Delete unused predicate (leftover from old implementation)

- Extend synthetic uncertain reads to function exits of any function
  that writes a captured variable, not just the declaring function.
  This ensures writes to captured variables inside closures remain
  live (matching the old `v.isCaptured()` liveness shortcut).
- Uncomment toString overrides for SsaExplicitDefinition, SsaVariableCapture,
  SsaPhiNode, and SsaVariable to restore original output formats.
- Revert test expected files to pre-test-changes state matching the
  correct toString formats and capture variable results.

Agent-Logs-Url: https://github.com/github/codeql/sessions/6dbf9d42-b2e2-42a2-984b-8ea31df4e633

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>

actions/ql/lib/change-notes/2026-06-12-self_hosted_runners.md

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* The query `actions/pr-on-self-hosted-runner` was updated to the latest standard runner labels reducing false positive results.

actions/ql/lib/codeql/actions/security/SelfHostedQuery.qll

@@ -2,10 +2,12 @@ import actions
 
 bindingset[runner]
 predicate isGithubHostedRunner(string runner) {
-  // list of github hosted repos: https://github.com/actions/runner-images/blob/main/README.md#available-images
-  runner
-      .toLowerCase()
-      .regexpMatch("^(ubuntu-([0-9.]+|latest)|macos-([0-9]+|latest)(-x?large)?|windows-([0-9.]+|latest))$")
+  // The list of github hosted repos:
+  // https://github.com/actions/runner-images/blob/main/README.md#available-images
+  // https://docs.github.com/en/enterprise-cloud@latest/actions/how-tos/write-workflows/choose-where-workflows-run/choose-the-runner-for-a-job#standard-github-hosted-runners-for-public-repositories
+  runner.toLowerCase().regexpMatch("^ubuntu-([0-9.]+|latest|slim)(-arm)?$") or
+  runner.toLowerCase().regexpMatch("^macos-([0-9]+|latest)(-x?large|-intel)?$") or
+  runner.toLowerCase().regexpMatch("^windows-([0-9.]+|latest)(-vs[0-9.]+)?(-arm)?$")
 }
 
 bindingset[runner]

actions/ql/test/query-tests/Security/CWE-284/.github/workflows/test3.yml

@@ -0,0 +1,43 @@
+name: test
+
+on:
+  pull_request:
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+          - ubuntu-24.04
+          - ubuntu-24.04-arm
+          - ubuntu-22.04
+          - ubuntu-22.04-arm
+          - ubuntu-26.04
+          - ubuntu-26.04-arm
+          - ubuntu-slim
+          - macos-26
+          - macos-26-xlarge
+          - macos-26-intel
+          - macos-26-large
+          - macos-latest-large
+          - macos-15-large
+          - macos-15
+          - macos-15-intel
+          - macos-latest
+          - macos-15
+          - macos-15-xlarge
+          - macos-14-large
+          - macos-14
+          - macos-14-xlarge
+          - windows-2025-vs2026
+          - windows-latest
+          - windows-2025
+          - windows-2022
+          - windows-11
+          - windows-11-arm
+          - windows-11-vs2026-arm
+    runs-on: ${{ matrix.os }}
+    steps:
+      - run: cmd

cpp/downgrades/0853f43dc8c08deecb473c54a2b70da8597f1ab5/upgrade.properties

@@ -0,0 +1,2 @@
+description: Fix NameQualifier inconsistency
+compatibility: full

cpp/ql/lib/semmle/code/cpp/Type.qll

@@ -1071,7 +1071,7 @@ class NullPointerType extends BuiltInType {
  * const float fa[40];
  * ```
  */
-class DerivedType extends Type, @derivedtype {
+class DerivedType extends Type, NameQualifyingElement, @derivedtype {
   override string toString() { result = this.getName() }
 
   override string getName() { derivedtypes(underlyingElement(this), result, _, _) }

cpp/ql/lib/semmlecode.cpp.dbscheme

@@ -1430,7 +1430,8 @@ specialnamequalifyingelements(
 @namequalifyingelement = @namespace
                        | @specialnamequalifyingelement
                        | @usertype
-                       | @decltype;
+                       | @decltype
+                       | @derivedtype;
 
 namequalifiers(
     unique int id: @namequalifier,

cpp/ql/lib/upgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/upgrade.properties

@@ -0,0 +1,2 @@
+description: Fix NameQualifier inconsistency
+compatibility: full

cpp/ql/test/library-tests/name_qualifiers/NameQualifiers1.expected

@@ -1,3 +1,7 @@
+| inconsistency2.cpp:3:3:3:5 | T:: | inconsistency2.cpp:3:3:3:6 | x | inconsistency2.cpp:2:20:2:20 | T |
+| inconsistency2.cpp:3:3:3:11 | const s:: | inconsistency2.cpp:3:3:3:6 | x | file://:0:0:0:0 | const s |
+| inconsistency.cpp:7:20:7:22 | S:: | inconsistency.cpp:7:20:7:23 | (int)... | inconsistency.cpp:4:8:4:8 | S |
+| inconsistency.cpp:7:20:7:22 | S:: | inconsistency.cpp:7:20:7:23 | A | inconsistency.cpp:4:8:4:8 | S |
 | name_qualifiers.cpp:29:7:29:8 | :: | name_qualifiers.cpp:29:7:29:9 | x | file://:0:0:0:0 | (global namespace) |
 | name_qualifiers.cpp:31:7:31:10 | N1:: | name_qualifiers.cpp:31:7:31:12 | nx | name_qualifiers.cpp:4:11:4:12 | N1 |
 | name_qualifiers.cpp:34:7:34:8 | :: | name_qualifiers.cpp:34:9:34:12 | N1:: | file://:0:0:0:0 | (global namespace) |

cpp/ql/test/library-tests/name_qualifiers/NameQualifiers1.ql

@@ -1,7 +1,5 @@
 import cpp
 
 from NameQualifier nq, Location l
-where
-  l = nq.getQualifiedElement().getLocation() and
-  l.getFile().getShortName() = "name_qualifiers"
+where l = nq.getQualifiedElement().getLocation()
 select nq, nq.getQualifiedElement(), nq.getQualifyingElement()

cpp/ql/test/library-tests/name_qualifiers/inconsistency.cpp

@@ -1,8 +1,8 @@
 // This file is present to test whether name-qualifying an enum constant leads to a database inconsistency.
-// As such, there is no QL part of the test.
+
 
 struct S { enum E { A }; };
 
-static int f() {
+static void f() {
   switch(0) { case S::A: break; }
 }

cpp/ql/test/library-tests/name_qualifiers/inconsistency2.cpp

@@ -0,0 +1,12 @@
+namespace {
+template <typename T> T f() {
+  T::x;
+  return {};
+}
+struct s {
+  static int x;
+};
+struct t {
+  s x = f<const s>();
+};
+}

csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraph.qll

@@ -203,7 +203,7 @@ module Ast implements AstSig<Location> {
   final private class FinalTryStmt = CS::TryStmt;
 
   class TryStmt extends FinalTryStmt {
-    Stmt getBody() { result = this.getBlock() }
+    AstNode getBody(int index) { index = 0 and result = this.getBlock() }
 
     CatchClause getCatch(int index) { result = this.getCatchClause(index) }
 

go/extractor/go.mod

@@ -10,7 +10,7 @@ toolchain go1.26.4
 //    bazel mod tidy
 require (
 	golang.org/x/mod v0.37.0
-	golang.org/x/tools v0.45.0
+	golang.org/x/tools v0.46.0
 )
 
 require github.com/stretchr/testify v1.11.1
@@ -18,6 +18,6 @@ require github.com/stretchr/testify v1.11.1
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/sync v0.20.0 // indirect
+	golang.org/x/sync v0.21.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go/extractor/go.sum

@@ -8,10 +8,10 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 golang.org/x/mod v0.37.0 h1:vF1DjpVEshcIqoEaauuHebaLk1O1forxjxBaVn884JQ=
 golang.org/x/mod v0.37.0/go.mod h1:m8S8VeM9r4dzDwjrKO0a1sZP3YjeMamRRlD+fmR2Q/0=
-golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
-golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
-golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8=
-golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0=
+golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
+golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+golang.org/x/tools v0.46.0 h1:7jTurBkPZu4moS/Uy4OQT1M+QBlsj3wejyZwsT8Z7rk=
+golang.org/x/tools v0.46.0/go.mod h1:FrD85F8l+NWL+9XWBSyVSHO6Ne4jutsfIFba7AWQ5Ys=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

go/ql/lib/change-notes/2026-03-23-use-shared-ssa.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The Go SSA library now uses the shared SSA library (`codeql.ssa.Ssa`), consistent with other CodeQL languages such as C#, Java, Ruby, Rust, and Swift. This may result in minor changes to SSA construction in some edge cases.

go/ql/lib/qlpack.yml

@@ -10,6 +10,7 @@ dependencies:
   codeql/controlflow: ${workspace}
   codeql/dataflow: ${workspace}
   codeql/mad: ${workspace}
+  codeql/ssa: ${workspace}
   codeql/threat-models: ${workspace}
   codeql/tutorial: ${workspace}
   codeql/util: ${workspace}

go/ql/lib/semmle/go/controlflow/BasicBlocks.qll

@@ -48,6 +48,17 @@ class BasicBlock = BbImpl::BasicBlock;
 
 class EntryBasicBlock = BbImpl::EntryBasicBlock;
 
+/** Provides a `CfgSig` view of Go's control-flow graph for use with the shared SSA library. */
+module Cfg implements BB::CfgSig<Location> {
+  class ControlFlowNode = BbImpl::ControlFlowNode;
+
+  class BasicBlock = BbImpl::BasicBlock;
+
+  class EntryBasicBlock = BbImpl::EntryBasicBlock;
+
+  predicate dominatingEdge = BbImpl::dominatingEdge/2;
+}
+
 cached
 private predicate reachableBB(BasicBlock bb) {
   bb instanceof EntryBasicBlock

go/ql/lib/semmle/go/dataflow/SSA.qll

@@ -63,10 +63,7 @@ private predicate unresolvedIdentifier(Ident id, string name) {
 /**
  * An SSA variable.
  */
-class SsaVariable extends TSsaDefinition {
-  /** Gets the source variable corresponding to this SSA variable. */
-  SsaSourceVariable getSourceVariable() { result = this.(SsaDefinition).getSourceVariable() }
-
+class SsaVariable extends Definition {
   /** Gets the (unique) definition of this SSA variable. */
   SsaDefinition getDefinition() { result = this }
 
@@ -74,22 +71,17 @@ class SsaVariable extends TSsaDefinition {
   Type getType() { result = this.getSourceVariable().getType() }
 
   /** Gets a use in basic block `bb` that refers to this SSA variable. */
-  IR::Instruction getAUseIn(ReachableBasicBlock bb) {
+  IR::Instruction getAUseIn(BasicBlock bb) {
     exists(int i, SsaSourceVariable v | v = this.getSourceVariable() |
       result = bb.getNode(i) and
-      this = getDefinition(bb, i, v)
+      ssaDefReachesRead(v, this, bb, i) and
+      useAt(bb, i, v)
     )
   }
 
   /** Gets a use that refers to this SSA variable. */
   IR::Instruction getAUse() { result = this.getAUseIn(_) }
 
-  /** Gets a textual representation of this element. */
-  string toString() { result = this.getDefinition().prettyPrintRef() }
-
-  /** Gets the location of this SSA variable. */
-  Location getLocation() { result = this.getDefinition().getLocation() }
-
   /**
    * DEPRECATED: Use `getLocation()` instead.
    *
@@ -109,50 +101,20 @@ class SsaVariable extends TSsaDefinition {
 /**
  * An SSA definition.
  */
-class SsaDefinition extends TSsaDefinition {
+class SsaDefinition extends Definition {
   /** Gets the SSA variable defined by this definition. */
   SsaVariable getVariable() { result = this }
 
-  /** Gets the source variable defined by this definition. */
-  abstract SsaSourceVariable getSourceVariable();
-
-  /**
-   * Gets the basic block to which this definition belongs.
-   */
-  abstract ReachableBasicBlock getBasicBlock();
-
-  /**
-   * INTERNAL: Use `getBasicBlock()` and `getSourceVariable()` instead.
-   *
-   * Holds if this is a definition of source variable `v` at index `idx` in basic block `bb`.
-   *
-   * Phi nodes are considered to be at index `-1`, all other definitions at the index of
-   * the control flow node they correspond to.
-   */
-  abstract predicate definesAt(ReachableBasicBlock bb, int idx, SsaSourceVariable v);
-
-  /**
-   * INTERNAL: Use `toString()` instead.
-   *
-   * Gets a pretty-printed representation of this SSA definition.
-   */
-  abstract string prettyPrintDef();
-
-  /**
-   * INTERNAL: Do not use.
-   *
-   * Gets a pretty-printed representation of a reference to this SSA definition.
-   */
-  abstract string prettyPrintRef();
-
   /** Gets the innermost function or file to which this SSA definition belongs. */
   ControlFlow::Root getRoot() { result = this.getBasicBlock().getScope() }
 
-  /** Gets a textual representation of this element. */
-  string toString() { result = this.prettyPrintDef() }
-
-  /** Gets the source location for this element. */
-  abstract Location getLocation();
+  /**
+   * INTERNAL: Do not use.
+   *
+   * Gets a short string identifying the kind of this SSA definition,
+   * used in reference formatting (e.g., `"def"`, `"capture"`, `"phi"`).
+   */
+  string getKind() { none() }
 
   /**
    * DEPRECATED: Use `getLocation()` instead.
@@ -180,32 +142,23 @@ class SsaDefinition extends TSsaDefinition {
 /**
  * An SSA definition that corresponds to an explicit assignment or other variable definition.
  */
-class SsaExplicitDefinition extends SsaDefinition, TExplicitDef {
+class SsaExplicitDefinition extends SsaDefinition, WriteDefinition {
+  SsaExplicitDefinition() {
+    exists(BasicBlock bb, int i, SsaSourceVariable v |
+      this.definesAt(v, bb, i) and
+      defAt(bb, i, v)
+    )
+  }
+
   /** Gets the instruction where the definition happens. */
   IR::Instruction getInstruction() {
-    exists(BasicBlock bb, int i | this = TExplicitDef(bb, i, _) | result = bb.getNode(i))
+    exists(BasicBlock bb, int i | this.definesAt(_, bb, i) | result = bb.getNode(i))
   }
 
   /** Gets the right-hand side of the definition. */
   IR::Instruction getRhs() { this.getInstruction().writes(_, result) }
 
-  override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    this = TExplicitDef(bb, i, v)
-  }
-
-  override ReachableBasicBlock getBasicBlock() { this.definesAt(result, _, _) }
-
-  override SsaSourceVariable getSourceVariable() { this = TExplicitDef(_, _, result) }
-
-  override string prettyPrintRef() {
-    exists(Location loc | loc = this.getLocation() |
-      result = "def@" + loc.getStartLine() + ":" + loc.getStartColumn()
-    )
-  }
-
-  override string prettyPrintDef() { result = "definition of " + this.getSourceVariable() }
-
-  override Location getLocation() { result = this.getInstruction().getLocation() }
+  override string getKind() { result = "def" }
 }
 
 /** Provides a helper predicate for working with explicit SSA definitions. */
@@ -219,22 +172,7 @@ module SsaExplicitDefinition {
 /**
  * An SSA definition that does not correspond to an explicit variable definition.
  */
-abstract class SsaImplicitDefinition extends SsaDefinition {
-  /**
-   * INTERNAL: Do not use.
-   *
-   * Gets the definition kind to include in `prettyPrintRef`.
-   */
-  abstract string getKind();
-
-  override string prettyPrintRef() {
-    exists(Location loc | loc = this.getLocation() |
-      result = this.getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn()
-    )
-  }
-
-  override Location getLocation() { result = this.getBasicBlock().getLocation() }
-}
+abstract class SsaImplicitDefinition extends SsaDefinition { }
 
 /**
  * An SSA definition representing the capturing of an SSA-convertible variable
@@ -243,24 +181,8 @@ abstract class SsaImplicitDefinition extends SsaDefinition {
  * Capturing definitions appear at the beginning of such functions, as well as
  * at any function call that may affect the value of the variable.
  */
-class SsaVariableCapture extends SsaImplicitDefinition, TCapture {
-  override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    this = TCapture(bb, i, v)
-  }
-
-  override ReachableBasicBlock getBasicBlock() { this.definesAt(result, _, _) }
-
-  override SsaSourceVariable getSourceVariable() { this.definesAt(_, _, result) }
-
+class SsaVariableCapture extends SsaImplicitDefinition, UncertainWriteDefinition {
   override string getKind() { result = "capture" }
-
-  override string prettyPrintDef() { result = "capture variable " + this.getSourceVariable() }
-
-  override Location getLocation() {
-    exists(ReachableBasicBlock bb, int i | this.definesAt(bb, i, _) |
-      result = bb.getNode(i).getLocation()
-    )
-  }
 }
 
 /**
@@ -272,12 +194,6 @@ abstract class SsaPseudoDefinition extends SsaImplicitDefinition {
    * Gets an input of this pseudo-definition.
    */
   abstract SsaVariable getAnInput();
-
-  /**
-   * Gets a textual representation of the inputs of this pseudo-definition
-   * in lexicographical order.
-   */
-  string ppInputs() { result = concat(this.getAnInput().getDefinition().prettyPrintRef(), ", ") }
 }
 
 /**
@@ -285,26 +201,10 @@ abstract class SsaPseudoDefinition extends SsaImplicitDefinition {
  * in the flow graph where otherwise two or more definitions for the variable
  * would be visible.
  */
-class SsaPhiNode extends SsaPseudoDefinition, TPhi {
-  override SsaVariable getAnInput() {
-    result = getDefReachingEndOf(this.getBasicBlock().getAPredecessor(_), this.getSourceVariable())
-  }
-
-  override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    bb = this.getBasicBlock() and v = this.getSourceVariable() and i = -1
-  }
-
-  override ReachableBasicBlock getBasicBlock() { this = TPhi(result, _) }
-
-  override SsaSourceVariable getSourceVariable() { this = TPhi(_, result) }
+class SsaPhiNode extends SsaPseudoDefinition, PhiNode {
+  override SsaVariable getAnInput() { phiHasInputFromBlock(this, result, _) }
 
   override string getKind() { result = "phi" }
-
-  override string prettyPrintDef() {
-    result = this.getSourceVariable() + " = phi(" + this.ppInputs() + ")"
-  }
-
-  override Location getLocation() { result = this.getBasicBlock().getLocation() }
 }
 
 /**

go/ql/lib/semmle/go/dataflow/SsaImpl.qll

@@ -7,76 +7,25 @@ overlay[local]
 module;
 
 import go
+private import codeql.ssa.Ssa as SsaImplCommon
+private import semmle.go.controlflow.BasicBlocks as BasicBlocks
+
+private class BasicBlock = BasicBlocks::BasicBlock;
 
 cached
 private module Internal {
   /** Holds if the `i`th node of `bb` defines `v`. */
   cached
-  predicate defAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+  predicate defAt(BasicBlock bb, int i, SsaSourceVariable v) {
     bb.getNode(i).(IR::Instruction).writes(v, _)
   }
 
   /** Holds if the `i`th node of `bb` reads `v`. */
   cached
-  predicate useAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+  predicate useAt(BasicBlock bb, int i, SsaSourceVariable v) {
     bb.getNode(i).(IR::Instruction).reads(v)
   }
 
-  /**
-   * A data type representing SSA definitions.
-   *
-   * We distinguish three kinds of SSA definitions:
-   *
-   *   1. Variable definitions, including declarations, assignments and increments/decrements.
-   *   2. Pseudo-definitions for captured variables at the beginning of the capturing function
-   *      as well as after calls.
-   *   3. Phi nodes.
-   *
-   * SSA definitions are only introduced where necessary. In particular,
-   * unreachable code has no SSA definitions associated with it, and neither
-   * have dead assignments (that is, assignments whose value is never read).
-   */
-  cached
-  newtype TSsaDefinition =
-    /**
-     * An SSA definition that corresponds to an explicit assignment or other variable definition.
-     */
-    TExplicitDef(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-      defAt(bb, i, v) and
-      (liveAfterDef(bb, i, v) or v.isCaptured())
-    } or
-    /**
-     * An SSA definition representing the capturing of an SSA-convertible variable
-     * in the closure of a nested function.
-     *
-     * Capturing definitions appear at the beginning of such functions, as well as
-     * at any function call that may affect the value of the variable.
-     */
-    TCapture(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-      mayCapture(bb, i, v) and
-      liveAfterDef(bb, i, v)
-    } or
-    /**
-     * An SSA phi node, that is, a pseudo-definition for a variable at a point
-     * in the flow graph where otherwise two or more definitions for the variable
-     * would be visible.
-     */
-    TPhi(ReachableJoinBlock bb, SsaSourceVariable v) {
-      liveAtEntry(bb, v) and
-      inDefDominanceFrontier(bb, v)
-    }
-
-  /**
-   * Holds if `bb` is in the dominance frontier of a block containing a definition of `v`.
-   */
-  pragma[noinline]
-  private predicate inDefDominanceFrontier(ReachableJoinBlock bb, SsaSourceVariable v) {
-    exists(ReachableBasicBlock defbb, SsaDefinition def |
-      def.definesAt(defbb, _, v) and
-      defbb.inDominanceFrontier(bb)
-    )
-  }
-
   /**
    * Holds if `v` is a captured variable which is declared in `declFun` and read in `useFun`.
    */
@@ -87,7 +36,7 @@ private module Internal {
   }
 
   /** Holds if the `i`th node of `bb` in function `f` is an entry node. */
-  private predicate entryNode(FuncDef f, ReachableBasicBlock bb, int i) {
+  private predicate entryNode(FuncDef f, BasicBlock bb, int i) {
     f = bb.getScope() and
     bb.getNode(i).isEntryNode()
   }
@@ -95,17 +44,17 @@ private module Internal {
   /**
    * Holds if the `i`th node of `bb` in function `f` is a function call.
    */
-  private predicate callNode(FuncDef f, ReachableBasicBlock bb, int i) {
+  private predicate callNode(FuncDef f, BasicBlock bb, int i) {
     f = bb.getScope() and
     bb.getNode(i).(IR::EvalInstruction).getExpr() instanceof CallExpr
   }
 
   /**
    * Holds if the `i`th node of basic block `bb` may induce a pseudo-definition for
-   * modeling updates to captured variable `v`. Whether the definition is actually
-   * introduced depends on whether `v` is live at this point in the program.
+   * modeling updates to captured variable `v`.
    */
-  private predicate mayCapture(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+  cached
+  predicate mayCapture(BasicBlock bb, int i, SsaSourceVariable v) {
     exists(FuncDef capturingContainer, FuncDef declContainer |
       // capture initial value of variable declared in enclosing scope
       readsCapturedVar(capturingContainer, v, declContainer) and
@@ -119,347 +68,134 @@ private module Internal {
     )
   }
 
-  /** A classification of variable references into reads and writes. */
-  private newtype RefKind =
-    ReadRef() or
-    WriteRef()
-
-  /**
-   * Holds if the `i`th node of basic block `bb` is a reference to `v`, either a read
-   * (when `tp` is `ReadRef()`) or a direct or indirect write (when `tp` is `WriteRef()`).
-   */
-  private predicate ref(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind tp) {
-    useAt(bb, i, v) and tp = ReadRef()
-    or
-    (mayCapture(bb, i, v) or defAt(bb, i, v)) and
-    tp = WriteRef()
-  }
-
-  /**
-   * Gets the (1-based) rank of the reference to `v` at the `i`th node of basic block `bb`,
-   * which has the given reference kind `tp`.
-   */
-  private int refRank(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind tp) {
-    i = rank[result](int j | ref(bb, j, v, _)) and
-    ref(bb, i, v, tp)
-  }
-
-  /**
-   * Gets the maximum rank among all references to `v` in basic block `bb`.
-   */
-  private int maxRefRank(ReachableBasicBlock bb, SsaSourceVariable v) {
-    result = max(refRank(bb, _, v, _))
-  }
-
-  /**
-   * Holds if variable `v` is live after the `i`th node of basic block `bb`, where
-   * `i` is the index of a node that may assign or capture `v`.
-   *
-   * For the purposes of this predicate, function calls are considered as writes of captured variables.
-   */
-  private predicate liveAfterDef(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    exists(int r | r = refRank(bb, i, v, WriteRef()) |
-      // the next reference to `v` inside `bb` is a read
-      r + 1 = refRank(bb, _, v, ReadRef())
-      or
-      // this is the last reference to `v` inside `bb`, but `v` is live at entry
-      // to a successor basic block of `bb`
-      r = maxRefRank(bb, v) and
-      liveAtSuccEntry(bb, v)
-    )
-  }
-
-  /**
-   * Holds if variable `v` is live at the beginning of basic block `bb`.
-   *
-   * For the purposes of this predicate, function calls are considered as writes of captured variables.
-   */
-  private predicate liveAtEntry(ReachableBasicBlock bb, SsaSourceVariable v) {
-    // the first reference to `v` inside `bb` is a read
-    refRank(bb, _, v, ReadRef()) = 1
-    or
-    // there is no reference to `v` inside `bb`, but `v` is live at entry
-    // to a successor basic block of `bb`
-    not exists(refRank(bb, _, v, _)) and
-    liveAtSuccEntry(bb, v)
-  }
-
-  /**
-   * Holds if `v` is live at the beginning of any successor of basic block `bb`.
-   */
-  private predicate liveAtSuccEntry(ReachableBasicBlock bb, SsaSourceVariable v) {
-    liveAtEntry(bb.getASuccessor(_), v)
-  }
-
   /**
    * Holds if `v` is assigned outside its declaring function.
    */
-  private predicate assignedThroughClosure(SsaSourceVariable v) {
+  cached
+  predicate assignedThroughClosure(SsaSourceVariable v) {
     any(IR::Instruction def | def.writes(v, _)).getRoot() != v.getDeclaringFunction()
   }
 
+  /** SSA input. */
+  cached
+  module SsaInput implements SsaImplCommon::InputSig<Location, BasicBlock> {
+    class SourceVariable = SsaSourceVariable;
+
     /**
-   * Holds if the `i`th node of `bb` is a use or an SSA definition of variable `v`, with
-   * `k` indicating whether it is the former or the latter.
+     * Holds if the `i`th node of basic block `bb` is a (potential) write to source
+     * variable `v`. The Boolean `certain` indicates whether the write is certain.
      *
-   * Note this includes phi nodes, whereas `ref` above only includes explicit writes and captures.
-   */
-  private predicate ssaRef(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) {
-    useAt(bb, i, v) and k = ReadRef()
-    or
-    any(SsaDefinition def).definesAt(bb, i, v) and k = WriteRef()
-  }
-
-  /**
-   * Gets the (1-based) rank of the `i`th node of `bb` among all SSA definitions
-   * and uses of `v` in `bb`, with `k` indicating whether it is a definition or a use.
-   *
-   * For example, if `bb` is a basic block with a phi node for `v` (considered
-   * to be at index -1), uses `v` at node 2 and defines it at node 5, we have:
-   *
-   * ```
-   * ssaRefRank(bb, -1, v, WriteRef()) = 1    // phi node
-   * ssaRefRank(bb,  2, v, ReadRef())  = 2    // use at node 2
-   * ssaRefRank(bb,  5, v, WriteRef()) = 3    // definition at node 5
-   * ```
-   */
-  private int ssaRefRank(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) {
-    i = rank[result](int j | ssaRef(bb, j, v, _)) and
-    ssaRef(bb, i, v, k)
-  }
-
-  /**
-   * Gets the minimum rank of a read in `bb` such that all references to `v` between that
-   * read and the read at index `i` are reads (and not writes).
-   */
-  private int rewindReads(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    exists(int r | r = ssaRefRank(bb, i, v, ReadRef()) |
-      exists(int j, RefKind k | r - 1 = ssaRefRank(bb, j, v, k) |
-        k = ReadRef() and result = rewindReads(bb, j, v)
-        or
-        k = WriteRef() and result = r
-      )
-      or
-      r = 1 and result = r
-    )
-  }
-
-  /**
-   * Gets the SSA definition of `v` in `bb` that reaches the read of `v` at node `i`, if any.
-   */
-  private SsaDefinition getLocalDefinition(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    exists(int r | r = rewindReads(bb, i, v) |
-      exists(int j | result.definesAt(bb, j, v) and ssaRefRank(bb, j, v, _) = r - 1)
-    )
-  }
-
-  /**
-   * Gets an SSA definition of `v` that reaches the end of the immediate dominator of `bb`.
-   */
-  pragma[noinline]
-  private SsaDefinition getDefReachingEndOfImmediateDominator(
-    ReachableBasicBlock bb, SsaSourceVariable v
-  ) {
-    result = getDefReachingEndOf(bb.getImmediateDominator(), v)
-  }
-
-  /**
-   * Gets an SSA definition of `v` that reaches the end of basic block `bb`.
+     * Certain writes are explicit definitions; uncertain writes are captures.
      */
     cached
-  SsaDefinition getDefReachingEndOf(ReachableBasicBlock bb, SsaSourceVariable v) {
-    exists(int lastRef | lastRef = max(int i | ssaRef(bb, i, v, _)) |
-      result = getLocalDefinition(bb, lastRef, v)
+    predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) {
+      defAt(bb, i, v) and certain = true
       or
-      result.definesAt(bb, lastRef, v) and
-      liveAtSuccEntry(bb, v)
-    )
-    or
-    // In SSA form, the (unique) reaching definition of a use is the closest
-    // definition that dominates the use. If two definitions dominate a node
-    // then one must dominate the other, so we can find the reaching definition
-    // by following the idominance relation backwards.
-    result = getDefReachingEndOfImmediateDominator(bb, v) and
-    not exists(SsaDefinition ssa | ssa.definesAt(bb, _, v)) and
-    liveAtSuccEntry(bb, v)
+      mayCapture(bb, i, v) and certain = false
     }
 
     /**
-   * Gets the unique SSA definition of `v` whose value reaches the `i`th node of `bb`,
-   * which is a use of `v`.
+     * Holds if the `i`th node of basic block `bb` reads source variable `v`.
+     *
+     * We add a synthetic uncertain read at the exit node of every function
+     * that references a captured variable `v`. This ensures that definitions
+     * of captured variables are included in the SSA graph even when the
+     * variable is not locally read in that function scope (but may be read
+     * by another function sharing the same closure).
      */
     cached
-  SsaDefinition getDefinition(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    result = getLocalDefinition(bb, i, v)
+    predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) {
+      useAt(bb, i, v) and certain = true
       or
-    rewindReads(bb, i, v) = 1 and result = getDefReachingEndOf(bb.getImmediateDominator(), v)
-  }
-
-  private module AdjacentUsesImpl {
-    /** Holds if `v` is defined or used in `b`. */
-    private predicate varOccursInBlock(SsaSourceVariable v, ReachableBasicBlock b) {
-      ssaRef(b, _, v, _)
-    }
-
-    /** Holds if `v` occurs in `b` or one of `b`'s transitive successors. */
-    private predicate blockPrecedesVar(SsaSourceVariable v, ReachableBasicBlock b) {
-      varOccursInBlock(v, b)
-      or
-      exists(getDefReachingEndOf(b, v))
-    }
-
-    /**
-     * Holds if `v` occurs in `b1` and `b2` is one of `b1`'s successors.
-     *
-     * Factored out of `varBlockReaches` to force join order compared to the larger
-     * set `blockPrecedesVar(v, b2)`.
-     */
-    pragma[noinline]
-    private predicate varBlockReachesBaseCand(
-      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
-    ) {
-      varOccursInBlock(v, b1) and
-      b2 = b1.getASuccessor(_)
-    }
-
-    /**
-     * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
-     * in `b2` or one of its transitive successors but not in any block on the path
-     * between `b1` and `b2`. Unlike `varBlockReaches` this may include blocks `b2`
-     * where `v` is dead.
-     *
-     * Factored out of `varBlockReaches` to force join order compared to the larger
-     * set `blockPrecedesVar(v, b2)`.
-     */
-    pragma[noinline]
-    private predicate varBlockReachesRecCand(
-      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock mid, ReachableBasicBlock b2
-    ) {
-      varBlockReaches(v, b1, mid) and
-      not varOccursInBlock(v, mid) and
-      b2 = mid.getASuccessor(_)
-    }
-
-    /**
-     * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
-     * in `b2` or one of its transitive successors but not in any block on the path
-     * between `b1` and `b2`.
-     */
-    private predicate varBlockReaches(
-      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
-    ) {
-      varBlockReachesBaseCand(v, b1, b2) and
-      blockPrecedesVar(v, b2)
-      or
-      varBlockReachesRecCand(v, b1, _, b2) and
-      blockPrecedesVar(v, b2)
-    }
-
-    /**
-     * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
-     * `b2` but not in any block on the path between `b1` and `b2`.
-     */
-    private predicate varBlockStep(
-      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
-    ) {
-      varBlockReaches(v, b1, b2) and
-      varOccursInBlock(v, b2)
-    }
-
-    /**
-     * Gets the maximum rank among all SSA references to `v` in basic block `bb`.
-     */
-    private int maxSsaRefRank(ReachableBasicBlock bb, SsaSourceVariable v) {
-      result = max(ssaRefRank(bb, _, v, _))
-    }
-
-    /**
-     * Holds if `v` occurs at index `i1` in `b1` and at index `i2` in `b2` and
-     * there is a path between them without any occurrence of `v`.
-     */
-    pragma[nomagic]
-    predicate adjacentVarRefs(
-      SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2
-    ) {
-      exists(int rankix |
-        b1 = b2 and
-        ssaRefRank(b1, i1, v, _) = rankix and
-        ssaRefRank(b2, i2, v, _) = rankix + 1
-      )
-      or
-      maxSsaRefRank(b1, v) = ssaRefRank(b1, i1, v, _) and
-      varBlockStep(v, b1, b2) and
-      ssaRefRank(b2, i2, v, _) = 1
-    }
-
-    predicate variableUse(SsaSourceVariable v, IR::Instruction use, ReachableBasicBlock bb, int i) {
-      bb.getNode(i) = use and
-      exists(SsaVariable sv |
-        sv.getSourceVariable() = v and
-        use = sv.getAUse()
-      )
-    }
-  }
-
-  private import AdjacentUsesImpl
-
-  /**
-   * Holds if the value defined at `def` can reach `use` without passing through
-   * any other uses, but possibly through phi nodes.
-   */
-  cached
-  predicate firstUse(SsaDefinition def, IR::Instruction use) {
-    exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 |
-      adjacentVarRefs(v, b1, i1, b2, i2) and
-      def.definesAt(b1, i1, v) and
-      variableUse(v, use, b2, i2)
-    )
-    or
-    exists(
-      SsaSourceVariable v, SsaPhiNode redef, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2,
-      int i2
+      v.isCaptured() and
+      exists(FuncDef f |
+        f = bb.getScope() and
+        bb.getLastNode().isExitNode() and
+        i = bb.length() - 1 and
+        certain = false
       |
-      adjacentVarRefs(v, b1, i1, b2, i2) and
-      def.definesAt(b1, i1, v) and
-      redef.definesAt(b2, i2, v) and
-      firstUse(redef, use)
-    )
-  }
-
-  /**
-   * Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA
-   * variable, that is, the value read in `use1` can reach `use2` without passing
-   * through any other use or any SSA definition of the variable.
-   */
-  cached
-  predicate adjacentUseUseSameVar(IR::Instruction use1, IR::Instruction use2) {
-    exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 |
-      adjacentVarRefs(v, b1, i1, b2, i2) and
-      variableUse(v, use1, b1, i1) and
-      variableUse(v, use2, b2, i2)
-    )
-  }
-
-  /**
-   * Holds if `use1` and `use2` form an adjacent use-use-pair of the same
-   * `SsaSourceVariable`, that is, the value read in `use1` can reach `use2`
-   * without passing through any other use or any SSA definition of the variable
-   * except for phi nodes and uncertain implicit updates.
-   */
-  cached
-  predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) {
-    adjacentUseUseSameVar(use1, use2)
+        // The declaring function: captures may be read after calls to closures
+        f = v.getDeclaringFunction()
         or
-    exists(
-      SsaSourceVariable v, SsaPhiNode def, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2,
-      int i2
-    |
-      adjacentVarRefs(v, b1, i1, b2, i2) and
-      variableUse(v, use1, b1, i1) and
-      def.definesAt(b2, i2, v) and
-      firstUse(def, use2)
+        // Any function that writes `v`: the write may be observed by the
+        // declaring function or another closure sharing the same variable
+        any(IR::Instruction def | def.writes(v, _)).getRoot() = f
       )
     }
   }
+}
 
 import Internal
+import SsaImplCommon::Make<Location, BasicBlocks::Cfg, SsaInput> as Impl
+
+final class Definition = Impl::Definition;
+
+final class WriteDefinition = Impl::WriteDefinition;
+
+final class UncertainWriteDefinition = Impl::UncertainWriteDefinition;
+
+final class PhiNode = Impl::PhiNode;
+
+module Consistency = Impl::Consistency;
+
+/**
+ * NB: This predicate should be cached.
+ *
+ * Holds if the SSA definition of `v` at `def` reaches a read at index `i` in
+ * basic block `bb`.
+ */
+cached
+predicate ssaDefReachesRead(SsaSourceVariable v, Definition def, BasicBlock bb, int i) {
+  Impl::ssaDefReachesRead(v, def, bb, i)
+}
+
+/**
+ * NB: This predicate should be cached.
+ *
+ * Holds if the SSA definition of `v` at `def` reaches the end of basic block `bb`.
+ */
+cached
+predicate ssaDefReachesEndOfBlock(BasicBlock bb, Definition def, SsaSourceVariable v) {
+  Impl::ssaDefReachesEndOfBlock(bb, def, v)
+}
+
+/**
+ * NB: This predicate should be cached.
+ *
+ * Holds if `inp` is an input to the phi node `phi` along the edge originating in `bb`.
+ */
+cached
+predicate phiHasInputFromBlock(PhiNode phi, Definition inp, BasicBlock bb) {
+  Impl::phiHasInputFromBlock(phi, inp, bb)
+}
+
+/**
+ * NB: This predicate should be cached.
+ *
+ * Holds if `def` reaches the first use `use` without going through any other use,
+ * but possibly through phi nodes.
+ */
+cached
+predicate firstUse(Definition def, IR::Instruction use) {
+  exists(BasicBlock bb, int i |
+    Impl::firstUse(def, bb, i, _) and
+    use = bb.getNode(i)
+  )
+}
+
+/**
+ * NB: This predicate should be cached.
+ *
+ * Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA
+ * variable, that is, the value read in `use1` can reach `use2` without passing
+ * through any other use or any SSA definition of the variable except for phi nodes
+ * and uncertain implicit updates.
+ */
+cached
+predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) {
+  exists(BasicBlock bb1, int i1, BasicBlock bb2, int i2 |
+    Impl::adjacentUseUse(bb1, i1, bb2, i2, _, _) and
+    use1 = bb1.getNode(i1) and
+    use2 = bb2.getNode(i2)
+  )
+}

go/ql/src/experimental/CWE-525/WebCacheDeception.ql

@@ -1,4 +1,4 @@
-/*
+/**
  * @name Web Cache Deception
  * @description A caching system has been detected on the application and is vulnerable to web cache deception. By manipulating the URL it is possible to force the application to cache pages that are only accessible by an authenticated user. Once cached, these pages can be accessed by an unauthenticated user.
  * @kind problem

go/ql/test/example-tests/snippets/typeinfo.expected

@@ -2,7 +2,7 @@
 | file://:0:0:0:0 | [summary param] -1 in Clone |
 | file://:0:0:0:0 | [summary param] -1 in Write |
 | file://:0:0:0:0 | [summary param] -1 in WriteProxy |
+| main.go:18:12:18:14 | SSA def(req) |
 | main.go:18:12:18:14 | argument corresponding to req |
-| main.go:18:12:18:14 | definition of req |
 | main.go:20:5:20:7 | req |
 | main.go:20:5:20:7 | req [postupdate] |

go/ql/test/experimental/CWE-090/LDAPInjection.go

@@ -54,31 +54,31 @@ func main() {}
 // bad is an example of a bad implementation
 func (ld *Ldap) bad(req *http.Request) {
 	// ...
-	untrusted := req.UserAgent()
+	untrusted := req.UserAgent() // $ Source
 	goldap.NewSearchRequest(
-		untrusted, // BAD: untrusted dn
+		untrusted, // $ Alert // BAD: untrusted dn
 		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-		"(&(objectClass=organizationalPerson))"+untrusted, // BAD: untrusted filter
-		[]string{"dn", "cn", untrusted},                   // BAD: untrusted attribute
+		"(&(objectClass=organizationalPerson))"+untrusted, // $ Alert // BAD: untrusted filter
+		[]string{"dn", "cn", untrusted},                   // $ Alert // BAD: untrusted attribute
 		nil,
 	)
 	goldapv3.NewSearchRequest(
-		untrusted, // BAD: untrusted dn
+		untrusted, // $ Alert // BAD: untrusted dn
 		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-		"(&(objectClass=organizationalPerson))"+untrusted, // BAD: untrusted filter
-		[]string{"dn", "cn", untrusted},                   // BAD: untrusted attribute
+		"(&(objectClass=organizationalPerson))"+untrusted, // $ Alert // BAD: untrusted filter
+		[]string{"dn", "cn", untrusted},                   // $ Alert // BAD: untrusted attribute
 		nil,
 	)
 	gopkgldapv2.NewSearchRequest(
-		untrusted, // BAD: untrusted dn
+		untrusted, // $ Alert // BAD: untrusted dn
 		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-		"(&(objectClass=organizationalPerson))"+untrusted, // BAD: untrusted filter
-		[]string{"dn", "cn", untrusted},                   // BAD: untrusted attribute
+		"(&(objectClass=organizationalPerson))"+untrusted, // $ Alert // BAD: untrusted filter
+		[]string{"dn", "cn", untrusted},                   // $ Alert // BAD: untrusted attribute
 		nil,
 	)
 	client := &ldapclient.LDAPClient{}
-	client.Authenticate(untrusted, "123456") // BAD: untrusted filter
-	client.GetGroupsOfUser(untrusted)        // BAD: untrusted filter
+	client.Authenticate(untrusted, "123456") // $ Alert // BAD: untrusted filter
+	client.GetGroupsOfUser(untrusted)        // $ Alert // BAD: untrusted filter
 	// ...
 }
 

go/ql/test/experimental/CWE-090/LDAPInjection.qlref

@@ -1,2 +1,4 @@
 query: experimental/CWE-090/LDAPInjection.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-203/Timing.qlref

@@ -1,2 +1,4 @@
 query: experimental/CWE-203/Timing.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-203/timing.go

@@ -12,9 +12,9 @@ func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	secret := "MySuperSecretPasscode"
 	secretHeader := "X-Secret"
 
-	headerSecret := req.Header.Get(secretHeader)
+	headerSecret := req.Header.Get(secretHeader) // $ Source
 	secretStr := string(secret)
-	if len(headerSecret) != 0 && headerSecret != secretStr {
+	if len(headerSecret) != 0 && headerSecret != secretStr { // $ Alert
 		return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret)
 	}
 	return nil, nil
@@ -25,9 +25,9 @@ func bad2(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	secret := "MySuperSecretPasscode"
 	secretHeader := "X-Secret"
 
-	headerSecret := req.Header.Get(secretHeader)
+	headerSecret := req.Header.Get(secretHeader) // $ Source
 	secretStr := string(secret)
-	if len(headerSecret) != 0 && strings.Compare(headerSecret, secretStr) != 0 {
+	if len(headerSecret) != 0 && strings.Compare(headerSecret, secretStr) != 0 { // $ Alert
 		return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret)
 	}
 	return nil, nil
@@ -38,8 +38,8 @@ func bad4(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	secret := "MySuperSecretPasscode"
 	secretHeader := "X-Secret"
 
-	headerSecret := req.Header.Get(secretHeader)
-	if len(secret) != 0 && headerSecret != "SecretStringLiteral" {
+	headerSecret := req.Header.Get(secretHeader)                   // $ Source
+	if len(secret) != 0 && headerSecret != "SecretStringLiteral" { // $ Alert
 		return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret)
 	}
 	return nil, nil

go/ql/test/experimental/CWE-285/PamAuthBypass.qlref

@@ -1 +1,2 @@
-experimental/CWE-285/PamAuthBypass.ql
+query: experimental/CWE-285/PamAuthBypass.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-285/main.go

@@ -9,7 +9,7 @@ import (
 func bad() error {
 	t, _ := pam.StartFunc("", "", func(s pam.Style, msg string) (string, error) {
 		return "", nil
-	})
+	}) // $ Alert
 	return t.Authenticate(0)
 
 }

go/ql/test/experimental/CWE-287/ImproperLdapAuth.go

@@ -15,7 +15,7 @@ func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	ldapServer := "ldap.example.com"
 	ldapPort := 389
 	bindDN := "cn=admin,dc=example,dc=com"
-	bindPassword := req.URL.Query()["password"][0]
+	bindPassword := req.URL.Query()["password"][0] // $ Source
 
 	// Connect to the LDAP server
 	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
@@ -25,7 +25,7 @@ func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	defer l.Close()
 
 	// BAD: user input is not sanetized
-	err = l.Bind(bindDN, bindPassword)
+	err = l.Bind(bindDN, bindPassword) // $ Alert
 	if err != nil {
 		return fmt.Errorf("LDAP bind failed: %v", err), err
 	}
@@ -84,7 +84,7 @@ func bad2(req *http.Request) {
 	ldapPort := 389
 	bindDN := "cn=admin,dc=example,dc=com"
 	// BAD : empty password
-	bindPassword := ""
+	bindPassword := "" // $ Source
 
 	// Connect to the LDAP server
 	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
@@ -94,7 +94,7 @@ func bad2(req *http.Request) {
 	defer l.Close()
 
 	// BAD : bindPassword is empty
-	err = l.Bind(bindDN, bindPassword)
+	err = l.Bind(bindDN, bindPassword) // $ Alert
 	if err != nil {
 		log.Fatalf("LDAP bind failed: %v", err)
 	}

go/ql/test/experimental/CWE-287/ImproperLdapAuth.qlref

@@ -1,2 +1,4 @@
 query: experimental/CWE-287/ImproperLdapAuth.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected

@@ -1,3 +1,6 @@
+#select
+| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:24:32:24:37 | JwtKey | This  $@. | go-jose.v3.go:13:21:13:33 | "AllYourBase" | Constant Key is used as JWT Secret key |
+| golang-jwt-v5.go:27:9:27:15 | JwtKey1 | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | This  $@. | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | Constant Key is used as JWT Secret key |
 edges
 | go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance |  |
 | go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:13:14:13:34 | type conversion | provenance |  |
@@ -11,6 +14,3 @@ nodes
 | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | semmle.label | "AllYourBase" |
 | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | semmle.label | JwtKey1 |
 subpaths
-#select
-| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:24:32:24:37 | JwtKey | This  $@. | go-jose.v3.go:13:21:13:33 | "AllYourBase" | Constant Key is used as JWT Secret key |
-| golang-jwt-v5.go:27:9:27:15 | JwtKey1 | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | This  $@. | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | Constant Key is used as JWT Secret key |

go/ql/test/experimental/CWE-321-V2/HardCodedKeys.qlref

@@ -1 +1,2 @@
-experimental/CWE-321-V2/HardCodedKeys.ql
+query: experimental/CWE-321-V2/HardCodedKeys.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-321-V2/go-jose.v3.go

@@ -10,7 +10,7 @@ import (
 )
 
 // NOT OK
-var JwtKey = []byte("AllYourBase")
+var JwtKey = []byte("AllYourBase") // $ Source
 
 func main2(r *http.Request) {
 	signedToken := r.URL.Query().Get("signedToken")
@@ -21,7 +21,7 @@ func verifyJWT(signedToken string) {
 	fmt.Println("verifying JWT")
 	DecodedToken, _ := jwt.ParseSigned(signedToken)
 	out := CustomerInfo{}
-	if err := DecodedToken.Claims(JwtKey, &out); err != nil {
+	if err := DecodedToken.Claims(JwtKey, &out); err != nil { // $ Alert
 		panic(err)
 	}
 	fmt.Printf("%v\n", out)

go/ql/test/experimental/CWE-321-V2/golang-jwt-v5.go

@@ -16,7 +16,7 @@ type CustomerInfo struct {
 }
 
 // BAD constant key
-var JwtKey1 = []byte("AllYourBase")
+var JwtKey1 = []byte("AllYourBase") // $ Source
 
 func main1(r *http.Request) {
 	signedToken := r.URL.Query().Get("signedToken")
@@ -24,7 +24,7 @@ func main1(r *http.Request) {
 }
 
 func LoadJwtKey(token *jwt.Token) (interface{}, error) {
-	return JwtKey1, nil
+	return JwtKey1, nil // $ Alert
 }
 
 func verifyJWT_golangjwt(signedToken string) {

go/ql/test/experimental/CWE-369/DivideByZero.go

@@ -7,37 +7,37 @@ import (
 )
 
 func myHandler1(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value, _ := strconv.Atoi(param1)
-	out := 1337 / value
+	out := 1337 / value // $ Alert
 	fmt.Println(out)
 }
 
 func myHandler2(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value := int(param1[0])
-	out := 1337 / value
+	out := 1337 / value // $ Alert
 	fmt.Println(out)
 }
 
 func myHandler3(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value, _ := strconv.ParseInt(param1, 10, 64)
-	out := 1337 / value
+	out := 1337 / value // $ Alert
 	fmt.Println(out)
 }
 
 func myHandler4(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value, _ := strconv.ParseFloat(param1, 32)
-	out := 1337 / value
+	out := 1337 / value // $ Alert
 	fmt.Println(out)
 }
 
 func myHandler5(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value, _ := strconv.ParseUint(param1, 10, 64)
-	out := 1337 / value
+	out := 1337 / value // $ Alert
 	fmt.Println(out)
 }
 
@@ -51,10 +51,10 @@ func myHandler6(w http.ResponseWriter, r *http.Request) {
 }
 
 func myHandler7(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value := int(param1[0])
 	if value >= 0 {
-		out := 1337 / value
+		out := 1337 / value // $ Alert
 		fmt.Println(out)
 	}
 }

go/ql/test/experimental/CWE-369/DivideByZero.qlref

@@ -1,2 +1,4 @@
 query: experimental/CWE-369/DivideByZero.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-400/DatabaseCallInLoop.expected

@@ -1,3 +1,7 @@
+#select
+| DatabaseCallInLoop.go:9:3:9:41 | call to First | DatabaseCallInLoop.go:7:2:11:2 | range statement | DatabaseCallInLoop.go:9:3:9:41 | call to First | This calls call to First in a $@. | DatabaseCallInLoop.go:7:2:11:2 | range statement | loop |
+| test.go:11:2:11:13 | call to Take | test.go:20:2:22:2 | for statement | test.go:11:2:11:13 | call to Take | This calls call to Take in a $@. | test.go:20:2:22:2 | for statement | loop |
+| test.go:11:2:11:13 | call to Take | test.go:24:2:26:2 | for statement | test.go:11:2:11:13 | call to Take | This calls call to Take in a $@. | test.go:24:2:26:2 | for statement | loop |
 edges
 | DatabaseCallInLoop.go:7:2:11:2 | range statement | DatabaseCallInLoop.go:9:3:9:41 | call to First |
 | test.go:10:1:12:1 | function declaration | test.go:11:2:11:13 | call to Take |
@@ -7,7 +11,3 @@ edges
 | test.go:21:3:21:14 | call to runQuery | test.go:10:1:12:1 | function declaration |
 | test.go:24:2:26:2 | for statement | test.go:25:3:25:17 | call to runRunQuery |
 | test.go:25:3:25:17 | call to runRunQuery | test.go:14:1:16:1 | function declaration |
-#select
-| DatabaseCallInLoop.go:9:3:9:41 | call to First | DatabaseCallInLoop.go:7:2:11:2 | range statement | DatabaseCallInLoop.go:9:3:9:41 | call to First | This calls call to First in a $@. | DatabaseCallInLoop.go:7:2:11:2 | range statement | loop |
-| test.go:11:2:11:13 | call to Take | test.go:20:2:22:2 | for statement | test.go:11:2:11:13 | call to Take | This calls call to Take in a $@. | test.go:20:2:22:2 | for statement | loop |
-| test.go:11:2:11:13 | call to Take | test.go:24:2:26:2 | for statement | test.go:11:2:11:13 | call to Take | This calls call to Take in a $@. | test.go:24:2:26:2 | for statement | loop |

go/ql/test/experimental/CWE-400/DatabaseCallInLoop.go

@@ -6,8 +6,8 @@ func getUsers(db *gorm.DB, names []string) []User {
 	res := make([]User, 0, len(names))
 	for _, name := range names {
 		var user User
-		db.Where("name = ?", name).First(&user)
+		db.Where("name = ?", name).First(&user) // $ Alert
 		res = append(res, user)
-	}
+	} // $ Source
 	return res
 }

go/ql/test/experimental/CWE-400/DatabaseCallInLoop.qlref

@@ -1 +1,2 @@
-experimental/CWE-400/DatabaseCallInLoop.ql
+query: experimental/CWE-400/DatabaseCallInLoop.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-400/test.go

@@ -8,7 +8,7 @@ type User struct {
 }
 
 func runQuery(db *gorm.DB) {
-	db.Take(nil)
+	db.Take(nil) // $ Alert
 }
 
 func runRunQuery(db *gorm.DB) {
@@ -19,9 +19,9 @@ func main() {
 	var db *gorm.DB
 	for i := 0; i < 10; i++ {
 		runQuery(db)
-	}
+	} // $ Source
 
 	for i := 10; i > 0; i-- {
 		runRunQuery(db)
-	}
+	} // $ Source
 }

go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected

@@ -47,27 +47,27 @@
 | test.go:621:25:621:31 | tarRead | test.go:93:5:93:16 | selection of Body | test.go:621:25:621:31 | tarRead | This decompression is $@. | test.go:93:5:93:16 | selection of Body | decompressing compressed data without managing output size |
 | test.go:629:2:629:8 | tarRead | test.go:93:5:93:16 | selection of Body | test.go:629:2:629:8 | tarRead | This decompression is $@. | test.go:93:5:93:16 | selection of Body | decompressing compressed data without managing output size |
 edges
-| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:2  |
-| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | definition of file | provenance | Src:MaD:1  |
-| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | definition of file | provenance | Src:MaD:1  |
-| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | definition of file | provenance | Src:MaD:1  |
-| test.go:64:8:64:19 | selection of Body | test.go:208:12:208:15 | definition of file | provenance | Src:MaD:1  |
-| test.go:66:8:66:19 | selection of Body | test.go:233:12:233:15 | definition of file | provenance | Src:MaD:1  |
-| test.go:68:17:68:28 | selection of Body | test.go:258:21:258:24 | definition of file | provenance | Src:MaD:1  |
-| test.go:70:13:70:24 | selection of Body | test.go:283:17:283:20 | definition of file | provenance | Src:MaD:1  |
-| test.go:72:16:72:27 | selection of Body | test.go:308:20:308:23 | definition of file | provenance | Src:MaD:1  |
-| test.go:74:7:74:18 | selection of Body | test.go:333:11:333:14 | definition of file | provenance | Src:MaD:1  |
-| test.go:76:9:76:20 | selection of Body | test.go:358:13:358:16 | definition of file | provenance | Src:MaD:1  |
-| test.go:78:18:78:29 | selection of Body | test.go:384:22:384:25 | definition of file | provenance | Src:MaD:1  |
-| test.go:80:5:80:16 | selection of Body | test.go:412:9:412:12 | definition of file | provenance | Src:MaD:1  |
-| test.go:82:7:82:18 | selection of Body | test.go:447:11:447:14 | definition of file | provenance | Src:MaD:1  |
-| test.go:84:15:84:26 | selection of Body | test.go:440:19:440:21 | definition of src | provenance | Src:MaD:1  |
-| test.go:85:16:85:27 | selection of Body | test.go:472:20:472:23 | definition of file | provenance | Src:MaD:1  |
-| test.go:87:16:87:27 | selection of Body | test.go:499:20:499:23 | definition of file | provenance | Src:MaD:1  |
-| test.go:89:17:89:28 | selection of Body | test.go:526:21:526:24 | definition of file | provenance | Src:MaD:1  |
-| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | definition of file | provenance | Src:MaD:1  |
-| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | definition of file | provenance | Src:MaD:1  |
-| test.go:128:20:128:27 | definition of filename | test.go:130:33:130:40 | filename | provenance |  |
+| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | SSA def(filename) | provenance | Src:MaD:2  |
+| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:64:8:64:19 | selection of Body | test.go:208:12:208:15 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:66:8:66:19 | selection of Body | test.go:233:12:233:15 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:68:17:68:28 | selection of Body | test.go:258:21:258:24 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:70:13:70:24 | selection of Body | test.go:283:17:283:20 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:72:16:72:27 | selection of Body | test.go:308:20:308:23 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:74:7:74:18 | selection of Body | test.go:333:11:333:14 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:76:9:76:20 | selection of Body | test.go:358:13:358:16 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:78:18:78:29 | selection of Body | test.go:384:22:384:25 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:80:5:80:16 | selection of Body | test.go:412:9:412:12 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:82:7:82:18 | selection of Body | test.go:447:11:447:14 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:84:15:84:26 | selection of Body | test.go:440:19:440:21 | SSA def(src) | provenance | Src:MaD:1  |
+| test.go:85:16:85:27 | selection of Body | test.go:472:20:472:23 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:87:16:87:27 | selection of Body | test.go:499:20:499:23 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:89:17:89:28 | selection of Body | test.go:526:21:526:24 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:128:20:128:27 | SSA def(filename) | test.go:130:33:130:40 | filename | provenance |  |
 | test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance |  |
 | test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | Config |
 | test.go:130:33:130:40 | filename | test.go:143:51:143:58 | filename | provenance |  |
@@ -77,7 +77,7 @@ edges
 | test.go:143:51:143:58 | filename | test.go:143:2:143:59 | ... := ...[0] | provenance | Config |
 | test.go:145:12:145:12 | f | test.go:145:12:145:19 | call to Open | provenance | Config |
 | test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance |  |
-| test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance |  |
+| test.go:158:19:158:22 | SSA def(file) | test.go:159:25:159:28 | file | provenance |  |
 | test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance |  |
 | test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:6 |
 | test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance |  |
@@ -85,7 +85,7 @@ edges
 | test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:5 |
 | test.go:163:3:163:36 | ... := ...[0] | test.go:164:36:164:51 | fileReaderCloser | provenance |  |
 | test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:4 |
-| test.go:169:28:169:31 | definition of file | test.go:170:25:170:28 | file | provenance |  |
+| test.go:169:28:169:31 | SSA def(file) | test.go:170:25:170:28 | file | provenance |  |
 | test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance |  |
 | test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:6 |
 | test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance |  |
@@ -93,64 +93,64 @@ edges
 | test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:5 |
 | test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance | Config |
 | test.go:175:26:175:36 | call to Open | test.go:176:36:176:51 | fileReaderCloser | provenance |  |
-| test.go:181:17:181:20 | definition of file | test.go:184:41:184:44 | file | provenance |  |
+| test.go:181:17:181:20 | SSA def(file) | test.go:184:41:184:44 | file | provenance |  |
 | test.go:184:2:184:73 | ... := ...[0] | test.go:186:2:186:12 | bzip2Reader | provenance |  |
 | test.go:184:2:184:73 | ... := ...[0] | test.go:187:26:187:36 | bzip2Reader | provenance |  |
 | test.go:184:41:184:44 | file | test.go:184:2:184:73 | ... := ...[0] | provenance | Config |
 | test.go:187:12:187:37 | call to NewReader | test.go:189:18:189:24 | tarRead | provenance |  |
 | test.go:187:26:187:36 | bzip2Reader | test.go:187:12:187:37 | call to NewReader | provenance | MaD:3 |
-| test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:208:12:208:15 | definition of file | test.go:211:33:211:36 | file | provenance |  |
+| test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:208:12:208:15 | SSA def(file) | test.go:211:33:211:36 | file | provenance |  |
 | test.go:211:17:211:37 | call to NewReader | test.go:213:2:213:12 | bzip2Reader | provenance |  |
 | test.go:211:17:211:37 | call to NewReader | test.go:214:26:214:36 | bzip2Reader | provenance |  |
 | test.go:211:33:211:36 | file | test.go:211:17:211:37 | call to NewReader | provenance | Config |
 | test.go:214:12:214:37 | call to NewReader | test.go:216:18:216:24 | tarRead | provenance |  |
 | test.go:214:26:214:36 | bzip2Reader | test.go:214:12:214:37 | call to NewReader | provenance | MaD:3 |
-| test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:233:12:233:15 | definition of file | test.go:236:33:236:36 | file | provenance |  |
+| test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:233:12:233:15 | SSA def(file) | test.go:236:33:236:36 | file | provenance |  |
 | test.go:236:17:236:37 | call to NewReader | test.go:238:2:238:12 | flateReader | provenance |  |
 | test.go:236:17:236:37 | call to NewReader | test.go:239:26:239:36 | flateReader | provenance |  |
 | test.go:236:33:236:36 | file | test.go:236:17:236:37 | call to NewReader | provenance | Config |
 | test.go:239:12:239:37 | call to NewReader | test.go:241:18:241:24 | tarRead | provenance |  |
 | test.go:239:26:239:36 | flateReader | test.go:239:12:239:37 | call to NewReader | provenance | MaD:3 |
-| test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:258:21:258:24 | definition of file | test.go:261:42:261:45 | file | provenance |  |
+| test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:258:21:258:24 | SSA def(file) | test.go:261:42:261:45 | file | provenance |  |
 | test.go:261:17:261:46 | call to NewReader | test.go:263:2:263:12 | flateReader | provenance |  |
 | test.go:261:17:261:46 | call to NewReader | test.go:264:26:264:36 | flateReader | provenance |  |
 | test.go:261:42:261:45 | file | test.go:261:17:261:46 | call to NewReader | provenance | Config |
 | test.go:264:12:264:37 | call to NewReader | test.go:266:18:266:24 | tarRead | provenance |  |
 | test.go:264:26:264:36 | flateReader | test.go:264:12:264:37 | call to NewReader | provenance | MaD:3 |
-| test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:283:17:283:20 | definition of file | test.go:286:41:286:44 | file | provenance |  |
+| test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:283:17:283:20 | SSA def(file) | test.go:286:41:286:44 | file | provenance |  |
 | test.go:286:2:286:73 | ... := ...[0] | test.go:288:2:288:12 | flateReader | provenance |  |
 | test.go:286:2:286:73 | ... := ...[0] | test.go:289:26:289:36 | flateReader | provenance |  |
 | test.go:286:41:286:44 | file | test.go:286:2:286:73 | ... := ...[0] | provenance | Config |
 | test.go:289:12:289:37 | call to NewReader | test.go:291:18:291:24 | tarRead | provenance |  |
 | test.go:289:26:289:36 | flateReader | test.go:289:12:289:37 | call to NewReader | provenance | MaD:3 |
-| test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:308:20:308:23 | definition of file | test.go:311:43:311:46 | file | provenance |  |
+| test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:308:20:308:23 | SSA def(file) | test.go:311:43:311:46 | file | provenance |  |
 | test.go:311:2:311:47 | ... := ...[0] | test.go:313:2:313:11 | zlibReader | provenance |  |
 | test.go:311:2:311:47 | ... := ...[0] | test.go:314:26:314:35 | zlibReader | provenance |  |
 | test.go:311:43:311:46 | file | test.go:311:2:311:47 | ... := ...[0] | provenance | Config |
 | test.go:314:12:314:36 | call to NewReader | test.go:316:18:316:24 | tarRead | provenance |  |
 | test.go:314:26:314:35 | zlibReader | test.go:314:12:314:36 | call to NewReader | provenance | MaD:3 |
-| test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:333:11:333:14 | definition of file | test.go:336:34:336:37 | file | provenance |  |
+| test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:333:11:333:14 | SSA def(file) | test.go:336:34:336:37 | file | provenance |  |
 | test.go:336:2:336:38 | ... := ...[0] | test.go:338:2:338:11 | zlibReader | provenance |  |
 | test.go:336:2:336:38 | ... := ...[0] | test.go:339:26:339:35 | zlibReader | provenance |  |
 | test.go:336:34:336:37 | file | test.go:336:2:336:38 | ... := ...[0] | provenance | Config |
 | test.go:339:12:339:36 | call to NewReader | test.go:341:18:341:24 | tarRead | provenance |  |
 | test.go:339:26:339:35 | zlibReader | test.go:339:12:339:36 | call to NewReader | provenance | MaD:3 |
-| test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:358:13:358:16 | definition of file | test.go:361:35:361:38 | file | provenance |  |
+| test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:358:13:358:16 | SSA def(file) | test.go:361:35:361:38 | file | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:363:2:363:13 | snappyReader | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:364:2:364:13 | snappyReader | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:365:26:365:37 | snappyReader | provenance |  |
 | test.go:361:35:361:38 | file | test.go:361:18:361:39 | call to NewReader | provenance | Config |
 | test.go:365:12:365:38 | call to NewReader | test.go:367:18:367:24 | tarRead | provenance |  |
 | test.go:365:26:365:37 | snappyReader | test.go:365:12:365:38 | call to NewReader | provenance | MaD:3 |
-| test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:384:22:384:25 | definition of file | test.go:387:44:387:47 | file | provenance |  |
+| test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:384:22:384:25 | SSA def(file) | test.go:387:44:387:47 | file | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:389:2:389:13 | snappyReader | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:391:2:391:13 | snappyReader | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:392:2:392:13 | snappyReader | provenance |  |
@@ -158,8 +158,8 @@ edges
 | test.go:387:44:387:47 | file | test.go:387:18:387:48 | call to NewReader | provenance | Config |
 | test.go:393:12:393:38 | call to NewReader | test.go:395:18:395:24 | tarRead | provenance |  |
 | test.go:393:26:393:37 | snappyReader | test.go:393:12:393:38 | call to NewReader | provenance | MaD:3 |
-| test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:412:9:412:12 | definition of file | test.go:415:27:415:30 | file | provenance |  |
+| test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:412:9:412:12 | SSA def(file) | test.go:415:27:415:30 | file | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:417:2:417:9 | s2Reader | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:418:2:418:9 | s2Reader | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:420:2:420:9 | s2Reader | provenance |  |
@@ -167,35 +167,35 @@ edges
 | test.go:415:27:415:30 | file | test.go:415:14:415:31 | call to NewReader | provenance | Config |
 | test.go:421:12:421:34 | call to NewReader | test.go:423:18:423:24 | tarRead | provenance |  |
 | test.go:421:26:421:33 | s2Reader | test.go:421:12:421:34 | call to NewReader | provenance | MaD:3 |
-| test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:440:19:440:21 | definition of src | test.go:441:34:441:36 | src | provenance |  |
+| test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:440:19:440:21 | SSA def(src) | test.go:441:34:441:36 | src | provenance |  |
 | test.go:441:2:441:37 | ... := ...[0] | test.go:444:12:444:32 | type conversion | provenance |  |
 | test.go:441:34:441:36 | src | test.go:441:2:441:37 | ... := ...[0] | provenance | Config |
 | test.go:444:12:444:32 | type conversion | test.go:445:23:445:28 | newSrc | provenance |  |
-| test.go:447:11:447:14 | definition of file | test.go:450:34:450:37 | file | provenance |  |
+| test.go:447:11:447:14 | SSA def(file) | test.go:450:34:450:37 | file | provenance |  |
 | test.go:450:2:450:38 | ... := ...[0] | test.go:452:2:452:11 | gzipReader | provenance |  |
 | test.go:450:2:450:38 | ... := ...[0] | test.go:453:26:453:35 | gzipReader | provenance |  |
 | test.go:450:34:450:37 | file | test.go:450:2:450:38 | ... := ...[0] | provenance | Config |
 | test.go:453:12:453:36 | call to NewReader | test.go:455:18:455:24 | tarRead | provenance |  |
 | test.go:453:26:453:35 | gzipReader | test.go:453:12:453:36 | call to NewReader | provenance | MaD:3 |
-| test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:472:20:472:23 | definition of file | test.go:475:43:475:46 | file | provenance |  |
+| test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:472:20:472:23 | SSA def(file) | test.go:475:43:475:46 | file | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:477:2:477:11 | gzipReader | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:479:2:479:11 | gzipReader | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:480:26:480:35 | gzipReader | provenance |  |
 | test.go:475:43:475:46 | file | test.go:475:2:475:47 | ... := ...[0] | provenance | Config |
 | test.go:480:12:480:36 | call to NewReader | test.go:482:18:482:24 | tarRead | provenance |  |
 | test.go:480:26:480:35 | gzipReader | test.go:480:12:480:36 | call to NewReader | provenance | MaD:3 |
-| test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:499:20:499:23 | definition of file | test.go:502:45:502:48 | file | provenance |  |
+| test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:499:20:499:23 | SSA def(file) | test.go:502:45:502:48 | file | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:504:2:504:12 | pgzipReader | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:506:2:506:12 | pgzipReader | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:507:26:507:36 | pgzipReader | provenance |  |
 | test.go:502:45:502:48 | file | test.go:502:2:502:49 | ... := ...[0] | provenance | Config |
 | test.go:507:12:507:37 | call to NewReader | test.go:509:18:509:24 | tarRead | provenance |  |
 | test.go:507:26:507:36 | pgzipReader | test.go:507:12:507:37 | call to NewReader | provenance | MaD:3 |
-| test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:526:21:526:24 | definition of file | test.go:529:43:529:46 | file | provenance |  |
+| test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:526:21:526:24 | SSA def(file) | test.go:529:43:529:46 | file | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:531:2:531:11 | zstdReader | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:533:2:533:11 | zstdReader | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:535:2:535:11 | zstdReader | provenance |  |
@@ -203,33 +203,33 @@ edges
 | test.go:529:43:529:46 | file | test.go:529:2:529:47 | ... := ...[0] | provenance | Config |
 | test.go:536:12:536:36 | call to NewReader | test.go:538:18:538:24 | tarRead | provenance |  |
 | test.go:536:26:536:35 | zstdReader | test.go:536:12:536:36 | call to NewReader | provenance | MaD:3 |
-| test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:555:19:555:22 | definition of file | test.go:558:38:558:41 | file | provenance |  |
+| test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:555:19:555:22 | SSA def(file) | test.go:558:38:558:41 | file | provenance |  |
 | test.go:558:16:558:42 | call to NewReader | test.go:560:2:560:11 | zstdReader | provenance |  |
 | test.go:558:16:558:42 | call to NewReader | test.go:561:26:561:35 | zstdReader | provenance |  |
 | test.go:558:38:558:41 | file | test.go:558:16:558:42 | call to NewReader | provenance | Config |
 | test.go:561:12:561:36 | call to NewReader | test.go:563:18:563:24 | tarRead | provenance |  |
 | test.go:561:26:561:35 | zstdReader | test.go:561:12:561:36 | call to NewReader | provenance | MaD:3 |
-| test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:580:9:580:12 | definition of file | test.go:583:30:583:33 | file | provenance |  |
+| test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:580:9:580:12 | SSA def(file) | test.go:583:30:583:33 | file | provenance |  |
 | test.go:583:2:583:34 | ... := ...[0] | test.go:585:2:585:9 | xzReader | provenance |  |
 | test.go:583:2:583:34 | ... := ...[0] | test.go:586:26:586:33 | xzReader | provenance |  |
 | test.go:583:30:583:33 | file | test.go:583:2:583:34 | ... := ...[0] | provenance | Config |
 | test.go:586:12:586:34 | call to NewReader | test.go:589:18:589:24 | tarRead | provenance |  |
 | test.go:586:12:586:34 | call to NewReader | test.go:590:19:590:25 | tarRead | provenance |  |
 | test.go:586:26:586:33 | xzReader | test.go:586:12:586:34 | call to NewReader | provenance | MaD:3 |
-| test.go:589:18:589:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:590:19:590:25 | tarRead | test.go:627:23:627:29 | definition of tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:627:23:627:29 | definition of tarRead | test.go:629:2:629:8 | tarRead | provenance |  |
+| test.go:589:18:589:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:590:19:590:25 | tarRead | test.go:627:23:627:29 | SSA def(tarRead) | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:627:23:627:29 | SSA def(tarRead) | test.go:629:2:629:8 | tarRead | provenance |  |
 models
 | 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual |
 | 2 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual |
@@ -258,7 +258,7 @@ nodes
 | test.go:89:17:89:28 | selection of Body | semmle.label | selection of Body |
 | test.go:91:15:91:26 | selection of Body | semmle.label | selection of Body |
 | test.go:93:5:93:16 | selection of Body | semmle.label | selection of Body |
-| test.go:128:20:128:27 | definition of filename | semmle.label | definition of filename |
+| test.go:128:20:128:27 | SSA def(filename) | semmle.label | SSA def(filename) |
 | test.go:130:2:130:41 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:130:33:130:40 | filename | semmle.label | filename |
 | test.go:132:3:132:19 | ... := ...[0] | semmle.label | ... := ...[0] |
@@ -269,7 +269,7 @@ nodes
 | test.go:145:12:145:12 | f | semmle.label | f |
 | test.go:145:12:145:19 | call to Open | semmle.label | call to Open |
 | test.go:147:37:147:38 | rc | semmle.label | rc |
-| test.go:158:19:158:22 | definition of file | semmle.label | definition of file |
+| test.go:158:19:158:22 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:159:2:159:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:159:25:159:28 | file | semmle.label | file |
 | test.go:160:2:160:69 | ... := ...[0] | semmle.label | ... := ...[0] |
@@ -278,7 +278,7 @@ nodes
 | test.go:163:3:163:36 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:163:26:163:29 | file | semmle.label | file |
 | test.go:164:36:164:51 | fileReaderCloser | semmle.label | fileReaderCloser |
-| test.go:169:28:169:31 | definition of file | semmle.label | definition of file |
+| test.go:169:28:169:31 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:170:2:170:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:170:25:170:28 | file | semmle.label | file |
 | test.go:171:2:171:78 | ... := ...[0] | semmle.label | ... := ...[0] |
@@ -287,56 +287,56 @@ nodes
 | test.go:175:26:175:29 | file | semmle.label | file |
 | test.go:175:26:175:36 | call to Open | semmle.label | call to Open |
 | test.go:176:36:176:51 | fileReaderCloser | semmle.label | fileReaderCloser |
-| test.go:181:17:181:20 | definition of file | semmle.label | definition of file |
+| test.go:181:17:181:20 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:184:2:184:73 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:184:41:184:44 | file | semmle.label | file |
 | test.go:186:2:186:12 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:187:12:187:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:187:26:187:36 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:189:18:189:24 | tarRead | semmle.label | tarRead |
-| test.go:208:12:208:15 | definition of file | semmle.label | definition of file |
+| test.go:208:12:208:15 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:211:17:211:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:211:33:211:36 | file | semmle.label | file |
 | test.go:213:2:213:12 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:214:12:214:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:214:26:214:36 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:216:18:216:24 | tarRead | semmle.label | tarRead |
-| test.go:233:12:233:15 | definition of file | semmle.label | definition of file |
+| test.go:233:12:233:15 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:236:17:236:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:236:33:236:36 | file | semmle.label | file |
 | test.go:238:2:238:12 | flateReader | semmle.label | flateReader |
 | test.go:239:12:239:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:239:26:239:36 | flateReader | semmle.label | flateReader |
 | test.go:241:18:241:24 | tarRead | semmle.label | tarRead |
-| test.go:258:21:258:24 | definition of file | semmle.label | definition of file |
+| test.go:258:21:258:24 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:261:17:261:46 | call to NewReader | semmle.label | call to NewReader |
 | test.go:261:42:261:45 | file | semmle.label | file |
 | test.go:263:2:263:12 | flateReader | semmle.label | flateReader |
 | test.go:264:12:264:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:264:26:264:36 | flateReader | semmle.label | flateReader |
 | test.go:266:18:266:24 | tarRead | semmle.label | tarRead |
-| test.go:283:17:283:20 | definition of file | semmle.label | definition of file |
+| test.go:283:17:283:20 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:286:2:286:73 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:286:41:286:44 | file | semmle.label | file |
 | test.go:288:2:288:12 | flateReader | semmle.label | flateReader |
 | test.go:289:12:289:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:289:26:289:36 | flateReader | semmle.label | flateReader |
 | test.go:291:18:291:24 | tarRead | semmle.label | tarRead |
-| test.go:308:20:308:23 | definition of file | semmle.label | definition of file |
+| test.go:308:20:308:23 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:311:2:311:47 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:311:43:311:46 | file | semmle.label | file |
 | test.go:313:2:313:11 | zlibReader | semmle.label | zlibReader |
 | test.go:314:12:314:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:314:26:314:35 | zlibReader | semmle.label | zlibReader |
 | test.go:316:18:316:24 | tarRead | semmle.label | tarRead |
-| test.go:333:11:333:14 | definition of file | semmle.label | definition of file |
+| test.go:333:11:333:14 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:336:2:336:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:336:34:336:37 | file | semmle.label | file |
 | test.go:338:2:338:11 | zlibReader | semmle.label | zlibReader |
 | test.go:339:12:339:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:339:26:339:35 | zlibReader | semmle.label | zlibReader |
 | test.go:341:18:341:24 | tarRead | semmle.label | tarRead |
-| test.go:358:13:358:16 | definition of file | semmle.label | definition of file |
+| test.go:358:13:358:16 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:361:18:361:39 | call to NewReader | semmle.label | call to NewReader |
 | test.go:361:35:361:38 | file | semmle.label | file |
 | test.go:363:2:363:13 | snappyReader | semmle.label | snappyReader |
@@ -344,7 +344,7 @@ nodes
 | test.go:365:12:365:38 | call to NewReader | semmle.label | call to NewReader |
 | test.go:365:26:365:37 | snappyReader | semmle.label | snappyReader |
 | test.go:367:18:367:24 | tarRead | semmle.label | tarRead |
-| test.go:384:22:384:25 | definition of file | semmle.label | definition of file |
+| test.go:384:22:384:25 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:387:18:387:48 | call to NewReader | semmle.label | call to NewReader |
 | test.go:387:44:387:47 | file | semmle.label | file |
 | test.go:389:2:389:13 | snappyReader | semmle.label | snappyReader |
@@ -353,7 +353,7 @@ nodes
 | test.go:393:12:393:38 | call to NewReader | semmle.label | call to NewReader |
 | test.go:393:26:393:37 | snappyReader | semmle.label | snappyReader |
 | test.go:395:18:395:24 | tarRead | semmle.label | tarRead |
-| test.go:412:9:412:12 | definition of file | semmle.label | definition of file |
+| test.go:412:9:412:12 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:415:14:415:31 | call to NewReader | semmle.label | call to NewReader |
 | test.go:415:27:415:30 | file | semmle.label | file |
 | test.go:417:2:417:9 | s2Reader | semmle.label | s2Reader |
@@ -362,19 +362,19 @@ nodes
 | test.go:421:12:421:34 | call to NewReader | semmle.label | call to NewReader |
 | test.go:421:26:421:33 | s2Reader | semmle.label | s2Reader |
 | test.go:423:18:423:24 | tarRead | semmle.label | tarRead |
-| test.go:440:19:440:21 | definition of src | semmle.label | definition of src |
+| test.go:440:19:440:21 | SSA def(src) | semmle.label | SSA def(src) |
 | test.go:441:2:441:37 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:441:34:441:36 | src | semmle.label | src |
 | test.go:444:12:444:32 | type conversion | semmle.label | type conversion |
 | test.go:445:23:445:28 | newSrc | semmle.label | newSrc |
-| test.go:447:11:447:14 | definition of file | semmle.label | definition of file |
+| test.go:447:11:447:14 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:450:2:450:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:450:34:450:37 | file | semmle.label | file |
 | test.go:452:2:452:11 | gzipReader | semmle.label | gzipReader |
 | test.go:453:12:453:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:453:26:453:35 | gzipReader | semmle.label | gzipReader |
 | test.go:455:18:455:24 | tarRead | semmle.label | tarRead |
-| test.go:472:20:472:23 | definition of file | semmle.label | definition of file |
+| test.go:472:20:472:23 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:475:2:475:47 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:475:43:475:46 | file | semmle.label | file |
 | test.go:477:2:477:11 | gzipReader | semmle.label | gzipReader |
@@ -382,7 +382,7 @@ nodes
 | test.go:480:12:480:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:480:26:480:35 | gzipReader | semmle.label | gzipReader |
 | test.go:482:18:482:24 | tarRead | semmle.label | tarRead |
-| test.go:499:20:499:23 | definition of file | semmle.label | definition of file |
+| test.go:499:20:499:23 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:502:2:502:49 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:502:45:502:48 | file | semmle.label | file |
 | test.go:504:2:504:12 | pgzipReader | semmle.label | pgzipReader |
@@ -390,7 +390,7 @@ nodes
 | test.go:507:12:507:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:507:26:507:36 | pgzipReader | semmle.label | pgzipReader |
 | test.go:509:18:509:24 | tarRead | semmle.label | tarRead |
-| test.go:526:21:526:24 | definition of file | semmle.label | definition of file |
+| test.go:526:21:526:24 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:529:2:529:47 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:529:43:529:46 | file | semmle.label | file |
 | test.go:531:2:531:11 | zstdReader | semmle.label | zstdReader |
@@ -399,14 +399,14 @@ nodes
 | test.go:536:12:536:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:536:26:536:35 | zstdReader | semmle.label | zstdReader |
 | test.go:538:18:538:24 | tarRead | semmle.label | tarRead |
-| test.go:555:19:555:22 | definition of file | semmle.label | definition of file |
+| test.go:555:19:555:22 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:558:16:558:42 | call to NewReader | semmle.label | call to NewReader |
 | test.go:558:38:558:41 | file | semmle.label | file |
 | test.go:560:2:560:11 | zstdReader | semmle.label | zstdReader |
 | test.go:561:12:561:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:561:26:561:35 | zstdReader | semmle.label | zstdReader |
 | test.go:563:18:563:24 | tarRead | semmle.label | tarRead |
-| test.go:580:9:580:12 | definition of file | semmle.label | definition of file |
+| test.go:580:9:580:12 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:583:2:583:34 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:583:30:583:33 | file | semmle.label | file |
 | test.go:585:2:585:9 | xzReader | semmle.label | xzReader |
@@ -414,15 +414,15 @@ nodes
 | test.go:586:26:586:33 | xzReader | semmle.label | xzReader |
 | test.go:589:18:589:24 | tarRead | semmle.label | tarRead |
 | test.go:590:19:590:25 | tarRead | semmle.label | tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
@@ -432,6 +432,6 @@ nodes
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
-| test.go:627:23:627:29 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:627:23:627:29 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
 | test.go:629:2:629:8 | tarRead | semmle.label | tarRead |
 subpaths

go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.qlref

@@ -1,2 +1,4 @@
 query: experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-522-DecompressionBombs/test.go

@@ -56,41 +56,41 @@ func main() {
 func DecompressHandler(w http.ResponseWriter, request *http.Request) {
 	GZipOpenReaderSafe(request.PostFormValue("test"))
 	ZipOpenReaderSafe(request.PostFormValue("test"))
-	ZipOpenReader(request.FormValue("filepath"))
-	ZipNewReader(request.Body)
-	ZipNewReaderKlauspost(request.Body)
-	Bzip2Dsnet(request.Body)
+	ZipOpenReader(request.FormValue("filepath")) // $ Source
+	ZipNewReader(request.Body)                   // $ Source
+	ZipNewReaderKlauspost(request.Body)          // $ Source
+	Bzip2Dsnet(request.Body)                     // $ Source
 	Bzip2DsnetSafe(request.Body)
-	Bzip2(request.Body)
+	Bzip2(request.Body) // $ Source
 	Bzip2Safe(request.Body)
-	Flate(request.Body)
+	Flate(request.Body) // $ Source
 	FlateSafe(request.Body)
-	FlateKlauspost(request.Body)
+	FlateKlauspost(request.Body) // $ Source
 	FlateKlauspostSafe(request.Body)
-	FlateDsnet(request.Body)
+	FlateDsnet(request.Body) // $ Source
 	FlateDsnetSafe(request.Body)
-	ZlibKlauspost(request.Body)
+	ZlibKlauspost(request.Body) // $ Source
 	ZlibKlauspostSafe(request.Body)
-	Zlib(request.Body)
+	Zlib(request.Body) // $ Source
 	ZlibSafe(request.Body)
-	Snappy(request.Body)
+	Snappy(request.Body) // $ Source
 	SnappySafe(request.Body)
-	SnappyKlauspost(request.Body)
+	SnappyKlauspost(request.Body) // $ Source
 	SnappyKlauspostSafe(request.Body)
-	S2(request.Body)
+	S2(request.Body) // $ Source
 	S2Safe(request.Body)
-	Gzip(request.Body)
+	Gzip(request.Body) // $ Source
 	GzipSafe(request.Body)
-	GZipIoReader(request.Body, "dest")
-	GzipKlauspost(request.Body)
+	GZipIoReader(request.Body, "dest") // $ Source
+	GzipKlauspost(request.Body)        // $ Source
 	GzipKlauspostSafe(request.Body)
-	PzipKlauspost(request.Body)
+	PzipKlauspost(request.Body) // $ Source
 	PzipKlauspostSafe(request.Body)
-	Zstd_Klauspost(request.Body)
+	Zstd_Klauspost(request.Body) // $ Source
 	Zstd_KlauspostSafe(request.Body)
-	Zstd_DataDog(request.Body)
+	Zstd_DataDog(request.Body) // $ Source
 	Zstd_DataDogSafe(request.Body)
-	Xz(request.Body)
+	Xz(request.Body) // $ Source
 	XzSafe(request.Body)
 }
 
@@ -131,7 +131,7 @@ func ZipOpenReader(filename string) {
 	for _, f := range zipReader.File {
 		rc, _ := f.Open()
 		for {
-			result, _ := io.CopyN(os.Stdout, rc, 68) // $ hasValueFlow="rc"
+			result, _ := io.CopyN(os.Stdout, rc, 68) // $ hasValueFlow="rc" Alert
 			if result == 0 {
 				_ = rc.Close()
 				break
@@ -144,7 +144,7 @@ func ZipOpenReader(filename string) {
 	for _, f := range zipKlauspostReader.File {
 		rc, _ := f.Open()
 		for {
-			result, _ := io.CopyN(os.Stdout, rc, 68) // $ hasValueFlow="rc"
+			result, _ := io.CopyN(os.Stdout, rc, 68) // $ hasValueFlow="rc" Alert
 			if result == 0 {
 				_ = rc.Close()
 				break
@@ -161,7 +161,7 @@ func ZipNewReader(file io.Reader) {
 	for _, file := range zipReader.File {
 		fileWriter := bytes.NewBuffer([]byte{})
 		fileReaderCloser, _ := file.Open()
-		result, _ := io.Copy(fileWriter, fileReaderCloser) // $ hasValueFlow="fileReaderCloser"
+		result, _ := io.Copy(fileWriter, fileReaderCloser) // $ hasValueFlow="fileReaderCloser" Alert
 		fmt.Print(result)
 	}
 }
@@ -173,7 +173,7 @@ func ZipNewReaderKlauspost(file io.Reader) {
 		fileWriter := bytes.NewBuffer([]byte{})
 		// file.OpenRaw()
 		fileReaderCloser, _ := file.Open()
-		result, _ := io.Copy(fileWriter, fileReaderCloser) // $ hasValueFlow="fileReaderCloser"
+		result, _ := io.Copy(fileWriter, fileReaderCloser) // $ hasValueFlow="fileReaderCloser" Alert
 		fmt.Print(result)
 	}
 }
@@ -183,7 +183,7 @@ func Bzip2Dsnet(file io.Reader) {
 
 	bzip2Reader, _ := bzip2Dsnet.NewReader(file, &bzip2Dsnet.ReaderConfig{})
 	var out []byte = make([]byte, 70)
-	bzip2Reader.Read(out) // $ hasValueFlow="bzip2Reader"
+	bzip2Reader.Read(out) // $ hasValueFlow="bzip2Reader" Alert
 	tarRead = tar.NewReader(bzip2Reader)
 
 	TarDecompressor(tarRead)
@@ -210,7 +210,7 @@ func Bzip2(file io.Reader) {
 
 	bzip2Reader := bzip2.NewReader(file)
 	var out []byte = make([]byte, 70)
-	bzip2Reader.Read(out) // $ hasValueFlow="bzip2Reader"
+	bzip2Reader.Read(out) // $ hasValueFlow="bzip2Reader" Alert
 	tarRead = tar.NewReader(bzip2Reader)
 
 	TarDecompressor(tarRead)
@@ -235,7 +235,7 @@ func Flate(file io.Reader) {
 
 	flateReader := flate.NewReader(file)
 	var out []byte = make([]byte, 70)
-	flateReader.Read(out) // $ hasValueFlow="flateReader"
+	flateReader.Read(out) // $ hasValueFlow="flateReader" Alert
 	tarRead = tar.NewReader(flateReader)
 
 	TarDecompressor(tarRead)
@@ -260,7 +260,7 @@ func FlateKlauspost(file io.Reader) {
 
 	flateReader := flateKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	flateReader.Read(out) // $ hasValueFlow="flateReader"
+	flateReader.Read(out) // $ hasValueFlow="flateReader" Alert
 	tarRead = tar.NewReader(flateReader)
 
 	TarDecompressor(tarRead)
@@ -285,7 +285,7 @@ func FlateDsnet(file io.Reader) {
 
 	flateReader, _ := flateDsnet.NewReader(file, &flateDsnet.ReaderConfig{})
 	var out []byte = make([]byte, 70)
-	flateReader.Read(out) // $ hasValueFlow="flateReader"
+	flateReader.Read(out) // $ hasValueFlow="flateReader" Alert
 	tarRead = tar.NewReader(flateReader)
 
 	TarDecompressor(tarRead)
@@ -310,7 +310,7 @@ func ZlibKlauspost(file io.Reader) {
 
 	zlibReader, _ := zlibKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	zlibReader.Read(out) // $ hasValueFlow="zlibReader"
+	zlibReader.Read(out) // $ hasValueFlow="zlibReader" Alert
 	tarRead = tar.NewReader(zlibReader)
 
 	TarDecompressor(tarRead)
@@ -335,7 +335,7 @@ func Zlib(file io.Reader) {
 
 	zlibReader, _ := zlib.NewReader(file)
 	var out []byte = make([]byte, 70)
-	zlibReader.Read(out) // $ hasValueFlow="zlibReader"
+	zlibReader.Read(out) // $ hasValueFlow="zlibReader" Alert
 	tarRead = tar.NewReader(zlibReader)
 
 	TarDecompressor(tarRead)
@@ -360,8 +360,8 @@ func Snappy(file io.Reader) {
 
 	snappyReader := snappy.NewReader(file)
 	var out []byte = make([]byte, 70)
-	snappyReader.Read(out)  // $ hasValueFlow="snappyReader"
-	snappyReader.ReadByte() // $ hasValueFlow="snappyReader"
+	snappyReader.Read(out)  // $ hasValueFlow="snappyReader" Alert
+	snappyReader.ReadByte() // $ hasValueFlow="snappyReader" Alert
 	tarRead = tar.NewReader(snappyReader)
 
 	TarDecompressor(tarRead)
@@ -386,10 +386,10 @@ func SnappyKlauspost(file io.Reader) {
 
 	snappyReader := snappyKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	snappyReader.Read(out) // $ hasValueFlow="snappyReader"
+	snappyReader.Read(out) // $ hasValueFlow="snappyReader" Alert
 	var buf bytes.Buffer
-	snappyReader.DecodeConcurrent(&buf, 2) // $ hasValueFlow="snappyReader"
-	snappyReader.ReadByte()                // $ hasValueFlow="snappyReader"
+	snappyReader.DecodeConcurrent(&buf, 2) // $ hasValueFlow="snappyReader" Alert
+	snappyReader.ReadByte()                // $ hasValueFlow="snappyReader" Alert
 	tarRead = tar.NewReader(snappyReader)
 
 	TarDecompressor(tarRead)
@@ -414,10 +414,10 @@ func S2(file io.Reader) {
 
 	s2Reader := s2.NewReader(file)
 	var out []byte = make([]byte, 70)
-	s2Reader.Read(out)  // $ hasValueFlow="s2Reader"
-	s2Reader.ReadByte() // $ hasValueFlow="s2Reader"
+	s2Reader.Read(out)  // $ hasValueFlow="s2Reader" Alert
+	s2Reader.ReadByte() // $ hasValueFlow="s2Reader" Alert
 	var buf bytes.Buffer
-	s2Reader.DecodeConcurrent(&buf, 2) // $ hasValueFlow="s2Reader"
+	s2Reader.DecodeConcurrent(&buf, 2) // $ hasValueFlow="s2Reader" Alert
 	tarRead = tar.NewReader(s2Reader)
 
 	TarDecompressor(tarRead)
@@ -442,14 +442,14 @@ func GZipIoReader(src io.Reader, dst string) {
 	dstF, _ := os.OpenFile(dst, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755)
 	defer dstF.Close()
 	newSrc := io.Reader(gzipReader)
-	_, _ = io.Copy(dstF, newSrc) // $ hasValueFlow="newSrc"
+	_, _ = io.Copy(dstF, newSrc) // $ hasValueFlow="newSrc" Alert
 }
 func Gzip(file io.Reader) {
 	var tarRead *tar.Reader
 
 	gzipReader, _ := gzip.NewReader(file)
 	var out []byte = make([]byte, 70)
-	gzipReader.Read(out) // $ hasValueFlow="gzipReader"
+	gzipReader.Read(out) // $ hasValueFlow="gzipReader" Alert
 	tarRead = tar.NewReader(gzipReader)
 
 	TarDecompressor(tarRead)
@@ -474,9 +474,9 @@ func GzipKlauspost(file io.Reader) {
 
 	gzipReader, _ := gzipKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	gzipReader.Read(out) // $ hasValueFlow="gzipReader"
+	gzipReader.Read(out) // $ hasValueFlow="gzipReader" Alert
 	var buf bytes.Buffer
-	gzipReader.WriteTo(&buf) // $ hasValueFlow="gzipReader"
+	gzipReader.WriteTo(&buf) // $ hasValueFlow="gzipReader" Alert
 	tarRead = tar.NewReader(gzipReader)
 
 	TarDecompressor(tarRead)
@@ -501,9 +501,9 @@ func PzipKlauspost(file io.Reader) {
 
 	pgzipReader, _ := pgzipKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	pgzipReader.Read(out) // $ hasValueFlow="pgzipReader"
+	pgzipReader.Read(out) // $ hasValueFlow="pgzipReader" Alert
 	var buf bytes.Buffer
-	pgzipReader.WriteTo(&buf) // $ hasValueFlow="pgzipReader"
+	pgzipReader.WriteTo(&buf) // $ hasValueFlow="pgzipReader" Alert
 	tarRead = tar.NewReader(pgzipReader)
 
 	TarDecompressor(tarRead)
@@ -528,11 +528,11 @@ func Zstd_Klauspost(file io.Reader) {
 
 	zstdReader, _ := zstdKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	zstdReader.Read(out) // $ hasValueFlow="zstdReader"
+	zstdReader.Read(out) // $ hasValueFlow="zstdReader" Alert
 	var buf bytes.Buffer
-	zstdReader.WriteTo(&buf) // $ hasValueFlow="zstdReader"
+	zstdReader.WriteTo(&buf) // $ hasValueFlow="zstdReader" Alert
 	var src []byte
-	zstdReader.DecodeAll(src, nil) // $ hasValueFlow="zstdReader"
+	zstdReader.DecodeAll(src, nil) // $ hasValueFlow="zstdReader" Alert
 	tarRead = tar.NewReader(zstdReader)
 
 	TarDecompressor(tarRead)
@@ -557,7 +557,7 @@ func Zstd_DataDog(file io.Reader) {
 
 	zstdReader := zstdDataDog.NewReader(file)
 	var out []byte = make([]byte, 70)
-	zstdReader.Read(out) // $ hasValueFlow="zstdReader"
+	zstdReader.Read(out) // $ hasValueFlow="zstdReader" Alert
 	tarRead = tar.NewReader(zstdReader)
 
 	TarDecompressor(tarRead)
@@ -582,7 +582,7 @@ func Xz(file io.Reader) {
 
 	xzReader, _ := xz.NewReader(file)
 	var out []byte = make([]byte, 70)
-	xzReader.Read(out) // $ hasValueFlow="xzReader"
+	xzReader.Read(out) // $ hasValueFlow="xzReader" Alert
 	tarRead = tar.NewReader(xzReader)
 	fmt.Println(io.SeekStart)
 
@@ -618,7 +618,7 @@ func TarDecompressor(tarRead *tar.Reader) {
 		if cur.Typeflag != tar.TypeReg {
 			continue
 		}
-		data, _ := io.ReadAll(tarRead) // $ hasValueFlow="tarRead"
+		data, _ := io.ReadAll(tarRead) // $ hasValueFlow="tarRead" Alert
 		files[cur.Name] = &fstest.MapFile{Data: data}
 	}
 	fmt.Print(files)
@@ -626,7 +626,7 @@ func TarDecompressor(tarRead *tar.Reader) {
 
 func TarDecompressor2(tarRead *tar.Reader) {
 	var tarOut []byte = make([]byte, 70)
-	tarRead.Read(tarOut) // $ hasValueFlow="tarRead"
+	tarRead.Read(tarOut) // $ hasValueFlow="tarRead" Alert
 	fmt.Println("do sth with output:", tarOut)
 }
 

go/ql/test/experimental/CWE-525/WebCacheDeception.qlref

@@ -1 +1,2 @@
-experimental/CWE-525/WebCacheDeception.ql
+query: experimental/CWE-525/WebCacheDeception.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-525/WebCacheDeceptionBad.go

@@ -79,7 +79,7 @@ func badRoutingNet() {
 
 	http.Handle("/assets/", http.StripPrefix("/assets/", http.FileServer(http.Dir("assets/"))))
 
-	http.HandleFunc("/adminusers/", ShowAdminPageCache)
+	http.HandleFunc("/adminusers/", ShowAdminPageCache) // $ Alert
 	err := http.ListenAndServe(":1337", nil)
 	if err != nil {
 		log.Fatal("ListenAndServe: ", err)

go/ql/test/experimental/CWE-525/WebCacheDeceptionFiber.go

@@ -12,12 +12,12 @@ func badRouting() {
 	log.Println("We are logging in Golang!")
 
 	// GET /api/register
-	app.Get("/api/*", func(c *fiber.Ctx) error {
+	app.Get("/api/*", func(c *fiber.Ctx) error { // $ Alert
 		msg := fmt.Sprintf("✋")
 		return c.SendString(msg) // => ✋ register
 	})
 
-	app.Post("/api/*", func(c *fiber.Ctx) error {
+	app.Post("/api/*", func(c *fiber.Ctx) error { // $ Alert
 		msg := fmt.Sprintf("✋")
 		return c.SendString(msg) // => ✋ register
 	})

go/ql/test/experimental/CWE-525/WebCacheDeceptionGoChi.go

@@ -10,7 +10,7 @@ import (
 func badRoutingChi() {
 	r := chi.NewRouter()
 	r.Use(middleware.Logger)
-	r.Get("/*", func(w http.ResponseWriter, r *http.Request) {
+	r.Get("/*", func(w http.ResponseWriter, r *http.Request) { // $ Alert
 		w.Write([]byte("welcome"))
 	})
 	http.ListenAndServe(":3000", r)

go/ql/test/experimental/CWE-525/WebCacheDeceptionHTTPRouter.go

@@ -18,7 +18,7 @@ func Hello(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 
 func badHTTPRouter() {
 	router := httprouter.New()
-	router.GET("/test/*test", Index)
+	router.GET("/test/*test", Index) // $ Alert
 	router.GET("/hello/:name", Hello)
 
 	log.Fatal(http.ListenAndServe(":8082", router))

go/ql/test/experimental/CWE-74/Dsn.go

@@ -23,10 +23,10 @@ func good() (interface{}, error) {
 }
 
 func bad() interface{} {
-	name2 := os.Args[1:]
+	name2 := os.Args[1:] // $ Source[go/dsn-injection-local]
 	// This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files.
 	dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, name2[0])
-	db, _ := sql.Open("mysql", dbDSN)
+	db, _ := sql.Open("mysql", dbDSN) // $ Alert[go/dsn-injection-local]
 	return db
 }
 
@@ -44,10 +44,10 @@ func good2(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 }
 
 func bad2(w http.ResponseWriter, req *http.Request) interface{} {
-	name := req.FormValue("name")
+	name := req.FormValue("name") // $ Source[go/dsn-injection]
 	// This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files.
 	dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, name)
-	db, _ := sql.Open("mysql", dbDSN)
+	db, _ := sql.Open("mysql", dbDSN) // $ Alert[go/dsn-injection]
 	return db
 }
 
@@ -60,12 +60,12 @@ func (Config) Parse([]string) error { return nil }
 
 func RegexFuncModelTest(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	cfg := NewConfig()
-	err := cfg.Parse(os.Args[1:]) // This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files.
+	err := cfg.Parse(os.Args[1:]) // $ Source[go/dsn-injection-local] // This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files.
 	if err != nil {
 		return nil, err
 	}
 	dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, cfg.dsn)
-	db, _ := sql.Open("mysql", dbDSN)
+	db, _ := sql.Open("mysql", dbDSN) // $ Alert[go/dsn-injection-local]
 	return db, nil
 }
 

go/ql/test/experimental/CWE-74/DsnInjection.qlref

@@ -1,2 +1,4 @@
 query: experimental/CWE-74/DsnInjection.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-74/DsnInjectionLocal.qlref

@@ -1,2 +1,4 @@
 query: experimental/CWE-74/DsnInjectionLocal.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-807/SensitiveConditionBypass.qlref

@@ -1 +1,2 @@
-experimental/CWE-807/SensitiveConditionBypass.ql
+query: experimental/CWE-807/SensitiveConditionBypass.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-807/SensitiveConditionBypassBad.go

@@ -4,7 +4,7 @@ import "net/http"
 
 func example(w http.ResponseWriter, r *http.Request) {
 	test2 := "test"
-	if r.Header.Get("X-Password") != test2 {
+	if r.Header.Get("X-Password") != test2 { // $ Alert
 		login()
 	}
 }

go/ql/test/experimental/CWE-807/condition.go

@@ -13,7 +13,7 @@ const test = "localhost"
 
 // Should alert as authkey is sensitive
 func ex1(w http.ResponseWriter, r *http.Request) {
-	if r.Header.Get("Origin") != test {
+	if r.Header.Get("Origin") != test { // $ Alert
 		authkey := "randomDatta"
 		io.WriteString(w, authkey)
 	}
@@ -22,7 +22,7 @@ func ex1(w http.ResponseWriter, r *http.Request) {
 // Should alert as authkey is sensitive
 func ex2(w http.ResponseWriter, r *http.Request) {
 	test2 := "test"
-	if r.Header.Get("Origin") != test2 {
+	if r.Header.Get("Origin") != test2 { // $ Alert
 		authkey := "randomDatta2"
 		io.WriteString(w, authkey)
 	}
@@ -31,7 +31,7 @@ func ex2(w http.ResponseWriter, r *http.Request) {
 // Should alert as login() is sensitive
 func ex3(w http.ResponseWriter, r *http.Request) {
 	test2 := "test"
-	if r.Header.Get("Origin") != test2 {
+	if r.Header.Get("Origin") != test2 { // $ Alert
 		login()
 	}
 }

go/ql/test/experimental/CWE-840/ConditionalBypass.qlref

@@ -1 +1,2 @@
-experimental/CWE-840/ConditionalBypass.ql
+query: experimental/CWE-840/ConditionalBypass.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/CWE-840/ConditionalBypassBad.go

@@ -6,7 +6,7 @@ import (
 
 func exampleHandlerBad(w http.ResponseWriter, r *http.Request) {
 	// BAD: the Origin and Host headers are user controlled
-	if r.Header.Get("Origin") != "http://"+r.Host {
+	if r.Header.Get("Origin") != "http://"+r.Host { // $ Alert
 		//do something
 	}
 }

go/ql/test/experimental/CWE-840/condition.go

@@ -6,14 +6,14 @@ import (
 
 // BAD: taken from https://www.gorillatoolkit.org/pkg/websocket
 func ex1(w http.ResponseWriter, r *http.Request) {
-	if r.Header.Get("Origin") != "http://"+r.Host {
+	if r.Header.Get("Origin") != "http://"+r.Host { // $ Alert
 		//do something
 	}
 }
 
 // BAD: both operands are from remote sources
 func ex2(w http.ResponseWriter, r *http.Request) {
-	if r.Header.Get("Origin") != "http://"+r.Header.Get("Header") {
+	if r.Header.Get("Origin") != "http://"+r.Header.Get("Header") { // $ Alert
 		//do something
 	}
 }

go/ql/test/experimental/InconsistentCode/DeferInLoop.go

@@ -5,7 +5,7 @@ import "os"
 func openFiles(filenames []string) {
 	for _, filename := range filenames {
 		file, err := os.Open(filename)
-		defer file.Close()
+		defer file.Close() // $ Alert[go/examples/deferinloop]
 		if err != nil {
 			// handle error
 		}

go/ql/test/experimental/InconsistentCode/DeferInLoop.qlref

@@ -1 +1,2 @@
-experimental/InconsistentCode/DeferInLoop.ql
+query: experimental/InconsistentCode/DeferInLoop.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/InconsistentCode/GORMErrorNotChecked.go

@@ -4,6 +4,6 @@ import "gorm.io/gorm"
 
 func getUserId(db *gorm.DB, name string) int64 {
 	var user User
-	db.Where("name = ?", name).First(&user)
+	db.Where("name = ?", name).First(&user) // $ Alert[go/examples/gorm-error-not-checked]
 	return user.Id
 }

go/ql/test/experimental/InconsistentCode/GORMErrorNotChecked.qlref

@@ -1 +1,2 @@
-experimental/InconsistentCode/GORMErrorNotChecked.ql
+query: experimental/InconsistentCode/GORMErrorNotChecked.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/experimental/InconsistentCode/test.go

@@ -3,24 +3,24 @@ package main
 func test() {
 	var xs []int
 	for _ = range xs {
-		defer test() // not ok
+		defer test() // $ Alert[go/examples/deferinloop] // not ok
 	}
 
 	for _ = range xs {
 		if true {
-			defer test() // not ok
+			defer test() // $ Alert[go/examples/deferinloop] // not ok
 		}
 	}
 
 	for i := 0; i < 10; i++ {
-		defer test()
+		defer test() // $ Alert[go/examples/deferinloop]
 	}
 
 	for true {
-		defer test() // not ok
+		defer test() // $ Alert[go/examples/deferinloop] // not ok
 	}
 
 	for false {
-		defer test() // fine but caught
+		defer test() // $ Alert[go/examples/deferinloop] // fine but caught
 	}
 }

go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected

@@ -1,3 +1,15 @@
+#select
+| WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | $@. | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | Dangerous array type casting to [8]uint8 from an index expression ([8]uint8)[2] (the destination type is 2 elements longer) |
+| WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | $@. | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | Dangerous array type casting to [17]uint8 from an index expression ([8]uint8)[0] (the destination type is 9 elements longer) |
+| WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | $@. | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | $@. | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | $@. | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | Dangerous array type casting to [17]string from [8]string |
+| WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | $@. | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | Dangerous type up-casting to [17]uint8 from struct type |
+| WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | $@. | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | $@. | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | $@. | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | Dangerous array type casting to [4]int64 from [1]int64 |
+| WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | $@. | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | Dangerous numeric type casting to int64 from int8 |
+| WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | $@. | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | Dangerous numeric type casting to int from int8 |
 edges
 | WrongUsageOfUnsafe.go:17:24:17:48 | type conversion | WrongUsageOfUnsafe.go:17:13:17:49 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:34:24:34:51 | type conversion | WrongUsageOfUnsafe.go:34:13:34:52 | type conversion | provenance |  |
@@ -10,8 +22,8 @@ edges
 | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | provenance |  |
-| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | provenance |  |
-| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance |  |
+| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | provenance |  |
+| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | provenance |  |
@@ -39,7 +51,7 @@ nodes
 | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | semmle.label | definition of req |
+| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | semmle.label | SSA def(req) |
 | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | semmle.label | type conversion |
@@ -48,15 +60,3 @@ nodes
 | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | semmle.label | type conversion |
 subpaths
-#select
-| WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | $@. | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | Dangerous array type casting to [8]uint8 from an index expression ([8]uint8)[2] (the destination type is 2 elements longer) |
-| WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | $@. | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | Dangerous array type casting to [17]uint8 from an index expression ([8]uint8)[0] (the destination type is 9 elements longer) |
-| WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | $@. | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | $@. | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | $@. | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | Dangerous array type casting to [17]string from [8]string |
-| WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | $@. | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | Dangerous type up-casting to [17]uint8 from struct type |
-| WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | $@. | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | $@. | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | $@. | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | Dangerous array type casting to [4]int64 from [1]int64 |
-| WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | $@. | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | Dangerous numeric type casting to int64 from int8 |
-| WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | $@. | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | Dangerous numeric type casting to int from int8 |

go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.go

@@ -74,7 +74,7 @@ func badIndexExpr() {
 	// the address of the 3rd element of the `harmless` array,
 	// and continue for 8 bytes, going out of the boundaries of
 	// `harmless` and crossing into the memory occupied by `secret`.
-	var leaking = (*[8]byte)(unsafe.Pointer(&harmless[2])) // BAD
+	var leaking = (*[8]byte)(unsafe.Pointer(&harmless[2])) // $ Alert // BAD
 
 	fmt.Println(string((*leaking)[:]))
 
@@ -108,7 +108,7 @@ func bad0() {
 
 	// Read before secret, overflowing into secret
 	// (notice we get the pointer to the first byte of harmless)
-	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless[0])) // BAD
+	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless[0])) // $ Alert // BAD
 
 	fmt.Println(string((*leaking)[:]))
 
@@ -126,7 +126,7 @@ func bad1() {
 
 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless)
-	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // $ Alert // BAD
 
 	fmt.Println(string((*leaking)[:]))
 
@@ -146,7 +146,7 @@ func bad2() {
 
 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless)
-	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // $ Alert // BAD
 
 	fmt.Println(string((*leaking)[:]))
 
@@ -163,7 +163,7 @@ func bad3() {
 
 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless)
-	var leaking = (*[8 + 9]string)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*[8 + 9]string)(unsafe.Pointer(&harmless)) // $ Alert // BAD
 
 	fmt.Println(*leaking)
 	fmt.Println([17]string((*leaking)))
@@ -186,7 +186,7 @@ func bad4() {
 
 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless)
-	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // $ Alert // BAD
 
 	fmt.Println(string((*leaking)[:]))
 
@@ -208,7 +208,7 @@ func bad5() {
 
 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless)
-	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless.Data)) // BAD
+	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless.Data)) // $ Alert // BAD
 
 	fmt.Println(string(leaking[:]))
 
@@ -224,7 +224,7 @@ func bad6() {
 	secret := [9]byte{'s', 'e', 'n', 's', 'i', 't', 'i', 'v', 'e'}
 
 	// Read before secret:
-	var leaking = buffer_request(unsafe.Pointer(&harmless)) // BAD (see inside buffer_request func)
+	var leaking = buffer_request(unsafe.Pointer(&harmless)) // $ Source // BAD (see inside buffer_request func)
 
 	fmt.Println((string)(leaking[:]))
 
@@ -240,7 +240,7 @@ func buffer_request(req unsafe.Pointer) [8 + 9]byte {
 	// will be read, the read will also contain pieces of
 	// data from `secret`.
 	var buf [8 + 9]byte
-	buf = *(*[8 + 9]byte)(req) // BAD (from above func)
+	buf = *(*[8 + 9]byte)(req) // $ Alert // BAD (from above func)
 	return buf
 }
 func bad7() {
@@ -253,7 +253,7 @@ func bad7() {
 	// (notice we read more than the length of harmless);
 	// the leaking array will not contain letters,
 	// but integers representing bytes from `secret`.
-	var leaking = (*[4]int64)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*[4]int64)(unsafe.Pointer(&harmless)) // $ Alert // BAD
 
 	fmt.Println(*leaking)
 
@@ -271,7 +271,7 @@ func bad8() {
 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless);
 	// the leaking data will contain some bits from `secret`.
-	var leaking = (*int64)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*int64)(unsafe.Pointer(&harmless)) // $ Alert // BAD
 
 	fmt.Println(*leaking)
 
@@ -289,7 +289,7 @@ func bad9() {
 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless);
 	// the leaking data will contain some bits from `secret`.
-	var leaking = (*int)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*int)(unsafe.Pointer(&harmless)) // $ Alert // BAD
 
 	fmt.Println(*leaking)
 

go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.qlref

@@ -1 +1,2 @@
-experimental/Unsafe/WrongUsageOfUnsafe.ql
+query: experimental/Unsafe/WrongUsageOfUnsafe.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/library-tests/semmle/go/concepts/Regexp/RegexpPattern.expected

@@ -3,7 +3,7 @@
 | stdlib.go:13:21:13:24 | "ab" | ab | stdlib.go:13:21:13:24 | "ab" |
 | stdlib.go:15:26:15:39 | "[so]me\|regex" | [so]me\|regex | stdlib.go:15:2:15:40 | ... := ...[0] |
 | stdlib.go:15:26:15:39 | "[so]me\|regex" | [so]me\|regex | stdlib.go:15:26:15:39 | "[so]me\|regex" |
-| stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:3 | definition of re |
+| stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:3 | SSA def(re) |
 | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:38 | ... = ...[0] |
 | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:30:16:37 | "posix?" |
 | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:17:2:17:3 | re |

go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected

@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:201:10:201:28 | selection of SourceVariable | qltest |
-| test.go:208:15:208:17 | definition of src | qltest |
+| test.go:208:15:208:17 | SSA def(src) | qltest |

go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected

@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:209:10:209:28 | selection of SourceVariable | qltest |
-| test.go:216:15:216:17 | definition of src | qltest |
+| test.go:216:15:216:17 | SSA def(src) | qltest |

go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected

@@ -1,169 +1,169 @@
-| main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | definition of x |
-| main.go:3:12:3:12 | definition of x | main.go:5:5:5:5 | x |
-| main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | definition of fn |
-| main.go:3:19:3:20 | definition of fn | main.go:10:24:10:25 | fn |
+| main.go:3:12:3:12 | SSA def(x) | main.go:5:5:5:5 | x |
+| main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | SSA def(x) |
+| main.go:3:19:3:20 | SSA def(fn) | main.go:10:24:10:25 | fn |
+| main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | SSA def(fn) |
 | main.go:5:5:5:5 | x | main.go:6:7:6:7 | x |
 | main.go:5:5:5:5 | x | main.go:8:8:8:8 | x |
-| main.go:6:3:6:3 | definition of y | main.go:10:12:10:12 | y |
-| main.go:6:7:6:7 | x | main.go:6:3:6:3 | definition of y |
+| main.go:6:3:6:3 | SSA def(y) | main.go:10:12:10:12 | y |
+| main.go:6:7:6:7 | x | main.go:6:3:6:3 | SSA def(y) |
 | main.go:6:7:6:7 | x | main.go:10:7:10:7 | x |
-| main.go:8:3:8:3 | definition of y | main.go:10:12:10:12 | y |
-| main.go:8:7:8:8 | -... | main.go:8:3:8:3 | definition of y |
+| main.go:8:3:8:3 | SSA def(y) | main.go:10:12:10:12 | y |
+| main.go:8:7:8:8 | -... | main.go:8:3:8:3 | SSA def(y) |
 | main.go:8:8:8:8 | x | main.go:10:7:10:7 | x |
-| main.go:10:2:10:2 | definition of z | main.go:11:14:11:14 | z |
+| main.go:10:2:10:2 | SSA def(z) | main.go:11:14:11:14 | z |
 | main.go:10:7:10:7 | x | main.go:10:22:10:22 | x |
 | main.go:10:7:10:12 | ...<=... | main.go:10:7:10:27 | ...&&... |
-| main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | definition of z |
+| main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | SSA def(z) |
 | main.go:10:12:10:12 | y | main.go:10:17:10:17 | y |
 | main.go:10:17:10:27 | ...>=... | main.go:10:7:10:27 | ...&&... |
 | main.go:11:14:11:14 | z | main.go:11:9:11:15 | type conversion |
-| main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | definition of acc |
-| main.go:16:9:19:2 | capture variable acc | main.go:17:3:17:5 | acc |
-| main.go:17:3:17:7 | definition of acc | main.go:18:10:18:12 | acc |
-| main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | definition of acc |
-| main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | definition of b |
-| main.go:22:12:22:12 | definition of b | main.go:23:5:23:5 | b |
-| main.go:22:20:22:20 | argument corresponding to x | main.go:22:20:22:20 | definition of x |
-| main.go:22:20:22:20 | definition of x | main.go:24:10:24:10 | x |
-| main.go:22:20:22:20 | definition of x | main.go:26:11:26:11 | x |
+| main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | SSA def(acc) |
+| main.go:16:9:19:2 | SSA def(acc) | main.go:17:3:17:5 | acc |
+| main.go:17:3:17:7 | SSA def(acc) | main.go:18:10:18:12 | acc |
+| main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | SSA def(acc) |
+| main.go:22:12:22:12 | SSA def(b) | main.go:23:5:23:5 | b |
+| main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | SSA def(b) |
+| main.go:22:20:22:20 | SSA def(x) | main.go:24:10:24:10 | x |
+| main.go:22:20:22:20 | SSA def(x) | main.go:26:11:26:11 | x |
+| main.go:22:20:22:20 | argument corresponding to x | main.go:22:20:22:20 | SSA def(x) |
 | main.go:24:10:24:10 | x | main.go:24:10:24:19 | type assertion |
-| main.go:26:2:26:2 | definition of n | main.go:27:11:27:11 | n |
-| main.go:26:2:26:17 | ... := ...[0] | main.go:26:2:26:2 | definition of n |
-| main.go:26:2:26:17 | ... := ...[1] | main.go:26:5:26:6 | definition of ok |
-| main.go:26:5:26:6 | definition of ok | main.go:27:5:27:6 | ok |
+| main.go:26:2:26:2 | SSA def(n) | main.go:27:11:27:11 | n |
+| main.go:26:2:26:17 | ... := ...[0] | main.go:26:2:26:2 | SSA def(n) |
+| main.go:26:2:26:17 | ... := ...[1] | main.go:26:5:26:6 | SSA def(ok) |
+| main.go:26:5:26:6 | SSA def(ok) | main.go:27:5:27:6 | ok |
 | main.go:26:11:26:11 | x | main.go:26:2:26:17 | ... := ...[0] |
-| main.go:38:2:38:2 | definition of s | main.go:39:15:39:15 | s |
-| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | definition of s |
-| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | definition of s |
-| main.go:39:2:39:3 | definition of s1 | main.go:40:18:40:19 | s1 |
-| main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | definition of s1 |
+| main.go:38:2:38:2 | SSA def(s) | main.go:39:15:39:15 | s |
+| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | SSA def(s) |
+| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | SSA def(s) |
+| main.go:39:2:39:3 | SSA def(s1) | main.go:40:18:40:19 | s1 |
+| main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | SSA def(s1) |
 | main.go:39:15:39:15 | s | main.go:40:15:40:15 | s |
 | main.go:39:15:39:15 | s [postupdate] | main.go:40:15:40:15 | s |
-| main.go:40:2:40:3 | definition of s2 | main.go:43:9:43:10 | s2 |
-| main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | definition of s2 |
+| main.go:40:2:40:3 | SSA def(s2) | main.go:43:9:43:10 | s2 |
+| main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | SSA def(s2) |
 | main.go:40:15:40:15 | s | main.go:42:7:42:7 | s |
 | main.go:40:15:40:15 | s [postupdate] | main.go:42:7:42:7 | s |
-| main.go:41:2:41:3 | definition of s4 | main.go:42:10:42:11 | s4 |
-| main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | definition of s4 |
-| main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | definition of xs |
-| main.go:46:13:46:14 | definition of xs | main.go:47:20:47:21 | xs |
-| main.go:46:24:46:27 | definition of keys | main.go:46:24:46:27 | implicit read of keys |
-| main.go:46:24:46:27 | definition of keys | main.go:49:3:49:6 | keys |
-| main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | definition of keys |
-| main.go:46:34:46:37 | definition of vals | main.go:46:34:46:37 | implicit read of vals |
-| main.go:46:34:46:37 | definition of vals | main.go:48:3:48:6 | vals |
-| main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | definition of vals |
-| main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | definition of k |
-| main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | definition of v |
-| main.go:47:6:47:6 | definition of k | main.go:49:11:49:11 | k |
-| main.go:47:9:47:9 | definition of v | main.go:48:11:48:11 | v |
-| main.go:48:3:48:6 | definition of vals | main.go:46:34:46:37 | implicit read of vals |
-| main.go:48:3:48:6 | definition of vals | main.go:48:3:48:6 | vals |
-| main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | definition of vals |
-| main.go:49:3:49:6 | definition of keys | main.go:46:24:46:27 | implicit read of keys |
-| main.go:49:3:49:6 | definition of keys | main.go:49:3:49:6 | keys |
-| main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | definition of keys |
-| main.go:55:6:55:7 | definition of ch | main.go:56:2:56:3 | ch |
-| main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | definition of ch |
+| main.go:41:2:41:3 | SSA def(s4) | main.go:42:10:42:11 | s4 |
+| main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | SSA def(s4) |
+| main.go:46:13:46:14 | SSA def(xs) | main.go:47:20:47:21 | xs |
+| main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | SSA def(xs) |
+| main.go:46:24:46:27 | SSA def(keys) | main.go:46:24:46:27 | implicit read of keys |
+| main.go:46:24:46:27 | SSA def(keys) | main.go:49:3:49:6 | keys |
+| main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | SSA def(keys) |
+| main.go:46:34:46:37 | SSA def(vals) | main.go:46:34:46:37 | implicit read of vals |
+| main.go:46:34:46:37 | SSA def(vals) | main.go:48:3:48:6 | vals |
+| main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | SSA def(vals) |
+| main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | SSA def(k) |
+| main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | SSA def(v) |
+| main.go:47:6:47:6 | SSA def(k) | main.go:49:11:49:11 | k |
+| main.go:47:9:47:9 | SSA def(v) | main.go:48:11:48:11 | v |
+| main.go:48:3:48:6 | SSA def(vals) | main.go:46:34:46:37 | implicit read of vals |
+| main.go:48:3:48:6 | SSA def(vals) | main.go:48:3:48:6 | vals |
+| main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | SSA def(vals) |
+| main.go:49:3:49:6 | SSA def(keys) | main.go:46:24:46:27 | implicit read of keys |
+| main.go:49:3:49:6 | SSA def(keys) | main.go:49:3:49:6 | keys |
+| main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | SSA def(keys) |
+| main.go:55:6:55:7 | SSA def(ch) | main.go:56:2:56:3 | ch |
+| main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | SSA def(ch) |
 | main.go:56:2:56:3 | ch | main.go:57:4:57:5 | ch |
 | main.go:56:2:56:3 | ch [postupdate] | main.go:57:4:57:5 | ch |
-| main.go:61:2:61:2 | definition of x | main.go:64:11:64:11 | x |
-| main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | definition of x |
-| main.go:62:2:62:2 | definition of y | main.go:64:14:64:14 | y |
-| main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | definition of y |
-| main.go:63:2:63:2 | definition of z | main.go:64:17:64:17 | z |
-| main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | definition of z |
-| main.go:64:2:64:2 | definition of a | main.go:66:9:66:9 | a |
-| main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | definition of a |
+| main.go:61:2:61:2 | SSA def(x) | main.go:64:11:64:11 | x |
+| main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | SSA def(x) |
+| main.go:62:2:62:2 | SSA def(y) | main.go:64:14:64:14 | y |
+| main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | SSA def(y) |
+| main.go:63:2:63:2 | SSA def(z) | main.go:64:17:64:17 | z |
+| main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | SSA def(z) |
+| main.go:64:2:64:2 | SSA def(a) | main.go:66:9:66:9 | a |
+| main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | SSA def(a) |
 | main.go:64:11:64:11 | x | main.go:64:7:64:18 | call to min |
 | main.go:64:11:64:11 | x | main.go:65:11:65:11 | x |
 | main.go:64:14:64:14 | y | main.go:64:7:64:18 | call to min |
 | main.go:64:14:64:14 | y | main.go:65:14:65:14 | y |
 | main.go:64:17:64:17 | z | main.go:64:7:64:18 | call to min |
 | main.go:64:17:64:17 | z | main.go:65:17:65:17 | z |
-| main.go:65:2:65:2 | definition of b | main.go:66:12:66:12 | b |
-| main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | definition of b |
+| main.go:65:2:65:2 | SSA def(b) | main.go:66:12:66:12 | b |
+| main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | SSA def(b) |
 | main.go:65:11:65:11 | x | main.go:65:7:65:18 | call to max |
 | main.go:65:14:65:14 | y | main.go:65:7:65:18 | call to max |
 | main.go:65:17:65:17 | z | main.go:65:7:65:18 | call to max |
-| strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | definition of s |
-| strings.go:8:12:8:12 | definition of s | strings.go:9:24:9:24 | s |
-| strings.go:9:2:9:3 | definition of s2 | strings.go:11:20:11:21 | s2 |
-| strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | definition of s2 |
+| strings.go:8:12:8:12 | SSA def(s) | strings.go:9:24:9:24 | s |
+| strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | SSA def(s) |
+| strings.go:9:2:9:3 | SSA def(s2) | strings.go:11:20:11:21 | s2 |
+| strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | SSA def(s2) |
 | strings.go:9:24:9:24 | s | strings.go:10:27:10:27 | s |
-| strings.go:10:2:10:3 | definition of s3 | strings.go:11:24:11:25 | s3 |
-| strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | definition of s3 |
+| strings.go:10:2:10:3 | SSA def(s3) | strings.go:11:24:11:25 | s3 |
+| strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | SSA def(s3) |
 | strings.go:11:20:11:21 | s2 | strings.go:11:48:11:49 | s2 |
 | strings.go:11:24:11:25 | s3 | strings.go:11:67:11:68 | s3 |
-| url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | definition of b |
-| url.go:8:12:8:12 | definition of b | url.go:11:5:11:5 | b |
-| url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | definition of s |
-| url.go:8:20:8:20 | definition of s | url.go:12:46:12:46 | s |
-| url.go:8:20:8:20 | definition of s | url.go:14:48:14:48 | s |
-| url.go:12:3:12:5 | definition of res | url.go:19:9:19:11 | res |
-| url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | definition of res |
-| url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | definition of err |
-| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err |
-| url.go:14:3:14:5 | definition of res | url.go:19:9:19:11 | res |
-| url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | definition of res |
-| url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | definition of err |
-| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err |
-| url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | definition of i |
-| url.go:22:12:22:12 | definition of i | url.go:24:5:24:5 | i |
-| url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | definition of s |
-| url.go:22:19:22:19 | definition of s | url.go:23:20:23:20 | s |
-| url.go:23:2:23:2 | definition of u | url.go:25:10:25:10 | u |
-| url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | definition of u |
+| url.go:8:12:8:12 | SSA def(b) | url.go:11:5:11:5 | b |
+| url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | SSA def(b) |
+| url.go:8:20:8:20 | SSA def(s) | url.go:12:46:12:46 | s |
+| url.go:8:20:8:20 | SSA def(s) | url.go:14:48:14:48 | s |
+| url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | SSA def(s) |
+| url.go:12:3:12:5 | SSA def(res) | url.go:19:9:19:11 | res |
+| url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | SSA def(res) |
+| url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | SSA def(err) |
+| url.go:12:8:12:10 | SSA def(err) | url.go:16:5:16:7 | err |
+| url.go:14:3:14:5 | SSA def(res) | url.go:19:9:19:11 | res |
+| url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | SSA def(res) |
+| url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | SSA def(err) |
+| url.go:14:8:14:10 | SSA def(err) | url.go:16:5:16:7 | err |
+| url.go:22:12:22:12 | SSA def(i) | url.go:24:5:24:5 | i |
+| url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | SSA def(i) |
+| url.go:22:19:22:19 | SSA def(s) | url.go:23:20:23:20 | s |
+| url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | SSA def(s) |
+| url.go:23:2:23:2 | SSA def(u) | url.go:25:10:25:10 | u |
+| url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | SSA def(u) |
 | url.go:23:20:23:20 | s | url.go:27:29:27:29 | s |
-| url.go:27:2:27:2 | definition of u | url.go:28:14:28:14 | u |
-| url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | definition of u |
+| url.go:27:2:27:2 | SSA def(u) | url.go:28:14:28:14 | u |
+| url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | SSA def(u) |
 | url.go:28:14:28:14 | u | url.go:29:14:29:14 | u |
 | url.go:28:14:28:14 | u [postupdate] | url.go:29:14:29:14 | u |
 | url.go:29:14:29:14 | u | url.go:30:11:30:11 | u |
 | url.go:29:14:29:14 | u [postupdate] | url.go:30:11:30:11 | u |
-| url.go:30:2:30:3 | definition of bs | url.go:31:14:31:15 | bs |
-| url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | definition of bs |
+| url.go:30:2:30:3 | SSA def(bs) | url.go:31:14:31:15 | bs |
+| url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | SSA def(bs) |
 | url.go:30:11:30:11 | u | url.go:32:9:32:9 | u |
 | url.go:30:11:30:11 | u [postupdate] | url.go:32:9:32:9 | u |
-| url.go:32:2:32:2 | definition of u | url.go:33:14:33:14 | u |
-| url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | definition of u |
+| url.go:32:2:32:2 | SSA def(u) | url.go:33:14:33:14 | u |
+| url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | SSA def(u) |
 | url.go:33:14:33:14 | u | url.go:34:14:34:14 | u |
 | url.go:33:14:33:14 | u [postupdate] | url.go:34:14:34:14 | u |
 | url.go:34:14:34:14 | u | url.go:35:14:35:14 | u |
 | url.go:34:14:34:14 | u [postupdate] | url.go:35:14:35:14 | u |
 | url.go:35:14:35:14 | u | url.go:36:6:36:6 | u |
 | url.go:35:14:35:14 | u [postupdate] | url.go:36:6:36:6 | u |
-| url.go:36:2:36:2 | definition of u | url.go:37:9:37:9 | u |
+| url.go:36:2:36:2 | SSA def(u) | url.go:37:9:37:9 | u |
 | url.go:36:6:36:6 | u | url.go:36:25:36:25 | u |
 | url.go:36:6:36:6 | u [postupdate] | url.go:36:25:36:25 | u |
-| url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | definition of u |
-| url.go:42:2:42:3 | definition of ui | url.go:43:11:43:12 | ui |
-| url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | definition of ui |
-| url.go:43:2:43:3 | definition of pw | url.go:44:14:44:15 | pw |
-| url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | definition of pw |
+| url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | SSA def(u) |
+| url.go:42:2:42:3 | SSA def(ui) | url.go:43:11:43:12 | ui |
+| url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | SSA def(ui) |
+| url.go:43:2:43:3 | SSA def(pw) | url.go:44:14:44:15 | pw |
+| url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | SSA def(pw) |
 | url.go:43:11:43:12 | ui | url.go:45:14:45:15 | ui |
 | url.go:43:11:43:12 | ui [postupdate] | url.go:45:14:45:15 | ui |
 | url.go:45:14:45:15 | ui | url.go:46:9:46:10 | ui |
 | url.go:45:14:45:15 | ui [postupdate] | url.go:46:9:46:10 | ui |
-| url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | definition of q |
-| url.go:49:12:49:12 | definition of q | url.go:50:25:50:25 | q |
-| url.go:50:2:50:2 | definition of v | url.go:51:14:51:14 | v |
-| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | definition of v |
+| url.go:49:12:49:12 | SSA def(q) | url.go:50:25:50:25 | q |
+| url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | SSA def(q) |
+| url.go:50:2:50:2 | SSA def(v) | url.go:51:14:51:14 | v |
+| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | SSA def(v) |
 | url.go:51:14:51:14 | v | url.go:52:14:52:14 | v |
 | url.go:51:14:51:14 | v [postupdate] | url.go:52:14:52:14 | v |
 | url.go:52:14:52:14 | v | url.go:53:9:53:9 | v |
 | url.go:52:14:52:14 | v [postupdate] | url.go:53:9:53:9 | v |
-| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | definition of q |
-| url.go:56:12:56:12 | definition of q | url.go:57:29:57:29 | q |
-| url.go:57:2:57:8 | definition of joined1 | url.go:58:38:58:44 | joined1 |
-| url.go:57:2:57:39 | ... := ...[0] | url.go:57:2:57:8 | definition of joined1 |
-| url.go:58:2:58:8 | definition of joined2 | url.go:59:24:59:30 | joined2 |
-| url.go:58:2:58:45 | ... := ...[0] | url.go:58:2:58:8 | definition of joined2 |
-| url.go:59:2:59:6 | definition of asUrl | url.go:60:15:60:19 | asUrl |
-| url.go:59:2:59:31 | ... := ...[0] | url.go:59:2:59:6 | definition of asUrl |
-| url.go:60:2:60:10 | definition of joinedUrl | url.go:61:9:61:17 | joinedUrl |
-| url.go:60:15:60:37 | call to JoinPath | url.go:60:2:60:10 | definition of joinedUrl |
-| url.go:64:13:64:13 | argument corresponding to q | url.go:64:13:64:13 | definition of q |
-| url.go:64:13:64:13 | definition of q | url.go:66:27:66:27 | q |
-| url.go:65:2:65:9 | definition of cleanUrl | url.go:66:9:66:16 | cleanUrl |
-| url.go:65:2:65:48 | ... := ...[0] | url.go:65:2:65:9 | definition of cleanUrl |
+| url.go:56:12:56:12 | SSA def(q) | url.go:57:29:57:29 | q |
+| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | SSA def(q) |
+| url.go:57:2:57:8 | SSA def(joined1) | url.go:58:38:58:44 | joined1 |
+| url.go:57:2:57:39 | ... := ...[0] | url.go:57:2:57:8 | SSA def(joined1) |
+| url.go:58:2:58:8 | SSA def(joined2) | url.go:59:24:59:30 | joined2 |
+| url.go:58:2:58:45 | ... := ...[0] | url.go:58:2:58:8 | SSA def(joined2) |
+| url.go:59:2:59:6 | SSA def(asUrl) | url.go:60:15:60:19 | asUrl |
+| url.go:59:2:59:31 | ... := ...[0] | url.go:59:2:59:6 | SSA def(asUrl) |
+| url.go:60:2:60:10 | SSA def(joinedUrl) | url.go:61:9:61:17 | joinedUrl |
+| url.go:60:15:60:37 | call to JoinPath | url.go:60:2:60:10 | SSA def(joinedUrl) |
+| url.go:64:13:64:13 | SSA def(q) | url.go:66:27:66:27 | q |
+| url.go:64:13:64:13 | argument corresponding to q | url.go:64:13:64:13 | SSA def(q) |
+| url.go:65:2:65:9 | SSA def(cleanUrl) | url.go:66:9:66:16 | cleanUrl |
+| url.go:65:2:65:48 | ... := ...[0] | url.go:65:2:65:9 | SSA def(cleanUrl) |

go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getEntryNode.expected

@@ -25,15 +25,15 @@
 | result | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 |
 | result | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump |
 | result | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder |
-| result | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | definition of err |
-| result | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | definition of bytesBuffer |
+| result | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | SSA def(err) |
+| result | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | SSA def(bytesBuffer) |
 | result 0 | main.go:51:2:51:14 | call to op | main.go:51:2:51:14 | call to op |
 | result 0 | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 |
 | result 0 | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump |
-| result 0 | main.go:54:10:54:15 | call to test | main.go:54:2:54:2 | definition of x |
-| result 0 | main.go:56:9:56:15 | call to test2 | main.go:56:2:56:2 | definition of x |
+| result 0 | main.go:54:10:54:15 | call to test | main.go:54:2:54:2 | SSA def(x) |
+| result 0 | main.go:56:9:56:15 | call to test2 | main.go:56:2:56:2 | SSA def(x) |
 | result 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder |
-| result 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | definition of err |
-| result 0 | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | definition of bytesBuffer |
-| result 1 | main.go:54:10:54:15 | call to test | main.go:54:5:54:5 | definition of y |
-| result 1 | main.go:56:9:56:15 | call to test2 | main.go:56:5:56:5 | definition of y |
+| result 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | SSA def(err) |
+| result 0 | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | SSA def(bytesBuffer) |
+| result 1 | main.go:54:10:54:15 | call to test | main.go:54:5:54:5 | SSA def(y) |
+| result 1 | main.go:56:9:56:15 | call to test2 | main.go:56:5:56:5 | SSA def(y) |

go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getExitNode.expected

@@ -1,14 +1,14 @@
-| parameter 0 | main.go:5:1:11:1 | function declaration | main.go:5:9:5:10 | definition of op |
-| parameter 0 | main.go:13:1:20:1 | function declaration | main.go:13:10:13:11 | definition of op |
-| parameter 0 | main.go:40:1:48:1 | function declaration | main.go:40:12:40:12 | definition of b |
-| parameter 0 | reset.go:8:1:16:1 | function declaration | reset.go:8:27:8:27 | definition of r |
-| parameter 0 | tst2.go:8:1:12:1 | function declaration | tst2.go:8:12:8:15 | definition of data |
-| parameter 0 | tst.go:8:1:11:1 | function declaration | tst.go:8:12:8:17 | definition of reader |
+| parameter 0 | main.go:5:1:11:1 | function declaration | main.go:5:9:5:10 | SSA def(op) |
+| parameter 0 | main.go:13:1:20:1 | function declaration | main.go:13:10:13:11 | SSA def(op) |
+| parameter 0 | main.go:40:1:48:1 | function declaration | main.go:40:12:40:12 | SSA def(b) |
+| parameter 0 | reset.go:8:1:16:1 | function declaration | reset.go:8:27:8:27 | SSA def(r) |
+| parameter 0 | tst2.go:8:1:12:1 | function declaration | tst2.go:8:12:8:15 | SSA def(data) |
+| parameter 0 | tst.go:8:1:11:1 | function declaration | tst.go:8:12:8:17 | SSA def(reader) |
 | parameter 0 | tst.go:13:1:13:25 | function declaration | tst.go:13:12:13:13 | initialization of xs |
-| parameter 0 | tst.go:15:1:19:1 | function declaration | tst.go:15:12:15:12 | definition of x |
-| parameter 1 | main.go:5:1:11:1 | function declaration | main.go:5:20:5:20 | definition of x |
-| parameter 1 | main.go:13:1:20:1 | function declaration | main.go:13:21:13:21 | definition of x |
-| parameter 1 | tst.go:15:1:19:1 | function declaration | tst.go:15:15:15:15 | definition of y |
-| parameter 2 | main.go:5:1:11:1 | function declaration | main.go:5:27:5:27 | definition of y |
-| parameter 2 | main.go:13:1:20:1 | function declaration | main.go:13:28:13:28 | definition of y |
-| receiver | main.go:26:1:29:1 | function declaration | main.go:26:7:26:7 | definition of c |
+| parameter 0 | tst.go:15:1:19:1 | function declaration | tst.go:15:12:15:12 | SSA def(x) |
+| parameter 1 | main.go:5:1:11:1 | function declaration | main.go:5:20:5:20 | SSA def(x) |
+| parameter 1 | main.go:13:1:20:1 | function declaration | main.go:13:21:13:21 | SSA def(x) |
+| parameter 1 | tst.go:15:1:19:1 | function declaration | tst.go:15:15:15:15 | SSA def(y) |
+| parameter 2 | main.go:5:1:11:1 | function declaration | main.go:5:27:5:27 | SSA def(y) |
+| parameter 2 | main.go:13:1:20:1 | function declaration | main.go:13:28:13:28 | SSA def(y) |
+| receiver | main.go:26:1:29:1 | function declaration | main.go:26:7:26:7 | SSA def(c) |

go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected

@@ -1,18 +1,18 @@
 | main.go:6:2:6:5 | 1 | main.go:14:7:14:7 | 1 |
-| main.go:10:2:10:2 | definition of x | main.go:10:7:10:7 | 0 |
+| main.go:10:2:10:2 | SSA def(x) | main.go:10:7:10:7 | 0 |
 | main.go:10:7:10:7 | 0 | main.go:10:7:10:7 | 0 |
-| main.go:11:6:11:6 | definition of y | main.go:10:7:10:7 | 0 |
+| main.go:11:6:11:6 | SSA def(y) | main.go:10:7:10:7 | 0 |
 | main.go:11:6:11:6 | zero value for y | main.go:10:7:10:7 | 0 |
 | main.go:12:2:12:18 | call to Println | main.go:12:2:12:18 | call to Println |
 | main.go:12:14:12:14 | x | main.go:10:7:10:7 | 0 |
 | main.go:12:17:12:17 | y | main.go:10:7:10:7 | 0 |
-| main.go:14:2:14:2 | definition of z | main.go:14:7:14:7 | 1 |
+| main.go:14:2:14:2 | SSA def(z) | main.go:14:7:14:7 | 1 |
 | main.go:14:7:14:7 | 1 | main.go:14:7:14:7 | 1 |
 | main.go:15:2:15:9 | call to bump | main.go:15:2:15:9 | call to bump |
 | main.go:16:2:16:21 | call to Println | main.go:16:2:16:21 | call to Println |
 | main.go:16:14:16:14 | x | main.go:10:7:10:7 | 0 |
 | main.go:16:17:16:17 | y | main.go:10:7:10:7 | 0 |
-| main.go:18:2:18:3 | definition of ss | main.go:18:8:18:24 | call to make |
+| main.go:18:2:18:3 | SSA def(ss) | main.go:18:8:18:24 | call to make |
 | main.go:18:8:18:24 | call to make | main.go:18:8:18:24 | call to make |
 | main.go:18:23:18:23 | 3 | main.go:18:23:18:23 | 3 |
 | main.go:19:5:19:5 | 2 | main.go:19:5:19:5 | 2 |
@@ -20,22 +20,20 @@
 | main.go:20:2:20:16 | call to Println | main.go:20:2:20:16 | call to Println |
 | main.go:23:14:23:16 | implicit read of res | main.go:24:8:24:8 | 4 |
 | main.go:23:14:23:16 | zero value for res | main.go:10:7:10:7 | 0 |
-| main.go:24:2:24:4 | definition of res | main.go:24:8:24:8 | 4 |
+| main.go:24:2:24:4 | SSA def(res) | main.go:24:8:24:8 | 4 |
 | main.go:24:8:24:8 | 4 | main.go:24:8:24:8 | 4 |
 | main.go:28:15:28:17 | implicit read of res | main.go:30:9:30:9 | 6 |
 | main.go:28:15:28:17 | zero value for res | main.go:10:7:10:7 | 0 |
 | main.go:29:8:29:8 | 5 | main.go:29:8:29:8 | 5 |
 | main.go:30:9:30:9 | 6 | main.go:30:9:30:9 | 6 |
-| main.go:30:9:30:9 | definition of res | main.go:30:9:30:9 | 6 |
-| main.go:33:15:33:17 | definition of res | main.go:10:7:10:7 | 0 |
+| main.go:30:9:30:9 | SSA def(res) | main.go:30:9:30:9 | 6 |
 | main.go:33:15:33:17 | zero value for res | main.go:10:7:10:7 | 0 |
-| main.go:34:2:34:4 | definition of res | main.go:34:8:34:8 | 7 |
 | main.go:34:8:34:8 | 7 | main.go:34:8:34:8 | 7 |
 | main.go:35:8:37:4 | function call | main.go:35:8:37:4 | function call |
-| main.go:36:3:36:5 | definition of res | main.go:36:9:36:9 | 8 |
+| main.go:36:3:36:5 | SSA def(res) | main.go:36:9:36:9 | 8 |
 | main.go:36:9:36:9 | 8 | main.go:36:9:36:9 | 8 |
 | main.go:38:9:38:9 | 9 | main.go:38:9:38:9 | 9 |
-| main.go:38:9:38:9 | definition of res | main.go:38:9:38:9 | 9 |
+| main.go:38:9:38:9 | SSA def(res) | main.go:38:9:38:9 | 9 |
 | regressions.go:5:11:5:31 | call to Sizeof | regressions.go:5:11:5:31 | call to Sizeof |
 | regressions.go:7:11:7:15 | false | regressions.go:7:11:7:15 | false |
 | regressions.go:9:11:9:12 | !... | regressions.go:11:11:11:14 | true |

go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected

@@ -1,132 +1,132 @@
-| main.go:22:2:22:6 | definition of outer | main.go:25:7:25:11 | outer |
-| main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | definition of outer |
-| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | definition of outer |
+| main.go:22:2:22:6 | SSA def(outer) | main.go:25:7:25:11 | outer |
+| main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | SSA def(outer) |
+| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | SSA def(outer) |
 | main.go:25:7:25:11 | outer | main.go:26:7:26:11 | outer |
 | main.go:26:7:26:11 | outer | main.go:27:7:27:11 | outer |
 | main.go:27:7:27:11 | outer | main.go:28:7:28:11 | outer |
-| main.go:30:2:30:7 | definition of outerp | main.go:33:7:33:12 | outerp |
-| main.go:30:12:32:2 | &... | main.go:30:2:30:7 | definition of outerp |
-| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | definition of outerp |
+| main.go:30:2:30:7 | SSA def(outerp) | main.go:33:7:33:12 | outerp |
+| main.go:30:12:32:2 | &... | main.go:30:2:30:7 | SSA def(outerp) |
+| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | SSA def(outerp) |
 | main.go:33:7:33:12 | outerp | main.go:34:7:34:12 | outerp |
 | main.go:33:7:33:12 | outerp [postupdate] | main.go:34:7:34:12 | outerp |
 | main.go:34:7:34:12 | outerp | main.go:35:7:35:12 | outerp |
 | main.go:34:7:34:12 | outerp [postupdate] | main.go:35:7:35:12 | outerp |
 | main.go:35:7:35:12 | outerp | main.go:36:7:36:12 | outerp |
 | main.go:35:7:35:12 | outerp [postupdate] | main.go:36:7:36:12 | outerp |
-| main.go:40:2:40:6 | definition of outer | main.go:41:7:41:11 | outer |
-| main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | definition of outer |
-| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | definition of outer |
+| main.go:40:2:40:6 | SSA def(outer) | main.go:41:7:41:11 | outer |
+| main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | SSA def(outer) |
+| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | SSA def(outer) |
 | main.go:41:7:41:11 | outer | main.go:42:7:42:11 | outer |
 | main.go:42:7:42:11 | outer | main.go:43:7:43:11 | outer |
 | main.go:43:7:43:11 | outer | main.go:44:7:44:11 | outer |
-| main.go:46:2:46:7 | definition of outerp | main.go:47:7:47:12 | outerp |
-| main.go:46:12:46:42 | &... | main.go:46:2:46:7 | definition of outerp |
-| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | definition of outerp |
+| main.go:46:2:46:7 | SSA def(outerp) | main.go:47:7:47:12 | outerp |
+| main.go:46:12:46:42 | &... | main.go:46:2:46:7 | SSA def(outerp) |
+| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | SSA def(outerp) |
 | main.go:47:7:47:12 | outerp | main.go:48:7:48:12 | outerp |
 | main.go:47:7:47:12 | outerp [postupdate] | main.go:48:7:48:12 | outerp |
 | main.go:48:7:48:12 | outerp | main.go:49:7:49:12 | outerp |
 | main.go:48:7:48:12 | outerp [postupdate] | main.go:49:7:49:12 | outerp |
 | main.go:49:7:49:12 | outerp | main.go:50:7:50:12 | outerp |
 | main.go:49:7:49:12 | outerp [postupdate] | main.go:50:7:50:12 | outerp |
-| main.go:54:2:54:6 | definition of inner | main.go:55:19:55:23 | inner |
-| main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | definition of inner |
-| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | definition of inner |
-| main.go:55:2:55:7 | definition of middle | main.go:56:17:56:22 | middle |
-| main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | definition of middle |
-| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | definition of middle |
-| main.go:56:2:56:6 | definition of outer | main.go:57:7:57:11 | outer |
-| main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | definition of outer |
-| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | definition of outer |
+| main.go:54:2:54:6 | SSA def(inner) | main.go:55:19:55:23 | inner |
+| main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | SSA def(inner) |
+| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | SSA def(inner) |
+| main.go:55:2:55:7 | SSA def(middle) | main.go:56:17:56:22 | middle |
+| main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | SSA def(middle) |
+| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | SSA def(middle) |
+| main.go:56:2:56:6 | SSA def(outer) | main.go:57:7:57:11 | outer |
+| main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | SSA def(outer) |
+| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | SSA def(outer) |
 | main.go:57:7:57:11 | outer | main.go:58:7:58:11 | outer |
 | main.go:58:7:58:11 | outer | main.go:59:7:59:11 | outer |
 | main.go:59:7:59:11 | outer | main.go:60:7:60:11 | outer |
-| main.go:62:2:62:7 | definition of innerp | main.go:63:20:63:25 | innerp |
-| main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | definition of innerp |
-| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | definition of innerp |
-| main.go:63:2:63:8 | definition of middlep | main.go:64:18:64:24 | middlep |
-| main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | definition of middlep |
-| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | definition of middlep |
-| main.go:64:2:64:7 | definition of outerp | main.go:65:7:65:12 | outerp |
-| main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | definition of outerp |
-| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | definition of outerp |
+| main.go:62:2:62:7 | SSA def(innerp) | main.go:63:20:63:25 | innerp |
+| main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | SSA def(innerp) |
+| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | SSA def(innerp) |
+| main.go:63:2:63:8 | SSA def(middlep) | main.go:64:18:64:24 | middlep |
+| main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | SSA def(middlep) |
+| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | SSA def(middlep) |
+| main.go:64:2:64:7 | SSA def(outerp) | main.go:65:7:65:12 | outerp |
+| main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | SSA def(outerp) |
+| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | SSA def(outerp) |
 | main.go:65:7:65:12 | outerp | main.go:66:7:66:12 | outerp |
 | main.go:66:7:66:12 | outerp | main.go:67:7:67:12 | outerp |
 | main.go:67:7:67:12 | outerp | main.go:68:7:68:12 | outerp |
-| main.go:72:2:72:6 | definition of inner | main.go:73:26:73:30 | inner |
-| main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | definition of inner |
-| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | definition of inner |
-| main.go:73:2:73:7 | definition of middle | main.go:74:25:74:30 | middle |
-| main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | definition of middle |
-| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | definition of middle |
-| main.go:74:2:74:6 | definition of outer | main.go:75:7:75:11 | outer |
-| main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | definition of outer |
-| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | definition of outer |
+| main.go:72:2:72:6 | SSA def(inner) | main.go:73:26:73:30 | inner |
+| main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | SSA def(inner) |
+| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | SSA def(inner) |
+| main.go:73:2:73:7 | SSA def(middle) | main.go:74:25:74:30 | middle |
+| main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | SSA def(middle) |
+| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | SSA def(middle) |
+| main.go:74:2:74:6 | SSA def(outer) | main.go:75:7:75:11 | outer |
+| main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | SSA def(outer) |
+| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | SSA def(outer) |
 | main.go:75:7:75:11 | outer | main.go:76:7:76:11 | outer |
 | main.go:76:7:76:11 | outer | main.go:77:7:77:11 | outer |
 | main.go:77:7:77:11 | outer | main.go:78:7:78:11 | outer |
-| main.go:80:2:80:7 | definition of innerp | main.go:81:27:81:32 | innerp |
-| main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | definition of innerp |
-| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | definition of innerp |
-| main.go:81:2:81:8 | definition of middlep | main.go:82:26:82:32 | middlep |
-| main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | definition of middlep |
-| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | definition of middlep |
-| main.go:82:2:82:7 | definition of outerp | main.go:83:7:83:12 | outerp |
-| main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | definition of outerp |
-| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | definition of outerp |
+| main.go:80:2:80:7 | SSA def(innerp) | main.go:81:27:81:32 | innerp |
+| main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | SSA def(innerp) |
+| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | SSA def(innerp) |
+| main.go:81:2:81:8 | SSA def(middlep) | main.go:82:26:82:32 | middlep |
+| main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | SSA def(middlep) |
+| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | SSA def(middlep) |
+| main.go:82:2:82:7 | SSA def(outerp) | main.go:83:7:83:12 | outerp |
+| main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | SSA def(outerp) |
+| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | SSA def(outerp) |
 | main.go:83:7:83:12 | outerp | main.go:84:7:84:12 | outerp |
 | main.go:84:7:84:12 | outerp | main.go:85:7:85:12 | outerp |
 | main.go:85:7:85:12 | outerp | main.go:86:7:86:12 | outerp |
-| main.go:90:6:90:10 | definition of outer | main.go:91:2:91:6 | outer |
-| main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | definition of outer |
+| main.go:90:6:90:10 | SSA def(outer) | main.go:91:2:91:6 | outer |
+| main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | SSA def(outer) |
 | main.go:91:2:91:6 | outer | main.go:92:7:92:11 | outer |
 | main.go:91:2:91:6 | outer [postupdate] | main.go:92:7:92:11 | outer |
 | main.go:92:7:92:11 | outer | main.go:93:7:93:11 | outer |
 | main.go:93:7:93:11 | outer | main.go:94:7:94:11 | outer |
 | main.go:94:7:94:11 | outer | main.go:95:7:95:11 | outer |
-| main.go:97:6:97:11 | definition of outerp | main.go:98:2:98:7 | outerp |
-| main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | definition of outerp |
+| main.go:97:6:97:11 | SSA def(outerp) | main.go:98:2:98:7 | outerp |
+| main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | SSA def(outerp) |
 | main.go:98:2:98:7 | outerp | main.go:99:7:99:12 | outerp |
 | main.go:98:2:98:7 | outerp [postupdate] | main.go:99:7:99:12 | outerp |
 | main.go:99:7:99:12 | outerp | main.go:100:7:100:12 | outerp |
 | main.go:100:7:100:12 | outerp | main.go:101:7:101:12 | outerp |
 | main.go:101:7:101:12 | outerp | main.go:102:7:102:12 | outerp |
-| main.go:106:6:106:10 | definition of outer | main.go:107:2:107:6 | outer |
-| main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | definition of outer |
+| main.go:106:6:106:10 | SSA def(outer) | main.go:107:2:107:6 | outer |
+| main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | SSA def(outer) |
 | main.go:107:2:107:6 | outer | main.go:108:7:108:11 | outer |
 | main.go:107:2:107:6 | outer [postupdate] | main.go:108:7:108:11 | outer |
 | main.go:108:7:108:11 | outer | main.go:109:7:109:11 | outer |
 | main.go:109:7:109:11 | outer | main.go:110:7:110:11 | outer |
 | main.go:110:7:110:11 | outer | main.go:111:7:111:11 | outer |
-| main.go:113:6:113:11 | definition of outerp | main.go:114:2:114:7 | outerp |
-| main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | definition of outerp |
+| main.go:113:6:113:11 | SSA def(outerp) | main.go:114:2:114:7 | outerp |
+| main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | SSA def(outerp) |
 | main.go:114:2:114:7 | outerp | main.go:115:7:115:12 | outerp |
 | main.go:114:2:114:7 | outerp [postupdate] | main.go:115:7:115:12 | outerp |
 | main.go:115:7:115:12 | outerp | main.go:116:7:116:12 | outerp |
 | main.go:116:7:116:12 | outerp | main.go:117:7:117:12 | outerp |
 | main.go:117:7:117:12 | outerp | main.go:118:7:118:12 | outerp |
-| main.go:122:6:122:10 | definition of outer | main.go:123:2:123:6 | outer |
-| main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | definition of outer |
+| main.go:122:6:122:10 | SSA def(outer) | main.go:123:2:123:6 | outer |
+| main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | SSA def(outer) |
 | main.go:123:2:123:6 | outer | main.go:124:7:124:11 | outer |
 | main.go:123:2:123:6 | outer [postupdate] | main.go:124:7:124:11 | outer |
 | main.go:124:7:124:11 | outer | main.go:125:7:125:11 | outer |
 | main.go:125:7:125:11 | outer | main.go:126:7:126:11 | outer |
 | main.go:126:7:126:11 | outer | main.go:127:7:127:11 | outer |
-| main.go:129:6:129:11 | definition of outerp | main.go:130:2:130:7 | outerp |
-| main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | definition of outerp |
+| main.go:129:6:129:11 | SSA def(outerp) | main.go:130:2:130:7 | outerp |
+| main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | SSA def(outerp) |
 | main.go:130:2:130:7 | outerp | main.go:131:7:131:12 | outerp |
 | main.go:130:2:130:7 | outerp [postupdate] | main.go:131:7:131:12 | outerp |
 | main.go:131:7:131:12 | outerp | main.go:132:7:132:12 | outerp |
 | main.go:132:7:132:12 | outerp | main.go:133:7:133:12 | outerp |
 | main.go:133:7:133:12 | outerp | main.go:134:7:134:12 | outerp |
-| main.go:138:6:138:10 | definition of outer | main.go:139:2:139:6 | outer |
-| main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | definition of outer |
+| main.go:138:6:138:10 | SSA def(outer) | main.go:139:2:139:6 | outer |
+| main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | SSA def(outer) |
 | main.go:139:2:139:6 | outer | main.go:140:7:140:11 | outer |
 | main.go:139:2:139:6 | outer [postupdate] | main.go:140:7:140:11 | outer |
 | main.go:140:7:140:11 | outer | main.go:141:7:141:11 | outer |
 | main.go:141:7:141:11 | outer | main.go:142:7:142:11 | outer |
 | main.go:142:7:142:11 | outer | main.go:143:7:143:11 | outer |
-| main.go:145:6:145:11 | definition of outerp | main.go:146:2:146:7 | outerp |
-| main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | definition of outerp |
+| main.go:145:6:145:11 | SSA def(outerp) | main.go:146:2:146:7 | outerp |
+| main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | SSA def(outerp) |
 | main.go:146:2:146:7 | outerp | main.go:147:7:147:12 | outerp |
 | main.go:146:2:146:7 | outerp [postupdate] | main.go:147:7:147:12 | outerp |
 | main.go:147:7:147:12 | outerp | main.go:148:7:148:12 | outerp |

go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected

@@ -1,34 +1,42 @@
-| main.go:15:12:15:12 | x | main.go:13:6:13:6 | definition of x | main.go:13:6:13:6 | x |
-| main.go:15:15:15:15 | y | main.go:14:2:14:2 | definition of y | main.go:14:2:14:2 | y |
-| main.go:17:3:17:3 | y | main.go:14:2:14:2 | definition of y | main.go:14:2:14:2 | y |
-| main.go:19:12:19:12 | x | main.go:13:6:13:6 | definition of x | main.go:13:6:13:6 | x |
-| main.go:19:15:19:15 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y |
-| main.go:21:7:21:7 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y |
-| main.go:23:12:23:12 | x | main.go:23:2:23:10 | x = phi(def@13:6, def@21:3) | main.go:13:6:13:6 | x |
-| main.go:23:15:23:15 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y |
-| main.go:27:10:27:10 | x | main.go:26:10:26:10 | definition of x | main.go:26:10:26:10 | x |
-| main.go:29:10:29:10 | b | main.go:27:5:27:5 | definition of b | main.go:27:5:27:5 | b |
-| main.go:29:13:29:13 | a | main.go:27:2:27:2 | definition of a | main.go:27:2:27:2 | a |
-| main.go:31:9:31:9 | a | main.go:31:9:31:9 | a = phi(def@27:2, def@29:3) | main.go:27:2:27:2 | a |
-| main.go:31:12:31:12 | b | main.go:31:9:31:9 | b = phi(def@27:5, def@29:6) | main.go:27:5:27:5 | b |
-| main.go:35:3:35:3 | x | main.go:34:11:34:11 | definition of x | main.go:34:11:34:11 | x |
-| main.go:40:10:40:10 | x | main.go:39:2:39:2 | definition of x | main.go:39:2:39:2 | x |
-| main.go:42:8:42:10 | ptr | main.go:40:2:40:4 | definition of ptr | main.go:40:2:40:4 | ptr |
-| main.go:44:12:44:12 | x | main.go:39:2:39:2 | definition of x | main.go:39:2:39:2 | x |
-| main.go:47:13:47:18 | implicit read of result | main.go:48:2:48:7 | definition of result | main.go:47:13:47:18 | result |
-| main.go:52:14:52:19 | implicit read of result | main.go:52:14:52:19 | definition of result | main.go:52:14:52:19 | result |
-| main.go:61:12:61:12 | x | main.go:58:6:58:9 | x = phi(def@57:6, def@59:3) | main.go:57:6:57:6 | x |
-| main.go:64:16:64:16 | i | main.go:65:6:65:9 | i = phi(def@64:16, def@64:6) | main.go:64:6:64:6 | i |
-| main.go:70:12:70:12 | y | main.go:65:6:65:9 | y = phi(def@63:2, def@68:3) | main.go:63:2:63:2 | y |
-| main.go:73:16:73:16 | i | main.go:74:3:74:3 | i = phi(def@73:16, def@73:6) | main.go:73:6:73:6 | i |
-| main.go:79:12:79:12 | z | main.go:74:3:74:3 | definition of z | main.go:72:2:72:2 | z |
-| main.go:82:18:82:18 | implicit read of a | main.go:84:5:84:5 | definition of a | main.go:82:18:82:18 | a |
-| main.go:82:25:82:25 | implicit read of b | main.go:82:25:82:25 | definition of b | main.go:82:25:82:25 | b |
-| main.go:84:9:84:9 | x | main.go:83:2:83:2 | definition of x | main.go:83:2:83:2 | x |
-| main.go:84:15:84:15 | x | main.go:83:2:83:2 | definition of x | main.go:83:2:83:2 | x |
-| main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | definition of wrapper | main.go:95:22:95:28 | wrapper |
-| main.go:100:9:100:9 | x | main.go:97:2:99:3 | capture variable x | main.go:96:2:96:2 | x |
-| main.go:117:2:117:2 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
-| main.go:119:12:119:12 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
-| main.go:119:17:119:17 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
-| main.go:119:24:119:24 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
+| main.go:15:12:15:12 | x | main.go:13:6:13:6 | SSA def(x) | main.go:13:6:13:6 | x |
+| main.go:15:15:15:15 | y | main.go:14:2:14:2 | SSA def(y) | main.go:14:2:14:2 | y |
+| main.go:17:3:17:3 | y | main.go:14:2:14:2 | SSA def(y) | main.go:14:2:14:2 | y |
+| main.go:19:12:19:12 | x | main.go:13:6:13:6 | SSA def(x) | main.go:13:6:13:6 | x |
+| main.go:19:15:19:15 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y |
+| main.go:21:7:21:7 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y |
+| main.go:23:12:23:12 | x | main.go:23:2:23:10 | SSA phi(x) | main.go:13:6:13:6 | x |
+| main.go:23:15:23:15 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y |
+| main.go:27:10:27:10 | x | main.go:26:10:26:10 | SSA def(x) | main.go:26:10:26:10 | x |
+| main.go:29:10:29:10 | b | main.go:27:5:27:5 | SSA def(b) | main.go:27:5:27:5 | b |
+| main.go:29:13:29:13 | a | main.go:27:2:27:2 | SSA def(a) | main.go:27:2:27:2 | a |
+| main.go:31:9:31:9 | a | main.go:31:9:31:9 | SSA phi(a) | main.go:27:2:27:2 | a |
+| main.go:31:12:31:12 | b | main.go:31:9:31:9 | SSA phi(b) | main.go:27:5:27:5 | b |
+| main.go:35:3:35:3 | x | main.go:34:11:34:11 | SSA def(x) | main.go:34:11:34:11 | x |
+| main.go:40:10:40:10 | x | main.go:39:2:39:2 | SSA def(x) | main.go:39:2:39:2 | x |
+| main.go:42:8:42:10 | ptr | main.go:40:2:40:4 | SSA def(ptr) | main.go:40:2:40:4 | ptr |
+| main.go:44:12:44:12 | x | main.go:39:2:39:2 | SSA def(x) | main.go:39:2:39:2 | x |
+| main.go:47:13:47:18 | implicit read of result | main.go:48:2:48:7 | SSA def(result) | main.go:47:13:47:18 | result |
+| main.go:52:14:52:19 | implicit read of result | main.go:52:14:52:19 | SSA def(result) | main.go:52:14:52:19 | result |
+| main.go:61:12:61:12 | x | main.go:58:6:58:9 | SSA phi(x) | main.go:57:6:57:6 | x |
+| main.go:64:16:64:16 | i | main.go:65:6:65:9 | SSA phi(i) | main.go:64:6:64:6 | i |
+| main.go:70:12:70:12 | y | main.go:65:6:65:9 | SSA phi(y) | main.go:63:2:63:2 | y |
+| main.go:73:16:73:16 | i | main.go:74:3:74:3 | SSA phi(i) | main.go:73:6:73:6 | i |
+| main.go:79:12:79:12 | z | main.go:74:3:74:3 | SSA def(z) | main.go:72:2:72:2 | z |
+| main.go:82:18:82:18 | implicit read of a | main.go:84:5:84:5 | SSA def(a) | main.go:82:18:82:18 | a |
+| main.go:82:25:82:25 | implicit read of b | main.go:82:25:82:25 | SSA def(b) | main.go:82:25:82:25 | b |
+| main.go:84:9:84:9 | x | main.go:83:2:83:2 | SSA def(x) | main.go:83:2:83:2 | x |
+| main.go:84:15:84:15 | x | main.go:83:2:83:2 | SSA def(x) | main.go:83:2:83:2 | x |
+| main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | SSA def(wrapper) | main.go:95:22:95:28 | wrapper |
+| main.go:100:9:100:9 | x | main.go:97:2:99:3 | SSA def(x) | main.go:96:2:96:2 | x |
+| main.go:105:2:105:8 | wrapper | main.go:103:20:103:26 | SSA def(wrapper) | main.go:103:20:103:26 | wrapper |
+| main.go:106:8:106:8 | x | main.go:105:16:108:2 | SSA def(x) | main.go:104:2:104:2 | x |
+| main.go:107:7:107:7 | y | main.go:106:3:106:3 | SSA def(y) | main.go:106:3:106:3 | y |
+| main.go:109:9:109:9 | x | main.go:104:2:104:2 | SSA def(x) | main.go:104:2:104:2 | x |
+| main.go:114:2:114:8 | wrapper | main.go:112:29:112:35 | SSA def(wrapper) | main.go:112:29:112:35 | wrapper |
+| main.go:115:8:115:8 | x | main.go:114:16:117:2 | SSA def(x) | main.go:113:2:113:2 | x |
+| main.go:116:7:116:7 | y | main.go:115:3:115:3 | SSA def(y) | main.go:115:3:115:3 | y |
+| main.go:118:9:118:9 | x | main.go:114:2:117:3 | SSA def(x) | main.go:113:2:113:2 | x |
+| main.go:135:2:135:2 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |
+| main.go:137:12:137:12 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |
+| main.go:137:17:137:17 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |
+| main.go:137:24:137:24 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |

go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected

@@ -1,41 +1,51 @@
-| main.go:13:6:13:6 | definition of x |
-| main.go:14:2:14:2 | definition of y |
-| main.go:17:3:17:3 | definition of y |
-| main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) |
-| main.go:21:3:21:3 | definition of x |
-| main.go:23:2:23:10 | x = phi(def@13:6, def@21:3) |
-| main.go:26:10:26:10 | definition of x |
-| main.go:27:2:27:2 | definition of a |
-| main.go:27:5:27:5 | definition of b |
-| main.go:29:3:29:3 | definition of a |
-| main.go:29:6:29:6 | definition of b |
-| main.go:31:9:31:9 | a = phi(def@27:2, def@29:3) |
-| main.go:31:9:31:9 | b = phi(def@27:5, def@29:6) |
-| main.go:34:11:34:11 | definition of x |
-| main.go:39:2:39:2 | definition of x |
-| main.go:40:2:40:4 | definition of ptr |
-| main.go:48:2:48:7 | definition of result |
-| main.go:52:14:52:19 | definition of result |
-| main.go:57:6:57:6 | definition of x |
-| main.go:58:6:58:9 | x = phi(def@57:6, def@59:3) |
-| main.go:59:3:59:3 | definition of x |
-| main.go:63:2:63:2 | definition of y |
-| main.go:64:6:64:6 | definition of i |
-| main.go:64:16:64:18 | definition of i |
-| main.go:65:6:65:9 | i = phi(def@64:16, def@64:6) |
-| main.go:65:6:65:9 | y = phi(def@63:2, def@68:3) |
-| main.go:68:3:68:3 | definition of y |
-| main.go:73:6:73:6 | definition of i |
-| main.go:73:16:73:18 | definition of i |
-| main.go:74:3:74:3 | definition of z |
-| main.go:74:3:74:3 | i = phi(def@73:16, def@73:6) |
-| main.go:82:25:82:25 | definition of b |
-| main.go:83:2:83:2 | definition of x |
-| main.go:84:5:84:5 | definition of a |
-| main.go:95:22:95:28 | definition of wrapper |
-| main.go:96:2:96:2 | definition of x |
-| main.go:97:2:99:3 | capture variable x |
-| main.go:98:3:98:3 | definition of x |
-| main.go:112:3:112:3 | definition of p |
-| main.go:114:3:114:3 | definition of p |
-| main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) |
+| main.go:13:6:13:6 | SSA def(x) |
+| main.go:14:2:14:2 | SSA def(y) |
+| main.go:17:3:17:3 | SSA def(y) |
+| main.go:19:2:19:10 | SSA phi(y) |
+| main.go:21:3:21:3 | SSA def(x) |
+| main.go:23:2:23:10 | SSA phi(x) |
+| main.go:26:10:26:10 | SSA def(x) |
+| main.go:27:2:27:2 | SSA def(a) |
+| main.go:27:5:27:5 | SSA def(b) |
+| main.go:29:3:29:3 | SSA def(a) |
+| main.go:29:6:29:6 | SSA def(b) |
+| main.go:31:9:31:9 | SSA phi(a) |
+| main.go:31:9:31:9 | SSA phi(b) |
+| main.go:34:11:34:11 | SSA def(x) |
+| main.go:39:2:39:2 | SSA def(x) |
+| main.go:40:2:40:4 | SSA def(ptr) |
+| main.go:48:2:48:7 | SSA def(result) |
+| main.go:52:14:52:19 | SSA def(result) |
+| main.go:57:6:57:6 | SSA def(x) |
+| main.go:58:6:58:9 | SSA phi(x) |
+| main.go:59:3:59:3 | SSA def(x) |
+| main.go:63:2:63:2 | SSA def(y) |
+| main.go:64:6:64:6 | SSA def(i) |
+| main.go:64:16:64:18 | SSA def(i) |
+| main.go:65:6:65:9 | SSA phi(i) |
+| main.go:65:6:65:9 | SSA phi(y) |
+| main.go:68:3:68:3 | SSA def(y) |
+| main.go:73:6:73:6 | SSA def(i) |
+| main.go:73:16:73:18 | SSA def(i) |
+| main.go:74:3:74:3 | SSA def(z) |
+| main.go:74:3:74:3 | SSA phi(i) |
+| main.go:82:25:82:25 | SSA def(b) |
+| main.go:83:2:83:2 | SSA def(x) |
+| main.go:84:5:84:5 | SSA def(a) |
+| main.go:95:22:95:28 | SSA def(wrapper) |
+| main.go:96:2:96:2 | SSA def(x) |
+| main.go:97:2:99:3 | SSA def(x) |
+| main.go:98:3:98:3 | SSA def(x) |
+| main.go:103:20:103:26 | SSA def(wrapper) |
+| main.go:104:2:104:2 | SSA def(x) |
+| main.go:105:16:108:2 | SSA def(x) |
+| main.go:106:3:106:3 | SSA def(y) |
+| main.go:112:29:112:35 | SSA def(wrapper) |
+| main.go:113:2:113:2 | SSA def(x) |
+| main.go:114:2:117:3 | SSA def(x) |
+| main.go:114:16:117:2 | SSA def(x) |
+| main.go:115:3:115:3 | SSA def(y) |
+| main.go:116:3:116:3 | SSA def(x) |
+| main.go:130:3:130:3 | SSA def(p) |
+| main.go:132:3:132:3 | SSA def(p) |
+| main.go:135:2:135:2 | SSA phi(p) |

go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected

@@ -1,46 +1,58 @@
-| main.go:13:6:13:6 | (def@13:6) | x |
-| main.go:14:2:14:2 | (def@14:2) | y |
-| main.go:17:3:17:3 | (def@17:3) | y |
-| main.go:19:2:19:10 | (phi@19:2) | y |
-| main.go:21:3:21:3 | (def@21:3) | x |
-| main.go:23:2:23:10 | (phi@23:2) | x |
-| main.go:26:10:26:10 | (def@26:10) | x |
-| main.go:27:2:27:2 | (def@27:2) | a |
-| main.go:27:5:27:5 | (def@27:5) | b |
-| main.go:29:3:29:3 | (def@29:3) | a |
-| main.go:29:6:29:6 | (def@29:6) | b |
-| main.go:31:9:31:9 | (phi@31:9) | a |
-| main.go:31:9:31:9 | (phi@31:9) | b |
-| main.go:34:11:34:11 | (def@34:11) | x |
-| main.go:39:2:39:2 | (def@39:2) | x |
-| main.go:40:2:40:4 | (def@40:2) | ptr |
-| main.go:48:2:48:7 | (def@48:2) | result |
-| main.go:52:14:52:19 | (def@52:14) | result |
-| main.go:57:6:57:6 | (def@57:6) | x |
-| main.go:58:6:58:9 | (phi@58:6) | x |
-| main.go:59:3:59:3 | (def@59:3) | x |
-| main.go:63:2:63:2 | (def@63:2) | y |
-| main.go:64:6:64:6 | (def@64:6) | i |
-| main.go:64:16:64:18 | (def@64:16) | i |
-| main.go:65:6:65:9 | (phi@65:6) | i |
-| main.go:65:6:65:9 | (phi@65:6) | y |
-| main.go:68:3:68:3 | (def@68:3) | y |
-| main.go:73:6:73:6 | (def@73:6) | i |
-| main.go:73:16:73:18 | (def@73:16) | i |
-| main.go:74:3:74:3 | (def@74:3) | z |
-| main.go:74:3:74:3 | (phi@74:3) | i |
-| main.go:82:25:82:25 | (def@82:25) | b |
-| main.go:83:2:83:2 | (def@83:2) | x |
-| main.go:84:5:84:5 | (def@84:5) | a |
-| main.go:95:22:95:28 | (def@95:22) | wrapper |
-| main.go:95:22:95:28 | (def@95:22).s | wrapper.s |
-| main.go:96:2:96:2 | (def@96:2) | x |
-| main.go:97:2:99:3 | (capture@97:2) | x |
-| main.go:98:3:98:3 | (def@98:3) | x |
-| main.go:112:3:112:3 | (def@112:3) | p |
-| main.go:114:3:114:3 | (def@114:3) | p |
-| main.go:117:2:117:2 | (phi@117:2) | p |
-| main.go:117:2:117:2 | (phi@117:2).a | p.a |
-| main.go:117:2:117:2 | (phi@117:2).b | p.b |
-| main.go:117:2:117:2 | (phi@117:2).b.a | p.b.a |
-| main.go:117:2:117:2 | (phi@117:2).c | p.c |
+| main.go:13:6:13:6 | (SSA def(x)) | x |
+| main.go:14:2:14:2 | (SSA def(y)) | y |
+| main.go:17:3:17:3 | (SSA def(y)) | y |
+| main.go:19:2:19:10 | (SSA phi(y)) | y |
+| main.go:21:3:21:3 | (SSA def(x)) | x |
+| main.go:23:2:23:10 | (SSA phi(x)) | x |
+| main.go:26:10:26:10 | (SSA def(x)) | x |
+| main.go:27:2:27:2 | (SSA def(a)) | a |
+| main.go:27:5:27:5 | (SSA def(b)) | b |
+| main.go:29:3:29:3 | (SSA def(a)) | a |
+| main.go:29:6:29:6 | (SSA def(b)) | b |
+| main.go:31:9:31:9 | (SSA phi(a)) | a |
+| main.go:31:9:31:9 | (SSA phi(b)) | b |
+| main.go:34:11:34:11 | (SSA def(x)) | x |
+| main.go:39:2:39:2 | (SSA def(x)) | x |
+| main.go:40:2:40:4 | (SSA def(ptr)) | ptr |
+| main.go:48:2:48:7 | (SSA def(result)) | result |
+| main.go:52:14:52:19 | (SSA def(result)) | result |
+| main.go:57:6:57:6 | (SSA def(x)) | x |
+| main.go:58:6:58:9 | (SSA phi(x)) | x |
+| main.go:59:3:59:3 | (SSA def(x)) | x |
+| main.go:63:2:63:2 | (SSA def(y)) | y |
+| main.go:64:6:64:6 | (SSA def(i)) | i |
+| main.go:64:16:64:18 | (SSA def(i)) | i |
+| main.go:65:6:65:9 | (SSA phi(i)) | i |
+| main.go:65:6:65:9 | (SSA phi(y)) | y |
+| main.go:68:3:68:3 | (SSA def(y)) | y |
+| main.go:73:6:73:6 | (SSA def(i)) | i |
+| main.go:73:16:73:18 | (SSA def(i)) | i |
+| main.go:74:3:74:3 | (SSA def(z)) | z |
+| main.go:74:3:74:3 | (SSA phi(i)) | i |
+| main.go:82:25:82:25 | (SSA def(b)) | b |
+| main.go:83:2:83:2 | (SSA def(x)) | x |
+| main.go:84:5:84:5 | (SSA def(a)) | a |
+| main.go:95:22:95:28 | (SSA def(wrapper)) | wrapper |
+| main.go:95:22:95:28 | (SSA def(wrapper)).s | wrapper.s |
+| main.go:96:2:96:2 | (SSA def(x)) | x |
+| main.go:97:2:99:3 | (SSA def(x)) | x |
+| main.go:98:3:98:3 | (SSA def(x)) | x |
+| main.go:103:20:103:26 | (SSA def(wrapper)) | wrapper |
+| main.go:103:20:103:26 | (SSA def(wrapper)).s | wrapper.s |
+| main.go:104:2:104:2 | (SSA def(x)) | x |
+| main.go:105:16:108:2 | (SSA def(x)) | x |
+| main.go:106:3:106:3 | (SSA def(y)) | y |
+| main.go:112:29:112:35 | (SSA def(wrapper)) | wrapper |
+| main.go:112:29:112:35 | (SSA def(wrapper)).s | wrapper.s |
+| main.go:113:2:113:2 | (SSA def(x)) | x |
+| main.go:114:2:117:3 | (SSA def(x)) | x |
+| main.go:114:16:117:2 | (SSA def(x)) | x |
+| main.go:115:3:115:3 | (SSA def(y)) | y |
+| main.go:116:3:116:3 | (SSA def(x)) | x |
+| main.go:130:3:130:3 | (SSA def(p)) | p |
+| main.go:132:3:132:3 | (SSA def(p)) | p |
+| main.go:135:2:135:2 | (SSA phi(p)) | p |
+| main.go:135:2:135:2 | (SSA phi(p)).a | p.a |
+| main.go:135:2:135:2 | (SSA phi(p)).b | p.b |
+| main.go:135:2:135:2 | (SSA phi(p)).b.a | p.b.a |
+| main.go:135:2:135:2 | (SSA phi(p)).c | p.c |

go/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected

@@ -32,16 +32,23 @@
 | main.go:95:22:95:28 | initialization of wrapper | main.go:95:22:95:28 | wrapper | main.go:95:22:95:28 | argument corresponding to wrapper |
 | main.go:96:2:96:2 | assignment to x | main.go:96:2:96:2 | x | main.go:96:7:96:7 | 0 |
 | main.go:98:3:98:3 | assignment to x | main.go:96:2:96:2 | x | main.go:98:7:98:7 | 1 |
-| main.go:110:6:110:6 | assignment to p | main.go:110:6:110:6 | p | main.go:110:6:110:6 | zero value for p |
-| main.go:112:3:112:3 | assignment to p | main.go:110:6:110:6 | p | main.go:112:7:112:24 | struct literal |
-| main.go:112:9:112:9 | init of 2 | main.go:104:2:104:2 | a | main.go:112:9:112:9 | 2 |
-| main.go:112:12:112:18 | init of struct literal | main.go:105:2:105:2 | b | main.go:112:12:112:18 | struct literal |
-| main.go:112:14:112:14 | init of 1 | main.go:89:2:89:2 | a | main.go:112:14:112:14 | 1 |
-| main.go:112:17:112:17 | init of 5 | main.go:90:2:90:2 | b | main.go:112:17:112:17 | 5 |
-| main.go:112:21:112:23 | init of 'n' | main.go:106:2:106:2 | c | main.go:112:21:112:23 | 'n' |
-| main.go:114:3:114:3 | assignment to p | main.go:110:6:110:6 | p | main.go:114:7:114:24 | struct literal |
-| main.go:114:9:114:9 | init of 3 | main.go:104:2:104:2 | a | main.go:114:9:114:9 | 3 |
-| main.go:114:12:114:18 | init of struct literal | main.go:105:2:105:2 | b | main.go:114:12:114:18 | struct literal |
-| main.go:114:14:114:14 | init of 4 | main.go:89:2:89:2 | a | main.go:114:14:114:14 | 4 |
-| main.go:114:17:114:17 | init of 5 | main.go:90:2:90:2 | b | main.go:114:17:114:17 | 5 |
-| main.go:114:21:114:23 | init of '2' | main.go:106:2:106:2 | c | main.go:114:21:114:23 | '2' |
+| main.go:103:20:103:26 | initialization of wrapper | main.go:103:20:103:26 | wrapper | main.go:103:20:103:26 | argument corresponding to wrapper |
+| main.go:104:2:104:2 | assignment to x | main.go:104:2:104:2 | x | main.go:104:7:104:7 | 0 |
+| main.go:106:3:106:3 | assignment to y | main.go:106:3:106:3 | y | main.go:106:8:106:8 | x |
+| main.go:112:29:112:35 | initialization of wrapper | main.go:112:29:112:35 | wrapper | main.go:112:29:112:35 | argument corresponding to wrapper |
+| main.go:113:2:113:2 | assignment to x | main.go:113:2:113:2 | x | main.go:113:7:113:7 | 0 |
+| main.go:115:3:115:3 | assignment to y | main.go:115:3:115:3 | y | main.go:115:8:115:12 | ...+... |
+| main.go:116:3:116:3 | assignment to x | main.go:113:2:113:2 | x | main.go:116:7:116:7 | y |
+| main.go:128:6:128:6 | assignment to p | main.go:128:6:128:6 | p | main.go:128:6:128:6 | zero value for p |
+| main.go:130:3:130:3 | assignment to p | main.go:128:6:128:6 | p | main.go:130:7:130:24 | struct literal |
+| main.go:130:9:130:9 | init of 2 | main.go:122:2:122:2 | a | main.go:130:9:130:9 | 2 |
+| main.go:130:12:130:18 | init of struct literal | main.go:123:2:123:2 | b | main.go:130:12:130:18 | struct literal |
+| main.go:130:14:130:14 | init of 1 | main.go:89:2:89:2 | a | main.go:130:14:130:14 | 1 |
+| main.go:130:17:130:17 | init of 5 | main.go:90:2:90:2 | b | main.go:130:17:130:17 | 5 |
+| main.go:130:21:130:23 | init of 'n' | main.go:124:2:124:2 | c | main.go:130:21:130:23 | 'n' |
+| main.go:132:3:132:3 | assignment to p | main.go:128:6:128:6 | p | main.go:132:7:132:24 | struct literal |
+| main.go:132:9:132:9 | init of 3 | main.go:122:2:122:2 | a | main.go:132:9:132:9 | 3 |
+| main.go:132:12:132:18 | init of struct literal | main.go:123:2:123:2 | b | main.go:132:12:132:18 | struct literal |
+| main.go:132:14:132:14 | init of 4 | main.go:89:2:89:2 | a | main.go:132:14:132:14 | 4 |
+| main.go:132:17:132:17 | init of 5 | main.go:90:2:90:2 | b | main.go:132:17:132:17 | 5 |
+| main.go:132:21:132:23 | init of '2' | main.go:124:2:124:2 | c | main.go:132:21:132:23 | '2' |

go/ql/test/library-tests/semmle/go/dataflow/SSA/VarUses.expected

@@ -28,13 +28,29 @@
 | main.go:84:15:84:15 | x | main.go:83:2:83:2 | x |
 | main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | wrapper |
 | main.go:97:2:97:10 | selection of s | main.go:95:38:95:38 | s |
+| main.go:97:2:97:10 | selection of s | main.go:103:36:103:36 | s |
+| main.go:97:2:97:10 | selection of s | main.go:112:45:112:45 | s |
 | main.go:100:9:100:9 | x | main.go:96:2:96:2 | x |
-| main.go:117:2:117:2 | p | main.go:110:6:110:6 | p |
-| main.go:117:2:117:4 | selection of b | main.go:105:2:105:2 | b |
-| main.go:119:12:119:12 | p | main.go:110:6:110:6 | p |
-| main.go:119:12:119:14 | selection of a | main.go:104:2:104:2 | a |
-| main.go:119:17:119:17 | p | main.go:110:6:110:6 | p |
-| main.go:119:17:119:19 | selection of b | main.go:105:2:105:2 | b |
-| main.go:119:17:119:21 | selection of a | main.go:89:2:89:2 | a |
-| main.go:119:24:119:24 | p | main.go:110:6:110:6 | p |
-| main.go:119:24:119:26 | selection of c | main.go:106:2:106:2 | c |
+| main.go:105:2:105:8 | wrapper | main.go:103:20:103:26 | wrapper |
+| main.go:105:2:105:10 | selection of s | main.go:95:38:95:38 | s |
+| main.go:105:2:105:10 | selection of s | main.go:103:36:103:36 | s |
+| main.go:105:2:105:10 | selection of s | main.go:112:45:112:45 | s |
+| main.go:106:8:106:8 | x | main.go:104:2:104:2 | x |
+| main.go:107:7:107:7 | y | main.go:106:3:106:3 | y |
+| main.go:109:9:109:9 | x | main.go:104:2:104:2 | x |
+| main.go:114:2:114:8 | wrapper | main.go:112:29:112:35 | wrapper |
+| main.go:114:2:114:10 | selection of s | main.go:95:38:95:38 | s |
+| main.go:114:2:114:10 | selection of s | main.go:103:36:103:36 | s |
+| main.go:114:2:114:10 | selection of s | main.go:112:45:112:45 | s |
+| main.go:115:8:115:8 | x | main.go:113:2:113:2 | x |
+| main.go:116:7:116:7 | y | main.go:115:3:115:3 | y |
+| main.go:118:9:118:9 | x | main.go:113:2:113:2 | x |
+| main.go:135:2:135:2 | p | main.go:128:6:128:6 | p |
+| main.go:135:2:135:4 | selection of b | main.go:123:2:123:2 | b |
+| main.go:137:12:137:12 | p | main.go:128:6:128:6 | p |
+| main.go:137:12:137:14 | selection of a | main.go:122:2:122:2 | a |
+| main.go:137:17:137:17 | p | main.go:128:6:128:6 | p |
+| main.go:137:17:137:19 | selection of b | main.go:123:2:123:2 | b |
+| main.go:137:17:137:21 | selection of a | main.go:89:2:89:2 | a |
+| main.go:137:24:137:24 | p | main.go:128:6:128:6 | p |
+| main.go:137:24:137:26 | selection of c | main.go:124:2:124:2 | c |

go/ql/test/library-tests/semmle/go/dataflow/SSA/main.go

@@ -100,6 +100,24 @@ func updateInClosure(wrapper struct{ s }) int {
 	return x
 }
 
+func readInClosure(wrapper struct{ s }) int {
+	x := 0
+	wrapper.s.foo(func() {
+		y := x
+		_ = y
+	})
+	return x
+}
+
+func readAndUpdateInClosure(wrapper struct{ s }) int {
+	x := 0
+	wrapper.s.foo(func() {
+		y := x + 1
+		x = y
+	})
+	return x
+}
+
 type t struct {
 	a int
 	b s

go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected

@@ -1,73 +1,73 @@
 #select
-| test.go:154:14:154:21 | password | test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:155:17:155:24 | password | test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:156:14:156:21 | password | test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:157:18:157:25 | password | test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:158:14:158:21 | password | test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:159:13:159:20 | password | test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:160:22:160:29 | password | test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:161:15:161:22 | password | test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:162:14:162:21 | password | test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:163:13:163:20 | password | test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:164:16:164:23 | password | test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:165:13:165:20 | password | test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:166:16:166:23 | password | test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:167:13:167:20 | password | test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:168:17:168:24 | password | test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:169:13:169:20 | password | test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:170:12:170:19 | password | test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:171:21:171:28 | password | test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:172:14:172:21 | password | test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:173:13:173:20 | password | test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:174:12:174:19 | password | test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:175:15:175:22 | password | test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:176:15:176:22 | password | test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:177:18:177:25 | password | test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:178:15:178:22 | password | test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:179:19:179:26 | password | test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:180:15:180:22 | password | test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:181:14:181:21 | password | test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:182:23:182:30 | password | test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:183:16:183:23 | password | test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:184:15:184:22 | password | test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:185:14:185:21 | password | test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:186:17:186:24 | password | test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:187:16:187:23 | password | test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:154:14:154:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:155:17:155:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:156:14:156:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:157:18:157:25 | password | test.go:153:17:153:24 | SSA def(password) | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:158:14:158:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:159:13:159:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:160:22:160:29 | password | test.go:153:17:153:24 | SSA def(password) | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:161:15:161:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:162:14:162:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:163:13:163:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:164:16:164:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:165:13:165:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:166:16:166:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:167:13:167:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:168:17:168:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:169:13:169:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:170:12:170:19 | password | test.go:153:17:153:24 | SSA def(password) | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:171:21:171:28 | password | test.go:153:17:153:24 | SSA def(password) | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:172:14:172:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:173:13:173:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:174:12:174:19 | password | test.go:153:17:153:24 | SSA def(password) | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:175:15:175:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:176:15:176:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:177:18:177:25 | password | test.go:153:17:153:24 | SSA def(password) | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:178:15:178:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:179:19:179:26 | password | test.go:153:17:153:24 | SSA def(password) | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:180:15:180:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:181:14:181:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:182:23:182:30 | password | test.go:153:17:153:24 | SSA def(password) | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:183:16:183:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:184:15:184:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:185:14:185:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:186:17:186:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:187:16:187:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
 edges
-| test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | provenance | Sink:MaD:1 |
-| test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | provenance | Sink:MaD:2 |
-| test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | provenance | Sink:MaD:3 |
-| test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | provenance | Sink:MaD:4 |
-| test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | provenance | Sink:MaD:5 |
-| test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | provenance | Sink:MaD:6 |
-| test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | provenance | Sink:MaD:7 |
-| test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | provenance | Sink:MaD:8 |
-| test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | provenance | Sink:MaD:9 |
-| test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | provenance | Sink:MaD:10 |
-| test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | provenance | Sink:MaD:11 |
-| test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | provenance | Sink:MaD:12 |
-| test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | provenance | Sink:MaD:13 |
-| test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | provenance | Sink:MaD:14 |
-| test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | provenance | Sink:MaD:15 |
-| test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | provenance | Sink:MaD:16 |
-| test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | provenance | Sink:MaD:17 |
-| test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | provenance | Sink:MaD:18 |
-| test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | provenance | Sink:MaD:19 |
-| test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | provenance | Sink:MaD:20 |
-| test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | provenance | Sink:MaD:21 |
-| test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | provenance | Sink:MaD:22 |
-| test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:154:14:154:21 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:155:17:155:24 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:156:14:156:21 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:157:18:157:25 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:158:14:158:21 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:159:13:159:20 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:160:22:160:29 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:161:15:161:22 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:162:14:162:21 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:163:13:163:20 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:164:16:164:23 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:165:13:165:20 | password | provenance | Sink:MaD:1 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:166:16:166:23 | password | provenance | Sink:MaD:2 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:167:13:167:20 | password | provenance | Sink:MaD:3 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:168:17:168:24 | password | provenance | Sink:MaD:4 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:169:13:169:20 | password | provenance | Sink:MaD:5 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:170:12:170:19 | password | provenance | Sink:MaD:6 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:171:21:171:28 | password | provenance | Sink:MaD:7 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:172:14:172:21 | password | provenance | Sink:MaD:8 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:173:13:173:20 | password | provenance | Sink:MaD:9 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:174:12:174:19 | password | provenance | Sink:MaD:10 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:175:15:175:22 | password | provenance | Sink:MaD:11 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:176:15:176:22 | password | provenance | Sink:MaD:12 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:177:18:177:25 | password | provenance | Sink:MaD:13 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:178:15:178:22 | password | provenance | Sink:MaD:14 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:179:19:179:26 | password | provenance | Sink:MaD:15 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:180:15:180:22 | password | provenance | Sink:MaD:16 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:181:14:181:21 | password | provenance | Sink:MaD:17 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:182:23:182:30 | password | provenance | Sink:MaD:18 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:183:16:183:23 | password | provenance | Sink:MaD:19 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:184:15:184:22 | password | provenance | Sink:MaD:20 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:185:14:185:21 | password | provenance | Sink:MaD:21 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:186:17:186:24 | password | provenance | Sink:MaD:22 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:187:16:187:23 | password | provenance |  |
 models
 | 1 | Sink: group:beego-logs; ; false; Alert; ; ; Argument[0..1]; log-injection; manual |
 | 2 | Sink: group:beego-logs; ; false; Critical; ; ; Argument[0..1]; log-injection; manual |
@@ -92,7 +92,7 @@ models
 | 21 | Sink: group:beego-logs; BeeLogger; true; Warn; ; ; Argument[0..1]; log-injection; manual |
 | 22 | Sink: group:beego-logs; BeeLogger; true; Warning; ; ; Argument[0..1]; log-injection; manual |
 nodes
-| test.go:153:17:153:24 | definition of password | semmle.label | definition of password |
+| test.go:153:17:153:24 | SSA def(password) | semmle.label | SSA def(password) |
 | test.go:154:14:154:21 | password | semmle.label | password |
 | test.go:155:17:155:24 | password | semmle.label | password |
 | test.go:156:14:156:21 | password | semmle.label | password |

go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.qlref

@@ -1,2 +1,4 @@
 query: Security/CWE-089/SqlInjection.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.qlref

@@ -1,2 +1,4 @@
 query: Security/CWE-079/StoredXss.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/test.go

@@ -8,61 +8,61 @@ import (
 
 // BAD: using untrusted data in SQL queries
 func testDbMethods(bdb *orm.DB, untrustedSource *http.Request) {
-	untrusted := untrustedSource.UserAgent()
+	untrusted := untrustedSource.UserAgent() // $ Source[go/sql-injection]
 
-	bdb.Exec(untrusted)                 // $ querystring=untrusted
-	bdb.ExecContext(nil, untrusted)     // $ querystring=untrusted
-	bdb.Prepare(untrusted)              // $ querystring=untrusted
-	bdb.PrepareContext(nil, untrusted)  // $ querystring=untrusted
-	bdb.Query(untrusted)                // $ querystring=untrusted
-	bdb.QueryContext(nil, untrusted)    // $ querystring=untrusted
-	bdb.QueryRow(untrusted)             // $ querystring=untrusted
-	bdb.QueryRowContext(nil, untrusted) // $ querystring=untrusted
+	bdb.Exec(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.ExecContext(nil, untrusted)     // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.Prepare(untrusted)              // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.PrepareContext(nil, untrusted)  // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.Query(untrusted)                // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.QueryContext(nil, untrusted)    // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.QueryRow(untrusted)             // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.QueryRowContext(nil, untrusted) // $ querystring=untrusted Alert[go/sql-injection]
 }
 
 // BAD: using untrusted data to build SQL queries (QueryBuilder does not sanitize its arguments)
 func testQueryBuilderMethods(qb orm.QueryBuilder, untrustedSource *http.Request) {
-	untrusted := untrustedSource.UserAgent()
-	untrusted2 := untrustedSource.UserAgent()
+	untrusted := untrustedSource.UserAgent()  // $ Source[go/sql-injection]
+	untrusted2 := untrustedSource.UserAgent() // $ Source[go/sql-injection]
 
-	qb.Select(untrusted)                 // $ querystring=untrusted
-	qb.From(untrusted)                   // $ querystring=untrusted
-	qb.InnerJoin(untrusted)              // $ querystring=untrusted
-	qb.LeftJoin(untrusted)               // $ querystring=untrusted
-	qb.RightJoin(untrusted)              // $ querystring=untrusted
-	qb.On(untrusted)                     // $ querystring=untrusted
-	qb.Where(untrusted)                  // $ querystring=untrusted
-	qb.And(untrusted)                    // $ querystring=untrusted
-	qb.Or(untrusted)                     // $ querystring=untrusted
-	qb.In(untrusted)                     // $ querystring=untrusted
-	qb.OrderBy(untrusted)                // $ querystring=untrusted
-	qb.GroupBy(untrusted)                // $ querystring=untrusted
-	qb.Having(untrusted)                 // $ querystring=untrusted
-	qb.Update(untrusted)                 // $ querystring=untrusted
-	qb.Set(untrusted)                    // $ querystring=untrusted
-	qb.Delete(untrusted)                 // $ querystring=untrusted
-	qb.InsertInto(untrusted, untrusted2) // $ querystring=untrusted querystring=untrusted2
-	qb.Values(untrusted)                 // $ querystring=untrusted
-	qb.Subquery(untrusted, untrusted2)   // $ querystring=untrusted querystring=untrusted2
+	qb.Select(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	qb.From(untrusted)                   // $ querystring=untrusted Alert[go/sql-injection]
+	qb.InnerJoin(untrusted)              // $ querystring=untrusted Alert[go/sql-injection]
+	qb.LeftJoin(untrusted)               // $ querystring=untrusted Alert[go/sql-injection]
+	qb.RightJoin(untrusted)              // $ querystring=untrusted Alert[go/sql-injection]
+	qb.On(untrusted)                     // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Where(untrusted)                  // $ querystring=untrusted Alert[go/sql-injection]
+	qb.And(untrusted)                    // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Or(untrusted)                     // $ querystring=untrusted Alert[go/sql-injection]
+	qb.In(untrusted)                     // $ querystring=untrusted Alert[go/sql-injection]
+	qb.OrderBy(untrusted)                // $ querystring=untrusted Alert[go/sql-injection]
+	qb.GroupBy(untrusted)                // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Having(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Update(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Set(untrusted)                    // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Delete(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	qb.InsertInto(untrusted, untrusted2) // $ querystring=untrusted querystring=untrusted2 Alert[go/sql-injection]
+	qb.Values(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Subquery(untrusted, untrusted2)   // $ querystring=untrusted querystring=untrusted2 Alert[go/sql-injection]
 }
 
 func testOrmerRaw(ormer orm.Ormer, untrustedSource *http.Request) {
-	untrusted := untrustedSource.UserAgent()
+	untrusted := untrustedSource.UserAgent() // $ Source[go/sql-injection]
 	untrusted2 := untrustedSource.UserAgent()
-	ormer.Raw(untrusted, untrusted2)                    // $ querystring=untrusted         // BAD: using an untrusted string as a query
+	ormer.Raw(untrusted, untrusted2)                    // $ querystring=untrusted Alert[go/sql-injection] // BAD: using an untrusted string as a query
 	ormer.Raw("FROM ? SELECT ?", untrusted, untrusted2) // $ querystring="FROM ? SELECT ?" // GOOD: untrusted string used in argument context
 }
 
 func testFilterRaw(querySeter orm.QuerySeter, untrustedSource *http.Request) {
-	untrusted := untrustedSource.UserAgent()
+	untrusted := untrustedSource.UserAgent() // $ Source[go/sql-injection]
 	querySeter.FilterRaw(untrusted, "safe")  // $ querystring="safe"    // GOOD: untrusted used as a column name
-	querySeter.FilterRaw("safe", untrusted) // $ querystring=untrusted // BAD: untrusted used as a SQL fragment
+	querySeter.FilterRaw("safe", untrusted)  // $ querystring=untrusted Alert[go/sql-injection] // BAD: untrusted used as a SQL fragment
 }
 
 func testConditionRaw(cond orm.Condition, untrustedSource *http.Request) {
-	untrusted := untrustedSource.UserAgent()
+	untrusted := untrustedSource.UserAgent() // $ Source[go/sql-injection]
 	cond.Raw(untrusted, "safe")              // $ querystring="safe"    // GOOD: untrusted used as a column name
-	cond.Raw("safe", untrusted) // $ querystring=untrusted // BAD: untrusted used as a SQL fragment
+	cond.Raw("safe", untrusted)              // $ querystring=untrusted Alert[go/sql-injection] // BAD: untrusted used as a SQL fragment
 }
 
 type SubStruct struct {
@@ -77,90 +77,90 @@ type MyStruct struct {
 // BAD: (possible stored XSS) retrieving data from a database then writing to an HTTP response
 func testOrmerReads(ormer orm.Ormer, sink http.ResponseWriter) {
 	obj := MyStruct{}
-	ormer.Read(&obj)
-	sink.Write([]byte(obj.field))
-	sink.Write([]byte(obj.substructs[0].field))
+	ormer.Read(&obj)                            // $ Source[go/stored-xss]
+	sink.Write([]byte(obj.field))               // $ Alert[go/stored-xss]
+	sink.Write([]byte(obj.substructs[0].field)) // $ Alert[go/stored-xss]
 
 	obj2 := MyStruct{}
-	ormer.ReadForUpdate(&obj2)
-	sink.Write([]byte(obj2.field))
+	ormer.ReadForUpdate(&obj2)     // $ Source[go/stored-xss]
+	sink.Write([]byte(obj2.field)) // $ Alert[go/stored-xss]
 
 	obj3 := MyStruct{}
-	ormer.ReadOrCreate(&obj3, "arg")
-	sink.Write([]byte(obj3.field))
+	ormer.ReadOrCreate(&obj3, "arg") // $ Source[go/stored-xss]
+	sink.Write([]byte(obj3.field))   // $ Alert[go/stored-xss]
 }
 
 // BAD: (possible stored XSS) retrieving data from a database then writing to an HTTP response
 func testFieldReads(textField *orm.TextField, jsonField *orm.JSONField, jsonbField *orm.JsonbField, sink http.ResponseWriter) {
-	sink.Write([]byte(textField.Value()))
-	sink.Write([]byte(textField.RawValue().(string)))
-	sink.Write([]byte(textField.String()))
-	sink.Write([]byte(jsonField.Value()))
-	sink.Write([]byte(jsonField.RawValue().(string)))
-	sink.Write([]byte(jsonField.String()))
-	sink.Write([]byte(jsonbField.Value()))
-	sink.Write([]byte(jsonbField.RawValue().(string)))
-	sink.Write([]byte(jsonbField.String()))
+	sink.Write([]byte(textField.Value()))              // $ Alert[go/stored-xss]
+	sink.Write([]byte(textField.RawValue().(string)))  // $ Alert[go/stored-xss]
+	sink.Write([]byte(textField.String()))             // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonField.Value()))              // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonField.RawValue().(string)))  // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonField.String()))             // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonbField.Value()))             // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonbField.RawValue().(string))) // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonbField.String()))            // $ Alert[go/stored-xss]
 }
 
 // BAD: (possible stored XSS) retrieving data from a database then writing to an HTTP response
 func testQuerySeterReads(qs orm.QuerySeter, sink http.ResponseWriter) {
 	var objs []*MyStruct
-	qs.All(&objs)
-	sink.Write([]byte(objs[0].field))
+	qs.All(&objs)                     // $ Source[go/stored-xss]
+	sink.Write([]byte(objs[0].field)) // $ Alert[go/stored-xss]
 
 	var obj MyStruct
-	qs.One(&obj)
-	sink.Write([]byte(obj.field))
+	qs.One(&obj)                  // $ Source[go/stored-xss]
+	sink.Write([]byte(obj.field)) // $ Alert[go/stored-xss]
 
 	var allMaps []orm.Params
-	qs.Values(&allMaps)
-	sink.Write([]byte(allMaps[0]["field"].(string)))
+	qs.Values(&allMaps)                              // $ Source[go/stored-xss]
+	sink.Write([]byte(allMaps[0]["field"].(string))) // $ Alert[go/stored-xss]
 
 	var allLists []orm.ParamsList
-	qs.ValuesList(&allLists)
-	sink.Write([]byte(allLists[0][0].(string)))
+	qs.ValuesList(&allLists)                    // $ Source[go/stored-xss]
+	sink.Write([]byte(allLists[0][0].(string))) // $ Alert[go/stored-xss]
 
 	var oneList orm.ParamsList
-	qs.ValuesFlat(&oneList, "colname")
-	sink.Write([]byte(oneList[0].(string)))
+	qs.ValuesFlat(&oneList, "colname")      // $ Source[go/stored-xss]
+	sink.Write([]byte(oneList[0].(string))) // $ Alert[go/stored-xss]
 
 	var oneRowMap orm.Params
-	qs.RowsToMap(&oneRowMap, "key", "value")
-	sink.Write([]byte(oneRowMap["field"].(string)))
+	qs.RowsToMap(&oneRowMap, "key", "value")        // $ Source[go/stored-xss]
+	sink.Write([]byte(oneRowMap["field"].(string))) // $ Alert[go/stored-xss]
 
 	var oneRowStruct MyStruct
-	qs.RowsToStruct(&oneRowStruct, "key", "value")
-	sink.Write([]byte(oneRowStruct.field))
+	qs.RowsToStruct(&oneRowStruct, "key", "value") // $ Source[go/stored-xss]
+	sink.Write([]byte(oneRowStruct.field))         // $ Alert[go/stored-xss]
 }
 
 // BAD: (possible stored XSS) retrieving data from a database then writing to an HTTP response
 func testRawSeterReads(rs orm.RawSeter, sink http.ResponseWriter) {
 	var allMaps []orm.Params
-	rs.Values(&allMaps)
-	sink.Write([]byte(allMaps[0]["field"].(string)))
+	rs.Values(&allMaps)                              // $ Source[go/stored-xss]
+	sink.Write([]byte(allMaps[0]["field"].(string))) // $ Alert[go/stored-xss]
 
 	var allLists []orm.ParamsList
-	rs.ValuesList(&allLists)
-	sink.Write([]byte(allLists[0][0].(string)))
+	rs.ValuesList(&allLists)                    // $ Source[go/stored-xss]
+	sink.Write([]byte(allLists[0][0].(string))) // $ Alert[go/stored-xss]
 
 	var oneList orm.ParamsList
-	rs.ValuesFlat(&oneList, "colname")
-	sink.Write([]byte(oneList[0].(string)))
+	rs.ValuesFlat(&oneList, "colname")      // $ Source[go/stored-xss]
+	sink.Write([]byte(oneList[0].(string))) // $ Alert[go/stored-xss]
 
 	var oneRowMap orm.Params
-	rs.RowsToMap(&oneRowMap, "key", "value")
-	sink.Write([]byte(oneRowMap["field"].(string)))
+	rs.RowsToMap(&oneRowMap, "key", "value")        // $ Source[go/stored-xss]
+	sink.Write([]byte(oneRowMap["field"].(string))) // $ Alert[go/stored-xss]
 
 	var oneRowStruct MyStruct
-	rs.RowsToStruct(&oneRowStruct, "key", "value")
-	sink.Write([]byte(oneRowStruct.field))
+	rs.RowsToStruct(&oneRowStruct, "key", "value") // $ Source[go/stored-xss]
+	sink.Write([]byte(oneRowStruct.field))         // $ Alert[go/stored-xss]
 
 	var strField string
-	rs.QueryRow(&strField)
-	sink.Write([]byte(strField))
+	rs.QueryRow(&strField)       // $ Source[go/stored-xss]
+	sink.Write([]byte(strField)) // $ Alert[go/stored-xss]
 
 	var strFields []string
-	rs.QueryRows(&strFields)
-	sink.Write([]byte(strFields[0]))
+	rs.QueryRows(&strFields)         // $ Source[go/stored-xss]
+	sink.Write([]byte(strFields[0])) // $ Alert[go/stored-xss]
 }

go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.qlref

@@ -1,2 +1,4 @@
 query: Security/CWE-079/ReflectedXss.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/library-tests/semmle/go/frameworks/Chi/test.go

@@ -10,7 +10,7 @@ var hidden string
 
 func hideUserData(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		hidden = r.URL.Path
+		hidden = r.URL.Path // $ Source
 		next.ServeHTTP(w, r)
 	})
 }
@@ -18,10 +18,10 @@ func hideUserData(next http.Handler) http.Handler {
 func main() {
 	r := chi.NewRouter()
 	r.With(hideUserData).Get("/", func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte(hidden))
-		w.Write([]byte(chi.URLParam(r, "someParam")))
-		w.Write([]byte(chi.URLParamFromCtx(r.Context(), "someKey")))
-		w.Write([]byte(chi.RouteContext(r.Context()).URLParam("someOtherKey")))
+		w.Write([]byte(hidden))                                                 // $ Alert
+		w.Write([]byte(chi.URLParam(r, "someParam")))                           // $ Alert
+		w.Write([]byte(chi.URLParamFromCtx(r.Context(), "someKey")))            // $ Alert
+		w.Write([]byte(chi.RouteContext(r.Context()).URLParam("someOtherKey"))) // $ Alert
 	})
 	http.ListenAndServe(":3000", r)
 }

go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.qlref

@@ -1,2 +1,4 @@
 query: Security/CWE-601/OpenUrlRedirect.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.qlref

@@ -1,2 +1,4 @@
 query: Security/CWE-079/ReflectedXss.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.qlref

@@ -1,2 +1,4 @@
 query: Security/CWE-022/TaintedPath.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go

@@ -12,81 +12,81 @@ import (
 // All are XSS vulnerabilities, except as specifically noted.
 
 func testParam(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.HTML(200, param)
+	param := ctx.Param("someParam") // $ Source[go/reflected-xss]
+	ctx.HTML(200, param)            // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testParamValues(ctx echo.Context) error {
-	param := ctx.ParamValues()[0]
-	ctx.HTML(200, param)
+	param := ctx.ParamValues()[0] // $ Source[go/reflected-xss]
+	ctx.HTML(200, param)          // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testQueryParam(ctx echo.Context) error {
-	param := ctx.QueryParam("someParam")
-	ctx.HTML(200, param)
+	param := ctx.QueryParam("someParam") // $ Source[go/reflected-xss]
+	ctx.HTML(200, param)                 // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testQueryParams(ctx echo.Context) error {
-	param := ctx.QueryParams()["someParam"][0]
-	ctx.HTML(200, param)
+	param := ctx.QueryParams()["someParam"][0] // $ Source[go/reflected-xss]
+	ctx.HTML(200, param)                       // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testQueryString(ctx echo.Context) error {
-	qstr := ctx.QueryString()
-	ctx.HTML(200, qstr)
+	qstr := ctx.QueryString() // $ Source[go/reflected-xss]
+	ctx.HTML(200, qstr)       // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testFormValue(ctx echo.Context) error {
-	val := ctx.FormValue("someField")
-	ctx.HTML(200, val)
+	val := ctx.FormValue("someField") // $ Source[go/reflected-xss]
+	ctx.HTML(200, val)                // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testFormParams(ctx echo.Context) error {
-	params, _ := ctx.FormParams()
-	ctx.HTML(200, params["someField"][0])
+	params, _ := ctx.FormParams()         // $ Source[go/reflected-xss]
+	ctx.HTML(200, params["someField"][0]) // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testFormFile(ctx echo.Context) error {
-	fileHeader, _ := ctx.FormFile("someFilename")
+	fileHeader, _ := ctx.FormFile("someFilename") // $ Source[go/reflected-xss]
 	file, _ := fileHeader.Open()
 	buffer := make([]byte, 100)
 	file.Read(buffer)
-	ctx.HTMLBlob(200, buffer)
+	ctx.HTMLBlob(200, buffer) // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testMultipartFormValue(ctx echo.Context) error {
-	form, _ := ctx.MultipartForm()
-	ctx.HTML(200, form.Value["someField"][0])
+	form, _ := ctx.MultipartForm()            // $ Source[go/reflected-xss]
+	ctx.HTML(200, form.Value["someField"][0]) // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testMultipartFormFile(ctx echo.Context) error {
-	form, _ := ctx.MultipartForm()
+	form, _ := ctx.MultipartForm() // $ Source[go/reflected-xss]
 	fileHeader := form.File["someFilename"][0]
 	file, _ := fileHeader.Open()
 	buffer := make([]byte, 100)
 	file.Read(buffer)
-	ctx.HTMLBlob(200, buffer)
+	ctx.HTMLBlob(200, buffer) // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testCookie(ctx echo.Context) error {
-	val, _ := ctx.Cookie("someKey")
-	ctx.HTML(200, val.Value)
+	val, _ := ctx.Cookie("someKey") // $ Source[go/reflected-xss]
+	ctx.HTML(200, val.Value)        // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testCookies(ctx echo.Context) error {
-	cookies := ctx.Cookies()
-	ctx.HTML(200, cookies[0].Value)
+	cookies := ctx.Cookies()        // $ Source[go/reflected-xss]
+	ctx.HTML(200, cookies[0].Value) // $ Alert[go/reflected-xss]
 	return nil
 }
 
@@ -96,8 +96,8 @@ type myStruct struct {
 
 func testBind(ctx echo.Context) error {
 	data := myStruct{}
-	ctx.Bind(&data)
-	ctx.HTML(200, data.s)
+	ctx.Bind(&data)       // $ Source[go/reflected-xss]
+	ctx.HTML(200, data.s) // $ Alert[go/reflected-xss]
 	return nil
 }
 
@@ -110,8 +110,8 @@ func testGetSetEmpty(ctx echo.Context) error {
 }
 
 func testGetSet(ctx echo.Context) error {
-	ctx.Set("someKey", ctx.Param("someParam"))
-	ctx.HTML(200, ctx.Get("someKey").(string)) // BAD, the context is tainted
+	ctx.Set("someKey", ctx.Param("someParam")) // $ Source[go/reflected-xss]
+	ctx.HTML(200, ctx.Get("someKey").(string)) // $ Alert[go/reflected-xss] // BAD, the context is tainted
 	return nil
 }
 
@@ -121,20 +121,20 @@ func testGetSet(ctx echo.Context) error {
 // All are XSS vulnerabilities, except as specifically noted.
 
 func testHTML(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.HTML(200, param)
+	param := ctx.Param("someParam") // $ Source[go/reflected-xss]
+	ctx.HTML(200, param)            // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testHTMLBlob(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.HTMLBlob(200, []byte(param))
+	param := ctx.Param("someParam")  // $ Source[go/reflected-xss]
+	ctx.HTMLBlob(200, []byte(param)) // $ Alert[go/reflected-xss]
 	return nil
 }
 
 func testBlob(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.Blob(200, "text/html", []byte(param)) // BAD, the content-type is HTML
+	param := ctx.Param("someParam")           // $ Source[go/reflected-xss]
+	ctx.Blob(200, "text/html", []byte(param)) // $ Alert[go/reflected-xss] // BAD, the content-type is HTML
 	return nil
 }
 
@@ -145,9 +145,9 @@ func testBlobSafe(ctx echo.Context) error {
 }
 
 func testStream(ctx echo.Context) error {
-	param := ctx.Param("someParam")
+	param := ctx.Param("someParam") // $ Source[go/reflected-xss]
 	reader := strings.NewReader(param)
-	ctx.Stream(200, "text/html", reader) // BAD, the content-type is HTML
+	ctx.Stream(200, "text/html", reader) // $ Alert[go/reflected-xss] // BAD, the content-type is HTML
 	return nil
 }
 
@@ -161,28 +161,28 @@ func testStreamSafe(ctx echo.Context) error {
 // Section: testing output methods defined on Response (XSS vulnerability)
 
 func testResponseWrite(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.Response().Write([]byte(param))
+	param := ctx.Param("someParam")     // $ Source[go/reflected-xss]
+	ctx.Response().Write([]byte(param)) // $ Alert[go/reflected-xss]
 	return nil
 }
 
 // Section: test detecting an open redirect using the Context.Redirect function:
 
 func testRedirect(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.Redirect(301, param)
+	param := ctx.Param("someParam") // $ Source[go/unvalidated-url-redirection]
+	ctx.Redirect(301, param)        // $ Alert[go/unvalidated-url-redirection]
 	return nil
 }
 
 func testLocalRedirects(ctx echo.Context) error {
-	param := ctx.Param("someParam")
+	param := ctx.Param("someParam") // $ Source[go/unvalidated-url-redirection]
 	param2 := param
 	param3 := param
 	// Gratuitous copy because sanitization of uses propagates to subsequent uses
 	// GOOD: local redirects are unproblematic
 	ctx.Redirect(301, "/local"+param)
 	// BAD: this could be a non-local redirect
-	ctx.Redirect(301, "/"+param2)
+	ctx.Redirect(301, "/"+param2) // $ Alert[go/unvalidated-url-redirection]
 	// GOOD: localhost redirects are unproblematic
 	ctx.Redirect(301, "//localhost/"+param3)
 	return nil
@@ -221,12 +221,12 @@ func testNonExploitableFields(ctx echo.Context) error {
 func fsOpsTest() {
 	e := echo.New()
 	e.GET("/", func(c echo.Context) error {
-		filepath := c.QueryParam("filePath")
-		return c.File(filepath) // $ FileSystemAccess=filepath
+		filepath := c.QueryParam("filePath") // $ Source[go/path-injection]
+		return c.File(filepath)              // $ FileSystemAccess=filepath Alert[go/path-injection]
 	})
 	e.GET("/attachment", func(c echo.Context) error {
-		filepath := c.QueryParam("filePath")
-		return c.Attachment(filepath, "file name in response") // $ FileSystemAccess=filepath
+		filepath := c.QueryParam("filePath")                   // $ Source[go/path-injection]
+		return c.Attachment(filepath, "file name in response") // $ FileSystemAccess=filepath Alert[go/path-injection]
 	})
 	_ = e.Start(":1323")
 }

go/ql/test/library-tests/semmle/go/frameworks/GoKit/main.go

@@ -12,12 +12,12 @@ type MyService interface {
 }
 
 func makeEndpointLit(svc MyService) endpoint.Endpoint {
-	return func(_ context.Context, request interface{}) (interface{}, error) { // $ source="definition of request"
+	return func(_ context.Context, request interface{}) (interface{}, error) { // $ source="SSA def(request)"
 		return request, nil
 	}
 }
 
-func endpointfn(_ context.Context, request interface{}) (interface{}, error) { // $ source="definition of request"
+func endpointfn(_ context.Context, request interface{}) (interface{}, error) { // $ source="SSA def(request)"
 	return request, nil
 }
 

go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected

@@ -1,8 +1,8 @@
+#select
+| main.go:21:28:21:31 | name | main.go:18:46:18:48 | SSA def(req) | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | SSA def(req) | user-provided value |
 edges
-| main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance |  |
+| main.go:18:46:18:48 | SSA def(req) | main.go:21:28:21:31 | name | provenance |  |
 nodes
-| main.go:18:46:18:48 | definition of req | semmle.label | definition of req |
+| main.go:18:46:18:48 | SSA def(req) | semmle.label | SSA def(req) |
 | main.go:21:28:21:31 | name | semmle.label | name |
 subpaths
-#select
-| main.go:21:28:21:31 | name | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | definition of req | user-provided value |

go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.qlref

@@ -1 +1,2 @@
-Security/CWE-117/LogInjection.ql
+query: Security/CWE-117/LogInjection.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/library-tests/semmle/go/frameworks/GoMicro/main.go

@@ -15,10 +15,10 @@ import (
 
 type Greeter struct{}
 
-func (g *Greeter) Hello(ctx context.Context, req *pb.Request, rsp *pb.Response) error { // $ serverRequest="definition of req"
+func (g *Greeter) Hello(ctx context.Context, req *pb.Request, rsp *pb.Response) error { // $ serverRequest="SSA def(req)" Source
 	// var access
 	name := req.Name
-	fmt.Println("Name :: %s", name)
+	fmt.Println("Name :: %s", name) // $ Alert
 	return nil
 }
 

go/ql/test/library-tests/semmle/go/frameworks/Revel/CONSISTENCY/DataFlowConsistency.expected

@@ -1,28 +1,28 @@
 reverseRead
-| EndToEnd.go:30:35:30:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:30:35:30:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:36:18:36:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:36:18:36:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:44:18:44:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:44:18:44:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:51:20:51:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:51:20:51:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:58:18:58:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:58:18:58:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:64:26:64:26 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:64:26:64:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:69:22:69:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:69:22:69:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:74:22:74:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:74:22:74:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:79:35:79:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:79:35:79:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:84:22:84:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:84:22:84:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:89:21:89:21 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:89:21:89:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:94:20:94:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:94:20:94:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:31:35:31:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:31:35:31:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:37:18:37:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:37:18:37:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:45:18:45:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:45:18:45:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:52:20:52:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:52:20:52:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:59:18:59:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:59:18:59:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:65:26:65:26 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:65:26:65:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:70:22:70:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:70:22:70:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:75:22:75:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:75:22:75:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:80:35:80:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:80:35:80:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:85:22:85:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:85:22:85:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:90:21:90:21 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:90:21:90:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:95:20:95:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:95:20:95:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
 | Revel.go:26:7:26:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
 | Revel.go:27:7:27:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
 | Revel.go:27:7:27:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |

go/ql/test/library-tests/semmle/go/frameworks/Revel/EndToEnd.go

@@ -3,10 +3,11 @@ package main
 import (
 	"bytes"
 	"errors"
-	staticControllers "github.com/revel/modules/static/app/controllers"
-	"github.com/revel/revel"
 	"os"
 	"time"
+
+	staticControllers "github.com/revel/modules/static/app/controllers"
+	"github.com/revel/revel"
 )
 
 // Use typical inheritence pattern, per github.com/revel/examples/booking:
@@ -33,8 +34,8 @@ func (c MyRoute) Handler1() revel.Result {
 func (c MyRoute) Handler2() revel.Result {
 	// BAD: the RenderBinary function copies an `io.Reader` to the user's browser.
 	buf := &bytes.Buffer{}
-	buf.WriteString(c.Params.Form.Get("someField"))
-	return c.RenderBinary(buf, "index.html", revel.Inline, time.Now()) // $ responsebody='buf'
+	buf.WriteString(c.Params.Form.Get("someField"))                    // $ Source[go/reflected-xss]
+	return c.RenderBinary(buf, "index.html", revel.Inline, time.Now()) // $ responsebody='buf' Alert[go/reflected-xss]
 }
 
 func (c MyRoute) Handler3() revel.Result {
@@ -55,18 +56,18 @@ func (c MyRoute) Handler4() revel.Result {
 func (c MyRoute) Handler5() revel.Result {
 	// BAD: returning an arbitrary file (but this is detected at the os.Open call, not
 	// due to modelling Revel)
-	f, _ := os.Open(c.Params.Form.Get("someField"))
+	f, _ := os.Open(c.Params.Form.Get("someField")) // $ Alert[go/path-injection]
 	return c.RenderFile(f, revel.Inline)
 }
 
 func (c MyRoute) Handler6() revel.Result {
 	// BAD: returning an arbitrary file (detected as a user-controlled file-op, not XSS)
-	return c.RenderFileName(c.Params.Form.Get("someField"), revel.Inline)
+	return c.RenderFileName(c.Params.Form.Get("someField"), revel.Inline) // $ Alert[go/path-injection]
 }
 
 func (c MyRoute) Handler7() revel.Result {
 	// BAD: straightforward XSS
-	return c.RenderHTML(c.Params.Form.Get("someField")) // $ responsebody='call to Get'
+	return c.RenderHTML(c.Params.Form.Get("someField")) // $ responsebody='call to Get' Alert[go/reflected-xss]
 }
 
 func (c MyRoute) Handler8() revel.Result {
@@ -91,5 +92,5 @@ func (c MyRoute) Handler11() revel.Result {
 
 func (c MyRoute) Handler12() revel.Result {
 	// BAD: open redirect
-	return c.Redirect(c.Params.Form.Get("someField"))
+	return c.Redirect(c.Params.Form.Get("someField")) // $ Alert[go/unvalidated-url-redirection]
 }

go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected

@@ -1,19 +1,19 @@
 #select
-| EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value |
+| EndToEnd.go:95:20:95:49 | call to Get | EndToEnd.go:95:20:95:27 | selection of Params | EndToEnd.go:95:20:95:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:95:20:95:27 | selection of Params | user-provided value |
 edges
-| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | provenance | Config |
-| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config |
-| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Src:MaD:2 Config |
-| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:2 Config |
-| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Config |
-| EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config Sink:MaD:1 |
+| EndToEnd.go:95:20:95:27 | implicit dereference | EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | provenance | Config |
+| EndToEnd.go:95:20:95:27 | implicit dereference | EndToEnd.go:95:20:95:32 | selection of Form | provenance | Config |
+| EndToEnd.go:95:20:95:27 | selection of Params | EndToEnd.go:95:20:95:27 | implicit dereference | provenance | Src:MaD:2 Config |
+| EndToEnd.go:95:20:95:27 | selection of Params | EndToEnd.go:95:20:95:32 | selection of Form | provenance | Src:MaD:2 Config |
+| EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | EndToEnd.go:95:20:95:27 | implicit dereference | provenance | Config |
+| EndToEnd.go:95:20:95:32 | selection of Form | EndToEnd.go:95:20:95:49 | call to Get | provenance | Config Sink:MaD:1 |
 models
 | 1 | Sink: group:revel; Controller; true; Redirect; ; ; Argument[0]; url-redirection; manual |
 | 2 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual |
 nodes
-| EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference |
-| EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params |
-| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | semmle.label | selection of Params [postupdate] |
-| EndToEnd.go:94:20:94:32 | selection of Form | semmle.label | selection of Form |
-| EndToEnd.go:94:20:94:49 | call to Get | semmle.label | call to Get |
+| EndToEnd.go:95:20:95:27 | implicit dereference | semmle.label | implicit dereference |
+| EndToEnd.go:95:20:95:27 | selection of Params | semmle.label | selection of Params |
+| EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | semmle.label | selection of Params [postupdate] |
+| EndToEnd.go:95:20:95:32 | selection of Form | semmle.label | selection of Form |
+| EndToEnd.go:95:20:95:49 | call to Get | semmle.label | call to Get |
 subpaths

go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.qlref

@@ -1,2 +1,4 @@
 query: Security/CWE-601/OpenUrlRedirect.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql