:1 |
-| test.cpp:172:51:172:51 | x | test.cpp:164:34:164:34 | x | provenance |  |
-| test.cpp:172:51:172:51 | x | test.cpp:172:13:172:44 | call to templateFunction3 | provenance | MaD:53 |
 | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | provenance | MaD:33 |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:22:15:22:29 | *call to GetCommandLineA | provenance | Src:MaD:3  |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:24:8:24:11 | * ... | provenance |  |
@@ -519,43 +483,6 @@ nodes
 | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | semmle.label | call to callWithNonTypeTemplate |
 | test.cpp:118:44:118:44 | *x | semmle.label | *x |
 | test.cpp:119:10:119:11 | y2 | semmle.label | y2 |
-| test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | semmle.label | [summary param] 0 in templateFunction |
-| test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | semmle.label | [summary] to write: ReturnValue in templateFunction |
-| test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | semmle.label | [summary param] 1 in templateFunction2 |
-| test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | semmle.label | [summary] to write: ReturnValue in templateFunction2 |
-| test.cpp:133:10:133:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:133:10:133:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:134:13:134:43 | call to templateFunction | semmle.label | call to templateFunction |
-| test.cpp:134:13:134:43 | call to templateFunction | semmle.label | call to templateFunction |
-| test.cpp:134:45:134:45 | x | semmle.label | x |
-| test.cpp:135:10:135:10 | y | semmle.label | y |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | semmle.label | [summary param] 1 in function |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | semmle.label | [summary param] 1 in function |
-| test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | semmle.label | [summary] to write: ReturnValue in function |
-| test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | semmle.label | [summary] to write: ReturnValue in function |
-| test.cpp:146:10:146:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:146:10:146:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:148:10:148:27 | call to function | semmle.label | call to function |
-| test.cpp:148:10:148:27 | call to function | semmle.label | call to function |
-| test.cpp:148:26:148:26 | x | semmle.label | x |
-| test.cpp:149:10:149:10 | z | semmle.label | z |
-| test.cpp:155:10:155:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:155:10:155:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:157:13:157:20 | call to function | semmle.label | call to function |
-| test.cpp:157:13:157:20 | call to function | semmle.label | call to function |
-| test.cpp:157:26:157:26 | x | semmle.label | x |
-| test.cpp:158:10:158:10 | z | semmle.label | z |
-| test.cpp:164:7:164:7 | *templateFunction3 | semmle.label | *templateFunction3 |
-| test.cpp:164:34:164:34 | x | semmle.label | x |
-| test.cpp:165:12:165:64 | call to templateFunction2 | semmle.label | call to templateFunction2 |
-| test.cpp:165:12:165:64 | call to templateFunction2 | semmle.label | call to templateFunction2 |
-| test.cpp:165:69:165:69 | x | semmle.label | x |
-| test.cpp:170:10:170:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:170:10:170:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:172:13:172:44 | call to templateFunction3 | semmle.label | call to templateFunction3 |
-| test.cpp:172:13:172:44 | call to templateFunction3 | semmle.label | call to templateFunction3 |
-| test.cpp:172:51:172:51 | x | semmle.label | x |
-| test.cpp:173:10:173:10 | y | semmle.label | y |
 | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | semmle.label | [summary param] *0 in CommandLineToArgvA |
 | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | semmle.label | [summary] to write: ReturnValue[**] in CommandLineToArgvA |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | semmle.label | *call to GetCommandLineA |
@@ -761,11 +688,6 @@ subpaths
 | test.cpp:25:35:25:35 | x | test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | test.cpp:25:11:25:33 | call to ymlStepManual_with_body |
 | test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body |
 | test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate |
-| test.cpp:134:45:134:45 | x | test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | test.cpp:134:13:134:43 | call to templateFunction |
-| test.cpp:148:26:148:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | test.cpp:148:10:148:27 | call to function |
-| test.cpp:157:26:157:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | test.cpp:157:13:157:20 | call to function |
-| test.cpp:165:69:165:69 | x | test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | test.cpp:165:12:165:64 | call to templateFunction2 |
-| test.cpp:172:51:172:51 | x | test.cpp:164:34:164:34 | x | test.cpp:164:7:164:7 | *templateFunction3 | test.cpp:172:13:172:44 | call to templateFunction3 |
 | windows.cpp:27:36:27:38 | *cmd | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA |
 | windows.cpp:537:40:537:41 | *& ... | windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | windows.cpp:473:17:473:37 | [summary param] *0 in RtlCopyVolatileMemory [Return] | windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument |
 | windows.cpp:542:38:542:39 | *& ... | windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | windows.cpp:479:17:479:35 | [summary param] *0 in RtlCopyDeviceMemory [Return] | windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument |

cpp/ql/test/library-tests/dataflow/external-models/flow.ext.yml

@@ -18,7 +18,4 @@ extensions:
       - ["", "", False, "ymlStepManual_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["", "", False, "ymlStepGenerated_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
       - ["", "", False, "callWithArgument", "", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "manual"]
-      - ["", "", False, "callWithNonTypeTemplate<T>", "(const T &)", "", "Argument[*0]", "ReturnValue", "value", "manual"]
-      - ["", "TemplateClass1<T>", False, "templateFunction<U>", "(T,U)", "", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["", "TemplateClass1", True, "templateFunction2<U,V>", "(U,V)", "", "Argument[1]", "ReturnValue", "value", "manual"]
-      - ["", "TemplateClass2<T,U>", True, "function", "(U,T)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["", "", False, "callWithNonTypeTemplate<T>", "(const T &)", "", "Argument[*0]", "ReturnValue", "value", "manual"]

cpp/ql/test/library-tests/dataflow/external-models/sinks.expected

@@ -15,7 +15,3 @@
 | test.cpp:89:11:89:11 | y | test-sink |
 | test.cpp:116:10:116:11 | y1 | test-sink |
 | test.cpp:119:10:119:11 | y2 | test-sink |
-| test.cpp:135:10:135:10 | y | test-sink |
-| test.cpp:149:10:149:10 | z | test-sink |
-| test.cpp:158:10:158:10 | z | test-sink |
-| test.cpp:173:10:173:10 | y | test-sink |

cpp/ql/test/library-tests/dataflow/external-models/sources.expected

@@ -9,10 +9,6 @@
 | test.cpp:56:8:56:16 | call to ymlSource | local |
 | test.cpp:94:10:94:18 | call to ymlSource | local |
 | test.cpp:114:10:114:18 | call to ymlSource | local |
-| test.cpp:133:10:133:18 | call to ymlSource | local |
-| test.cpp:146:10:146:18 | call to ymlSource | local |
-| test.cpp:155:10:155:18 | call to ymlSource | local |
-| test.cpp:170:10:170:18 | call to ymlSource | local |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | local |
 | windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | local |
 | windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | local |

cpp/ql/test/library-tests/dataflow/external-models/test.cpp

@@ -118,57 +118,3 @@ void test_callWithNonTypeTemplate() {
 	int y2 = callWithNonTypeTemplate<int, 10>(x);
 	ymlSink(y2); // $ ir
 }
-
-template<class T>
-struct TemplateClass1 {
-  template<class U>
-  U templateFunction(T, U);
-
-	template<class U, class V>
-  V templateFunction2(U, V);
-};
-
-void test_template_function_in_template_class() {
-	TemplateClass1<int> b;
-	int x = ymlSource();
-	auto y = b.templateFunction<unsigned long>(x, 0UL);
-	ymlSink(y); // $ ir
-}
-
-template<class S, class T>
-struct TemplateClass2 {
-	T function(T, S);
-};
-
-template<class V> using PartialInstantiationOfTemplateClass2 = TemplateClass2<int, V>;
-
-void test_partial_class_instantiation() {
-	int x = ymlSource();
-	PartialInstantiationOfTemplateClass2<unsigned long> y;
-	int z = y.function(0UL, x);
-	ymlSink(z); // $ ir
-}
-
-template<class V> struct DeriveFromFromPartialTemplateInstantiation : TemplateClass2<int, V> { };
-
-void test_inheritance() {
-	int x = ymlSource();
-	DeriveFromFromPartialTemplateInstantiation<long> y;
-	auto z = y.function(0L, x);
-	ymlSink(z); // $ ir
-}
-
-template<class T>
-struct Class1 : TemplateClass1<T> {
-  template<class U>
-  int templateFunction3(U u, int x) {
-    return TemplateClass1<T>::template templateFunction2<U, int>(u, x);
-  }
-};
-
-void test_class1() {
-	int x = ymlSource();
-	Class1<int> c;
-	auto y = c.templateFunction3<unsigned long>(0UL, x);
-	ymlSink(y); // $ ir
-}

cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected

@@ -27383,55 +27383,54 @@ getParameterTypeName
 | stl.h:91:24:91:33 | operator++ | 0 | int |
 | stl.h:95:44:95:44 | back_inserter | 0 | func:0 & |
 | stl.h:95:44:95:44 | back_inserter | 0 | func:0 & |
-| stl.h:147:12:147:23 | basic_string | 0 | const class:2 & |
-| stl.h:148:3:148:14 | basic_string | 0 | const class:0 * |
-| stl.h:148:3:148:14 | basic_string | 1 | const class:2 & |
-| stl.h:149:33:149:44 | basic_string | 0 | func:0 |
-| stl.h:149:33:149:44 | basic_string | 1 | func:0 |
-| stl.h:149:33:149:44 | basic_string | 2 | const class:2 & |
-| stl.h:165:8:165:16 | push_back | 0 | class:0 |
+| stl.h:148:3:148:14 | basic_string | 0 | const class:2 & |
+| stl.h:149:33:149:44 | basic_string | 0 | const class:0 * |
+| stl.h:149:33:149:44 | basic_string | 1 | const class:2 & |
+| stl.h:151:16:151:20 | c_str | 0 | func:0 |
+| stl.h:151:16:151:20 | c_str | 1 | func:0 |
+| stl.h:151:16:151:20 | c_str | 2 | const class:2 & |
 | stl.h:173:13:173:22 | operator[] | 0 | size_type |
 | stl.h:175:13:175:14 | at | 0 | size_type |
-| stl.h:176:35:176:44 | operator+= | 0 | const func:0 & |
-| stl.h:176:35:176:44 | operator+= | 0 | const func:0 & |
-| stl.h:177:17:177:26 | operator+= | 0 | const class:0 * |
-| stl.h:178:17:178:22 | append | 0 | const basic_string & |
-| stl.h:179:17:179:22 | append | 0 | const class:0 * |
-| stl.h:180:17:180:22 | append | 0 | size_type |
-| stl.h:180:17:180:22 | append | 1 | class:0 |
-| stl.h:181:47:181:52 | append | 0 | func:0 |
-| stl.h:181:47:181:52 | append | 1 | func:0 |
-| stl.h:182:17:182:22 | assign | 0 | const basic_string & |
-| stl.h:183:17:183:22 | assign | 0 | size_type |
-| stl.h:183:17:183:22 | assign | 1 | class:0 |
-| stl.h:184:47:184:52 | assign | 0 | func:0 |
-| stl.h:184:47:184:52 | assign | 1 | func:0 |
-| stl.h:185:17:185:22 | insert | 0 | size_type |
-| stl.h:185:17:185:22 | insert | 1 | const basic_string & |
+| stl.h:176:35:176:44 | operator+= | 0 | size_type |
+| stl.h:176:35:176:44 | operator+= | 0 | size_type |
+| stl.h:177:17:177:26 | operator+= | 0 | const func:0 & |
+| stl.h:178:17:178:22 | append | 0 | const class:0 * |
+| stl.h:179:17:179:22 | append | 0 | const basic_string & |
+| stl.h:180:17:180:22 | append | 0 | const class:0 * |
+| stl.h:181:47:181:52 | append | 0 | size_type |
+| stl.h:181:47:181:52 | append | 1 | class:0 |
+| stl.h:182:17:182:22 | assign | 0 | func:0 |
+| stl.h:182:17:182:22 | assign | 1 | func:0 |
+| stl.h:183:17:183:22 | assign | 0 | const basic_string & |
+| stl.h:184:47:184:52 | assign | 0 | size_type |
+| stl.h:184:47:184:52 | assign | 1 | class:0 |
+| stl.h:185:17:185:22 | insert | 0 | func:0 |
+| stl.h:185:17:185:22 | insert | 1 | func:0 |
 | stl.h:186:17:186:22 | insert | 0 | size_type |
-| stl.h:186:17:186:22 | insert | 1 | size_type |
-| stl.h:186:17:186:22 | insert | 2 | class:0 |
+| stl.h:186:17:186:22 | insert | 1 | const basic_string & |
 | stl.h:187:17:187:22 | insert | 0 | size_type |
-| stl.h:187:17:187:22 | insert | 1 | const class:0 * |
-| stl.h:188:12:188:17 | insert | 0 | const_iterator |
-| stl.h:188:12:188:17 | insert | 1 | size_type |
-| stl.h:188:12:188:17 | insert | 2 | class:0 |
+| stl.h:187:17:187:22 | insert | 1 | size_type |
+| stl.h:187:17:187:22 | insert | 2 | class:0 |
+| stl.h:188:12:188:17 | insert | 0 | size_type |
+| stl.h:188:12:188:17 | insert | 1 | const class:0 * |
 | stl.h:189:42:189:47 | insert | 0 | const_iterator |
-| stl.h:189:42:189:47 | insert | 1 | func:0 |
-| stl.h:189:42:189:47 | insert | 2 | func:0 |
-| stl.h:190:17:190:23 | replace | 0 | size_type |
-| stl.h:190:17:190:23 | replace | 1 | size_type |
-| stl.h:190:17:190:23 | replace | 2 | const basic_string & |
+| stl.h:189:42:189:47 | insert | 1 | size_type |
+| stl.h:189:42:189:47 | insert | 2 | class:0 |
+| stl.h:190:17:190:23 | replace | 0 | const_iterator |
+| stl.h:190:17:190:23 | replace | 1 | func:0 |
+| stl.h:190:17:190:23 | replace | 2 | func:0 |
 | stl.h:191:17:191:23 | replace | 0 | size_type |
 | stl.h:191:17:191:23 | replace | 1 | size_type |
-| stl.h:191:17:191:23 | replace | 2 | size_type |
-| stl.h:191:17:191:23 | replace | 3 | class:0 |
-| stl.h:192:13:192:16 | copy | 0 | class:0 * |
+| stl.h:191:17:191:23 | replace | 2 | const basic_string & |
+| stl.h:192:13:192:16 | copy | 0 | size_type |
 | stl.h:192:13:192:16 | copy | 1 | size_type |
 | stl.h:192:13:192:16 | copy | 2 | size_type |
-| stl.h:194:16:194:21 | substr | 0 | size_type |
-| stl.h:194:16:194:21 | substr | 1 | size_type |
-| stl.h:195:8:195:11 | swap | 0 | basic_string & |
+| stl.h:192:13:192:16 | copy | 3 | class:0 |
+| stl.h:193:8:193:12 | clear | 0 | class:0 * |
+| stl.h:193:8:193:12 | clear | 1 | size_type |
+| stl.h:193:8:193:12 | clear | 2 | size_type |
+| stl.h:195:8:195:11 | swap | 0 | size_type |
+| stl.h:195:8:195:11 | swap | 1 | size_type |
 | stl.h:198:94:198:102 | operator+ | 0 | const basic_string & |
 | stl.h:198:94:198:102 | operator+ | 1 | const basic_string & |
 | stl.h:199:94:199:102 | operator+ | 0 | const basic_string & |

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.7.68
-
-No user-facing changes.
-
 ## 1.7.67
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.68.md

@@ -1,3 +0,0 @@
-## 1.7.68
-
-No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.68
+lastReleaseVersion: 1.7.67

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.69-dev
+version: 1.7.68-dev
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.7.68
-
-No user-facing changes.
-
 ## 1.7.67
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.68.md

@@ -1,3 +0,0 @@
-## 1.7.68
-
-No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.68
+lastReleaseVersion: 1.7.67

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.69-dev
+version: 1.7.68-dev
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,10 +1,3 @@
-## 6.0.2
-
-### Minor Analysis Improvements
-
-* Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. The QL library and data flow analysis now support the new C# 14 language constructs and include generated Models as Data (MaD) models for the .NET 10 runtime.
-* C# 14: Added support for user-defined instance increment/decrement operators.
-
 ## 6.0.1
 
 No user-facing changes.

csharp/ql/lib/change-notes/2026-05-12-user-increment-decrement.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* C# 14: Added support for user-defined instance increment/decrement operators.

csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md

@@ -1,6 +1,4 @@
-## 6.0.2
-
-### Minor Analysis Improvements
-
+---
+category: minorAnalysis
+---
 * Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. The QL library and data flow analysis now support the new C# 14 language constructs and include generated Models as Data (MaD) models for the .NET 10 runtime.
-* C# 14: Added support for user-defined instance increment/decrement operators.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.0.2
+lastReleaseVersion: 6.0.1

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 6.0.3-dev
+version: 6.0.2-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
@@ -9,7 +9,6 @@ dependencies:
   codeql/controlflow: ${workspace}
   codeql/dataflow: ${workspace}
   codeql/mad: ${workspace}
-  codeql/rangeanalysis: ${workspace}
   codeql/ssa: ${workspace}
   codeql/threat-models: ${workspace}
   codeql/tutorial: ${workspace}

csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll

@@ -4,31 +4,67 @@
 overlay[local?]
 module;
 
-private import csharp as CS
-private import semmle.code.csharp.dataflow.SSA::Ssa
-private import semmle.code.csharp.dataflow.internal.rangeanalysis.ConstantUtils as CU
-private import semmle.code.csharp.dataflow.internal.rangeanalysis.RangeUtils as RU
-private import semmle.code.csharp.dataflow.internal.rangeanalysis.SsaUtils as SU
-private import codeql.rangeanalysis.Bound as SharedBound
+private import internal.rangeanalysis.BoundSpecific
 
-/** Provides C#-specific definitions for bounds. */
-private module BoundDefs implements SharedBound::BoundDefinitions<CS::Location> {
-  class Type = CS::Type;
+private newtype TBound =
+  TBoundZero() or
+  TBoundSsa(SsaVariable v) { v.getSourceVariable().getType() instanceof IntegralType } or
+  TBoundExpr(Expr e) {
+    interestingExprBound(e) and
+    not exists(SsaVariable v | e = v.getAUse())
+  }
 
-  class SsaVariable = SU::SsaVariable;
+/**
+ * A bound that may be inferred for an expression plus/minus an integer delta.
+ */
+abstract class Bound extends TBound {
+  /** Gets a textual representation of this bound. */
+  abstract string toString();
 
-  class SsaSourceVariable = SourceVariable;
+  /** Gets an expression that equals this bound plus `delta`. */
+  abstract Expr getExpr(int delta);
 
-  class Expr = CS::ControlFlowNodes::ExprNode;
+  /** Gets an expression that equals this bound. */
+  Expr getExpr() { result = this.getExpr(0) }
 
-  class IntegralType = CS::IntegralType;
-
-  class ConstantIntegerExpr = CU::ConstantIntegerExpr;
-
-  /** Holds if `e` is a bound expression and it is not an SSA variable read. */
-  predicate interestingExprBound(Expr e) { CU::systemArrayLengthAccess(e.getExpr()) }
+  /** Gets the location of this bound. */
+  abstract Location getLocation();
 }
 
-module BoundImpl = SharedBound::Bound<CS::Location, BoundDefs>;
+/**
+ * The bound that corresponds to the integer 0. This is used to represent all
+ * integer bounds as bounds are always accompanied by an added integer delta.
+ */
+class ZeroBound extends Bound, TBoundZero {
+  override string toString() { result = "0" }
 
-import BoundImpl
+  override Expr getExpr(int delta) { result.(ConstantIntegerExpr).getIntValue() = delta }
+
+  override Location getLocation() { result.hasLocationInfo("", 0, 0, 0, 0) }
+}
+
+/**
+ * A bound corresponding to the value of an SSA variable.
+ */
+class SsaBound extends Bound, TBoundSsa {
+  /** Gets the SSA variable that equals this bound. */
+  SsaVariable getSsa() { this = TBoundSsa(result) }
+
+  override string toString() { result = this.getSsa().toString() }
+
+  override Expr getExpr(int delta) { result = this.getSsa().getAUse() and delta = 0 }
+
+  override Location getLocation() { result = this.getSsa().getLocation() }
+}
+
+/**
+ * A bound that corresponds to the value of a specific expression that might be
+ * interesting, but isn't otherwise represented by the value of an SSA variable.
+ */
+class ExprBound extends Bound, TBoundExpr {
+  override string toString() { result = this.getExpr().toString() }
+
+  override Expr getExpr(int delta) { this = TBoundExpr(result) and delta = 0 }
+
+  override Location getLocation() { result = this.getExpr().getLocation() }
+}

csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll

@@ -0,0 +1,22 @@
+/**
+ * Provides C#-specific definitions for bounds.
+ */
+
+private import csharp as CS
+private import semmle.code.csharp.dataflow.SSA::Ssa as Ssa
+private import semmle.code.csharp.dataflow.internal.rangeanalysis.ConstantUtils as CU
+private import semmle.code.csharp.dataflow.internal.rangeanalysis.RangeUtils as RU
+private import semmle.code.csharp.dataflow.internal.rangeanalysis.SsaUtils as SU
+
+class SsaVariable = SU::SsaVariable;
+
+class Expr = CS::ControlFlowNodes::ExprNode;
+
+class Location = CS::Location;
+
+class IntegralType = CS::IntegralType;
+
+class ConstantIntegerExpr = CU::ConstantIntegerExpr;
+
+/** Holds if `e` is a bound expression and it is not an SSA variable read. */
+predicate interestingExprBound(Expr e) { CU::systemArrayLengthAccess(e.getExpr()) }

csharp/ql/src/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.7.4
-
-No user-facing changes.
-
 ## 1.7.3
 
 No user-facing changes.

csharp/ql/src/change-notes/released/1.7.4.md

@@ -1,3 +0,0 @@
-## 1.7.4
-
-No user-facing changes.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.4
+lastReleaseVersion: 1.7.3

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.7.5-dev
+version: 1.7.4-dev
 groups:
   - csharp
   - queries

go/ql/consistency-queries/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.0.51
-
-No user-facing changes.
-
 ## 1.0.50
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/1.0.51.md

@@ -1,3 +0,0 @@
-## 1.0.51
-
-No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.51
+lastReleaseVersion: 1.0.50

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.52-dev
+version: 1.0.51-dev
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 7.1.2
-
-No user-facing changes.
-
 ## 7.1.1
 
 No user-facing changes.

go/ql/lib/change-notes/2026-06-01-non-returning-functions.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* More logging functions are now recognized as not returning or panicking.

go/ql/lib/change-notes/released/7.1.2.md

@@ -1,3 +0,0 @@
-## 7.1.2
-
-No user-facing changes.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.1.2
+lastReleaseVersion: 7.1.1

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 7.1.3-dev
+version: 7.1.2-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/lib/semmle/go/Concepts.qll

@@ -413,13 +413,17 @@ private class ExternalLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
   }
 }
 
-private class HeuristicLoggerFunction extends Method {
-  string logFunctionPrefix;
-
-  HeuristicLoggerFunction() {
-    exists(string tp, string name |
-      this.hasQualifiedName(_, tp, name) and
-      this.getReceiverBaseType().getUnderlyingType() instanceof InterfaceType
+/**
+ * A call to an interface that looks like a logger. It is common to use a
+ * locally-defined interface for logging to make it easy to changing logging
+ * library.
+ */
+private class HeuristicLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
+  HeuristicLoggerCall() {
+    exists(Method m, string tp, string logFunctionPrefix, string name |
+      m = this.getTarget() and
+      m.hasQualifiedName(_, tp, name) and
+      m.getReceiverBaseType().getUnderlyingType() instanceof InterfaceType
     |
       tp.regexpMatch(".*[lL]ogger") and
       logFunctionPrefix =
@@ -431,19 +435,6 @@ private class HeuristicLoggerFunction extends Method {
     )
   }
 
-  override predicate mayReturnNormally() { logFunctionPrefix != "Fatal" }
-
-  override predicate mustPanic() { logFunctionPrefix = "Panic" }
-}
-
-/**
- * A call to an interface that looks like a logger. It is common to use a
- * locally-defined interface for logging to make it easy to change logging
- * library.
- */
-private class HeuristicLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
-  HeuristicLoggerCall() { this.getTarget() instanceof HeuristicLoggerFunction }
-
   override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
 }
 

go/ql/lib/semmle/go/frameworks/Glog.qll

@@ -12,37 +12,17 @@ import go
  * forks.
  */
 module Glog {
-  /** Gets a package name for `glog` or `klog` (which is a fork). */
-  string packagePath() {
-    result =
-      package([
-          "github.com/golang/glog", "gopkg.in/glog", "k8s.io/klog", "github.com/barakmich/glog"
-        ], "")
-  }
-
   private class GlogFunction extends Function {
     int firstPrintedArg;
-    string format;
-    string level;
 
     GlogFunction() {
-      exists(string pkg, string context, int nContextArgs, string depth, int nDepthArgs, string fn |
-        pkg = packagePath() and
+      exists(string pkg, string fn, string level |
+        pkg = package(["github.com/golang/glog", "gopkg.in/glog", "k8s.io/klog"], "") and
         level = ["Error", "Exit", "Fatal", "Info", "Warning"] and
         (
-          context = "" and nContextArgs = 0
+          fn = level + ["", "f", "ln"] and firstPrintedArg = 0
           or
-          context = "Context" and nContextArgs = 1
-        ) and
-        (
-          depth = "" and nDepthArgs = 0
-          or
-          depth = "Depth" and nDepthArgs = 1
-        ) and
-        format = ["", "f", "ln"] and
-        (
-          fn = level + context + depth + format and
-          firstPrintedArg = nContextArgs + nDepthArgs
+          fn = level + "Depth" and firstPrintedArg = 1
         )
       |
         this.hasQualifiedName(pkg, fn)
@@ -55,15 +35,10 @@ module Glog {
      * Gets the index of the first argument that may be output, including a format string if one is present.
      */
     int getFirstPrintedArg() { result = firstPrintedArg }
-
-    /** Holds if this function takes a format string. */
-    predicate formatter() { format = "f" }
-
-    override predicate mayReturnNormally() { level != "Fatal" and level != "Exit" }
   }
 
   private class StringFormatter extends StringOps::Formatting::Range instanceof GlogFunction {
-    StringFormatter() { this.formatter() }
+    StringFormatter() { this.getName().matches("%f") }
 
     override int getFormatStringIndex() { result = super.getFirstPrintedArg() }
   }

go/ql/lib/semmle/go/frameworks/Logrus.qll

@@ -28,12 +28,6 @@ module Logrus {
         this.(Method).hasQualifiedName(packagePath(), ["Entry", "Logger"], name)
       )
     }
-
-    override predicate mayReturnNormally() {
-      not exists(string level, string suffix | level = ["Fatal", "Panic"] |
-        this.getName() = level + suffix
-      )
-    }
   }
 
   private class StringFormatters extends StringOps::Formatting::Range instanceof LogFunction {

go/ql/lib/semmle/go/frameworks/Zap.qll

@@ -47,7 +47,7 @@ module Zap {
   }
 
   /** A Zap logging function which always panics. */
-  private class FatalLogMethod extends ZapFunction {
+  private class FatalLogMethod extends Method {
     FatalLogMethod() {
       this.hasQualifiedName(packagePath(), "Logger", "Fatal")
       or
@@ -58,7 +58,7 @@ module Zap {
   }
 
   /** A Zap logging function which always panics. */
-  private class MustPanicLogMethod extends ZapFunction {
+  private class MustPanicLogMethod extends Method {
     MustPanicLogMethod() {
       this.hasQualifiedName(packagePath(), "Logger", "Panic")
       or

go/ql/lib/semmle/go/frameworks/stdlib/Log.qll

@@ -29,37 +29,18 @@ module Log {
   }
 
   private class LogFormatter extends StringOps::Formatting::Range instanceof LogFunction {
-    LogFormatter() { this.getName() = ["Fatalf", "Panicf", "Printf", "Panic", "Panicf", "Panicln"] }
+    LogFormatter() { this.getName() = ["Fatalf", "Panicf", "Printf"] }
 
     override int getFormatStringIndex() { result = 0 }
   }
 
   /** A fatal log function, which calls `os.Exit`. */
   private class FatalLogFunction extends Function {
-    FatalLogFunction() {
-      exists(string fn | fn = ["Fatal", "Fatalf", "Fatalln"] |
-        this.hasQualifiedName("log", fn)
-        or
-        this.(Method).hasQualifiedName("log", "Logger", fn)
-      )
-    }
+    FatalLogFunction() { this.hasQualifiedName("log", ["Fatal", "Fatalf", "Fatalln"]) }
 
     override predicate mayReturnNormally() { none() }
   }
 
-  /** A log function which must panic. */
-  private class PanicLogFunction extends Function {
-    PanicLogFunction() {
-      exists(string fn | fn = ["Panic", "Panicf", "Panicln"] |
-        this.hasQualifiedName("log", fn)
-        or
-        this.(Method).hasQualifiedName("log", "Logger", fn)
-      )
-    }
-
-    override predicate mustPanic() { any() }
-  }
-
   // These models are not implemented using Models-as-Data because they represent reverse flow.
   private class FunctionModels extends TaintTracking::FunctionModel {
     FunctionInput inp;
@@ -82,6 +63,30 @@ module Log {
     FunctionOutput outp;
 
     MethodModels() {
+      // signature: func (*Logger) Fatal(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Fatal") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Fatalf(format string, v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Fatalf") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Fatalln(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Fatalln") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Panic(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Panic") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Panicf(format string, v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Panicf") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Panicln(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Panicln") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
       // signature: func (*Logger) Print(v ...interface{})
       this.hasQualifiedName("log", "Logger", "Print") and
       (inp.isParameter(_) and outp.isReceiver())

go/ql/src/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.6.4
-
-No user-facing changes.
-
 ## 1.6.3
 
 No user-facing changes.

go/ql/src/change-notes/released/1.6.4.md

@@ -1,3 +0,0 @@
-## 1.6.4
-
-No user-facing changes.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.4
+lastReleaseVersion: 1.6.3

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.6.5-dev
+version: 1.6.4-dev
 groups:
   - go
   - queries

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go

@@ -1,181 +1,54 @@
-//go:generate depstubber -vendor github.com/golang/glog Level,Verbose Error,ErrorContext,ErrorContextDepth,ErrorContextDepthf,ErrorContextf,ErrorDepth,ErrorDepthf,Errorf,Errorln,Exit,ExitContext,ExitContextDepth,ExitContextDepthf,ExitContextf,ExitDepth,ExitDepthf,Exitf,Exitln,Fatal,FatalContext,FatalContextDepth,FatalContextDepthf,FatalContextf,FatalDepth,FatalDepthf,Fatalf,Fatalln,Info,InfoContext,InfoContextDepth,InfoContextDepthf,InfoContextf,InfoDepth,InfoDepthf,Infof,Infoln,V,VDepth,Warning,WarningContext,WarningContextDepth,WarningContextDepthf,WarningContextf,WarningDepth,WarningDepthf,Warningf,Warningln
-//go:generate depstubber -vendor k8s.io/klog Level,Verbose Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,V,Warning,WarningDepth,Warningf,Warningln
+//go:generate depstubber -vendor github.com/golang/glog "" Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln
+//go:generate depstubber -vendor k8s.io/klog "" Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln
 
 package main
 
 import (
-	"context"
-
 	"github.com/golang/glog"
 	"k8s.io/klog"
 )
 
-func glogTest(selector int) {
-	ctx := context.Background()
-
-	glog.Error(text)                           // $ logger=text
-	glog.ErrorContext(ctx, text)               // $ logger=text
-	glog.ErrorContextDepth(ctx, 0, text)       // $ logger=text
-	glog.ErrorContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	glog.ErrorContextf(ctx, fmt, text)         // $ logger=fmt logger=text
-	glog.ErrorDepth(0, text)                   // $ logger=text
-	glog.ErrorDepthf(0, fmt, text)             // $ logger=fmt logger=text
-	glog.Errorf(fmt, text)                     // $ logger=fmt logger=text
-	glog.Errorln(text)                         // $ logger=text
-	if selector == 1 {
-		glog.Exit(text) // $ logger=text
-	}
-	if selector == 2 {
-		glog.ExitContext(ctx, text) // $ logger=text
-	}
-	if selector == 3 {
-		glog.ExitContextDepth(ctx, 0, text) // $ logger=text
-	}
-	if selector == 4 {
-		glog.ExitContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 5 {
-		glog.ExitContextf(ctx, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 6 {
-		glog.ExitDepth(0, text) // $ logger=text
-	}
-	if selector == 7 {
-		glog.ExitDepthf(0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 8 {
-		glog.Exitf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 9 {
-		glog.Exitln(text) // $ logger=text
-	}
-	if selector == 10 {
-		glog.Fatal(text) // $ logger=text
-	}
-	if selector == 11 {
-		glog.FatalContext(ctx, text) // $ logger=text
-	}
-	if selector == 12 {
-		glog.FatalContextDepth(ctx, 0, text) // $ logger=text
-	}
-	if selector == 13 {
-		glog.FatalContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 14 {
-		glog.FatalContextf(ctx, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 15 {
-		glog.FatalDepth(0, text) // $ logger=text
-	}
-	if selector == 16 {
-		glog.FatalDepthf(0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 17 {
-		glog.Fatalf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 18 {
-		glog.Fatalln(text) // $ logger=text
-	}
-	glog.Info(text)                              // $ logger=text
-	glog.InfoContext(ctx, text)                  // $ logger=text
-	glog.InfoContextDepth(ctx, 0, text)          // $ logger=text
-	glog.InfoContextDepthf(ctx, 0, fmt, text)    // $ logger=fmt logger=text
-	glog.InfoContextf(ctx, fmt, text)            // $ logger=fmt logger=text
-	glog.InfoDepth(0, text)                      // $ logger=text
-	glog.InfoDepthf(0, fmt, text)                // $ logger=fmt logger=text
-	glog.Infof(fmt, text)                        // $ logger=fmt logger=text
-	glog.Infoln(text)                            // $ logger=text
-	glog.Warning(text)                           // $ logger=text
-	glog.WarningContext(ctx, text)               // $ logger=text
-	glog.WarningContextDepth(ctx, 0, text)       // $ logger=text
-	glog.WarningContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	glog.WarningContextf(ctx, fmt, text)         // $ logger=fmt logger=text
-	glog.WarningDepth(0, text)                   // $ logger=text
-	glog.WarningDepthf(0, fmt, text)             // $ logger=fmt logger=text
-	glog.Warningf(fmt, text)                     // $ logger=fmt logger=text
-	glog.Warningln(text)                         // $ logger=text
-
-	glog.V(0).Info(text)                           // $ logger=text
-	glog.V(0).InfoContext(ctx, text)               // $ logger=text
-	glog.V(0).InfoContextDepth(ctx, 0, text)       // $ logger=text
-	glog.V(0).InfoContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	glog.V(0).InfoContextf(ctx, fmt, text)         // $ logger=fmt logger=text
-	glog.V(0).InfoDepth(0, text)                   // $ logger=text
-	glog.V(0).InfoDepthf(0, fmt, text)             // $ logger=fmt logger=text
-	glog.V(0).Infof(fmt, text)                     // $ logger=fmt logger=text
-	glog.V(0).Infoln(text)                         // $ logger=text
-	glog.VDepth(0, 0).Info(text)                   // $ logger=text
+func glogTest() {
+	glog.Error(text)           // $ logger=text
+	glog.ErrorDepth(0, text)   // $ logger=text
+	glog.Errorf(fmt, text)     // $ logger=fmt logger=text
+	glog.Errorln(text)         // $ logger=text
+	glog.Exit(text)            // $ logger=text
+	glog.ExitDepth(0, text)    // $ logger=text
+	glog.Exitf(fmt, text)      // $ logger=fmt logger=text
+	glog.Exitln(text)          // $ logger=text
+	glog.Fatal(text)           // $ logger=text
+	glog.FatalDepth(0, text)   // $ logger=text
+	glog.Fatalf(fmt, text)     // $ logger=fmt logger=text
+	glog.Fatalln(text)         // $ logger=text
+	glog.Info(text)            // $ logger=text
+	glog.InfoDepth(0, text)    // $ logger=text
+	glog.Infof(fmt, text)      // $ logger=fmt logger=text
+	glog.Infoln(text)          // $ logger=text
+	glog.Warning(text)         // $ logger=text
+	glog.WarningDepth(0, text) // $ logger=text
+	glog.Warningf(fmt, text)   // $ logger=fmt logger=text
+	glog.Warningln(text)       // $ logger=text
 
 	// components corresponding to the format specifier "%T" are not considered vulnerable
-	glog.ErrorContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.ErrorContextf(ctx, "%s: found type %T", text, v)         // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.ErrorDepthf(0, "%s: found type %T", text, v)             // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.Errorf("%s: found type %T", text, v)                     // $ logger="%s: found type %T" logger=text type-logger=v
-	if selector == 19 {
-		glog.ExitContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 20 {
-		glog.ExitContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 21 {
-		glog.ExitDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 22 {
-		glog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 23 {
-		glog.FatalContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 24 {
-		glog.FatalContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 25 {
-		glog.FatalDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 26 {
-		glog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	glog.InfoContextDepthf(ctx, 0, "%s: found type %T", text, v)      // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.InfoContextf(ctx, "%s: found type %T", text, v)              // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.InfoDepthf(0, "%s: found type %T", text, v)                  // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.Infof("%s: found type %T", text, v)                          // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.WarningContextDepthf(ctx, 0, "%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.WarningContextf(ctx, "%s: found type %T", text, v)           // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.WarningDepthf(0, "%s: found type %T", text, v)               // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.Warningf("%s: found type %T", text, v)                       // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).InfoContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).InfoContextf(ctx, "%s: found type %T", text, v)         // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).InfoDepthf(0, "%s: found type %T", text, v)             // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).Infof("%s: found type %T", text, v)                     // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Errorf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Exitf("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Fatalf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Infof("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
 
-	klog.Error(text)         // $ logger=text
-	klog.ErrorDepth(0, text) // $ logger=text
-	klog.Errorf(fmt, text)   // $ logger=fmt logger=text
-	klog.Errorln(text)       // $ logger=text
-	if selector == 27 {
-		klog.Exit(text) // $ logger=text
-	}
-	if selector == 28 {
-		klog.ExitDepth(0, text) // $ logger=text
-	}
-	if selector == 29 {
-		klog.Exitf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 30 {
-		klog.Exitln(text) // $ logger=text
-	}
-	if selector == 31 {
-		klog.Fatal(text) // $ logger=text
-	}
-	if selector == 32 {
-		klog.FatalDepth(0, text) // $ logger=text
-	}
-	if selector == 33 {
-		klog.Fatalf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 34 {
-		klog.Fatalln(text) // $ logger=text
-	}
+	klog.Error(text)           // $ logger=text
+	klog.ErrorDepth(0, text)   // $ logger=text
+	klog.Errorf(fmt, text)     // $ logger=fmt logger=text
+	klog.Errorln(text)         // $ logger=text
+	klog.Exit(text)            // $ logger=text
+	klog.ExitDepth(0, text)    // $ logger=text
+	klog.Exitf(fmt, text)      // $ logger=fmt logger=text
+	klog.Exitln(text)          // $ logger=text
+	klog.Fatal(text)           // $ logger=text
+	klog.FatalDepth(0, text)   // $ logger=text
+	klog.Fatalf(fmt, text)     // $ logger=fmt logger=text
+	klog.Fatalln(text)         // $ logger=text
 	klog.Info(text)            // $ logger=text
 	klog.InfoDepth(0, text)    // $ logger=text
 	klog.Infof(fmt, text)      // $ logger=fmt logger=text
@@ -184,19 +57,11 @@ func glogTest(selector int) {
 	klog.WarningDepth(0, text) // $ logger=text
 	klog.Warningf(fmt, text)   // $ logger=fmt logger=text
 	klog.Warningln(text)       // $ logger=text
-	klog.V(0).Info(text)       // $ logger=text
-	klog.V(0).Infof(fmt, text) // $ logger=fmt logger=text
-	klog.V(0).Infoln(text)     // $ logger=text
 
 	// components corresponding to the format specifier "%T" are not considered vulnerable
-	klog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	if selector == 35 {
-		klog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 36 {
-		klog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	klog.Infof("%s: found type %T", text, v)      // $ logger="%s: found type %T" logger=text type-logger=v
-	klog.Warningf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
-	klog.V(0).Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Errorf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Exitf("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Fatalf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Infof("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
 }

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/go.mod

@@ -3,7 +3,7 @@ module codeql-go-tests/concepts/loggercall
 go 1.15
 
 require (
-	github.com/golang/glog v1.2.5
+	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/sirupsen/logrus v1.7.0
 	k8s.io/klog v1.0.0
 )

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go

@@ -6,6 +6,5 @@ const text = "test"
 var v []byte
 
 func main() {
-	glogTest(len(v))
 	stdlib()
 }

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go

@@ -2,125 +2,47 @@
 // This is a simple stub for github.com/golang/glog, strictly for use in testing.
 
 // See the LICENSE file for information about the licensing of the original library.
-// Source: github.com/golang/glog (exports: Level,Verbose; functions: Error,ErrorContext,ErrorContextDepth,ErrorContextDepthf,ErrorContextf,ErrorDepth,ErrorDepthf,Errorf,Errorln,Exit,ExitContext,ExitContextDepth,ExitContextDepthf,ExitContextf,ExitDepth,ExitDepthf,Exitf,Exitln,Fatal,FatalContext,FatalContextDepth,FatalContextDepthf,FatalContextf,FatalDepth,FatalDepthf,Fatalf,Fatalln,Info,InfoContext,InfoContextDepth,InfoContextDepthf,InfoContextf,InfoDepth,InfoDepthf,Infof,Infoln,V,VDepth,Warning,WarningContext,WarningContextDepth,WarningContextDepthf,WarningContextf,WarningDepth,WarningDepthf,Warningf,Warningln)
+// Source: github.com/golang/glog (exports: ; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln)
 
 // Package glog is a stub of github.com/golang/glog, generated by depstubber.
 package glog
 
-import "context"
-
-type Level int32
-
-type Verbose bool
-
 func Error(_ ...interface{}) {}
 
-func ErrorContext(_ context.Context, _ ...interface{}) {}
-
-func ErrorContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func ErrorContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func ErrorContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func ErrorDepth(_ int, _ ...interface{}) {}
 
-func ErrorDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Errorf(_ string, _ ...interface{}) {}
 
 func Errorln(_ ...interface{}) {}
 
 func Exit(_ ...interface{}) {}
 
-func ExitContext(_ context.Context, _ ...interface{}) {}
-
-func ExitContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func ExitContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func ExitContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func ExitDepth(_ int, _ ...interface{}) {}
 
-func ExitDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Exitf(_ string, _ ...interface{}) {}
 
 func Exitln(_ ...interface{}) {}
 
 func Fatal(_ ...interface{}) {}
 
-func FatalContext(_ context.Context, _ ...interface{}) {}
-
-func FatalContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func FatalContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func FatalContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func FatalDepth(_ int, _ ...interface{}) {}
 
-func FatalDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Fatalf(_ string, _ ...interface{}) {}
 
 func Fatalln(_ ...interface{}) {}
 
 func Info(_ ...interface{}) {}
 
-func InfoContext(_ context.Context, _ ...interface{}) {}
-
-func InfoContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func InfoContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func InfoContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func InfoDepth(_ int, _ ...interface{}) {}
 
-func InfoDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Infof(_ string, _ ...interface{}) {}
 
 func Infoln(_ ...interface{}) {}
 
-func V(_ Level) Verbose { return false }
-
-func VDepth(_ int, _ Level) Verbose { return false }
-
 func Warning(_ ...interface{}) {}
 
-func WarningContext(_ context.Context, _ ...interface{}) {}
-
-func WarningContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func WarningContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func WarningContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func WarningDepth(_ int, _ ...interface{}) {}
 
-func WarningDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Warningf(_ string, _ ...interface{}) {}
 
 func Warningln(_ ...interface{}) {}
-
-func (_ Verbose) Info(_ ...interface{}) {}
-
-func (_ Verbose) InfoContext(_ context.Context, _ ...interface{}) {}
-
-func (_ Verbose) InfoContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func (_ Verbose) InfoContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func (_ Verbose) InfoContextf(_ context.Context, _ string, _ ...interface{}) {}
-
-func (_ Verbose) InfoDepth(_ int, _ ...interface{}) {}
-
-func (_ Verbose) InfoDepthf(_ int, _ string, _ ...interface{}) {}
-
-func (_ Verbose) Infof(_ string, _ ...interface{}) {}
-
-func (_ Verbose) Infoln(_ ...interface{}) {}

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go

@@ -2,15 +2,11 @@
 // This is a simple stub for k8s.io/klog, strictly for use in testing.
 
 // See the LICENSE file for information about the licensing of the original library.
-// Source: k8s.io/klog (exports: Level,Verbose; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,V,Warning,WarningDepth,Warningf,Warningln)
+// Source: k8s.io/klog (exports: ; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln)
 
 // Package klog is a stub of k8s.io/klog, generated by depstubber.
 package klog
 
-type Level int32
-
-type Verbose bool
-
 func Error(_ ...interface{}) {}
 
 func ErrorDepth(_ int, _ ...interface{}) {}
@@ -43,8 +39,6 @@ func Infof(_ string, _ ...interface{}) {}
 
 func Infoln(_ ...interface{}) {}
 
-func V(_ Level) Verbose { return false }
-
 func Warning(_ ...interface{}) {}
 
 func WarningDepth(_ int, _ ...interface{}) {}
@@ -52,9 +46,3 @@ func WarningDepth(_ int, _ ...interface{}) {}
 func Warningf(_ string, _ ...interface{}) {}
 
 func Warningln(_ ...interface{}) {}
-
-func (_ Verbose) Info(_ ...interface{}) {}
-
-func (_ Verbose) Infof(_ string, _ ...interface{}) {}
-
-func (_ Verbose) Infoln(_ ...interface{}) {}

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt

@@ -1,4 +1,4 @@
-# github.com/golang/glog v1.2.5
+# github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 ## explicit
 github.com/golang/glog
 # github.com/sirupsen/logrus v1.7.0

go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/NoretFunctions.expected

@@ -1,21 +1,11 @@
-| file://:0:0:0:0 | Exit | os.Exit |
-| file://:0:0:0:0 | Fatal | log.Fatal |
-| file://:0:0:0:0 | Fatal | log.Logger.Fatal |
-| file://:0:0:0:0 | Fatalf | log.Fatalf |
-| file://:0:0:0:0 | Fatalf | log.Logger.Fatalf |
-| file://:0:0:0:0 | Fatalln | log.Fatalln |
-| file://:0:0:0:0 | Fatalln | log.Logger.Fatalln |
-| file://:0:0:0:0 | Panic | log.Logger.Panic |
-| file://:0:0:0:0 | Panic | log.Panic |
-| file://:0:0:0:0 | Panicf | log.Logger.Panicf |
-| file://:0:0:0:0 | Panicf | log.Panicf |
-| file://:0:0:0:0 | Panicln | log.Logger.Panicln |
-| file://:0:0:0:0 | Panicln | log.Panicln |
-| file://:0:0:0:0 | panic | panic |
-| noretfunctions.go:8:6:8:12 | isNoRet | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.isNoRet |
-| noretfunctions.go:20:6:20:22 | noRetUsesLogFatal | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.noRetUsesLogFatal |
-| noretfunctions.go:24:6:24:23 | noRetUsesLogFatalf | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.noRetUsesLogFatalf |
-| stmts7.go:10:6:10:15 | canRecover | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.canRecover |
-| stmts.go:10:6:10:10 | test5 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test5 |
-| stmts.go:46:6:46:10 | test6 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test6 |
-| stmts.go:112:6:112:10 | test9 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test9 |
+| file://:0:0:0:0 | Exit | package os |
+| file://:0:0:0:0 | Fatal | package log |
+| file://:0:0:0:0 | Fatalf | package log |
+| file://:0:0:0:0 | Fatalln | package log |
+| noretfunctions.go:8:6:8:12 | isNoRet | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| noretfunctions.go:20:6:20:22 | noRetUsesLogFatal | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| noretfunctions.go:24:6:24:23 | noRetUsesLogFatalf | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts7.go:10:6:10:15 | canRecover | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts.go:10:6:10:10 | test5 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts.go:46:6:46:10 | test6 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts.go:112:6:112:10 | test9 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |

go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/NoretFunctions.ql

@@ -2,4 +2,4 @@ import go
 
 from Function f
 where not f.mayReturnNormally()
-select f, f.getQualifiedName()
+select f, f.getPackage()

go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql

@@ -9,9 +9,9 @@ import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 import utils.test.InlineFlowTest
 
 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") }
+  predicate isSource(DataFlow::Node src) { sourceNode(src, "qltest") }
 
-  predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") }
+  predicate isSink(DataFlow::Node src) { sinkNode(src, "qltest") }
 }
 
 import ValueFlowTest<Config>

go/ql/test/library-tests/semmle/go/dataflow/VarArgs/CONSISTENCY/DataFlowConsistency.expected

@@ -1,2 +0,0 @@
-reverseRead
-| main.go:23:3:23:5 | out | Origin of readStep is missing a PostUpdateNode. |

go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go

@@ -4,7 +4,7 @@ func source() string {
 	return "untrusted data"
 }
 
-func sink(any) {
+func sink(string) {
 }
 
 type A struct {
@@ -19,10 +19,6 @@ func functionWithVarArgsParameter(s ...string) string {
 	return s[1]
 }
 
-func functionWithVarArgsOutParameter(in string, out ...*string) {
-	*out[0] = in
-}
-
 func functionWithSliceOfStructsParameter(s []A) string {
 	return s[1].f
 }
@@ -42,12 +38,6 @@ func main() {
 	sink(functionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to functionWithVarArgsParameter"
 	sink(functionWithVarArgsParameter(s0, s1))    // $ hasValueFlow="call to functionWithVarArgsParameter"
 
-	var out1 *string
-	var out2 *string
-	functionWithVarArgsOutParameter(source(), out1, out2)
-	sink(out1) // $ MISSING: hasValueFlow="out1"
-	sink(out2) // $ MISSING: hasValueFlow="out2"
-
 	sliceOfStructs := []A{{f: source()}}
 	sink(sliceOfStructs[0].f) // $ hasValueFlow="selection of f"
 

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected

@@ -1,2 +0,0 @@
-invalidModelRow
-testFailures

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml

@@ -1,21 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: summaryModel
-    data:
-      - ["github.com/nonexistent/test", "", False, "FunctionWithParameter", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithSliceParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOutParameter", "", "", "Argument[0]", "Argument[1].ArrayElement", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithSliceOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sourceModel
-    data:
-      - ["github.com/nonexistent/test", "", False, "VariadicSource", "", "", "Argument[0]", "qltest", "manual"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["github.com/nonexistent/test", "", False, "VariadicSink", "", "", "Argument[0]", "qltest", "manual"]

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql

@@ -1,22 +0,0 @@
-import go
-import semmle.go.dataflow.ExternalFlow
-import ModelValidation
-import utils.test.InlineFlowTest
-
-module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    sourceNode(source, "qltest")
-    or
-    exists(Function fn | fn.hasQualifiedName(_, ["source", "taint"]) |
-      source = fn.getACall().getResult()
-    )
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sinkNode(sink, "qltest")
-    or
-    exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
-  }
-}
-
-import FlowTest<Config, Config>

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod

@@ -1,5 +0,0 @@
-module semmle.go.Packages
-
-go 1.25
-
-require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go

@@ -1,56 +0,0 @@
-package main
-
-import (
-	"github.com/nonexistent/test"
-)
-
-func source() string {
-	return "untrusted data"
-}
-
-func sink(any) {
-}
-
-func main() {
-	s := source()
-	sink(test.FunctionWithParameter(s)) // $ hasValueFlow="call to FunctionWithParameter"
-
-	stringSlice := []string{source()}
-	sink(stringSlice[0]) // $ hasValueFlow="index expression"
-
-	s0 := ""
-	s1 := source()
-	sSlice := []string{s0, s1}
-	sink(test.FunctionWithParameter(sSlice[1]))        // $ hasValueFlow="call to FunctionWithParameter"
-	sink(test.FunctionWithSliceParameter(sSlice))      // $ hasValueFlow="call to FunctionWithSliceParameter"
-	sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
-	sink(test.FunctionWithVarArgsParameter(s0, s1))    // $ hasValueFlow="call to FunctionWithVarArgsParameter"
-
-	var out1 *string
-	var out2 *string
-	test.FunctionWithVarArgsOutParameter(source(), out1, out2)
-	sink(out1) // $ MISSING: hasValueFlow="out1"
-	sink(out2) // $ MISSING: hasValueFlow="out2"
-
-	sliceOfStructs := []test.A{{Field: source()}}
-	sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
-
-	a0 := test.A{Field: ""}
-	a1 := test.A{Field: source()}
-	aSlice := []test.A{a0, a1}
-	sink(test.FunctionWithSliceOfStructsParameter(aSlice))      // $ hasValueFlow="call to FunctionWithSliceOfStructsParameter"
-	sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
-	sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1))    // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
-
-	var variadicSource string
-	test.VariadicSource(&variadicSource)
-	sink(variadicSource)  // $ MISSING: hasTaintFlow="variadicSource"
-	sink(&variadicSource) // $ MISSING: hasTaintFlow="&..."
-
-	var variadicSourcePtr *string
-	test.VariadicSource(variadicSourcePtr)
-	sink(variadicSourcePtr)  // $ MISSING: hasTaintFlow="variadicSourcePtr"
-	sink(*variadicSourcePtr) // $ MISSING: hasTaintFlow="star expression"
-
-	test.VariadicSink(source()) // $ hasTaintFlow="[]type{args}"
-}

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go

@@ -1,32 +0,0 @@
-package test
-
-type A struct {
-	Field string
-}
-
-func FunctionWithParameter(s string) string {
-	return ""
-}
-
-func FunctionWithSliceParameter(s []string) string {
-	return ""
-}
-
-func FunctionWithVarArgsParameter(s ...string) string {
-	return ""
-}
-
-func FunctionWithVarArgsOutParameter(in string, out ...*string) {
-}
-
-func FunctionWithSliceOfStructsParameter(s []A) string {
-	return ""
-}
-
-func FunctionWithVarArgsOfStructsParameter(s ...A) string {
-	return ""
-}
-
-func VariadicSource(s ...*string) {}
-
-func VariadicSink(s ...string) {}

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt

@@ -1,3 +0,0 @@
-# github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
-## explicit
-github.com/nonexistent/test

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql

@@ -20,9 +20,6 @@ class SummaryModelTest extends DataFlow::FunctionModel {
     this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsParameter") and
     (inp.isParameter(_) and outp.isResult())
     or
-    this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsOutParameter") and
-    (inp.isParameter(0) and outp.isParameter(any(int i | i >= 1)))
-    or
     this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithSliceOfStructsParameter") and
     (inp.isParameter(0) and outp.isResult())
     or

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod

@@ -1,5 +1,5 @@
 module semmle.go.Packages
 
-go 1.25
+go 1.17
 
 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go

@@ -8,7 +8,7 @@ func source() string {
 	return "untrusted data"
 }
 
-func sink(any) {
+func sink(string) {
 }
 
 func main() {
@@ -21,17 +21,10 @@ func main() {
 	s0 := ""
 	s1 := source()
 	sSlice := []string{s0, s1}
-	sink(test.FunctionWithParameter(sSlice[1]))           // $ hasValueFlow="call to FunctionWithParameter"
-	sink(test.FunctionWithSliceParameter(sSlice))         // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
-	sink(test.FunctionWithVarArgsParameter(sSlice...))    // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
-	randomFunctionWithMoreThanOneParameter(1, 2, 3, 4, 5) // This is needed to make the next line pass, because we need to have seen a call to a function with at least 2 parameters for ParameterInput to exist with index 1.
-	sink(test.FunctionWithVarArgsParameter(s0, s1))       // $ hasValueFlow="call to FunctionWithVarArgsParameter"
-
-	var out1 *string
-	var out2 *string
-	test.FunctionWithVarArgsOutParameter(source(), out1, out2)
-	sink(out1) // $ hasValueFlow="out1"
-	sink(out2) // $ hasValueFlow="out2"
+	sink(test.FunctionWithParameter(sSlice[1]))        // $ hasValueFlow="call to FunctionWithParameter"
+	sink(test.FunctionWithSliceParameter(sSlice))      // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
+	sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
+	sink(test.FunctionWithVarArgsParameter(s0, s1))    // $ MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
 
 	sliceOfStructs := []test.A{{Field: source()}}
 	sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
@@ -44,6 +37,3 @@ func main() {
 	sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
 	sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1))    // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
 }
-
-func randomFunctionWithMoreThanOneParameter(i1, i2, i3, i4, i5 int) {
-}

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go

@@ -16,9 +16,6 @@ func FunctionWithVarArgsParameter(s ...string) string {
 	return ""
 }
 
-func FunctionWithVarArgsOutParameter(in string, out ...*string) {
-}
-
 func FunctionWithSliceOfStructsParameter(s []A) string {
 	return ""
 }

go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Log.go

@@ -15,6 +15,62 @@ func TaintStepTest_LogNew_B0I0O0(sourceCQL interface{}) interface{} {
 	return intoWriter414
 }
 
+func TaintStepTest_LogLoggerFatal_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface518 := sourceCQL.(interface{})
+	var intoLogger650 log.Logger
+	intoLogger650.Fatal(fromInterface518)
+	return intoLogger650
+}
+
+func TaintStepTest_LogLoggerFatalf_B0I0O0(sourceCQL interface{}) interface{} {
+	fromString784 := sourceCQL.(string)
+	var intoLogger957 log.Logger
+	intoLogger957.Fatalf(fromString784, nil)
+	return intoLogger957
+}
+
+func TaintStepTest_LogLoggerFatalf_B0I1O0(sourceCQL interface{}) interface{} {
+	fromInterface520 := sourceCQL.(interface{})
+	var intoLogger443 log.Logger
+	intoLogger443.Fatalf("", fromInterface520)
+	return intoLogger443
+}
+
+func TaintStepTest_LogLoggerFatalln_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface127 := sourceCQL.(interface{})
+	var intoLogger483 log.Logger
+	intoLogger483.Fatalln(fromInterface127)
+	return intoLogger483
+}
+
+func TaintStepTest_LogLoggerPanic_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface989 := sourceCQL.(interface{})
+	var intoLogger982 log.Logger
+	intoLogger982.Panic(fromInterface989)
+	return intoLogger982
+}
+
+func TaintStepTest_LogLoggerPanicf_B0I0O0(sourceCQL interface{}) interface{} {
+	fromString417 := sourceCQL.(string)
+	var intoLogger584 log.Logger
+	intoLogger584.Panicf(fromString417, nil)
+	return intoLogger584
+}
+
+func TaintStepTest_LogLoggerPanicf_B0I1O0(sourceCQL interface{}) interface{} {
+	fromInterface991 := sourceCQL.(interface{})
+	var intoLogger881 log.Logger
+	intoLogger881.Panicf("", fromInterface991)
+	return intoLogger881
+}
+
+func TaintStepTest_LogLoggerPanicln_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface186 := sourceCQL.(interface{})
+	var intoLogger284 log.Logger
+	intoLogger284.Panicln(fromInterface186)
+	return intoLogger284
+}
+
 func TaintStepTest_LogLoggerPrint_B0I0O0(sourceCQL interface{}) interface{} {
 	fromInterface908 := sourceCQL.(interface{})
 	var intoLogger137 log.Logger
@@ -69,6 +125,46 @@ func RunAllTaints_Log() {
 		out := TaintStepTest_LogNew_B0I0O0(source)
 		sink(0, out)
 	}
+	{
+		source := newSource(1)
+		out := TaintStepTest_LogLoggerFatal_B0I0O0(source)
+		sink(1, out)
+	}
+	{
+		source := newSource(2)
+		out := TaintStepTest_LogLoggerFatalf_B0I0O0(source)
+		sink(2, out)
+	}
+	{
+		source := newSource(3)
+		out := TaintStepTest_LogLoggerFatalf_B0I1O0(source)
+		sink(3, out)
+	}
+	{
+		source := newSource(4)
+		out := TaintStepTest_LogLoggerFatalln_B0I0O0(source)
+		sink(4, out)
+	}
+	{
+		source := newSource(5)
+		out := TaintStepTest_LogLoggerPanic_B0I0O0(source)
+		sink(5, out)
+	}
+	{
+		source := newSource(6)
+		out := TaintStepTest_LogLoggerPanicf_B0I0O0(source)
+		sink(6, out)
+	}
+	{
+		source := newSource(7)
+		out := TaintStepTest_LogLoggerPanicf_B0I1O0(source)
+		sink(7, out)
+	}
+	{
+		source := newSource(8)
+		out := TaintStepTest_LogLoggerPanicln_B0I0O0(source)
+		sink(8, out)
+	}
 	{
 		source := newSource(9)
 		out := TaintStepTest_LogLoggerPrint_B0I0O0(source)

go/ql/test/query-tests/Security/CWE-117/CONSISTENCY/DataFlowConsistency.expected

@@ -3,9 +3,9 @@ reverseRead
 | LogInjection.go:33:14:33:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
 | LogInjection.go:34:18:34:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
 | LogInjection.go:35:14:35:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:551:14:551:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:559:14:559:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:567:14:567:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:602:14:602:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:603:14:603:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:828:12:828:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:447:14:447:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:455:14:455:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:463:14:463:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:498:14:498:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:499:14:499:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:724:12:724:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |

go/ql/test/query-tests/Security/CWE-117/LogInjection.go

@@ -49,22 +49,22 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		log.Printf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		log.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 
-		if testFlag == "1" {
+		if testFlag == "true" {
 			log.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "2" {
+		if testFlag == "true" {
 			log.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "3" {
+		if testFlag == "true" {
 			log.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "4" {
+		if testFlag == "true" {
 			log.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "5" {
+		if testFlag == "true" {
 			log.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "6" {
+		if testFlag == "true" {
 			log.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
 
@@ -72,24 +72,12 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger.Print("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
 		logger.Printf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		logger.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		if testFlag == "7" {
-			logger.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "8" {
-			logger.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "9" {
-			logger.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "10" {
-			logger.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "11" {
-			logger.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "12" {
-			logger.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
+		logger.Fatal("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Fatalf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		logger.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panic("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panicf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 	}
 	// k8s.io/klog
 	{
@@ -103,24 +91,12 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		klog.Error(username)     // $ hasTaintFlow="username"
 		klog.Errorf(username)    // $ hasTaintFlow="username"
 		klog.Errorln(username)   // $ hasTaintFlow="username"
-		if testFlag == "77" {
-			klog.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "78" {
-			klog.Fatalf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "79" {
-			klog.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "80" {
-			klog.Exit(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "81" {
-			klog.Exitf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "82" {
-			klog.Exitln(username) // $ hasTaintFlow="username"
-		}
+		klog.Fatal(username)     // $ hasTaintFlow="username"
+		klog.Fatalf(username)    // $ hasTaintFlow="username"
+		klog.Fatalln(username)   // $ hasTaintFlow="username"
+		klog.Exit(username)      // $ hasTaintFlow="username"
+		klog.Exitf(username)     // $ hasTaintFlow="username"
+		klog.Exitln(username)    // $ hasTaintFlow="username"
 	}
 	// astaxie/beego
 	{
@@ -185,30 +161,14 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		glog.ErrorDepth(0, username) // $ hasTaintFlow="username"
 		glog.Errorf(username)        // $ hasTaintFlow="username"
 		glog.Errorln(username)       // $ hasTaintFlow="username"
-		if testFlag == "83" {
-			glog.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "84" {
-			glog.FatalDepth(0, username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "85" {
-			glog.Fatalf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "86" {
-			glog.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "87" {
-			glog.Exit(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "88" {
-			glog.ExitDepth(0, username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "89" {
-			glog.Exitf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "90" {
-			glog.Exitln(username) // $ hasTaintFlow="username"
-		}
+		glog.Fatal(username)         // $ hasTaintFlow="username"
+		glog.FatalDepth(0, username) // $ hasTaintFlow="username"
+		glog.Fatalf(username)        // $ hasTaintFlow="username"
+		glog.Fatalln(username)       // $ hasTaintFlow="username"
+		glog.Exit(username)          // $ hasTaintFlow="username"
+		glog.ExitDepth(0, username)  // $ hasTaintFlow="username"
+		glog.Exitf(username)         // $ hasTaintFlow="username"
+		glog.Exitln(username)        // $ hasTaintFlow="username"
 
 	}
 	// sirupsen/logrus
@@ -219,42 +179,26 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger := logrus.New()
 		entry := logrus.NewEntry(logger)
 
-		logrus.Debug(username)      // $ hasTaintFlow="username"
-		logrus.Debugf(username, "") // $ hasTaintFlow="username"
-		logrus.Debugf("", username) // $ hasTaintFlow="username"
-		logrus.Debugln(username)    // $ hasTaintFlow="username"
-		logrus.Error(username)      // $ hasTaintFlow="username"
-		logrus.Errorf(username, "") // $ hasTaintFlow="username"
-		logrus.Errorf("", username) // $ hasTaintFlow="username"
-		logrus.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "13" {
-			logrus.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "14" {
-			logrus.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "15" {
-			logrus.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "16" {
-			logrus.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		logrus.Info(username)      // $ hasTaintFlow="username"
-		logrus.Infof(username, "") // $ hasTaintFlow="username"
-		logrus.Infof("", username) // $ hasTaintFlow="username"
-		logrus.Infoln(username)    // $ hasTaintFlow="username"
-		if testFlag == "17" {
-			logrus.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "18" {
-			logrus.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "19" {
-			logrus.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "20" {
-			logrus.Panicln(username) // $ hasTaintFlow="username"
-		}
+		logrus.Debug(username)         // $ hasTaintFlow="username"
+		logrus.Debugf(username, "")    // $ hasTaintFlow="username"
+		logrus.Debugf("", username)    // $ hasTaintFlow="username"
+		logrus.Debugln(username)       // $ hasTaintFlow="username"
+		logrus.Error(username)         // $ hasTaintFlow="username"
+		logrus.Errorf(username, "")    // $ hasTaintFlow="username"
+		logrus.Errorf("", username)    // $ hasTaintFlow="username"
+		logrus.Errorln(username)       // $ hasTaintFlow="username"
+		logrus.Fatal(username)         // $ hasTaintFlow="username"
+		logrus.Fatalf(username, "")    // $ hasTaintFlow="username"
+		logrus.Fatalf("", username)    // $ hasTaintFlow="username"
+		logrus.Fatalln(username)       // $ hasTaintFlow="username"
+		logrus.Info(username)          // $ hasTaintFlow="username"
+		logrus.Infof(username, "")     // $ hasTaintFlow="username"
+		logrus.Infof("", username)     // $ hasTaintFlow="username"
+		logrus.Infoln(username)        // $ hasTaintFlow="username"
+		logrus.Panic(username)         // $ hasTaintFlow="username"
+		logrus.Panicf(username, "")    // $ hasTaintFlow="username"
+		logrus.Panicf("", username)    // $ hasTaintFlow="username"
+		logrus.Panicln(username)       // $ hasTaintFlow="username"
 		logrus.Print(username)         // $ hasTaintFlow="username"
 		logrus.Printf(username, "")    // $ hasTaintFlow="username"
 		logrus.Printf("", username)    // $ hasTaintFlow="username"
@@ -276,46 +220,30 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logrus.WithField("", username) // $ hasTaintFlow="username"
 		logrus.WithFields(fields)      // $ hasTaintFlow="fields"
 
-		entry.Debug(username)      // $ hasTaintFlow="username"
-		entry.Debugf(username, "") // $ hasTaintFlow="username"
-		entry.Debugf("", username) // $ hasTaintFlow="username"
-		entry.Debugln(username)    // $ hasTaintFlow="username"
-		entry.Error(username)      // $ hasTaintFlow="username"
-		entry.Errorf(username, "") // $ hasTaintFlow="username"
-		entry.Errorf("", username) // $ hasTaintFlow="username"
-		entry.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "21" {
-			entry.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "22" {
-			entry.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "23" {
-			entry.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "24" {
-			entry.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		entry.Info(username)        // $ hasTaintFlow="username"
-		entry.Infof(username, "")   // $ hasTaintFlow="username"
-		entry.Infof("", username)   // $ hasTaintFlow="username"
-		entry.Infoln(username)      // $ hasTaintFlow="username"
-		entry.Log(0, username)      // $ hasTaintFlow="username"
-		entry.Logf(0, username, "") // $ hasTaintFlow="username"
-		entry.Logf(0, "", username) // $ hasTaintFlow="username"
-		entry.Logln(0, username)    // $ hasTaintFlow="username"
-		if testFlag == "25" {
-			entry.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "26" {
-			entry.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "27" {
-			entry.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "28" {
-			entry.Panicln(username) // $ hasTaintFlow="username"
-		}
+		entry.Debug(username)         // $ hasTaintFlow="username"
+		entry.Debugf(username, "")    // $ hasTaintFlow="username"
+		entry.Debugf("", username)    // $ hasTaintFlow="username"
+		entry.Debugln(username)       // $ hasTaintFlow="username"
+		entry.Error(username)         // $ hasTaintFlow="username"
+		entry.Errorf(username, "")    // $ hasTaintFlow="username"
+		entry.Errorf("", username)    // $ hasTaintFlow="username"
+		entry.Errorln(username)       // $ hasTaintFlow="username"
+		entry.Fatal(username)         // $ hasTaintFlow="username"
+		entry.Fatalf(username, "")    // $ hasTaintFlow="username"
+		entry.Fatalf("", username)    // $ hasTaintFlow="username"
+		entry.Fatalln(username)       // $ hasTaintFlow="username"
+		entry.Info(username)          // $ hasTaintFlow="username"
+		entry.Infof(username, "")     // $ hasTaintFlow="username"
+		entry.Infof("", username)     // $ hasTaintFlow="username"
+		entry.Infoln(username)        // $ hasTaintFlow="username"
+		entry.Log(0, username)        // $ hasTaintFlow="username"
+		entry.Logf(0, username, "")   // $ hasTaintFlow="username"
+		entry.Logf(0, "", username)   // $ hasTaintFlow="username"
+		entry.Logln(0, username)      // $ hasTaintFlow="username"
+		entry.Panic(username)         // $ hasTaintFlow="username"
+		entry.Panicf(username, "")    // $ hasTaintFlow="username"
+		entry.Panicf("", username)    // $ hasTaintFlow="username"
+		entry.Panicln(username)       // $ hasTaintFlow="username"
 		entry.Print(username)         // $ hasTaintFlow="username"
 		entry.Printf(username, "")    // $ hasTaintFlow="username"
 		entry.Printf("", username)    // $ hasTaintFlow="username"
@@ -337,46 +265,30 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		entry.WithField("", username) // $ hasTaintFlow="username"
 		entry.WithFields(fields)      // $ hasTaintFlow="fields"
 
-		logger.Debug(username)      // $ hasTaintFlow="username"
-		logger.Debugf(username, "") // $ hasTaintFlow="username"
-		logger.Debugf("", username) // $ hasTaintFlow="username"
-		logger.Debugln(username)    // $ hasTaintFlow="username"
-		logger.Error(username)      // $ hasTaintFlow="username"
-		logger.Errorf(username, "") // $ hasTaintFlow="username"
-		logger.Errorf("", username) // $ hasTaintFlow="username"
-		logger.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "29" {
-			logger.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "30" {
-			logger.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "31" {
-			logger.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "32" {
-			logger.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		logger.Info(username)        // $ hasTaintFlow="username"
-		logger.Infof(username, "")   // $ hasTaintFlow="username"
-		logger.Infof("", username)   // $ hasTaintFlow="username"
-		logger.Infoln(username)      // $ hasTaintFlow="username"
-		logger.Log(0, username)      // $ hasTaintFlow="username"
-		logger.Logf(0, username, "") // $ hasTaintFlow="username"
-		logger.Logf(0, "", username) // $ hasTaintFlow="username"
-		logger.Logln(0, username)    // $ hasTaintFlow="username"
-		if testFlag == "33" {
-			logger.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "34" {
-			logger.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "35" {
-			logger.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "36" {
-			logger.Panicln(username) // $ hasTaintFlow="username"
-		}
+		logger.Debug(username)         // $ hasTaintFlow="username"
+		logger.Debugf(username, "")    // $ hasTaintFlow="username"
+		logger.Debugf("", username)    // $ hasTaintFlow="username"
+		logger.Debugln(username)       // $ hasTaintFlow="username"
+		logger.Error(username)         // $ hasTaintFlow="username"
+		logger.Errorf(username, "")    // $ hasTaintFlow="username"
+		logger.Errorf("", username)    // $ hasTaintFlow="username"
+		logger.Errorln(username)       // $ hasTaintFlow="username"
+		logger.Fatal(username)         // $ hasTaintFlow="username"
+		logger.Fatalf(username, "")    // $ hasTaintFlow="username"
+		logger.Fatalf("", username)    // $ hasTaintFlow="username"
+		logger.Fatalln(username)       // $ hasTaintFlow="username"
+		logger.Info(username)          // $ hasTaintFlow="username"
+		logger.Infof(username, "")     // $ hasTaintFlow="username"
+		logger.Infof("", username)     // $ hasTaintFlow="username"
+		logger.Infoln(username)        // $ hasTaintFlow="username"
+		logger.Log(0, username)        // $ hasTaintFlow="username"
+		logger.Logf(0, username, "")   // $ hasTaintFlow="username"
+		logger.Logf(0, "", username)   // $ hasTaintFlow="username"
+		logger.Logln(0, username)      // $ hasTaintFlow="username"
+		logger.Panic(username)         // $ hasTaintFlow="username"
+		logger.Panicf(username, "")    // $ hasTaintFlow="username"
+		logger.Panicf("", username)    // $ hasTaintFlow="username"
+		logger.Panicln(username)       // $ hasTaintFlow="username"
 		logger.Print(username)         // $ hasTaintFlow="username"
 		logger.Printf(username, "")    // $ hasTaintFlow="username"
 		logger.Printf("", username)    // $ hasTaintFlow="username"
@@ -399,42 +311,26 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger.WithFields(fields)      // $ hasTaintFlow="fields"
 
 		var fieldlogger logrus.FieldLogger = entry
-		fieldlogger.Debug(username)      // $ hasTaintFlow="username"
-		fieldlogger.Debugf(username, "") // $ hasTaintFlow="username"
-		fieldlogger.Debugf("", username) // $ hasTaintFlow="username"
-		fieldlogger.Debugln(username)    // $ hasTaintFlow="username"
-		fieldlogger.Error(username)      // $ hasTaintFlow="username"
-		fieldlogger.Errorf(username, "") // $ hasTaintFlow="username"
-		fieldlogger.Errorf("", username) // $ hasTaintFlow="username"
-		fieldlogger.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "37" {
-			fieldlogger.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "38" {
-			fieldlogger.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "39" {
-			fieldlogger.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "40" {
-			fieldlogger.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		fieldlogger.Info(username)      // $ hasTaintFlow="username"
-		fieldlogger.Infof(username, "") // $ hasTaintFlow="username"
-		fieldlogger.Infof("", username) // $ hasTaintFlow="username"
-		fieldlogger.Infoln(username)    // $ hasTaintFlow="username"
-		if testFlag == "41" {
-			fieldlogger.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "42" {
-			fieldlogger.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "43" {
-			fieldlogger.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "44" {
-			fieldlogger.Panicln(username) // $ hasTaintFlow="username"
-		}
+		fieldlogger.Debug(username)         // $ hasTaintFlow="username"
+		fieldlogger.Debugf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Debugf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Debugln(username)       // $ hasTaintFlow="username"
+		fieldlogger.Error(username)         // $ hasTaintFlow="username"
+		fieldlogger.Errorf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Errorf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Errorln(username)       // $ hasTaintFlow="username"
+		fieldlogger.Fatal(username)         // $ hasTaintFlow="username"
+		fieldlogger.Fatalf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Fatalf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Fatalln(username)       // $ hasTaintFlow="username"
+		fieldlogger.Info(username)          // $ hasTaintFlow="username"
+		fieldlogger.Infof(username, "")     // $ hasTaintFlow="username"
+		fieldlogger.Infof("", username)     // $ hasTaintFlow="username"
+		fieldlogger.Infoln(username)        // $ hasTaintFlow="username"
+		fieldlogger.Panic(username)         // $ hasTaintFlow="username"
+		fieldlogger.Panicf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Panicf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Panicln(username)       // $ hasTaintFlow="username"
 		fieldlogger.Print(username)         // $ hasTaintFlow="username"
 		fieldlogger.Printf(username, "")    // $ hasTaintFlow="username"
 		fieldlogger.Printf("", username)    // $ hasTaintFlow="username"
@@ -470,11 +366,11 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger.DPanic(username) // $ hasTaintFlow="username"
 		logger.Debug(username)  // $ hasTaintFlow="username"
 		logger.Error(username)  // $ hasTaintFlow="username"
-		if testFlag == "45" {
+		if testFlag == " true" {
 			logger.Fatal(username) // $ hasTaintFlow="username"
 		}
 		logger.Info(username) // $ hasTaintFlow="username"
-		if testFlag == "46" {
+		if testFlag == " true" {
 			logger.Panic(username) // $ hasTaintFlow="username"
 		}
 		logger.Warn(username)        // $ hasTaintFlow="username"
@@ -486,33 +382,33 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		sLogger.DPanic(username) // $ hasTaintFlow="username"
 		sLogger.Debug(username)  // $ hasTaintFlow="username"
 		sLogger.Error(username)  // $ hasTaintFlow="username"
-		if testFlag == "47" {
+		if testFlag == " true" {
 			sLogger.Fatal(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Info(username) // $ hasTaintFlow="username"
-		if testFlag == "48" {
+		if testFlag == " true" {
 			sLogger.Panic(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warn(username)    // $ hasTaintFlow="username"
 		sLogger.DPanicf(username) // $ hasTaintFlow="username"
 		sLogger.Debugf(username)  // $ hasTaintFlow="username"
 		sLogger.Errorf(username)  // $ hasTaintFlow="username"
-		if testFlag == "49" {
+		if testFlag == " true" {
 			sLogger.Fatalf(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Infof(username) // $ hasTaintFlow="username"
-		if testFlag == "50" {
+		if testFlag == " true" {
 			sLogger.Panicf(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warnf(username)   // $ hasTaintFlow="username"
 		sLogger.DPanicw(username) // $ hasTaintFlow="username"
 		sLogger.Debugw(username)  // $ hasTaintFlow="username"
 		sLogger.Errorw(username)  // $ hasTaintFlow="username"
-		if testFlag == "51" {
+		if testFlag == " true" {
 			sLogger.Fatalw(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Infow(username) // $ hasTaintFlow="username"
-		if testFlag == "52" {
+		if testFlag == " true" {
 			sLogger.Panicw(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warnw(username) // $ hasTaintFlow="username"
@@ -619,10 +515,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		verbose.Infof("user %q logged in.\n", username)
 		klog.Infof("user %q logged in.\n", username)
 		klog.Errorf("user %q logged in.\n", username)
-		if testFlag == "53" {
+		if testFlag == " true" {
 			klog.Fatalf("user %q logged in.\n", username)
 		}
-		if testFlag == "54" {
+		if testFlag == " true" {
 			klog.Exitf("user %q logged in.\n", username)
 		}
 	}
@@ -638,10 +534,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 
 		glog.Infof("user %q logged in.\n", username)
 		glog.Errorf("user %q logged in.\n", username)
-		if testFlag == "55" {
+		if testFlag == " true" {
 			glog.Fatalf("user %q logged in.\n", username)
 		}
-		if testFlag == "56" {
+		if testFlag == " true" {
 			glog.Exitf("user %q logged in.\n", username)
 		}
 	}
@@ -649,11 +545,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 	{
 		logrus.Debugf("user %q logged in.\n", username)
 		logrus.Errorf("user %q logged in.\n", username)
-		if testFlag == "57" {
+		if testFlag == " true" {
 			logrus.Fatalf("user %q logged in.\n", username)
 		}
 		logrus.Infof("user %q logged in.\n", username)
-		if testFlag == "58" {
+		if testFlag == " true" {
 			logrus.Panicf("user %q logged in.\n", username)
 		}
 		logrus.Printf("user %q logged in.\n", username)
@@ -665,12 +561,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		entry := logrus.WithFields(fields)
 		entry.Debugf("user %q logged in.\n", username)
 		entry.Errorf("user %q logged in.\n", username)
-		if testFlag == "59" {
+		if testFlag == " true" {
 			entry.Fatalf("user %q logged in.\n", username)
 		}
 		entry.Infof("user %q logged in.\n", username)
 		entry.Logf(0, "user %q logged in.\n", username)
-		if testFlag == "60" {
+		if testFlag == " true" {
 			entry.Panicf("user %q logged in.\n", username)
 		}
 		entry.Printf("user %q logged in.\n", username)
@@ -681,12 +577,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger := entry.Logger
 		logger.Debugf("user %q logged in.\n", username)
 		logger.Errorf("user %q logged in.\n", username)
-		if testFlag == "61" {
+		if testFlag == " true" {
 			logger.Fatalf("user %q logged in.\n", username)
 		}
 		logger.Infof("user %q logged in.\n", username)
 		logger.Logf(0, "user %q logged in.\n", username)
-		if testFlag == "62" {
+		if testFlag == " true" {
 			logger.Panicf("user %q logged in.\n", username)
 		}
 		logger.Printf("user %q logged in.\n", username)
@@ -707,11 +603,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		sLogger.DPanicf("user %q logged in.\n", username)
 		sLogger.Debugf("user %q logged in.\n", username)
 		sLogger.Errorf("user %q logged in.\n", username)
-		if testFlag == "63" {
+		if testFlag == " true" {
 			sLogger.Fatalf("user %q logged in.\n", username)
 		}
 		sLogger.Infof("user %q logged in.\n", username)
-		if testFlag == "64" {
+		if testFlag == " true" {
 			sLogger.Panicf("user %q logged in.\n", username)
 		}
 		sLogger.Warnf("user %q logged in.\n", username)
@@ -724,10 +620,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		verbose.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		klog.Infof("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
 		klog.Errorf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		if testFlag == "65" {
+		if testFlag == " true" {
 			klog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
-		if testFlag == "66" {
+		if testFlag == " true" {
 			klog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 	}
@@ -743,10 +639,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 
 		glog.Infof("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
 		glog.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "67" {
+		if testFlag == " true" {
 			glog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
-		if testFlag == "68" {
+		if testFlag == " true" {
 			glog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 	}
@@ -754,11 +650,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 	{
 		logrus.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		logrus.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "69" {
+		if testFlag == " true" {
 			logrus.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logrus.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "70" {
+		if testFlag == " true" {
 			logrus.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logrus.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
@@ -770,12 +666,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		entry := logrus.WithFields(fields)
 		entry.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		entry.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "71" {
+		if testFlag == " true" {
 			entry.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		entry.Infof("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		entry.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "72" {
+		if testFlag == " true" {
 			entry.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		entry.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
@@ -786,12 +682,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger := entry.Logger
 		logger.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		logger.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "73" {
+		if testFlag == " true" {
 			logger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logger.Infof("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		logger.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "74" {
+		if testFlag == " true" {
 			logger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logger.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
@@ -812,11 +708,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		sLogger.DPanicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		sLogger.Debugf("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
 		sLogger.Errorf("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
-		if testFlag == "75" {
+		if testFlag == " true" {
 			sLogger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		sLogger.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "76" {
+		if testFlag == " true" {
 			sLogger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warnf("user %#q logged in.\n", username) // $ hasTaintFlow="username"

go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected

@@ -37,22 +37,22 @@
 | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password |
 | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword |
 | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:33:13:33:20 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:33:13:33:20 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:36:14:36:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:36:14:36:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:41:14:41:17 | obj1 | passwords.go:39:13:39:13 | x | passwords.go:41:14:41:17 | obj1 | $@ flows to a logging call. | passwords.go:39:13:39:13 | x | Sensitive data returned by an access to password |
-| passwords.go:46:14:46:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:46:14:46:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:53:14:53:27 | fixed_password | passwords.go:52:2:52:15 | definition of fixed_password | passwords.go:53:14:53:27 | fixed_password | $@ flows to a logging call. | passwords.go:52:2:52:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password |
-| passwords.go:91:14:91:26 | utilityObject | passwords.go:89:16:89:36 | call to make | passwords.go:91:14:91:26 | utilityObject | $@ flows to a logging call. | passwords.go:89:16:89:36 | call to make | Sensitive data returned by an access to passwordSet |
-| passwords.go:94:23:94:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:94:23:94:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:104:15:104:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:104:15:104:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:110:16:110:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:110:16:110:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:115:15:115:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:115:15:115:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:119:14:119:45 | ...+... | passwords.go:118:6:118:14 | definition of password1 | passwords.go:119:14:119:45 | ...+... | $@ flows to a logging call. | passwords.go:118:6:118:14 | definition of password1 | Sensitive data returned by an access to password1 |
-| passwords.go:129:14:129:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:129:14:129:19 | config | passwords.go:123:13:123:14 | x3 | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:123:13:123:14 | x3 | Sensitive data returned by an access to password |
-| passwords.go:129:14:129:19 | config | passwords.go:126:13:126:25 | call to getPassword | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:130:14:130:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:130:14:130:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:131:14:131:21 | selection of y | passwords.go:126:13:126:25 | call to getPassword | passwords.go:131:14:131:21 | selection of y | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
+| passwords.go:32:12:32:19 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:34:14:34:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password |
+| passwords.go:44:14:44:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:51:14:51:27 | fixed_password | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:50:2:50:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password |
+| passwords.go:89:14:89:26 | utilityObject | passwords.go:87:16:87:36 | call to make | passwords.go:89:14:89:26 | utilityObject | $@ flows to a logging call. | passwords.go:87:16:87:36 | call to make | Sensitive data returned by an access to passwordSet |
+| passwords.go:92:23:92:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:92:23:92:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:102:15:102:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:102:15:102:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:108:16:108:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:108:16:108:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:113:15:113:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:113:15:113:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:117:14:117:45 | ...+... | passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:14:117:45 | ...+... | $@ flows to a logging call. | passwords.go:116:6:116:14 | definition of password1 | Sensitive data returned by an access to password1 |
+| passwords.go:127:14:127:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:127:14:127:19 | config | passwords.go:121:13:121:14 | x3 | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:14 | x3 | Sensitive data returned by an access to password |
+| passwords.go:127:14:127:19 | config | passwords.go:124:13:124:25 | call to getPassword | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword |
+| passwords.go:128:14:128:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:128:14:128:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:129:14:129:21 | selection of y | passwords.go:124:13:124:25 | call to getPassword | passwords.go:129:14:129:21 | selection of y | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword |
 | protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | definition of password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | definition of password | Sensitive data returned by an access to password |
 edges
 | klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance |  |
@@ -82,15 +82,95 @@ edges
 | main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance |  |
 | main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
 | main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
 | main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
 | main.go:54:12:54:19 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
+| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:56:11:56:18 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
+| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:59:18:59:25 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:62:12:62:19 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:65:13:65:20 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:68:11:68:18 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:71:18:71:25 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:74:12:74:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:74:12:74:19 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:77:13:77:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:77:13:77:20 | password | main.go:80:17:80:24 | password | provenance |  |
 | main.go:80:17:80:24 | password | main.go:82:12:82:19 | password | provenance |  |
 | main.go:80:17:80:24 | password | main.go:83:17:83:24 | password | provenance |  |
 | main.go:80:17:80:24 | password | main.go:86:19:86:26 | password | provenance |  |
@@ -102,46 +182,46 @@ edges
 | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance |  |
 | passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | provenance |  |
 | passwords.go:21:2:21:9 | definition of password | passwords.go:30:8:30:15 | password | provenance |  |
-| passwords.go:21:2:21:9 | definition of password | passwords.go:33:13:33:20 | password | provenance |  |
-| passwords.go:21:2:21:9 | definition of password | passwords.go:36:28:36:35 | password | provenance |  |
+| passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | provenance |  |
+| passwords.go:21:2:21:9 | definition of password | passwords.go:34:28:34:35 | password | provenance |  |
 | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance |  |
-| passwords.go:36:28:36:35 | password | passwords.go:36:14:36:35 | ...+... | provenance | Config |
-| passwords.go:36:28:36:35 | password | passwords.go:44:6:44:13 | password | provenance |  |
-| passwords.go:38:10:40:2 | struct literal | passwords.go:41:14:41:17 | obj1 | provenance |  |
-| passwords.go:39:13:39:13 | x | passwords.go:38:10:40:2 | struct literal | provenance | Config |
-| passwords.go:43:10:45:2 | struct literal | passwords.go:46:14:46:17 | obj2 | provenance |  |
-| passwords.go:44:6:44:13 | password | passwords.go:43:10:45:2 | struct literal | provenance | Config |
-| passwords.go:44:6:44:13 | password | passwords.go:50:11:50:18 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:94:23:94:28 | secret | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:104:33:104:40 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:110:34:110:41 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:115:33:115:40 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:52:2:52:15 | definition of fixed_password | passwords.go:53:14:53:27 | fixed_password | provenance |  |
-| passwords.go:88:19:90:2 | struct literal | passwords.go:91:14:91:26 | utilityObject | provenance |  |
-| passwords.go:89:16:89:36 | call to make | passwords.go:88:19:90:2 | struct literal | provenance | Config |
-| passwords.go:104:33:104:40 | password | passwords.go:104:15:104:40 | ...+... | provenance | Config |
-| passwords.go:104:33:104:40 | password | passwords.go:110:34:110:41 | password | provenance |  |
-| passwords.go:104:33:104:40 | password | passwords.go:115:33:115:40 | password | provenance |  |
-| passwords.go:104:33:104:40 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:110:34:110:41 | password | passwords.go:110:16:110:41 | ...+... | provenance | Config |
-| passwords.go:110:34:110:41 | password | passwords.go:115:33:115:40 | password | provenance |  |
-| passwords.go:110:34:110:41 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:115:33:115:40 | password | passwords.go:115:15:115:40 | ...+... | provenance | Config |
-| passwords.go:115:33:115:40 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:118:6:118:14 | definition of password1 | passwords.go:119:28:119:36 | password1 | provenance |  |
-| passwords.go:119:28:119:36 | password1 | passwords.go:119:28:119:45 | call to String | provenance | Config |
-| passwords.go:119:28:119:45 | call to String | passwords.go:119:14:119:45 | ...+... | provenance | Config |
-| passwords.go:122:12:127:2 | struct literal | passwords.go:129:14:129:19 | config | provenance |  |
-| passwords.go:122:12:127:2 | struct literal [x] | passwords.go:130:14:130:19 | config [x] | provenance |  |
-| passwords.go:122:12:127:2 | struct literal [y] | passwords.go:131:14:131:19 | config [y] | provenance |  |
-| passwords.go:123:13:123:14 | x3 | passwords.go:122:12:127:2 | struct literal | provenance | Config |
-| passwords.go:125:13:125:20 | password | passwords.go:122:12:127:2 | struct literal | provenance | Config |
-| passwords.go:125:13:125:20 | password | passwords.go:122:12:127:2 | struct literal [x] | provenance |  |
-| passwords.go:126:13:126:25 | call to getPassword | passwords.go:122:12:127:2 | struct literal | provenance | Config |
-| passwords.go:126:13:126:25 | call to getPassword | passwords.go:122:12:127:2 | struct literal [y] | provenance |  |
-| passwords.go:130:14:130:19 | config [x] | passwords.go:130:14:130:21 | selection of x | provenance |  |
-| passwords.go:131:14:131:19 | config [y] | passwords.go:131:14:131:21 | selection of y | provenance |  |
+| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config |
+| passwords.go:34:28:34:35 | password | passwords.go:42:6:42:13 | password | provenance |  |
+| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance |  |
+| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config |
+| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance |  |
+| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config |
+| passwords.go:42:6:42:13 | password | passwords.go:48:11:48:18 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:92:23:92:28 | secret | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:102:33:102:40 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:108:34:108:41 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:113:33:113:40 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | provenance |  |
+| passwords.go:86:19:88:2 | struct literal | passwords.go:89:14:89:26 | utilityObject | provenance |  |
+| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal | provenance | Config |
+| passwords.go:102:33:102:40 | password | passwords.go:102:15:102:40 | ...+... | provenance | Config |
+| passwords.go:102:33:102:40 | password | passwords.go:108:34:108:41 | password | provenance |  |
+| passwords.go:102:33:102:40 | password | passwords.go:113:33:113:40 | password | provenance |  |
+| passwords.go:102:33:102:40 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:108:34:108:41 | password | passwords.go:108:16:108:41 | ...+... | provenance | Config |
+| passwords.go:108:34:108:41 | password | passwords.go:113:33:113:40 | password | provenance |  |
+| passwords.go:108:34:108:41 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:113:33:113:40 | password | passwords.go:113:15:113:40 | ...+... | provenance | Config |
+| passwords.go:113:33:113:40 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:28:117:36 | password1 | provenance |  |
+| passwords.go:117:28:117:36 | password1 | passwords.go:117:28:117:45 | call to String | provenance | Config |
+| passwords.go:117:28:117:45 | call to String | passwords.go:117:14:117:45 | ...+... | provenance | Config |
+| passwords.go:120:12:125:2 | struct literal | passwords.go:127:14:127:19 | config | provenance |  |
+| passwords.go:120:12:125:2 | struct literal [x] | passwords.go:128:14:128:19 | config [x] | provenance |  |
+| passwords.go:120:12:125:2 | struct literal [y] | passwords.go:129:14:129:19 | config [y] | provenance |  |
+| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal | provenance | Config |
+| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal | provenance | Config |
+| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [x] | provenance |  |
+| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal | provenance | Config |
+| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [y] | provenance |  |
+| passwords.go:128:14:128:19 | config [x] | passwords.go:128:14:128:21 | selection of x | provenance |  |
+| passwords.go:129:14:129:19 | config [y] | passwords.go:129:14:129:21 | selection of y | provenance |  |
 | protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance |  |
 | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance |  |
 | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance |  |
@@ -194,12 +274,20 @@ nodes
 | main.go:54:12:54:19 | password | semmle.label | password |
 | main.go:54:12:54:19 | password | semmle.label | password |
 | main.go:56:11:56:18 | password | semmle.label | password |
+| main.go:56:11:56:18 | password | semmle.label | password |
+| main.go:59:18:59:25 | password | semmle.label | password |
 | main.go:59:18:59:25 | password | semmle.label | password |
 | main.go:62:12:62:19 | password | semmle.label | password |
+| main.go:62:12:62:19 | password | semmle.label | password |
+| main.go:65:13:65:20 | password | semmle.label | password |
 | main.go:65:13:65:20 | password | semmle.label | password |
 | main.go:68:11:68:18 | password | semmle.label | password |
+| main.go:68:11:68:18 | password | semmle.label | password |
+| main.go:71:18:71:25 | password | semmle.label | password |
 | main.go:71:18:71:25 | password | semmle.label | password |
 | main.go:74:12:74:19 | password | semmle.label | password |
+| main.go:74:12:74:19 | password | semmle.label | password |
+| main.go:77:13:77:20 | password | semmle.label | password |
 | main.go:77:13:77:20 | password | semmle.label | password |
 | main.go:79:14:79:21 | password | semmle.label | password |
 | main.go:80:17:80:24 | password | semmle.label | password |
@@ -220,43 +308,43 @@ nodes
 | passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword |
 | passwords.go:28:14:28:28 | call to getPassword | semmle.label | call to getPassword |
 | passwords.go:30:8:30:15 | password | semmle.label | password |
-| passwords.go:33:13:33:20 | password | semmle.label | password |
-| passwords.go:36:14:36:35 | ...+... | semmle.label | ...+... |
-| passwords.go:36:28:36:35 | password | semmle.label | password |
-| passwords.go:38:10:40:2 | struct literal | semmle.label | struct literal |
-| passwords.go:39:13:39:13 | x | semmle.label | x |
-| passwords.go:41:14:41:17 | obj1 | semmle.label | obj1 |
-| passwords.go:43:10:45:2 | struct literal | semmle.label | struct literal |
-| passwords.go:44:6:44:13 | password | semmle.label | password |
-| passwords.go:46:14:46:17 | obj2 | semmle.label | obj2 |
-| passwords.go:50:11:50:18 | password | semmle.label | password |
-| passwords.go:52:2:52:15 | definition of fixed_password | semmle.label | definition of fixed_password |
-| passwords.go:53:14:53:27 | fixed_password | semmle.label | fixed_password |
-| passwords.go:88:19:90:2 | struct literal | semmle.label | struct literal |
-| passwords.go:89:16:89:36 | call to make | semmle.label | call to make |
-| passwords.go:91:14:91:26 | utilityObject | semmle.label | utilityObject |
-| passwords.go:94:23:94:28 | secret | semmle.label | secret |
-| passwords.go:104:15:104:40 | ...+... | semmle.label | ...+... |
-| passwords.go:104:33:104:40 | password | semmle.label | password |
-| passwords.go:110:16:110:41 | ...+... | semmle.label | ...+... |
-| passwords.go:110:34:110:41 | password | semmle.label | password |
-| passwords.go:115:15:115:40 | ...+... | semmle.label | ...+... |
-| passwords.go:115:33:115:40 | password | semmle.label | password |
-| passwords.go:118:6:118:14 | definition of password1 | semmle.label | definition of password1 |
-| passwords.go:119:14:119:45 | ...+... | semmle.label | ...+... |
-| passwords.go:119:28:119:36 | password1 | semmle.label | password1 |
-| passwords.go:119:28:119:45 | call to String | semmle.label | call to String |
-| passwords.go:122:12:127:2 | struct literal | semmle.label | struct literal |
-| passwords.go:122:12:127:2 | struct literal [x] | semmle.label | struct literal [x] |
-| passwords.go:122:12:127:2 | struct literal [y] | semmle.label | struct literal [y] |
-| passwords.go:123:13:123:14 | x3 | semmle.label | x3 |
-| passwords.go:125:13:125:20 | password | semmle.label | password |
-| passwords.go:126:13:126:25 | call to getPassword | semmle.label | call to getPassword |
-| passwords.go:129:14:129:19 | config | semmle.label | config |
-| passwords.go:130:14:130:19 | config [x] | semmle.label | config [x] |
-| passwords.go:130:14:130:21 | selection of x | semmle.label | selection of x |
-| passwords.go:131:14:131:19 | config [y] | semmle.label | config [y] |
-| passwords.go:131:14:131:21 | selection of y | semmle.label | selection of y |
+| passwords.go:32:12:32:19 | password | semmle.label | password |
+| passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... |
+| passwords.go:34:28:34:35 | password | semmle.label | password |
+| passwords.go:36:10:38:2 | struct literal | semmle.label | struct literal |
+| passwords.go:37:13:37:13 | x | semmle.label | x |
+| passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 |
+| passwords.go:41:10:43:2 | struct literal | semmle.label | struct literal |
+| passwords.go:42:6:42:13 | password | semmle.label | password |
+| passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 |
+| passwords.go:48:11:48:18 | password | semmle.label | password |
+| passwords.go:50:2:50:15 | definition of fixed_password | semmle.label | definition of fixed_password |
+| passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password |
+| passwords.go:86:19:88:2 | struct literal | semmle.label | struct literal |
+| passwords.go:87:16:87:36 | call to make | semmle.label | call to make |
+| passwords.go:89:14:89:26 | utilityObject | semmle.label | utilityObject |
+| passwords.go:92:23:92:28 | secret | semmle.label | secret |
+| passwords.go:102:15:102:40 | ...+... | semmle.label | ...+... |
+| passwords.go:102:33:102:40 | password | semmle.label | password |
+| passwords.go:108:16:108:41 | ...+... | semmle.label | ...+... |
+| passwords.go:108:34:108:41 | password | semmle.label | password |
+| passwords.go:113:15:113:40 | ...+... | semmle.label | ...+... |
+| passwords.go:113:33:113:40 | password | semmle.label | password |
+| passwords.go:116:6:116:14 | definition of password1 | semmle.label | definition of password1 |
+| passwords.go:117:14:117:45 | ...+... | semmle.label | ...+... |
+| passwords.go:117:28:117:36 | password1 | semmle.label | password1 |
+| passwords.go:117:28:117:45 | call to String | semmle.label | call to String |
+| passwords.go:120:12:125:2 | struct literal | semmle.label | struct literal |
+| passwords.go:120:12:125:2 | struct literal [x] | semmle.label | struct literal [x] |
+| passwords.go:120:12:125:2 | struct literal [y] | semmle.label | struct literal [y] |
+| passwords.go:121:13:121:14 | x3 | semmle.label | x3 |
+| passwords.go:123:13:123:20 | password | semmle.label | password |
+| passwords.go:124:13:124:25 | call to getPassword | semmle.label | call to getPassword |
+| passwords.go:127:14:127:19 | config | semmle.label | config |
+| passwords.go:128:14:128:19 | config [x] | semmle.label | config [x] |
+| passwords.go:128:14:128:21 | selection of x | semmle.label | selection of x |
+| passwords.go:129:14:129:19 | config [y] | semmle.label | config [y] |
+| passwords.go:129:14:129:21 | selection of y | semmle.label | selection of y |
 | protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password |
 | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | semmle.label | implicit dereference [postupdate] [Description] |
 | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | semmle.label | query [postupdate] [pointer, Description] |

go/ql/test/query-tests/Security/CWE-312/passwords.go

@@ -16,7 +16,7 @@ func redact(kind, value string) string {
 	return value
 }
 
-func test(selector int) {
+func test() {
 	name := "user"
 	password := "P@ssw0rd" // $ Source
 	x := "horsebatterystapleincorrect"
@@ -29,9 +29,7 @@ func test(selector int) {
 
 	myLog(password)
 
-	if selector == 1 {
-		log.Panic(password) // $ Alert
-	}
+	log.Panic(password) // $ Alert
 
 	log.Println(name + ", " + password) // $ Alert
 

java/ql/lib/CHANGELOG.md

@@ -1,9 +1,3 @@
-## 9.1.2
-
-### Minor Analysis Improvements
-
-* Added LLM-generated source and sink models for `org.apache.avro`.
-
 ## 9.1.1
 
 ### Minor Analysis Improvements