From 7c38dc34f34693b62d4e5921200f477f86464416 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 23 Mar 2026 16:30:51 +0000 Subject: [PATCH 1/9] Initial plan From e3bcd3bdd5789a27c052c09ea9081ab52d28e5e3 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 12 Mar 2025 21:08:05 +0000 Subject: [PATCH 2/9] Improve SSA tests for variables in closures --- .../semmle/go/dataflow/SSA/DefUse.expected | 16 ++++++--- .../go/dataflow/SSA/SsaDefinition.expected | 16 +++++++-- .../go/dataflow/SSA/SsaWithFields.expected | 26 ++++++++++---- .../semmle/go/dataflow/SSA/VarDefs.expected | 33 +++++++++++------- .../semmle/go/dataflow/SSA/VarUses.expected | 34 ++++++++++++++----- .../semmle/go/dataflow/SSA/main.go | 18 ++++++++++ 6 files changed, 107 insertions(+), 36 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected index aad16b89ab6b..9fe33491cfd8 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected @@ -28,7 +28,15 @@ | main.go:84:15:84:15 | x | main.go:83:2:83:2 | definition of x | main.go:83:2:83:2 | x | | main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | definition of wrapper | main.go:95:22:95:28 | wrapper | | main.go:100:9:100:9 | x | main.go:97:2:99:3 | capture variable x | main.go:96:2:96:2 | x | -| main.go:117:2:117:2 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p | -| main.go:119:12:119:12 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p | -| main.go:119:17:119:17 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p | -| main.go:119:24:119:24 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p | +| main.go:105:2:105:8 | wrapper | main.go:103:20:103:26 | definition of wrapper | main.go:103:20:103:26 | wrapper | +| main.go:106:8:106:8 | x | main.go:105:16:108:2 | capture variable x | main.go:104:2:104:2 | x | +| main.go:107:7:107:7 | y | main.go:106:3:106:3 | definition of y | main.go:106:3:106:3 | y | +| main.go:109:9:109:9 | x | main.go:104:2:104:2 | definition of x | main.go:104:2:104:2 | x | +| main.go:114:2:114:8 | wrapper | main.go:112:29:112:35 | definition of wrapper | main.go:112:29:112:35 | wrapper | +| main.go:115:8:115:8 | x | main.go:114:16:117:2 | capture variable x | main.go:113:2:113:2 | x | +| main.go:116:7:116:7 | y | main.go:115:3:115:3 | definition of y | main.go:115:3:115:3 | y | +| main.go:118:9:118:9 | x | main.go:114:2:117:3 | capture variable x | main.go:113:2:113:2 | x | +| main.go:135:2:135:2 | p | main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | main.go:128:6:128:6 | p | +| main.go:137:12:137:12 | p | main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | main.go:128:6:128:6 | p | +| main.go:137:17:137:17 | p | main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | main.go:128:6:128:6 | p | +| main.go:137:24:137:24 | p | main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | main.go:128:6:128:6 | p | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected index bd905b5c2a70..ddff7565818c 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected @@ -36,6 +36,16 @@ | main.go:96:2:96:2 | definition of x | | main.go:97:2:99:3 | capture variable x | | main.go:98:3:98:3 | definition of x | -| main.go:112:3:112:3 | definition of p | -| main.go:114:3:114:3 | definition of p | -| main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | +| main.go:103:20:103:26 | definition of wrapper | +| main.go:104:2:104:2 | definition of x | +| main.go:105:16:108:2 | capture variable x | +| main.go:106:3:106:3 | definition of y | +| main.go:112:29:112:35 | definition of wrapper | +| main.go:113:2:113:2 | definition of x | +| main.go:114:2:117:3 | capture variable x | +| main.go:114:16:117:2 | capture variable x | +| main.go:115:3:115:3 | definition of y | +| main.go:116:3:116:3 | definition of x | +| main.go:130:3:130:3 | definition of p | +| main.go:132:3:132:3 | definition of p | +| main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected index 245a82acc839..40b9195fc879 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected @@ -37,10 +37,22 @@ | main.go:96:2:96:2 | (def@96:2) | x | | main.go:97:2:99:3 | (capture@97:2) | x | | main.go:98:3:98:3 | (def@98:3) | x | -| main.go:112:3:112:3 | (def@112:3) | p | -| main.go:114:3:114:3 | (def@114:3) | p | -| main.go:117:2:117:2 | (phi@117:2) | p | -| main.go:117:2:117:2 | (phi@117:2).a | p.a | -| main.go:117:2:117:2 | (phi@117:2).b | p.b | -| main.go:117:2:117:2 | (phi@117:2).b.a | p.b.a | -| main.go:117:2:117:2 | (phi@117:2).c | p.c | +| main.go:103:20:103:26 | (def@103:20) | wrapper | +| main.go:103:20:103:26 | (def@103:20).s | wrapper.s | +| main.go:104:2:104:2 | (def@104:2) | x | +| main.go:105:16:108:2 | (capture@105:16) | x | +| main.go:106:3:106:3 | (def@106:3) | y | +| main.go:112:29:112:35 | (def@112:29) | wrapper | +| main.go:112:29:112:35 | (def@112:29).s | wrapper.s | +| main.go:113:2:113:2 | (def@113:2) | x | +| main.go:114:2:117:3 | (capture@114:2) | x | +| main.go:114:16:117:2 | (capture@114:16) | x | +| main.go:115:3:115:3 | (def@115:3) | y | +| main.go:116:3:116:3 | (def@116:3) | x | +| main.go:130:3:130:3 | (def@130:3) | p | +| main.go:132:3:132:3 | (def@132:3) | p | +| main.go:135:2:135:2 | (phi@135:2) | p | +| main.go:135:2:135:2 | (phi@135:2).a | p.a | +| main.go:135:2:135:2 | (phi@135:2).b | p.b | +| main.go:135:2:135:2 | (phi@135:2).b.a | p.b.a | +| main.go:135:2:135:2 | (phi@135:2).c | p.c | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected index 2cadf9f87abf..6149ddfbb54a 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected @@ -32,16 +32,23 @@ | main.go:95:22:95:28 | initialization of wrapper | main.go:95:22:95:28 | wrapper | main.go:95:22:95:28 | argument corresponding to wrapper | | main.go:96:2:96:2 | assignment to x | main.go:96:2:96:2 | x | main.go:96:7:96:7 | 0 | | main.go:98:3:98:3 | assignment to x | main.go:96:2:96:2 | x | main.go:98:7:98:7 | 1 | -| main.go:110:6:110:6 | assignment to p | main.go:110:6:110:6 | p | main.go:110:6:110:6 | zero value for p | -| main.go:112:3:112:3 | assignment to p | main.go:110:6:110:6 | p | main.go:112:7:112:24 | struct literal | -| main.go:112:9:112:9 | init of 2 | main.go:104:2:104:2 | a | main.go:112:9:112:9 | 2 | -| main.go:112:12:112:18 | init of struct literal | main.go:105:2:105:2 | b | main.go:112:12:112:18 | struct literal | -| main.go:112:14:112:14 | init of 1 | main.go:89:2:89:2 | a | main.go:112:14:112:14 | 1 | -| main.go:112:17:112:17 | init of 5 | main.go:90:2:90:2 | b | main.go:112:17:112:17 | 5 | -| main.go:112:21:112:23 | init of 'n' | main.go:106:2:106:2 | c | main.go:112:21:112:23 | 'n' | -| main.go:114:3:114:3 | assignment to p | main.go:110:6:110:6 | p | main.go:114:7:114:24 | struct literal | -| main.go:114:9:114:9 | init of 3 | main.go:104:2:104:2 | a | main.go:114:9:114:9 | 3 | -| main.go:114:12:114:18 | init of struct literal | main.go:105:2:105:2 | b | main.go:114:12:114:18 | struct literal | -| main.go:114:14:114:14 | init of 4 | main.go:89:2:89:2 | a | main.go:114:14:114:14 | 4 | -| main.go:114:17:114:17 | init of 5 | main.go:90:2:90:2 | b | main.go:114:17:114:17 | 5 | -| main.go:114:21:114:23 | init of '2' | main.go:106:2:106:2 | c | main.go:114:21:114:23 | '2' | +| main.go:103:20:103:26 | initialization of wrapper | main.go:103:20:103:26 | wrapper | main.go:103:20:103:26 | argument corresponding to wrapper | +| main.go:104:2:104:2 | assignment to x | main.go:104:2:104:2 | x | main.go:104:7:104:7 | 0 | +| main.go:106:3:106:3 | assignment to y | main.go:106:3:106:3 | y | main.go:106:8:106:8 | x | +| main.go:112:29:112:35 | initialization of wrapper | main.go:112:29:112:35 | wrapper | main.go:112:29:112:35 | argument corresponding to wrapper | +| main.go:113:2:113:2 | assignment to x | main.go:113:2:113:2 | x | main.go:113:7:113:7 | 0 | +| main.go:115:3:115:3 | assignment to y | main.go:115:3:115:3 | y | main.go:115:8:115:12 | ...+... | +| main.go:116:3:116:3 | assignment to x | main.go:113:2:113:2 | x | main.go:116:7:116:7 | y | +| main.go:128:6:128:6 | assignment to p | main.go:128:6:128:6 | p | main.go:128:6:128:6 | zero value for p | +| main.go:130:3:130:3 | assignment to p | main.go:128:6:128:6 | p | main.go:130:7:130:24 | struct literal | +| main.go:130:9:130:9 | init of 2 | main.go:122:2:122:2 | a | main.go:130:9:130:9 | 2 | +| main.go:130:12:130:18 | init of struct literal | main.go:123:2:123:2 | b | main.go:130:12:130:18 | struct literal | +| main.go:130:14:130:14 | init of 1 | main.go:89:2:89:2 | a | main.go:130:14:130:14 | 1 | +| main.go:130:17:130:17 | init of 5 | main.go:90:2:90:2 | b | main.go:130:17:130:17 | 5 | +| main.go:130:21:130:23 | init of 'n' | main.go:124:2:124:2 | c | main.go:130:21:130:23 | 'n' | +| main.go:132:3:132:3 | assignment to p | main.go:128:6:128:6 | p | main.go:132:7:132:24 | struct literal | +| main.go:132:9:132:9 | init of 3 | main.go:122:2:122:2 | a | main.go:132:9:132:9 | 3 | +| main.go:132:12:132:18 | init of struct literal | main.go:123:2:123:2 | b | main.go:132:12:132:18 | struct literal | +| main.go:132:14:132:14 | init of 4 | main.go:89:2:89:2 | a | main.go:132:14:132:14 | 4 | +| main.go:132:17:132:17 | init of 5 | main.go:90:2:90:2 | b | main.go:132:17:132:17 | 5 | +| main.go:132:21:132:23 | init of '2' | main.go:124:2:124:2 | c | main.go:132:21:132:23 | '2' | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarUses.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarUses.expected index 332f859f0519..2e6b3c855c36 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarUses.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarUses.expected @@ -28,13 +28,29 @@ | main.go:84:15:84:15 | x | main.go:83:2:83:2 | x | | main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | wrapper | | main.go:97:2:97:10 | selection of s | main.go:95:38:95:38 | s | +| main.go:97:2:97:10 | selection of s | main.go:103:36:103:36 | s | +| main.go:97:2:97:10 | selection of s | main.go:112:45:112:45 | s | | main.go:100:9:100:9 | x | main.go:96:2:96:2 | x | -| main.go:117:2:117:2 | p | main.go:110:6:110:6 | p | -| main.go:117:2:117:4 | selection of b | main.go:105:2:105:2 | b | -| main.go:119:12:119:12 | p | main.go:110:6:110:6 | p | -| main.go:119:12:119:14 | selection of a | main.go:104:2:104:2 | a | -| main.go:119:17:119:17 | p | main.go:110:6:110:6 | p | -| main.go:119:17:119:19 | selection of b | main.go:105:2:105:2 | b | -| main.go:119:17:119:21 | selection of a | main.go:89:2:89:2 | a | -| main.go:119:24:119:24 | p | main.go:110:6:110:6 | p | -| main.go:119:24:119:26 | selection of c | main.go:106:2:106:2 | c | +| main.go:105:2:105:8 | wrapper | main.go:103:20:103:26 | wrapper | +| main.go:105:2:105:10 | selection of s | main.go:95:38:95:38 | s | +| main.go:105:2:105:10 | selection of s | main.go:103:36:103:36 | s | +| main.go:105:2:105:10 | selection of s | main.go:112:45:112:45 | s | +| main.go:106:8:106:8 | x | main.go:104:2:104:2 | x | +| main.go:107:7:107:7 | y | main.go:106:3:106:3 | y | +| main.go:109:9:109:9 | x | main.go:104:2:104:2 | x | +| main.go:114:2:114:8 | wrapper | main.go:112:29:112:35 | wrapper | +| main.go:114:2:114:10 | selection of s | main.go:95:38:95:38 | s | +| main.go:114:2:114:10 | selection of s | main.go:103:36:103:36 | s | +| main.go:114:2:114:10 | selection of s | main.go:112:45:112:45 | s | +| main.go:115:8:115:8 | x | main.go:113:2:113:2 | x | +| main.go:116:7:116:7 | y | main.go:115:3:115:3 | y | +| main.go:118:9:118:9 | x | main.go:113:2:113:2 | x | +| main.go:135:2:135:2 | p | main.go:128:6:128:6 | p | +| main.go:135:2:135:4 | selection of b | main.go:123:2:123:2 | b | +| main.go:137:12:137:12 | p | main.go:128:6:128:6 | p | +| main.go:137:12:137:14 | selection of a | main.go:122:2:122:2 | a | +| main.go:137:17:137:17 | p | main.go:128:6:128:6 | p | +| main.go:137:17:137:19 | selection of b | main.go:123:2:123:2 | b | +| main.go:137:17:137:21 | selection of a | main.go:89:2:89:2 | a | +| main.go:137:24:137:24 | p | main.go:128:6:128:6 | p | +| main.go:137:24:137:26 | selection of c | main.go:124:2:124:2 | c | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/main.go b/go/ql/test/library-tests/semmle/go/dataflow/SSA/main.go index cda85fdfc664..3967c14469f4 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/main.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/main.go @@ -100,6 +100,24 @@ func updateInClosure(wrapper struct{ s }) int { return x } +func readInClosure(wrapper struct{ s }) int { + x := 0 + wrapper.s.foo(func() { + y := x + _ = y + }) + return x +} + +func readAndUpdateInClosure(wrapper struct{ s }) int { + x := 0 + wrapper.s.foo(func() { + y := x + 1 + x = y + }) + return x +} + type t struct { a int b s From e467cf6482e2d10d98f67e35fcd764f27ae8b782 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 23 Mar 2026 17:08:30 +0000 Subject: [PATCH 3/9] Make Go use the shared SSA library (codeql.ssa.Ssa) Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/codeql/sessions/b400ebd5-4095-401e-8811-fb550600b3c4 --- .../change-notes/2026-03-23-use-shared-ssa.md | 4 + go/ql/lib/qlpack.yml | 1 + .../lib/semmle/go/controlflow/BasicBlocks.qll | 11 + go/ql/lib/semmle/go/dataflow/SSA.qll | 147 ++---- go/ql/lib/semmle/go/dataflow/SsaImpl.qll | 471 ++++-------------- 5 files changed, 156 insertions(+), 478 deletions(-) create mode 100644 go/ql/lib/change-notes/2026-03-23-use-shared-ssa.md diff --git a/go/ql/lib/change-notes/2026-03-23-use-shared-ssa.md b/go/ql/lib/change-notes/2026-03-23-use-shared-ssa.md new file mode 100644 index 000000000000..52814b92278d --- /dev/null +++ b/go/ql/lib/change-notes/2026-03-23-use-shared-ssa.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The Go SSA library now uses the shared SSA library (`codeql.ssa.Ssa`), consistent with other CodeQL languages such as C#, Java, Ruby, Rust, and Swift. This may result in minor changes to SSA construction in some edge cases. diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 2bcd50424257..a542c9a7e981 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -10,6 +10,7 @@ dependencies: codeql/controlflow: ${workspace} codeql/dataflow: ${workspace} codeql/mad: ${workspace} + codeql/ssa: ${workspace} codeql/threat-models: ${workspace} codeql/tutorial: ${workspace} codeql/util: ${workspace} diff --git a/go/ql/lib/semmle/go/controlflow/BasicBlocks.qll b/go/ql/lib/semmle/go/controlflow/BasicBlocks.qll index dc52abb25abf..d9908f260bb1 100644 --- a/go/ql/lib/semmle/go/controlflow/BasicBlocks.qll +++ b/go/ql/lib/semmle/go/controlflow/BasicBlocks.qll @@ -48,6 +48,17 @@ class BasicBlock = BbImpl::BasicBlock; class EntryBasicBlock = BbImpl::EntryBasicBlock; +/** Provides a `CfgSig` view of Go's control-flow graph for use with the shared SSA library. */ +module Cfg implements BB::CfgSig { + class ControlFlowNode = BbImpl::ControlFlowNode; + + class BasicBlock = BbImpl::BasicBlock; + + class EntryBasicBlock = BbImpl::EntryBasicBlock; + + predicate dominatingEdge = BbImpl::dominatingEdge/2; +} + cached private predicate reachableBB(BasicBlock bb) { bb instanceof EntryBasicBlock diff --git a/go/ql/lib/semmle/go/dataflow/SSA.qll b/go/ql/lib/semmle/go/dataflow/SSA.qll index 46ce4da39356..3cc6d4304fd1 100644 --- a/go/ql/lib/semmle/go/dataflow/SSA.qll +++ b/go/ql/lib/semmle/go/dataflow/SSA.qll @@ -63,9 +63,9 @@ private predicate unresolvedIdentifier(Ident id, string name) { /** * An SSA variable. */ -class SsaVariable extends TSsaDefinition { +class SsaVariable extends Definition { /** Gets the source variable corresponding to this SSA variable. */ - SsaSourceVariable getSourceVariable() { result = this.(SsaDefinition).getSourceVariable() } + SsaSourceVariable getSourceVariable() { this.definesAt(result, _, _) } /** Gets the (unique) definition of this SSA variable. */ SsaDefinition getDefinition() { result = this } @@ -74,21 +74,31 @@ class SsaVariable extends TSsaDefinition { Type getType() { result = this.getSourceVariable().getType() } /** Gets a use in basic block `bb` that refers to this SSA variable. */ - IR::Instruction getAUseIn(ReachableBasicBlock bb) { + IR::Instruction getAUseIn(BasicBlock bb) { exists(int i, SsaSourceVariable v | v = this.getSourceVariable() | result = bb.getNode(i) and - this = getDefinition(bb, i, v) + ssaDefReachesRead(v, this, bb, i) and + useAt(bb, i, v) ) } /** Gets a use that refers to this SSA variable. */ IR::Instruction getAUse() { result = this.getAUseIn(_) } - /** Gets a textual representation of this element. */ - string toString() { result = this.getDefinition().prettyPrintRef() } + /** + * Gets a textual representation of this element. + * + * The format is `kind@LINE:COL`, where `kind` is one of `def`, `capture`, or `phi`. + */ + override string toString() { + exists(Location loc | loc = this.(SsaDefinition).getLocation() | + result = + this.(SsaDefinition).getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn() + ) + } /** Gets the location of this SSA variable. */ - Location getLocation() { result = this.getDefinition().getLocation() } + Location getLocation() { result = this.(SsaDefinition).getLocation() } /** * DEPRECATED: Use `getLocation()` instead. @@ -109,50 +119,28 @@ class SsaVariable extends TSsaDefinition { /** * An SSA definition. */ -class SsaDefinition extends TSsaDefinition { +class SsaDefinition extends Definition { /** Gets the SSA variable defined by this definition. */ SsaVariable getVariable() { result = this } /** Gets the source variable defined by this definition. */ - abstract SsaSourceVariable getSourceVariable(); + SsaSourceVariable getSourceVariable() { this.definesAt(result, _, _) } /** * Gets the basic block to which this definition belongs. */ - abstract ReachableBasicBlock getBasicBlock(); + BasicBlock getBasicBlock() { this.definesAt(_, result, _) } - /** - * INTERNAL: Use `getBasicBlock()` and `getSourceVariable()` instead. - * - * Holds if this is a definition of source variable `v` at index `idx` in basic block `bb`. - * - * Phi nodes are considered to be at index `-1`, all other definitions at the index of - * the control flow node they correspond to. - */ - abstract predicate definesAt(ReachableBasicBlock bb, int idx, SsaSourceVariable v); - - /** - * INTERNAL: Use `toString()` instead. - * - * Gets a pretty-printed representation of this SSA definition. - */ - abstract string prettyPrintDef(); + /** Gets the innermost function or file to which this SSA definition belongs. */ + ControlFlow::Root getRoot() { result = this.getBasicBlock().getScope() } /** * INTERNAL: Do not use. * - * Gets a pretty-printed representation of a reference to this SSA definition. + * Gets a short string identifying the kind of this SSA definition, + * used in reference formatting (e.g., `"def"`, `"capture"`, `"phi"`). */ - abstract string prettyPrintRef(); - - /** Gets the innermost function or file to which this SSA definition belongs. */ - ControlFlow::Root getRoot() { result = this.getBasicBlock().getScope() } - - /** Gets a textual representation of this element. */ - string toString() { result = this.prettyPrintDef() } - - /** Gets the source location for this element. */ - abstract Location getLocation(); + string getKind() { none() } /** * DEPRECATED: Use `getLocation()` instead. @@ -180,32 +168,25 @@ class SsaDefinition extends TSsaDefinition { /** * An SSA definition that corresponds to an explicit assignment or other variable definition. */ -class SsaExplicitDefinition extends SsaDefinition, TExplicitDef { +class SsaExplicitDefinition extends SsaDefinition, WriteDefinition { + SsaExplicitDefinition() { + exists(BasicBlock bb, int i, SsaSourceVariable v | + this.definesAt(v, bb, i) and + defAt(bb, i, v) + ) + } + /** Gets the instruction where the definition happens. */ IR::Instruction getInstruction() { - exists(BasicBlock bb, int i | this = TExplicitDef(bb, i, _) | result = bb.getNode(i)) + exists(BasicBlock bb, int i | this.definesAt(_, bb, i) | result = bb.getNode(i)) } /** Gets the right-hand side of the definition. */ IR::Instruction getRhs() { this.getInstruction().writes(_, result) } - override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) { - this = TExplicitDef(bb, i, v) - } - - override ReachableBasicBlock getBasicBlock() { this.definesAt(result, _, _) } - - override SsaSourceVariable getSourceVariable() { this = TExplicitDef(_, _, result) } - - override string prettyPrintRef() { - exists(Location loc | loc = this.getLocation() | - result = "def@" + loc.getStartLine() + ":" + loc.getStartColumn() - ) - } + override string getKind() { result = "def" } - override string prettyPrintDef() { result = "definition of " + this.getSourceVariable() } - - override Location getLocation() { result = this.getInstruction().getLocation() } + override string toString() { result = "definition of " + this.getSourceVariable() } } /** Provides a helper predicate for working with explicit SSA definitions. */ @@ -220,19 +201,6 @@ module SsaExplicitDefinition { * An SSA definition that does not correspond to an explicit variable definition. */ abstract class SsaImplicitDefinition extends SsaDefinition { - /** - * INTERNAL: Do not use. - * - * Gets the definition kind to include in `prettyPrintRef`. - */ - abstract string getKind(); - - override string prettyPrintRef() { - exists(Location loc | loc = this.getLocation() | - result = this.getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn() - ) - } - override Location getLocation() { result = this.getBasicBlock().getLocation() } } @@ -243,24 +211,16 @@ abstract class SsaImplicitDefinition extends SsaDefinition { * Capturing definitions appear at the beginning of such functions, as well as * at any function call that may affect the value of the variable. */ -class SsaVariableCapture extends SsaImplicitDefinition, TCapture { - override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) { - this = TCapture(bb, i, v) - } - - override ReachableBasicBlock getBasicBlock() { this.definesAt(result, _, _) } - - override SsaSourceVariable getSourceVariable() { this.definesAt(_, _, result) } - - override string getKind() { result = "capture" } - - override string prettyPrintDef() { result = "capture variable " + this.getSourceVariable() } - +class SsaVariableCapture extends SsaImplicitDefinition, UncertainWriteDefinition { override Location getLocation() { - exists(ReachableBasicBlock bb, int i | this.definesAt(bb, i, _) | + exists(BasicBlock bb, int i | this.definesAt(_, bb, i) | result = bb.getNode(i).getLocation() ) } + + override string getKind() { result = "capture" } + + override string toString() { result = "capture variable " + this.getSourceVariable() } } /** @@ -277,7 +237,10 @@ abstract class SsaPseudoDefinition extends SsaImplicitDefinition { * Gets a textual representation of the inputs of this pseudo-definition * in lexicographical order. */ - string ppInputs() { result = concat(this.getAnInput().getDefinition().prettyPrintRef(), ", ") } + string ppInputs() { + result = + concat(SsaVariable inp | inp = this.getAnInput() | inp.toString() order by inp.toString()) + } } /** @@ -285,26 +248,14 @@ abstract class SsaPseudoDefinition extends SsaImplicitDefinition { * in the flow graph where otherwise two or more definitions for the variable * would be visible. */ -class SsaPhiNode extends SsaPseudoDefinition, TPhi { - override SsaVariable getAnInput() { - result = getDefReachingEndOf(this.getBasicBlock().getAPredecessor(_), this.getSourceVariable()) - } - - override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) { - bb = this.getBasicBlock() and v = this.getSourceVariable() and i = -1 - } - - override ReachableBasicBlock getBasicBlock() { this = TPhi(result, _) } - - override SsaSourceVariable getSourceVariable() { this = TPhi(_, result) } +class SsaPhiNode extends SsaPseudoDefinition, PhiNode { + override SsaVariable getAnInput() { phiHasInputFromBlock(this, result, _) } override string getKind() { result = "phi" } - override string prettyPrintDef() { + override string toString() { result = this.getSourceVariable() + " = phi(" + this.ppInputs() + ")" } - - override Location getLocation() { result = this.getBasicBlock().getLocation() } } /** diff --git a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll index 9648335a6dde..f972174184a3 100644 --- a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll @@ -7,76 +7,25 @@ overlay[local] module; import go +private import codeql.ssa.Ssa as SsaImplCommon +private import semmle.go.controlflow.BasicBlocks as BasicBlocks + +private class BasicBlock = BasicBlocks::BasicBlock; cached private module Internal { /** Holds if the `i`th node of `bb` defines `v`. */ cached - predicate defAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) { + predicate defAt(BasicBlock bb, int i, SsaSourceVariable v) { bb.getNode(i).(IR::Instruction).writes(v, _) } /** Holds if the `i`th node of `bb` reads `v`. */ cached - predicate useAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) { + predicate useAt(BasicBlock bb, int i, SsaSourceVariable v) { bb.getNode(i).(IR::Instruction).reads(v) } - /** - * A data type representing SSA definitions. - * - * We distinguish three kinds of SSA definitions: - * - * 1. Variable definitions, including declarations, assignments and increments/decrements. - * 2. Pseudo-definitions for captured variables at the beginning of the capturing function - * as well as after calls. - * 3. Phi nodes. - * - * SSA definitions are only introduced where necessary. In particular, - * unreachable code has no SSA definitions associated with it, and neither - * have dead assignments (that is, assignments whose value is never read). - */ - cached - newtype TSsaDefinition = - /** - * An SSA definition that corresponds to an explicit assignment or other variable definition. - */ - TExplicitDef(ReachableBasicBlock bb, int i, SsaSourceVariable v) { - defAt(bb, i, v) and - (liveAfterDef(bb, i, v) or v.isCaptured()) - } or - /** - * An SSA definition representing the capturing of an SSA-convertible variable - * in the closure of a nested function. - * - * Capturing definitions appear at the beginning of such functions, as well as - * at any function call that may affect the value of the variable. - */ - TCapture(ReachableBasicBlock bb, int i, SsaSourceVariable v) { - mayCapture(bb, i, v) and - liveAfterDef(bb, i, v) - } or - /** - * An SSA phi node, that is, a pseudo-definition for a variable at a point - * in the flow graph where otherwise two or more definitions for the variable - * would be visible. - */ - TPhi(ReachableJoinBlock bb, SsaSourceVariable v) { - liveAtEntry(bb, v) and - inDefDominanceFrontier(bb, v) - } - - /** - * Holds if `bb` is in the dominance frontier of a block containing a definition of `v`. - */ - pragma[noinline] - private predicate inDefDominanceFrontier(ReachableJoinBlock bb, SsaSourceVariable v) { - exists(ReachableBasicBlock defbb, SsaDefinition def | - def.definesAt(defbb, _, v) and - defbb.inDominanceFrontier(bb) - ) - } - /** * Holds if `v` is a captured variable which is declared in `declFun` and read in `useFun`. */ @@ -87,7 +36,7 @@ private module Internal { } /** Holds if the `i`th node of `bb` in function `f` is an entry node. */ - private predicate entryNode(FuncDef f, ReachableBasicBlock bb, int i) { + private predicate entryNode(FuncDef f, BasicBlock bb, int i) { f = bb.getScope() and bb.getNode(i).isEntryNode() } @@ -95,17 +44,17 @@ private module Internal { /** * Holds if the `i`th node of `bb` in function `f` is a function call. */ - private predicate callNode(FuncDef f, ReachableBasicBlock bb, int i) { + private predicate callNode(FuncDef f, BasicBlock bb, int i) { f = bb.getScope() and bb.getNode(i).(IR::EvalInstruction).getExpr() instanceof CallExpr } /** * Holds if the `i`th node of basic block `bb` may induce a pseudo-definition for - * modeling updates to captured variable `v`. Whether the definition is actually - * introduced depends on whether `v` is live at this point in the program. + * modeling updates to captured variable `v`. */ - private predicate mayCapture(ReachableBasicBlock bb, int i, SsaSourceVariable v) { + cached + predicate mayCapture(BasicBlock bb, int i, SsaSourceVariable v) { exists(FuncDef capturingContainer, FuncDef declContainer | // capture initial value of variable declared in enclosing scope readsCapturedVar(capturingContainer, v, declContainer) and @@ -119,347 +68,109 @@ private module Internal { ) } - /** A classification of variable references into reads and writes. */ - private newtype RefKind = - ReadRef() or - WriteRef() - - /** - * Holds if the `i`th node of basic block `bb` is a reference to `v`, either a read - * (when `tp` is `ReadRef()`) or a direct or indirect write (when `tp` is `WriteRef()`). - */ - private predicate ref(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind tp) { - useAt(bb, i, v) and tp = ReadRef() - or - (mayCapture(bb, i, v) or defAt(bb, i, v)) and - tp = WriteRef() - } - - /** - * Gets the (1-based) rank of the reference to `v` at the `i`th node of basic block `bb`, - * which has the given reference kind `tp`. - */ - private int refRank(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind tp) { - i = rank[result](int j | ref(bb, j, v, _)) and - ref(bb, i, v, tp) - } - - /** - * Gets the maximum rank among all references to `v` in basic block `bb`. - */ - private int maxRefRank(ReachableBasicBlock bb, SsaSourceVariable v) { - result = max(refRank(bb, _, v, _)) - } - - /** - * Holds if variable `v` is live after the `i`th node of basic block `bb`, where - * `i` is the index of a node that may assign or capture `v`. - * - * For the purposes of this predicate, function calls are considered as writes of captured variables. - */ - private predicate liveAfterDef(ReachableBasicBlock bb, int i, SsaSourceVariable v) { - exists(int r | r = refRank(bb, i, v, WriteRef()) | - // the next reference to `v` inside `bb` is a read - r + 1 = refRank(bb, _, v, ReadRef()) - or - // this is the last reference to `v` inside `bb`, but `v` is live at entry - // to a successor basic block of `bb` - r = maxRefRank(bb, v) and - liveAtSuccEntry(bb, v) - ) - } - - /** - * Holds if variable `v` is live at the beginning of basic block `bb`. - * - * For the purposes of this predicate, function calls are considered as writes of captured variables. - */ - private predicate liveAtEntry(ReachableBasicBlock bb, SsaSourceVariable v) { - // the first reference to `v` inside `bb` is a read - refRank(bb, _, v, ReadRef()) = 1 - or - // there is no reference to `v` inside `bb`, but `v` is live at entry - // to a successor basic block of `bb` - not exists(refRank(bb, _, v, _)) and - liveAtSuccEntry(bb, v) - } - - /** - * Holds if `v` is live at the beginning of any successor of basic block `bb`. - */ - private predicate liveAtSuccEntry(ReachableBasicBlock bb, SsaSourceVariable v) { - liveAtEntry(bb.getASuccessor(_), v) - } - /** * Holds if `v` is assigned outside its declaring function. */ - private predicate assignedThroughClosure(SsaSourceVariable v) { - any(IR::Instruction def | def.writes(v, _)).getRoot() != v.getDeclaringFunction() - } - - /** - * Holds if the `i`th node of `bb` is a use or an SSA definition of variable `v`, with - * `k` indicating whether it is the former or the latter. - * - * Note this includes phi nodes, whereas `ref` above only includes explicit writes and captures. - */ - private predicate ssaRef(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) { - useAt(bb, i, v) and k = ReadRef() - or - any(SsaDefinition def).definesAt(bb, i, v) and k = WriteRef() - } - - /** - * Gets the (1-based) rank of the `i`th node of `bb` among all SSA definitions - * and uses of `v` in `bb`, with `k` indicating whether it is a definition or a use. - * - * For example, if `bb` is a basic block with a phi node for `v` (considered - * to be at index -1), uses `v` at node 2 and defines it at node 5, we have: - * - * ``` - * ssaRefRank(bb, -1, v, WriteRef()) = 1 // phi node - * ssaRefRank(bb, 2, v, ReadRef()) = 2 // use at node 2 - * ssaRefRank(bb, 5, v, WriteRef()) = 3 // definition at node 5 - * ``` - */ - private int ssaRefRank(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) { - i = rank[result](int j | ssaRef(bb, j, v, _)) and - ssaRef(bb, i, v, k) - } - - /** - * Gets the minimum rank of a read in `bb` such that all references to `v` between that - * read and the read at index `i` are reads (and not writes). - */ - private int rewindReads(ReachableBasicBlock bb, int i, SsaSourceVariable v) { - exists(int r | r = ssaRefRank(bb, i, v, ReadRef()) | - exists(int j, RefKind k | r - 1 = ssaRefRank(bb, j, v, k) | - k = ReadRef() and result = rewindReads(bb, j, v) - or - k = WriteRef() and result = r - ) - or - r = 1 and result = r - ) - } - - /** - * Gets the SSA definition of `v` in `bb` that reaches the read of `v` at node `i`, if any. - */ - private SsaDefinition getLocalDefinition(ReachableBasicBlock bb, int i, SsaSourceVariable v) { - exists(int r | r = rewindReads(bb, i, v) | - exists(int j | result.definesAt(bb, j, v) and ssaRefRank(bb, j, v, _) = r - 1) - ) - } - - /** - * Gets an SSA definition of `v` that reaches the end of the immediate dominator of `bb`. - */ - pragma[noinline] - private SsaDefinition getDefReachingEndOfImmediateDominator( - ReachableBasicBlock bb, SsaSourceVariable v - ) { - result = getDefReachingEndOf(bb.getImmediateDominator(), v) - } - - /** - * Gets an SSA definition of `v` that reaches the end of basic block `bb`. - */ cached - SsaDefinition getDefReachingEndOf(ReachableBasicBlock bb, SsaSourceVariable v) { - exists(int lastRef | lastRef = max(int i | ssaRef(bb, i, v, _)) | - result = getLocalDefinition(bb, lastRef, v) - or - result.definesAt(bb, lastRef, v) and - liveAtSuccEntry(bb, v) - ) - or - // In SSA form, the (unique) reaching definition of a use is the closest - // definition that dominates the use. If two definitions dominate a node - // then one must dominate the other, so we can find the reaching definition - // by following the idominance relation backwards. - result = getDefReachingEndOfImmediateDominator(bb, v) and - not exists(SsaDefinition ssa | ssa.definesAt(bb, _, v)) and - liveAtSuccEntry(bb, v) - } - - /** - * Gets the unique SSA definition of `v` whose value reaches the `i`th node of `bb`, - * which is a use of `v`. - */ - cached - SsaDefinition getDefinition(ReachableBasicBlock bb, int i, SsaSourceVariable v) { - result = getLocalDefinition(bb, i, v) - or - rewindReads(bb, i, v) = 1 and result = getDefReachingEndOf(bb.getImmediateDominator(), v) + predicate assignedThroughClosure(SsaSourceVariable v) { + any(IR::Instruction def | def.writes(v, _)).getRoot() != v.getDeclaringFunction() } - private module AdjacentUsesImpl { - /** Holds if `v` is defined or used in `b`. */ - private predicate varOccursInBlock(SsaSourceVariable v, ReachableBasicBlock b) { - ssaRef(b, _, v, _) - } - - /** Holds if `v` occurs in `b` or one of `b`'s transitive successors. */ - private predicate blockPrecedesVar(SsaSourceVariable v, ReachableBasicBlock b) { - varOccursInBlock(v, b) - or - exists(getDefReachingEndOf(b, v)) - } + module SsaInput implements SsaImplCommon::InputSig { + class SourceVariable = SsaSourceVariable; /** - * Holds if `v` occurs in `b1` and `b2` is one of `b1`'s successors. + * Holds if the `i`th node of basic block `bb` is a (potential) write to source + * variable `v`. The Boolean `certain` indicates whether the write is certain. * - * Factored out of `varBlockReaches` to force join order compared to the larger - * set `blockPrecedesVar(v, b2)`. + * Certain writes are explicit definitions; uncertain writes are captures. */ - pragma[noinline] - private predicate varBlockReachesBaseCand( - SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2 - ) { - varOccursInBlock(v, b1) and - b2 = b1.getASuccessor(_) + predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) { + defAt(bb, i, v) and certain = true + or + mayCapture(bb, i, v) and certain = false } /** - * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and - * in `b2` or one of its transitive successors but not in any block on the path - * between `b1` and `b2`. Unlike `varBlockReaches` this may include blocksĀ `b2` - * where `v` is dead. - * - * Factored out of `varBlockReaches` to force join order compared to the larger - * set `blockPrecedesVar(v, b2)`. + * Holds if the `i`th node of basic block `bb` reads source variable `v`. */ - pragma[noinline] - private predicate varBlockReachesRecCand( - SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock mid, ReachableBasicBlock b2 - ) { - varBlockReaches(v, b1, mid) and - not varOccursInBlock(v, mid) and - b2 = mid.getASuccessor(_) + predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { + useAt(bb, i, v) and certain = true } + } +} - /** - * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and - * in `b2` or one of its transitive successors but not in any block on the path - * between `b1` and `b2`. - */ - private predicate varBlockReaches( - SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2 - ) { - varBlockReachesBaseCand(v, b1, b2) and - blockPrecedesVar(v, b2) - or - varBlockReachesRecCand(v, b1, _, b2) and - blockPrecedesVar(v, b2) - } +import Internal +import SsaImplCommon::Make as Impl - /** - * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and - * `b2` but not in any block on the path between `b1` and `b2`. - */ - private predicate varBlockStep( - SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2 - ) { - varBlockReaches(v, b1, b2) and - varOccursInBlock(v, b2) - } +final class Definition = Impl::Definition; - /** - * Gets the maximum rank among all SSA references to `v` in basic block `bb`. - */ - private int maxSsaRefRank(ReachableBasicBlock bb, SsaSourceVariable v) { - result = max(ssaRefRank(bb, _, v, _)) - } +final class WriteDefinition = Impl::WriteDefinition; - /** - * Holds if `v` occurs at index `i1` in `b1` and at index `i2` in `b2` and - * there is a path between them without any occurrence of `v`. - */ - pragma[nomagic] - predicate adjacentVarRefs( - SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 - ) { - exists(int rankix | - b1 = b2 and - ssaRefRank(b1, i1, v, _) = rankix and - ssaRefRank(b2, i2, v, _) = rankix + 1 - ) - or - maxSsaRefRank(b1, v) = ssaRefRank(b1, i1, v, _) and - varBlockStep(v, b1, b2) and - ssaRefRank(b2, i2, v, _) = 1 - } +final class UncertainWriteDefinition = Impl::UncertainWriteDefinition; - predicate variableUse(SsaSourceVariable v, IR::Instruction use, ReachableBasicBlock bb, int i) { - bb.getNode(i) = use and - exists(SsaVariable sv | - sv.getSourceVariable() = v and - use = sv.getAUse() - ) - } - } +final class PhiNode = Impl::PhiNode; - private import AdjacentUsesImpl +module Consistency = Impl::Consistency; - /** - * Holds if the value defined at `def` can reach `use` without passing through - * any other uses, but possibly through phi nodes. - */ - cached - predicate firstUse(SsaDefinition def, IR::Instruction use) { - exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 | - adjacentVarRefs(v, b1, i1, b2, i2) and - def.definesAt(b1, i1, v) and - variableUse(v, use, b2, i2) - ) - or - exists( - SsaSourceVariable v, SsaPhiNode redef, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, - int i2 - | - adjacentVarRefs(v, b1, i1, b2, i2) and - def.definesAt(b1, i1, v) and - redef.definesAt(b2, i2, v) and - firstUse(redef, use) - ) - } +/** + * NB: This predicate should be cached. + * + * Holds if the SSA definition of `v` at `def` reaches a read at index `i` in + * basic block `bb`. + */ +cached +predicate ssaDefReachesRead(SsaSourceVariable v, Definition def, BasicBlock bb, int i) { + Impl::ssaDefReachesRead(v, def, bb, i) +} - /** - * Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA - * variable, that is, the value read in `use1` can reach `use2` without passing - * through any other use or any SSA definition of the variable. - */ - cached - predicate adjacentUseUseSameVar(IR::Instruction use1, IR::Instruction use2) { - exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 | - adjacentVarRefs(v, b1, i1, b2, i2) and - variableUse(v, use1, b1, i1) and - variableUse(v, use2, b2, i2) - ) - } +/** + * NB: This predicate should be cached. + * + * Holds if the SSA definition of `v` at `def` reaches the end of basic block `bb`. + */ +cached +predicate ssaDefReachesEndOfBlock(BasicBlock bb, Definition def, SsaSourceVariable v) { + Impl::ssaDefReachesEndOfBlock(bb, def, v) +} - /** - * Holds if `use1` and `use2` form an adjacent use-use-pair of the same - * `SsaSourceVariable`, that is, the value read in `use1` can reach `use2` - * without passing through any other use or any SSA definition of the variable - * except for phi nodes and uncertain implicit updates. - */ - cached - predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) { - adjacentUseUseSameVar(use1, use2) - or - exists( - SsaSourceVariable v, SsaPhiNode def, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, - int i2 - | - adjacentVarRefs(v, b1, i1, b2, i2) and - variableUse(v, use1, b1, i1) and - def.definesAt(b2, i2, v) and - firstUse(def, use2) - ) - } +/** + * NB: This predicate should be cached. + * + * Holds if `inp` is an input to the phi node `phi` along the edge originating in `bb`. + */ +cached +predicate phiHasInputFromBlock(PhiNode phi, Definition inp, BasicBlock bb) { + Impl::phiHasInputFromBlock(phi, inp, bb) } -import Internal +/** + * NB: This predicate should be cached. + * + * Holds if `def` reaches the first use `use` without going through any other use, + * but possibly through phi nodes. + */ +cached +predicate firstUse(Definition def, IR::Instruction use) { + exists(BasicBlock bb, int i | + Impl::firstUse(def, bb, i, _) and + use = bb.getNode(i) + ) +} + +/** + * NB: This predicate should be cached. + * + * Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA + * variable, that is, the value read in `use1` can reach `use2` without passing + * through any other use or any SSA definition of the variable except for phi nodes + * and uncertain implicit updates. + */ +cached +predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) { + exists(BasicBlock bb1, int i1, BasicBlock bb2, int i2 | + Impl::adjacentUseUse(bb1, i1, bb2, i2, _, _) and + use1 = bb1.getNode(i1) and + use2 = bb2.getNode(i2) + ) +} From 87f92f36d0167ddd228c396a6d381d4e94aea7d9 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 23 Mar 2026 17:14:08 +0000 Subject: [PATCH 4/9] Fix override annotations and remove final predicate clashes in SSA.qll Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/codeql/sessions/b400ebd5-4095-401e-8811-fb550600b3c4 --- go/ql/lib/semmle/go/dataflow/SSA.qll | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/SSA.qll b/go/ql/lib/semmle/go/dataflow/SSA.qll index 3cc6d4304fd1..8f3c2f7c9968 100644 --- a/go/ql/lib/semmle/go/dataflow/SSA.qll +++ b/go/ql/lib/semmle/go/dataflow/SSA.qll @@ -65,7 +65,7 @@ private predicate unresolvedIdentifier(Ident id, string name) { */ class SsaVariable extends Definition { /** Gets the source variable corresponding to this SSA variable. */ - SsaSourceVariable getSourceVariable() { this.definesAt(result, _, _) } + override SsaSourceVariable getSourceVariable() { this.definesAt(result, _, _) } /** Gets the (unique) definition of this SSA variable. */ SsaDefinition getDefinition() { result = this } @@ -98,7 +98,7 @@ class SsaVariable extends Definition { } /** Gets the location of this SSA variable. */ - Location getLocation() { result = this.(SsaDefinition).getLocation() } + override Location getLocation() { result = this.(SsaDefinition).getLocation() } /** * DEPRECATED: Use `getLocation()` instead. @@ -124,12 +124,7 @@ class SsaDefinition extends Definition { SsaVariable getVariable() { result = this } /** Gets the source variable defined by this definition. */ - SsaSourceVariable getSourceVariable() { this.definesAt(result, _, _) } - - /** - * Gets the basic block to which this definition belongs. - */ - BasicBlock getBasicBlock() { this.definesAt(_, result, _) } + override SsaSourceVariable getSourceVariable() { this.definesAt(result, _, _) } /** Gets the innermost function or file to which this SSA definition belongs. */ ControlFlow::Root getRoot() { result = this.getBasicBlock().getScope() } From 341354f76cd7b233fe5fdfa0402e2dfecf717d11 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 23 Mar 2026 17:20:30 +0000 Subject: [PATCH 5/9] Add captured variable liveness fix and fix override annotations Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/codeql/sessions/b400ebd5-4095-401e-8811-fb550600b3c4 --- go/ql/lib/semmle/go/dataflow/SsaImpl.qll | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll index f972174184a3..86cb062b9398 100644 --- a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll @@ -93,9 +93,20 @@ private module Internal { /** * Holds if the `i`th node of basic block `bb` reads source variable `v`. + * + * We also add a synthetic uncertain read at the exit node of the declaring + * function for captured variables. This ensures that definitions of captured + * variables are included in the SSA graph even when the variable is not + * locally read in the declaring function (but may be read by a nested function). */ predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { useAt(bb, i, v) and certain = true + or + v.isCaptured() and + bb.getScope() = v.getDeclaringFunction() and + bb.getLastNode().isExitNode() and + i = bb.length() - 1 and + certain = false } } } From cb590537c6360da2e449d124c4a1314a04a23232 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 24 Mar 2026 11:18:28 +0000 Subject: [PATCH 6/9] Fix compiler errors --- go/ql/lib/semmle/go/dataflow/SSA.qll | 55 ++++++++---------------- go/ql/lib/semmle/go/dataflow/SsaImpl.qll | 3 ++ 2 files changed, 20 insertions(+), 38 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/SSA.qll b/go/ql/lib/semmle/go/dataflow/SSA.qll index 8f3c2f7c9968..5fe2098e3106 100644 --- a/go/ql/lib/semmle/go/dataflow/SSA.qll +++ b/go/ql/lib/semmle/go/dataflow/SSA.qll @@ -64,9 +64,6 @@ private predicate unresolvedIdentifier(Ident id, string name) { * An SSA variable. */ class SsaVariable extends Definition { - /** Gets the source variable corresponding to this SSA variable. */ - override SsaSourceVariable getSourceVariable() { this.definesAt(result, _, _) } - /** Gets the (unique) definition of this SSA variable. */ SsaDefinition getDefinition() { result = this } @@ -85,21 +82,17 @@ class SsaVariable extends Definition { /** Gets a use that refers to this SSA variable. */ IR::Instruction getAUse() { result = this.getAUseIn(_) } - /** - * Gets a textual representation of this element. - * - * The format is `kind@LINE:COL`, where `kind` is one of `def`, `capture`, or `phi`. - */ - override string toString() { - exists(Location loc | loc = this.(SsaDefinition).getLocation() | - result = - this.(SsaDefinition).getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn() - ) - } - - /** Gets the location of this SSA variable. */ - override Location getLocation() { result = this.(SsaDefinition).getLocation() } - + // /** + // * Gets a textual representation of this element. + // * + // * The format is `kind@LINE:COL`, where `kind` is one of `def`, `capture`, or `phi`. + // */ + // override string toString() { + // exists(Location loc | loc = this.(SsaDefinition).getLocation() | + // result = + // this.(SsaDefinition).getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn() + // ) + // } /** * DEPRECATED: Use `getLocation()` instead. * @@ -123,9 +116,6 @@ class SsaDefinition extends Definition { /** Gets the SSA variable defined by this definition. */ SsaVariable getVariable() { result = this } - /** Gets the source variable defined by this definition. */ - override SsaSourceVariable getSourceVariable() { this.definesAt(result, _, _) } - /** Gets the innermost function or file to which this SSA definition belongs. */ ControlFlow::Root getRoot() { result = this.getBasicBlock().getScope() } @@ -180,8 +170,7 @@ class SsaExplicitDefinition extends SsaDefinition, WriteDefinition { IR::Instruction getRhs() { this.getInstruction().writes(_, result) } override string getKind() { result = "def" } - - override string toString() { result = "definition of " + this.getSourceVariable() } + // override string toString() { result = "definition of " + this.getSourceVariable() } } /** Provides a helper predicate for working with explicit SSA definitions. */ @@ -195,9 +184,7 @@ module SsaExplicitDefinition { /** * An SSA definition that does not correspond to an explicit variable definition. */ -abstract class SsaImplicitDefinition extends SsaDefinition { - override Location getLocation() { result = this.getBasicBlock().getLocation() } -} +abstract class SsaImplicitDefinition extends SsaDefinition { } /** * An SSA definition representing the capturing of an SSA-convertible variable @@ -207,15 +194,8 @@ abstract class SsaImplicitDefinition extends SsaDefinition { * at any function call that may affect the value of the variable. */ class SsaVariableCapture extends SsaImplicitDefinition, UncertainWriteDefinition { - override Location getLocation() { - exists(BasicBlock bb, int i | this.definesAt(_, bb, i) | - result = bb.getNode(i).getLocation() - ) - } - override string getKind() { result = "capture" } - - override string toString() { result = "capture variable " + this.getSourceVariable() } + // override string toString() { result = "capture variable " + this.getSourceVariable() } } /** @@ -247,10 +227,9 @@ class SsaPhiNode extends SsaPseudoDefinition, PhiNode { override SsaVariable getAnInput() { phiHasInputFromBlock(this, result, _) } override string getKind() { result = "phi" } - - override string toString() { - result = this.getSourceVariable() + " = phi(" + this.ppInputs() + ")" - } + // override string toString() { + // result = this.getSourceVariable() + " = phi(" + this.ppInputs() + ")" + // } } /** diff --git a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll index 86cb062b9398..a33bb7da1e55 100644 --- a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll @@ -76,6 +76,7 @@ private module Internal { any(IR::Instruction def | def.writes(v, _)).getRoot() != v.getDeclaringFunction() } + cached module SsaInput implements SsaImplCommon::InputSig { class SourceVariable = SsaSourceVariable; @@ -85,6 +86,7 @@ private module Internal { * * Certain writes are explicit definitions; uncertain writes are captures. */ + cached predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) { defAt(bb, i, v) and certain = true or @@ -99,6 +101,7 @@ private module Internal { * variables are included in the SSA graph even when the variable is not * locally read in the declaring function (but may be read by a nested function). */ + cached predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { useAt(bb, i, v) and certain = true or From c0ebdd437aa9a62a49a76bab12213684fbcc4456 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 25 Mar 2026 16:07:54 +0000 Subject: [PATCH 7/9] Accept trivially correct test changes --- .../example-tests/snippets/typeinfo.expected | 2 +- .../DecompressionBombs.expected | 194 +++++++-------- .../Unsafe/WrongUsageOfUnsafe.expected | 6 +- .../go/concepts/Regexp/RegexpPattern.expected | 2 +- .../dataflow/ExternalTaintFlow/srcs.expected | 2 +- .../dataflow/ExternalValueFlow/srcs.expected | 2 +- .../dataflow/FlowSteps/LocalFlowStep.expected | 234 +++++++++--------- .../FunctionInput_getEntryNode.expected | 16 +- .../FunctionInput_getExitNode.expected | 26 +- .../PromotedFields/LocalFlowStep.expected | 128 +++++----- .../semmle/go/dataflow/SSA/DefUse.expected | 84 +++---- .../Beego/CleartextLogging.expected | 138 +++++------ .../frameworks/GoMicro/LogInjection.expected | 6 +- .../MissingErrorCheck.expected | 4 +- .../UnhandledCloseWritableHandle.expected | 20 +- .../CWE-022/UnsafeUnzipSymlink.expected | 12 +- .../Security/CWE-022/ZipSlip.expected | 8 +- .../CWE-078/CommandInjection.expected | 16 +- .../Security/CWE-079/StoredXss.expected | 6 +- .../CWE-312/CleartextLogging.expected | 162 ++++++------ .../CWE-322/InsecureHostKeyCallback.expected | 16 +- .../CWE-326/InsufficientKeySize.expected | 6 +- .../CWE-347/MissingJwtSignatureCheck.expected | 12 +- .../BadRedirectCheck.expected | 16 +- 24 files changed, 559 insertions(+), 559 deletions(-) diff --git a/go/ql/test/example-tests/snippets/typeinfo.expected b/go/ql/test/example-tests/snippets/typeinfo.expected index 91ea716693f0..c3a0ff5dacb2 100644 --- a/go/ql/test/example-tests/snippets/typeinfo.expected +++ b/go/ql/test/example-tests/snippets/typeinfo.expected @@ -2,7 +2,7 @@ | file://:0:0:0:0 | [summary param] -1 in Clone | | file://:0:0:0:0 | [summary param] -1 in Write | | file://:0:0:0:0 | [summary param] -1 in WriteProxy | +| main.go:18:12:18:14 | SSA def(req) | | main.go:18:12:18:14 | argument corresponding to req | -| main.go:18:12:18:14 | definition of req | | main.go:20:5:20:7 | req | | main.go:20:5:20:7 | req [postupdate] | diff --git a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected index 46bccc77a976..c770dc825d71 100644 --- a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected +++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected @@ -47,27 +47,27 @@ | test.go:621:25:621:31 | tarRead | test.go:93:5:93:16 | selection of Body | test.go:621:25:621:31 | tarRead | This decompression is $@. | test.go:93:5:93:16 | selection of Body | decompressing compressed data without managing output size | | test.go:629:2:629:8 | tarRead | test.go:93:5:93:16 | selection of Body | test.go:629:2:629:8 | tarRead | This decompression is $@. | test.go:93:5:93:16 | selection of Body | decompressing compressed data without managing output size | edges -| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:2 | -| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | definition of file | provenance | Src:MaD:1 | -| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | definition of file | provenance | Src:MaD:1 | -| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | definition of file | provenance | Src:MaD:1 | -| test.go:64:8:64:19 | selection of Body | test.go:208:12:208:15 | definition of file | provenance | Src:MaD:1 | -| test.go:66:8:66:19 | selection of Body | test.go:233:12:233:15 | definition of file | provenance | Src:MaD:1 | -| test.go:68:17:68:28 | selection of Body | test.go:258:21:258:24 | definition of file | provenance | Src:MaD:1 | -| test.go:70:13:70:24 | selection of Body | test.go:283:17:283:20 | definition of file | provenance | Src:MaD:1 | -| test.go:72:16:72:27 | selection of Body | test.go:308:20:308:23 | definition of file | provenance | Src:MaD:1 | -| test.go:74:7:74:18 | selection of Body | test.go:333:11:333:14 | definition of file | provenance | Src:MaD:1 | -| test.go:76:9:76:20 | selection of Body | test.go:358:13:358:16 | definition of file | provenance | Src:MaD:1 | -| test.go:78:18:78:29 | selection of Body | test.go:384:22:384:25 | definition of file | provenance | Src:MaD:1 | -| test.go:80:5:80:16 | selection of Body | test.go:412:9:412:12 | definition of file | provenance | Src:MaD:1 | -| test.go:82:7:82:18 | selection of Body | test.go:447:11:447:14 | definition of file | provenance | Src:MaD:1 | -| test.go:84:15:84:26 | selection of Body | test.go:440:19:440:21 | definition of src | provenance | Src:MaD:1 | -| test.go:85:16:85:27 | selection of Body | test.go:472:20:472:23 | definition of file | provenance | Src:MaD:1 | -| test.go:87:16:87:27 | selection of Body | test.go:499:20:499:23 | definition of file | provenance | Src:MaD:1 | -| test.go:89:17:89:28 | selection of Body | test.go:526:21:526:24 | definition of file | provenance | Src:MaD:1 | -| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | definition of file | provenance | Src:MaD:1 | -| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | definition of file | provenance | Src:MaD:1 | -| test.go:128:20:128:27 | definition of filename | test.go:130:33:130:40 | filename | provenance | | +| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | SSA def(filename) | provenance | Src:MaD:2 | +| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:64:8:64:19 | selection of Body | test.go:208:12:208:15 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:66:8:66:19 | selection of Body | test.go:233:12:233:15 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:68:17:68:28 | selection of Body | test.go:258:21:258:24 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:70:13:70:24 | selection of Body | test.go:283:17:283:20 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:72:16:72:27 | selection of Body | test.go:308:20:308:23 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:74:7:74:18 | selection of Body | test.go:333:11:333:14 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:76:9:76:20 | selection of Body | test.go:358:13:358:16 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:78:18:78:29 | selection of Body | test.go:384:22:384:25 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:80:5:80:16 | selection of Body | test.go:412:9:412:12 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:82:7:82:18 | selection of Body | test.go:447:11:447:14 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:84:15:84:26 | selection of Body | test.go:440:19:440:21 | SSA def(src) | provenance | Src:MaD:1 | +| test.go:85:16:85:27 | selection of Body | test.go:472:20:472:23 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:87:16:87:27 | selection of Body | test.go:499:20:499:23 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:89:17:89:28 | selection of Body | test.go:526:21:526:24 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | SSA def(file) | provenance | Src:MaD:1 | +| test.go:128:20:128:27 | SSA def(filename) | test.go:130:33:130:40 | filename | provenance | | | test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance | | | test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | Config | | test.go:130:33:130:40 | filename | test.go:143:51:143:58 | filename | provenance | | @@ -77,7 +77,7 @@ edges | test.go:143:51:143:58 | filename | test.go:143:2:143:59 | ... := ...[0] | provenance | Config | | test.go:145:12:145:12 | f | test.go:145:12:145:19 | call to Open | provenance | Config | | test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance | | -| test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance | | +| test.go:158:19:158:22 | SSA def(file) | test.go:159:25:159:28 | file | provenance | | | test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance | | | test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:6 | | test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance | | @@ -85,7 +85,7 @@ edges | test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:5 | | test.go:163:3:163:36 | ... := ...[0] | test.go:164:36:164:51 | fileReaderCloser | provenance | | | test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:4 | -| test.go:169:28:169:31 | definition of file | test.go:170:25:170:28 | file | provenance | | +| test.go:169:28:169:31 | SSA def(file) | test.go:170:25:170:28 | file | provenance | | | test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance | | | test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:6 | | test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance | | @@ -93,64 +93,64 @@ edges | test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:5 | | test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance | Config | | test.go:175:26:175:36 | call to Open | test.go:176:36:176:51 | fileReaderCloser | provenance | | -| test.go:181:17:181:20 | definition of file | test.go:184:41:184:44 | file | provenance | | +| test.go:181:17:181:20 | SSA def(file) | test.go:184:41:184:44 | file | provenance | | | test.go:184:2:184:73 | ... := ...[0] | test.go:186:2:186:12 | bzip2Reader | provenance | | | test.go:184:2:184:73 | ... := ...[0] | test.go:187:26:187:36 | bzip2Reader | provenance | | | test.go:184:41:184:44 | file | test.go:184:2:184:73 | ... := ...[0] | provenance | Config | | test.go:187:12:187:37 | call to NewReader | test.go:189:18:189:24 | tarRead | provenance | | | test.go:187:26:187:36 | bzip2Reader | test.go:187:12:187:37 | call to NewReader | provenance | MaD:3 | -| test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:208:12:208:15 | definition of file | test.go:211:33:211:36 | file | provenance | | +| test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:208:12:208:15 | SSA def(file) | test.go:211:33:211:36 | file | provenance | | | test.go:211:17:211:37 | call to NewReader | test.go:213:2:213:12 | bzip2Reader | provenance | | | test.go:211:17:211:37 | call to NewReader | test.go:214:26:214:36 | bzip2Reader | provenance | | | test.go:211:33:211:36 | file | test.go:211:17:211:37 | call to NewReader | provenance | Config | | test.go:214:12:214:37 | call to NewReader | test.go:216:18:216:24 | tarRead | provenance | | | test.go:214:26:214:36 | bzip2Reader | test.go:214:12:214:37 | call to NewReader | provenance | MaD:3 | -| test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:233:12:233:15 | definition of file | test.go:236:33:236:36 | file | provenance | | +| test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:233:12:233:15 | SSA def(file) | test.go:236:33:236:36 | file | provenance | | | test.go:236:17:236:37 | call to NewReader | test.go:238:2:238:12 | flateReader | provenance | | | test.go:236:17:236:37 | call to NewReader | test.go:239:26:239:36 | flateReader | provenance | | | test.go:236:33:236:36 | file | test.go:236:17:236:37 | call to NewReader | provenance | Config | | test.go:239:12:239:37 | call to NewReader | test.go:241:18:241:24 | tarRead | provenance | | | test.go:239:26:239:36 | flateReader | test.go:239:12:239:37 | call to NewReader | provenance | MaD:3 | -| test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:258:21:258:24 | definition of file | test.go:261:42:261:45 | file | provenance | | +| test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:258:21:258:24 | SSA def(file) | test.go:261:42:261:45 | file | provenance | | | test.go:261:17:261:46 | call to NewReader | test.go:263:2:263:12 | flateReader | provenance | | | test.go:261:17:261:46 | call to NewReader | test.go:264:26:264:36 | flateReader | provenance | | | test.go:261:42:261:45 | file | test.go:261:17:261:46 | call to NewReader | provenance | Config | | test.go:264:12:264:37 | call to NewReader | test.go:266:18:266:24 | tarRead | provenance | | | test.go:264:26:264:36 | flateReader | test.go:264:12:264:37 | call to NewReader | provenance | MaD:3 | -| test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:283:17:283:20 | definition of file | test.go:286:41:286:44 | file | provenance | | +| test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:283:17:283:20 | SSA def(file) | test.go:286:41:286:44 | file | provenance | | | test.go:286:2:286:73 | ... := ...[0] | test.go:288:2:288:12 | flateReader | provenance | | | test.go:286:2:286:73 | ... := ...[0] | test.go:289:26:289:36 | flateReader | provenance | | | test.go:286:41:286:44 | file | test.go:286:2:286:73 | ... := ...[0] | provenance | Config | | test.go:289:12:289:37 | call to NewReader | test.go:291:18:291:24 | tarRead | provenance | | | test.go:289:26:289:36 | flateReader | test.go:289:12:289:37 | call to NewReader | provenance | MaD:3 | -| test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:308:20:308:23 | definition of file | test.go:311:43:311:46 | file | provenance | | +| test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:308:20:308:23 | SSA def(file) | test.go:311:43:311:46 | file | provenance | | | test.go:311:2:311:47 | ... := ...[0] | test.go:313:2:313:11 | zlibReader | provenance | | | test.go:311:2:311:47 | ... := ...[0] | test.go:314:26:314:35 | zlibReader | provenance | | | test.go:311:43:311:46 | file | test.go:311:2:311:47 | ... := ...[0] | provenance | Config | | test.go:314:12:314:36 | call to NewReader | test.go:316:18:316:24 | tarRead | provenance | | | test.go:314:26:314:35 | zlibReader | test.go:314:12:314:36 | call to NewReader | provenance | MaD:3 | -| test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:333:11:333:14 | definition of file | test.go:336:34:336:37 | file | provenance | | +| test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:333:11:333:14 | SSA def(file) | test.go:336:34:336:37 | file | provenance | | | test.go:336:2:336:38 | ... := ...[0] | test.go:338:2:338:11 | zlibReader | provenance | | | test.go:336:2:336:38 | ... := ...[0] | test.go:339:26:339:35 | zlibReader | provenance | | | test.go:336:34:336:37 | file | test.go:336:2:336:38 | ... := ...[0] | provenance | Config | | test.go:339:12:339:36 | call to NewReader | test.go:341:18:341:24 | tarRead | provenance | | | test.go:339:26:339:35 | zlibReader | test.go:339:12:339:36 | call to NewReader | provenance | MaD:3 | -| test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:358:13:358:16 | definition of file | test.go:361:35:361:38 | file | provenance | | +| test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:358:13:358:16 | SSA def(file) | test.go:361:35:361:38 | file | provenance | | | test.go:361:18:361:39 | call to NewReader | test.go:363:2:363:13 | snappyReader | provenance | | | test.go:361:18:361:39 | call to NewReader | test.go:364:2:364:13 | snappyReader | provenance | | | test.go:361:18:361:39 | call to NewReader | test.go:365:26:365:37 | snappyReader | provenance | | | test.go:361:35:361:38 | file | test.go:361:18:361:39 | call to NewReader | provenance | Config | | test.go:365:12:365:38 | call to NewReader | test.go:367:18:367:24 | tarRead | provenance | | | test.go:365:26:365:37 | snappyReader | test.go:365:12:365:38 | call to NewReader | provenance | MaD:3 | -| test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:384:22:384:25 | definition of file | test.go:387:44:387:47 | file | provenance | | +| test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:384:22:384:25 | SSA def(file) | test.go:387:44:387:47 | file | provenance | | | test.go:387:18:387:48 | call to NewReader | test.go:389:2:389:13 | snappyReader | provenance | | | test.go:387:18:387:48 | call to NewReader | test.go:391:2:391:13 | snappyReader | provenance | | | test.go:387:18:387:48 | call to NewReader | test.go:392:2:392:13 | snappyReader | provenance | | @@ -158,8 +158,8 @@ edges | test.go:387:44:387:47 | file | test.go:387:18:387:48 | call to NewReader | provenance | Config | | test.go:393:12:393:38 | call to NewReader | test.go:395:18:395:24 | tarRead | provenance | | | test.go:393:26:393:37 | snappyReader | test.go:393:12:393:38 | call to NewReader | provenance | MaD:3 | -| test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:412:9:412:12 | definition of file | test.go:415:27:415:30 | file | provenance | | +| test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:412:9:412:12 | SSA def(file) | test.go:415:27:415:30 | file | provenance | | | test.go:415:14:415:31 | call to NewReader | test.go:417:2:417:9 | s2Reader | provenance | | | test.go:415:14:415:31 | call to NewReader | test.go:418:2:418:9 | s2Reader | provenance | | | test.go:415:14:415:31 | call to NewReader | test.go:420:2:420:9 | s2Reader | provenance | | @@ -167,35 +167,35 @@ edges | test.go:415:27:415:30 | file | test.go:415:14:415:31 | call to NewReader | provenance | Config | | test.go:421:12:421:34 | call to NewReader | test.go:423:18:423:24 | tarRead | provenance | | | test.go:421:26:421:33 | s2Reader | test.go:421:12:421:34 | call to NewReader | provenance | MaD:3 | -| test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:440:19:440:21 | definition of src | test.go:441:34:441:36 | src | provenance | | +| test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:440:19:440:21 | SSA def(src) | test.go:441:34:441:36 | src | provenance | | | test.go:441:2:441:37 | ... := ...[0] | test.go:444:12:444:32 | type conversion | provenance | | | test.go:441:34:441:36 | src | test.go:441:2:441:37 | ... := ...[0] | provenance | Config | | test.go:444:12:444:32 | type conversion | test.go:445:23:445:28 | newSrc | provenance | | -| test.go:447:11:447:14 | definition of file | test.go:450:34:450:37 | file | provenance | | +| test.go:447:11:447:14 | SSA def(file) | test.go:450:34:450:37 | file | provenance | | | test.go:450:2:450:38 | ... := ...[0] | test.go:452:2:452:11 | gzipReader | provenance | | | test.go:450:2:450:38 | ... := ...[0] | test.go:453:26:453:35 | gzipReader | provenance | | | test.go:450:34:450:37 | file | test.go:450:2:450:38 | ... := ...[0] | provenance | Config | | test.go:453:12:453:36 | call to NewReader | test.go:455:18:455:24 | tarRead | provenance | | | test.go:453:26:453:35 | gzipReader | test.go:453:12:453:36 | call to NewReader | provenance | MaD:3 | -| test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:472:20:472:23 | definition of file | test.go:475:43:475:46 | file | provenance | | +| test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:472:20:472:23 | SSA def(file) | test.go:475:43:475:46 | file | provenance | | | test.go:475:2:475:47 | ... := ...[0] | test.go:477:2:477:11 | gzipReader | provenance | | | test.go:475:2:475:47 | ... := ...[0] | test.go:479:2:479:11 | gzipReader | provenance | | | test.go:475:2:475:47 | ... := ...[0] | test.go:480:26:480:35 | gzipReader | provenance | | | test.go:475:43:475:46 | file | test.go:475:2:475:47 | ... := ...[0] | provenance | Config | | test.go:480:12:480:36 | call to NewReader | test.go:482:18:482:24 | tarRead | provenance | | | test.go:480:26:480:35 | gzipReader | test.go:480:12:480:36 | call to NewReader | provenance | MaD:3 | -| test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:499:20:499:23 | definition of file | test.go:502:45:502:48 | file | provenance | | +| test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:499:20:499:23 | SSA def(file) | test.go:502:45:502:48 | file | provenance | | | test.go:502:2:502:49 | ... := ...[0] | test.go:504:2:504:12 | pgzipReader | provenance | | | test.go:502:2:502:49 | ... := ...[0] | test.go:506:2:506:12 | pgzipReader | provenance | | | test.go:502:2:502:49 | ... := ...[0] | test.go:507:26:507:36 | pgzipReader | provenance | | | test.go:502:45:502:48 | file | test.go:502:2:502:49 | ... := ...[0] | provenance | Config | | test.go:507:12:507:37 | call to NewReader | test.go:509:18:509:24 | tarRead | provenance | | | test.go:507:26:507:36 | pgzipReader | test.go:507:12:507:37 | call to NewReader | provenance | MaD:3 | -| test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:526:21:526:24 | definition of file | test.go:529:43:529:46 | file | provenance | | +| test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:526:21:526:24 | SSA def(file) | test.go:529:43:529:46 | file | provenance | | | test.go:529:2:529:47 | ... := ...[0] | test.go:531:2:531:11 | zstdReader | provenance | | | test.go:529:2:529:47 | ... := ...[0] | test.go:533:2:533:11 | zstdReader | provenance | | | test.go:529:2:529:47 | ... := ...[0] | test.go:535:2:535:11 | zstdReader | provenance | | @@ -203,33 +203,33 @@ edges | test.go:529:43:529:46 | file | test.go:529:2:529:47 | ... := ...[0] | provenance | Config | | test.go:536:12:536:36 | call to NewReader | test.go:538:18:538:24 | tarRead | provenance | | | test.go:536:26:536:35 | zstdReader | test.go:536:12:536:36 | call to NewReader | provenance | MaD:3 | -| test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:555:19:555:22 | definition of file | test.go:558:38:558:41 | file | provenance | | +| test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:555:19:555:22 | SSA def(file) | test.go:558:38:558:41 | file | provenance | | | test.go:558:16:558:42 | call to NewReader | test.go:560:2:560:11 | zstdReader | provenance | | | test.go:558:16:558:42 | call to NewReader | test.go:561:26:561:35 | zstdReader | provenance | | | test.go:558:38:558:41 | file | test.go:558:16:558:42 | call to NewReader | provenance | Config | | test.go:561:12:561:36 | call to NewReader | test.go:563:18:563:24 | tarRead | provenance | | | test.go:561:26:561:35 | zstdReader | test.go:561:12:561:36 | call to NewReader | provenance | MaD:3 | -| test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:580:9:580:12 | definition of file | test.go:583:30:583:33 | file | provenance | | +| test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:580:9:580:12 | SSA def(file) | test.go:583:30:583:33 | file | provenance | | | test.go:583:2:583:34 | ... := ...[0] | test.go:585:2:585:9 | xzReader | provenance | | | test.go:583:2:583:34 | ... := ...[0] | test.go:586:26:586:33 | xzReader | provenance | | | test.go:583:30:583:33 | file | test.go:583:2:583:34 | ... := ...[0] | provenance | Config | | test.go:586:12:586:34 | call to NewReader | test.go:589:18:589:24 | tarRead | provenance | | | test.go:586:12:586:34 | call to NewReader | test.go:590:19:590:25 | tarRead | provenance | | | test.go:586:26:586:33 | xzReader | test.go:586:12:586:34 | call to NewReader | provenance | MaD:3 | -| test.go:589:18:589:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | -| test.go:590:19:590:25 | tarRead | test.go:627:23:627:29 | definition of tarRead | provenance | | -| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance | | -| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance | | -| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance | | -| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance | | -| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance | | -| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance | | -| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance | | -| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance | | -| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance | | -| test.go:627:23:627:29 | definition of tarRead | test.go:629:2:629:8 | tarRead | provenance | | +| test.go:589:18:589:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance | | +| test.go:590:19:590:25 | tarRead | test.go:627:23:627:29 | SSA def(tarRead) | provenance | | +| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance | | +| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance | | +| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance | | +| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance | | +| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance | | +| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance | | +| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance | | +| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance | | +| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance | | +| test.go:627:23:627:29 | SSA def(tarRead) | test.go:629:2:629:8 | tarRead | provenance | | models | 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual | | 2 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual | @@ -258,7 +258,7 @@ nodes | test.go:89:17:89:28 | selection of Body | semmle.label | selection of Body | | test.go:91:15:91:26 | selection of Body | semmle.label | selection of Body | | test.go:93:5:93:16 | selection of Body | semmle.label | selection of Body | -| test.go:128:20:128:27 | definition of filename | semmle.label | definition of filename | +| test.go:128:20:128:27 | SSA def(filename) | semmle.label | SSA def(filename) | | test.go:130:2:130:41 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:130:33:130:40 | filename | semmle.label | filename | | test.go:132:3:132:19 | ... := ...[0] | semmle.label | ... := ...[0] | @@ -269,7 +269,7 @@ nodes | test.go:145:12:145:12 | f | semmle.label | f | | test.go:145:12:145:19 | call to Open | semmle.label | call to Open | | test.go:147:37:147:38 | rc | semmle.label | rc | -| test.go:158:19:158:22 | definition of file | semmle.label | definition of file | +| test.go:158:19:158:22 | SSA def(file) | semmle.label | SSA def(file) | | test.go:159:2:159:29 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:159:25:159:28 | file | semmle.label | file | | test.go:160:2:160:69 | ... := ...[0] | semmle.label | ... := ...[0] | @@ -278,7 +278,7 @@ nodes | test.go:163:3:163:36 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:163:26:163:29 | file | semmle.label | file | | test.go:164:36:164:51 | fileReaderCloser | semmle.label | fileReaderCloser | -| test.go:169:28:169:31 | definition of file | semmle.label | definition of file | +| test.go:169:28:169:31 | SSA def(file) | semmle.label | SSA def(file) | | test.go:170:2:170:29 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:170:25:170:28 | file | semmle.label | file | | test.go:171:2:171:78 | ... := ...[0] | semmle.label | ... := ...[0] | @@ -287,56 +287,56 @@ nodes | test.go:175:26:175:29 | file | semmle.label | file | | test.go:175:26:175:36 | call to Open | semmle.label | call to Open | | test.go:176:36:176:51 | fileReaderCloser | semmle.label | fileReaderCloser | -| test.go:181:17:181:20 | definition of file | semmle.label | definition of file | +| test.go:181:17:181:20 | SSA def(file) | semmle.label | SSA def(file) | | test.go:184:2:184:73 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:184:41:184:44 | file | semmle.label | file | | test.go:186:2:186:12 | bzip2Reader | semmle.label | bzip2Reader | | test.go:187:12:187:37 | call to NewReader | semmle.label | call to NewReader | | test.go:187:26:187:36 | bzip2Reader | semmle.label | bzip2Reader | | test.go:189:18:189:24 | tarRead | semmle.label | tarRead | -| test.go:208:12:208:15 | definition of file | semmle.label | definition of file | +| test.go:208:12:208:15 | SSA def(file) | semmle.label | SSA def(file) | | test.go:211:17:211:37 | call to NewReader | semmle.label | call to NewReader | | test.go:211:33:211:36 | file | semmle.label | file | | test.go:213:2:213:12 | bzip2Reader | semmle.label | bzip2Reader | | test.go:214:12:214:37 | call to NewReader | semmle.label | call to NewReader | | test.go:214:26:214:36 | bzip2Reader | semmle.label | bzip2Reader | | test.go:216:18:216:24 | tarRead | semmle.label | tarRead | -| test.go:233:12:233:15 | definition of file | semmle.label | definition of file | +| test.go:233:12:233:15 | SSA def(file) | semmle.label | SSA def(file) | | test.go:236:17:236:37 | call to NewReader | semmle.label | call to NewReader | | test.go:236:33:236:36 | file | semmle.label | file | | test.go:238:2:238:12 | flateReader | semmle.label | flateReader | | test.go:239:12:239:37 | call to NewReader | semmle.label | call to NewReader | | test.go:239:26:239:36 | flateReader | semmle.label | flateReader | | test.go:241:18:241:24 | tarRead | semmle.label | tarRead | -| test.go:258:21:258:24 | definition of file | semmle.label | definition of file | +| test.go:258:21:258:24 | SSA def(file) | semmle.label | SSA def(file) | | test.go:261:17:261:46 | call to NewReader | semmle.label | call to NewReader | | test.go:261:42:261:45 | file | semmle.label | file | | test.go:263:2:263:12 | flateReader | semmle.label | flateReader | | test.go:264:12:264:37 | call to NewReader | semmle.label | call to NewReader | | test.go:264:26:264:36 | flateReader | semmle.label | flateReader | | test.go:266:18:266:24 | tarRead | semmle.label | tarRead | -| test.go:283:17:283:20 | definition of file | semmle.label | definition of file | +| test.go:283:17:283:20 | SSA def(file) | semmle.label | SSA def(file) | | test.go:286:2:286:73 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:286:41:286:44 | file | semmle.label | file | | test.go:288:2:288:12 | flateReader | semmle.label | flateReader | | test.go:289:12:289:37 | call to NewReader | semmle.label | call to NewReader | | test.go:289:26:289:36 | flateReader | semmle.label | flateReader | | test.go:291:18:291:24 | tarRead | semmle.label | tarRead | -| test.go:308:20:308:23 | definition of file | semmle.label | definition of file | +| test.go:308:20:308:23 | SSA def(file) | semmle.label | SSA def(file) | | test.go:311:2:311:47 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:311:43:311:46 | file | semmle.label | file | | test.go:313:2:313:11 | zlibReader | semmle.label | zlibReader | | test.go:314:12:314:36 | call to NewReader | semmle.label | call to NewReader | | test.go:314:26:314:35 | zlibReader | semmle.label | zlibReader | | test.go:316:18:316:24 | tarRead | semmle.label | tarRead | -| test.go:333:11:333:14 | definition of file | semmle.label | definition of file | +| test.go:333:11:333:14 | SSA def(file) | semmle.label | SSA def(file) | | test.go:336:2:336:38 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:336:34:336:37 | file | semmle.label | file | | test.go:338:2:338:11 | zlibReader | semmle.label | zlibReader | | test.go:339:12:339:36 | call to NewReader | semmle.label | call to NewReader | | test.go:339:26:339:35 | zlibReader | semmle.label | zlibReader | | test.go:341:18:341:24 | tarRead | semmle.label | tarRead | -| test.go:358:13:358:16 | definition of file | semmle.label | definition of file | +| test.go:358:13:358:16 | SSA def(file) | semmle.label | SSA def(file) | | test.go:361:18:361:39 | call to NewReader | semmle.label | call to NewReader | | test.go:361:35:361:38 | file | semmle.label | file | | test.go:363:2:363:13 | snappyReader | semmle.label | snappyReader | @@ -344,7 +344,7 @@ nodes | test.go:365:12:365:38 | call to NewReader | semmle.label | call to NewReader | | test.go:365:26:365:37 | snappyReader | semmle.label | snappyReader | | test.go:367:18:367:24 | tarRead | semmle.label | tarRead | -| test.go:384:22:384:25 | definition of file | semmle.label | definition of file | +| test.go:384:22:384:25 | SSA def(file) | semmle.label | SSA def(file) | | test.go:387:18:387:48 | call to NewReader | semmle.label | call to NewReader | | test.go:387:44:387:47 | file | semmle.label | file | | test.go:389:2:389:13 | snappyReader | semmle.label | snappyReader | @@ -353,7 +353,7 @@ nodes | test.go:393:12:393:38 | call to NewReader | semmle.label | call to NewReader | | test.go:393:26:393:37 | snappyReader | semmle.label | snappyReader | | test.go:395:18:395:24 | tarRead | semmle.label | tarRead | -| test.go:412:9:412:12 | definition of file | semmle.label | definition of file | +| test.go:412:9:412:12 | SSA def(file) | semmle.label | SSA def(file) | | test.go:415:14:415:31 | call to NewReader | semmle.label | call to NewReader | | test.go:415:27:415:30 | file | semmle.label | file | | test.go:417:2:417:9 | s2Reader | semmle.label | s2Reader | @@ -362,19 +362,19 @@ nodes | test.go:421:12:421:34 | call to NewReader | semmle.label | call to NewReader | | test.go:421:26:421:33 | s2Reader | semmle.label | s2Reader | | test.go:423:18:423:24 | tarRead | semmle.label | tarRead | -| test.go:440:19:440:21 | definition of src | semmle.label | definition of src | +| test.go:440:19:440:21 | SSA def(src) | semmle.label | SSA def(src) | | test.go:441:2:441:37 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:441:34:441:36 | src | semmle.label | src | | test.go:444:12:444:32 | type conversion | semmle.label | type conversion | | test.go:445:23:445:28 | newSrc | semmle.label | newSrc | -| test.go:447:11:447:14 | definition of file | semmle.label | definition of file | +| test.go:447:11:447:14 | SSA def(file) | semmle.label | SSA def(file) | | test.go:450:2:450:38 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:450:34:450:37 | file | semmle.label | file | | test.go:452:2:452:11 | gzipReader | semmle.label | gzipReader | | test.go:453:12:453:36 | call to NewReader | semmle.label | call to NewReader | | test.go:453:26:453:35 | gzipReader | semmle.label | gzipReader | | test.go:455:18:455:24 | tarRead | semmle.label | tarRead | -| test.go:472:20:472:23 | definition of file | semmle.label | definition of file | +| test.go:472:20:472:23 | SSA def(file) | semmle.label | SSA def(file) | | test.go:475:2:475:47 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:475:43:475:46 | file | semmle.label | file | | test.go:477:2:477:11 | gzipReader | semmle.label | gzipReader | @@ -382,7 +382,7 @@ nodes | test.go:480:12:480:36 | call to NewReader | semmle.label | call to NewReader | | test.go:480:26:480:35 | gzipReader | semmle.label | gzipReader | | test.go:482:18:482:24 | tarRead | semmle.label | tarRead | -| test.go:499:20:499:23 | definition of file | semmle.label | definition of file | +| test.go:499:20:499:23 | SSA def(file) | semmle.label | SSA def(file) | | test.go:502:2:502:49 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:502:45:502:48 | file | semmle.label | file | | test.go:504:2:504:12 | pgzipReader | semmle.label | pgzipReader | @@ -390,7 +390,7 @@ nodes | test.go:507:12:507:37 | call to NewReader | semmle.label | call to NewReader | | test.go:507:26:507:36 | pgzipReader | semmle.label | pgzipReader | | test.go:509:18:509:24 | tarRead | semmle.label | tarRead | -| test.go:526:21:526:24 | definition of file | semmle.label | definition of file | +| test.go:526:21:526:24 | SSA def(file) | semmle.label | SSA def(file) | | test.go:529:2:529:47 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:529:43:529:46 | file | semmle.label | file | | test.go:531:2:531:11 | zstdReader | semmle.label | zstdReader | @@ -399,14 +399,14 @@ nodes | test.go:536:12:536:36 | call to NewReader | semmle.label | call to NewReader | | test.go:536:26:536:35 | zstdReader | semmle.label | zstdReader | | test.go:538:18:538:24 | tarRead | semmle.label | tarRead | -| test.go:555:19:555:22 | definition of file | semmle.label | definition of file | +| test.go:555:19:555:22 | SSA def(file) | semmle.label | SSA def(file) | | test.go:558:16:558:42 | call to NewReader | semmle.label | call to NewReader | | test.go:558:38:558:41 | file | semmle.label | file | | test.go:560:2:560:11 | zstdReader | semmle.label | zstdReader | | test.go:561:12:561:36 | call to NewReader | semmle.label | call to NewReader | | test.go:561:26:561:35 | zstdReader | semmle.label | zstdReader | | test.go:563:18:563:24 | tarRead | semmle.label | tarRead | -| test.go:580:9:580:12 | definition of file | semmle.label | definition of file | +| test.go:580:9:580:12 | SSA def(file) | semmle.label | SSA def(file) | | test.go:583:2:583:34 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:583:30:583:33 | file | semmle.label | file | | test.go:585:2:585:9 | xzReader | semmle.label | xzReader | @@ -414,15 +414,15 @@ nodes | test.go:586:26:586:33 | xzReader | semmle.label | xzReader | | test.go:589:18:589:24 | tarRead | semmle.label | tarRead | | test.go:590:19:590:25 | tarRead | semmle.label | tarRead | -| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead | -| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead | -| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead | -| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead | -| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead | -| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead | -| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead | -| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead | -| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead | +| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) | +| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) | +| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) | +| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) | +| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) | +| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) | +| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) | +| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) | +| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) | | test.go:621:25:621:31 | tarRead | semmle.label | tarRead | | test.go:621:25:621:31 | tarRead | semmle.label | tarRead | | test.go:621:25:621:31 | tarRead | semmle.label | tarRead | @@ -432,6 +432,6 @@ nodes | test.go:621:25:621:31 | tarRead | semmle.label | tarRead | | test.go:621:25:621:31 | tarRead | semmle.label | tarRead | | test.go:621:25:621:31 | tarRead | semmle.label | tarRead | -| test.go:627:23:627:29 | definition of tarRead | semmle.label | definition of tarRead | +| test.go:627:23:627:29 | SSA def(tarRead) | semmle.label | SSA def(tarRead) | | test.go:629:2:629:8 | tarRead | semmle.label | tarRead | subpaths diff --git a/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected b/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected index 3c7e02eea265..ca8254811435 100644 --- a/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected +++ b/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected @@ -10,8 +10,8 @@ edges | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | provenance | | | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | provenance | | | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | provenance | | -| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | provenance | | -| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance | | +| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | provenance | | +| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance | | | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | provenance | | | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | provenance | | | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | provenance | | @@ -39,7 +39,7 @@ nodes | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | semmle.label | type conversion | | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | semmle.label | type conversion | | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | semmle.label | type conversion | -| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | semmle.label | definition of req | +| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | semmle.label | SSA def(req) | | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | semmle.label | type conversion | | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | semmle.label | type conversion | | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | semmle.label | type conversion | diff --git a/go/ql/test/library-tests/semmle/go/concepts/Regexp/RegexpPattern.expected b/go/ql/test/library-tests/semmle/go/concepts/Regexp/RegexpPattern.expected index 1890c5c4ad93..63adab35d7b6 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/Regexp/RegexpPattern.expected +++ b/go/ql/test/library-tests/semmle/go/concepts/Regexp/RegexpPattern.expected @@ -3,7 +3,7 @@ | stdlib.go:13:21:13:24 | "ab" | ab | stdlib.go:13:21:13:24 | "ab" | | stdlib.go:15:26:15:39 | "[so]me\|regex" | [so]me\|regex | stdlib.go:15:2:15:40 | ... := ...[0] | | stdlib.go:15:26:15:39 | "[so]me\|regex" | [so]me\|regex | stdlib.go:15:26:15:39 | "[so]me\|regex" | -| stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:3 | definition of re | +| stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:3 | SSA def(re) | | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:38 | ... = ...[0] | | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:30:16:37 | "posix?" | | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:17:2:17:3 | re | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected index e04fcf753095..dac989575507 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected @@ -22,4 +22,4 @@ invalidModelRow | test.go:187:24:187:31 | call to Src1 | qltest | | test.go:191:24:191:31 | call to Src1 | qltest | | test.go:201:10:201:28 | selection of SourceVariable | qltest | -| test.go:208:15:208:17 | definition of src | qltest | +| test.go:208:15:208:17 | SSA def(src) | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected index f5768d49d1b5..87ca46d4c131 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected @@ -22,4 +22,4 @@ invalidModelRow | test.go:187:24:187:31 | call to Src1 | qltest | | test.go:191:24:191:31 | call to Src1 | qltest | | test.go:209:10:209:28 | selection of SourceVariable | qltest | -| test.go:216:15:216:17 | definition of src | qltest | +| test.go:216:15:216:17 | SSA def(src) | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected index fcbb78716a46..dcb4a63d1286 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected @@ -47,174 +47,174 @@ | file://:0:0:0:0 | function max | main.go:65:7:65:9 | max | | file://:0:0:0:0 | function min | main.go:64:7:64:9 | min | | main.go:3:6:3:10 | function test1 | main.go:34:2:34:6 | test1 | -| main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | definition of x | -| main.go:3:12:3:12 | definition of x | main.go:5:5:5:5 | x | -| main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | definition of fn | -| main.go:3:19:3:20 | definition of fn | main.go:10:24:10:25 | fn | +| main.go:3:12:3:12 | SSA def(x) | main.go:5:5:5:5 | x | +| main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | SSA def(x) | +| main.go:3:19:3:20 | SSA def(fn) | main.go:10:24:10:25 | fn | +| main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | SSA def(fn) | | main.go:5:5:5:5 | x | main.go:6:7:6:7 | x | | main.go:5:5:5:5 | x | main.go:8:8:8:8 | x | -| main.go:6:3:6:3 | definition of y | main.go:10:12:10:12 | y | -| main.go:6:7:6:7 | x | main.go:6:3:6:3 | definition of y | +| main.go:6:3:6:3 | SSA def(y) | main.go:10:12:10:12 | y | +| main.go:6:7:6:7 | x | main.go:6:3:6:3 | SSA def(y) | | main.go:6:7:6:7 | x | main.go:10:7:10:7 | x | -| main.go:8:3:8:3 | definition of y | main.go:10:12:10:12 | y | -| main.go:8:7:8:8 | -... | main.go:8:3:8:3 | definition of y | +| main.go:8:3:8:3 | SSA def(y) | main.go:10:12:10:12 | y | +| main.go:8:7:8:8 | -... | main.go:8:3:8:3 | SSA def(y) | | main.go:8:8:8:8 | x | main.go:10:7:10:7 | x | -| main.go:10:2:10:2 | definition of z | main.go:11:14:11:14 | z | +| main.go:10:2:10:2 | SSA def(z) | main.go:11:14:11:14 | z | | main.go:10:7:10:7 | x | main.go:10:22:10:22 | x | | main.go:10:7:10:12 | ...<=... | main.go:10:7:10:27 | ...&&... | -| main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | definition of z | +| main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | SSA def(z) | | main.go:10:12:10:12 | y | main.go:10:17:10:17 | y | | main.go:10:17:10:27 | ...>=... | main.go:10:7:10:27 | ...&&... | | main.go:11:14:11:14 | z | main.go:11:9:11:15 | type conversion | | main.go:14:6:14:10 | function test2 | main.go:34:8:34:12 | test2 | | main.go:14:6:14:10 | function test2 | main.go:34:19:34:23 | test2 | -| main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | definition of acc | -| main.go:16:9:19:2 | capture variable acc | main.go:17:3:17:5 | acc | -| main.go:17:3:17:7 | definition of acc | main.go:18:10:18:12 | acc | -| main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | definition of acc | -| main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | definition of b | -| main.go:22:12:22:12 | definition of b | main.go:23:5:23:5 | b | -| main.go:22:20:22:20 | argument corresponding to x | main.go:22:20:22:20 | definition of x | -| main.go:22:20:22:20 | definition of x | main.go:24:10:24:10 | x | -| main.go:22:20:22:20 | definition of x | main.go:26:11:26:11 | x | +| main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | SSA def(acc) | +| main.go:16:9:19:2 | SSA def(acc) | main.go:17:3:17:5 | acc | +| main.go:17:3:17:7 | SSA def(acc) | main.go:18:10:18:12 | acc | +| main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | SSA def(acc) | +| main.go:22:12:22:12 | SSA def(b) | main.go:23:5:23:5 | b | +| main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | SSA def(b) | +| main.go:22:20:22:20 | SSA def(x) | main.go:24:10:24:10 | x | +| main.go:22:20:22:20 | SSA def(x) | main.go:26:11:26:11 | x | +| main.go:22:20:22:20 | argument corresponding to x | main.go:22:20:22:20 | SSA def(x) | | main.go:24:10:24:10 | x | main.go:24:10:24:19 | type assertion | -| main.go:26:2:26:2 | definition of n | main.go:27:11:27:11 | n | -| main.go:26:2:26:17 | ... := ...[0] | main.go:26:2:26:2 | definition of n | -| main.go:26:2:26:17 | ... := ...[1] | main.go:26:5:26:6 | definition of ok | -| main.go:26:5:26:6 | definition of ok | main.go:27:5:27:6 | ok | +| main.go:26:2:26:2 | SSA def(n) | main.go:27:11:27:11 | n | +| main.go:26:2:26:17 | ... := ...[0] | main.go:26:2:26:2 | SSA def(n) | +| main.go:26:2:26:17 | ... := ...[1] | main.go:26:5:26:6 | SSA def(ok) | +| main.go:26:5:26:6 | SSA def(ok) | main.go:27:5:27:6 | ok | | main.go:26:11:26:11 | x | main.go:26:2:26:17 | ... := ...[0] | -| main.go:38:2:38:2 | definition of s | main.go:39:15:39:15 | s | -| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | definition of s | -| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | definition of s | -| main.go:39:2:39:3 | definition of s1 | main.go:40:18:40:19 | s1 | -| main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | definition of s1 | +| main.go:38:2:38:2 | SSA def(s) | main.go:39:15:39:15 | s | +| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | SSA def(s) | +| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | SSA def(s) | +| main.go:39:2:39:3 | SSA def(s1) | main.go:40:18:40:19 | s1 | +| main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | SSA def(s1) | | main.go:39:15:39:15 | s | main.go:40:15:40:15 | s | | main.go:39:15:39:15 | s [postupdate] | main.go:40:15:40:15 | s | -| main.go:40:2:40:3 | definition of s2 | main.go:43:9:43:10 | s2 | -| main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | definition of s2 | +| main.go:40:2:40:3 | SSA def(s2) | main.go:43:9:43:10 | s2 | +| main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | SSA def(s2) | | main.go:40:15:40:15 | s | main.go:42:7:42:7 | s | | main.go:40:15:40:15 | s [postupdate] | main.go:42:7:42:7 | s | -| main.go:41:2:41:3 | definition of s4 | main.go:42:10:42:11 | s4 | -| main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | definition of s4 | -| main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | definition of xs | -| main.go:46:13:46:14 | definition of xs | main.go:47:20:47:21 | xs | -| main.go:46:24:46:27 | definition of keys | main.go:46:24:46:27 | implicit read of keys | -| main.go:46:24:46:27 | definition of keys | main.go:49:3:49:6 | keys | -| main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | definition of keys | -| main.go:46:34:46:37 | definition of vals | main.go:46:34:46:37 | implicit read of vals | -| main.go:46:34:46:37 | definition of vals | main.go:48:3:48:6 | vals | -| main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | definition of vals | -| main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | definition of k | -| main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | definition of v | -| main.go:47:6:47:6 | definition of k | main.go:49:11:49:11 | k | -| main.go:47:9:47:9 | definition of v | main.go:48:11:48:11 | v | -| main.go:48:3:48:6 | definition of vals | main.go:46:34:46:37 | implicit read of vals | -| main.go:48:3:48:6 | definition of vals | main.go:48:3:48:6 | vals | -| main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | definition of vals | -| main.go:49:3:49:6 | definition of keys | main.go:46:24:46:27 | implicit read of keys | -| main.go:49:3:49:6 | definition of keys | main.go:49:3:49:6 | keys | -| main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | definition of keys | -| main.go:55:6:55:7 | definition of ch | main.go:56:2:56:3 | ch | -| main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | definition of ch | +| main.go:41:2:41:3 | SSA def(s4) | main.go:42:10:42:11 | s4 | +| main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | SSA def(s4) | +| main.go:46:13:46:14 | SSA def(xs) | main.go:47:20:47:21 | xs | +| main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | SSA def(xs) | +| main.go:46:24:46:27 | SSA def(keys) | main.go:46:24:46:27 | implicit read of keys | +| main.go:46:24:46:27 | SSA def(keys) | main.go:49:3:49:6 | keys | +| main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | SSA def(keys) | +| main.go:46:34:46:37 | SSA def(vals) | main.go:46:34:46:37 | implicit read of vals | +| main.go:46:34:46:37 | SSA def(vals) | main.go:48:3:48:6 | vals | +| main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | SSA def(vals) | +| main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | SSA def(k) | +| main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | SSA def(v) | +| main.go:47:6:47:6 | SSA def(k) | main.go:49:11:49:11 | k | +| main.go:47:9:47:9 | SSA def(v) | main.go:48:11:48:11 | v | +| main.go:48:3:48:6 | SSA def(vals) | main.go:46:34:46:37 | implicit read of vals | +| main.go:48:3:48:6 | SSA def(vals) | main.go:48:3:48:6 | vals | +| main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | SSA def(vals) | +| main.go:49:3:49:6 | SSA def(keys) | main.go:46:24:46:27 | implicit read of keys | +| main.go:49:3:49:6 | SSA def(keys) | main.go:49:3:49:6 | keys | +| main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | SSA def(keys) | +| main.go:55:6:55:7 | SSA def(ch) | main.go:56:2:56:3 | ch | +| main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | SSA def(ch) | | main.go:56:2:56:3 | ch | main.go:57:4:57:5 | ch | | main.go:56:2:56:3 | ch [postupdate] | main.go:57:4:57:5 | ch | -| main.go:61:2:61:2 | definition of x | main.go:64:11:64:11 | x | -| main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | definition of x | -| main.go:62:2:62:2 | definition of y | main.go:64:14:64:14 | y | -| main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | definition of y | -| main.go:63:2:63:2 | definition of z | main.go:64:17:64:17 | z | -| main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | definition of z | -| main.go:64:2:64:2 | definition of a | main.go:66:9:66:9 | a | -| main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | definition of a | +| main.go:61:2:61:2 | SSA def(x) | main.go:64:11:64:11 | x | +| main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | SSA def(x) | +| main.go:62:2:62:2 | SSA def(y) | main.go:64:14:64:14 | y | +| main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | SSA def(y) | +| main.go:63:2:63:2 | SSA def(z) | main.go:64:17:64:17 | z | +| main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | SSA def(z) | +| main.go:64:2:64:2 | SSA def(a) | main.go:66:9:66:9 | a | +| main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | SSA def(a) | | main.go:64:11:64:11 | x | main.go:64:7:64:18 | call to min | | main.go:64:11:64:11 | x | main.go:65:11:65:11 | x | | main.go:64:14:64:14 | y | main.go:64:7:64:18 | call to min | | main.go:64:14:64:14 | y | main.go:65:14:65:14 | y | | main.go:64:17:64:17 | z | main.go:64:7:64:18 | call to min | | main.go:64:17:64:17 | z | main.go:65:17:65:17 | z | -| main.go:65:2:65:2 | definition of b | main.go:66:12:66:12 | b | -| main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | definition of b | +| main.go:65:2:65:2 | SSA def(b) | main.go:66:12:66:12 | b | +| main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | SSA def(b) | | main.go:65:11:65:11 | x | main.go:65:7:65:18 | call to max | | main.go:65:14:65:14 | y | main.go:65:7:65:18 | call to max | | main.go:65:17:65:17 | z | main.go:65:7:65:18 | call to max | -| strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | definition of s | -| strings.go:8:12:8:12 | definition of s | strings.go:9:24:9:24 | s | -| strings.go:9:2:9:3 | definition of s2 | strings.go:11:20:11:21 | s2 | -| strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | definition of s2 | +| strings.go:8:12:8:12 | SSA def(s) | strings.go:9:24:9:24 | s | +| strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | SSA def(s) | +| strings.go:9:2:9:3 | SSA def(s2) | strings.go:11:20:11:21 | s2 | +| strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | SSA def(s2) | | strings.go:9:24:9:24 | s | strings.go:10:27:10:27 | s | -| strings.go:10:2:10:3 | definition of s3 | strings.go:11:24:11:25 | s3 | -| strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | definition of s3 | +| strings.go:10:2:10:3 | SSA def(s3) | strings.go:11:24:11:25 | s3 | +| strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | SSA def(s3) | | strings.go:11:20:11:21 | s2 | strings.go:11:48:11:49 | s2 | | strings.go:11:24:11:25 | s3 | strings.go:11:67:11:68 | s3 | -| url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | definition of b | -| url.go:8:12:8:12 | definition of b | url.go:11:5:11:5 | b | -| url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | definition of s | -| url.go:8:20:8:20 | definition of s | url.go:12:46:12:46 | s | -| url.go:8:20:8:20 | definition of s | url.go:14:48:14:48 | s | -| url.go:12:3:12:5 | definition of res | url.go:19:9:19:11 | res | -| url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | definition of res | -| url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | definition of err | -| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err | -| url.go:14:3:14:5 | definition of res | url.go:19:9:19:11 | res | -| url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | definition of res | -| url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | definition of err | -| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err | -| url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | definition of i | -| url.go:22:12:22:12 | definition of i | url.go:24:5:24:5 | i | -| url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | definition of s | -| url.go:22:19:22:19 | definition of s | url.go:23:20:23:20 | s | -| url.go:23:2:23:2 | definition of u | url.go:25:10:25:10 | u | -| url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | definition of u | +| url.go:8:12:8:12 | SSA def(b) | url.go:11:5:11:5 | b | +| url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | SSA def(b) | +| url.go:8:20:8:20 | SSA def(s) | url.go:12:46:12:46 | s | +| url.go:8:20:8:20 | SSA def(s) | url.go:14:48:14:48 | s | +| url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | SSA def(s) | +| url.go:12:3:12:5 | SSA def(res) | url.go:19:9:19:11 | res | +| url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | SSA def(res) | +| url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | SSA def(err) | +| url.go:12:8:12:10 | SSA def(err) | url.go:16:5:16:7 | err | +| url.go:14:3:14:5 | SSA def(res) | url.go:19:9:19:11 | res | +| url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | SSA def(res) | +| url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | SSA def(err) | +| url.go:14:8:14:10 | SSA def(err) | url.go:16:5:16:7 | err | +| url.go:22:12:22:12 | SSA def(i) | url.go:24:5:24:5 | i | +| url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | SSA def(i) | +| url.go:22:19:22:19 | SSA def(s) | url.go:23:20:23:20 | s | +| url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | SSA def(s) | +| url.go:23:2:23:2 | SSA def(u) | url.go:25:10:25:10 | u | +| url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | SSA def(u) | | url.go:23:20:23:20 | s | url.go:27:29:27:29 | s | -| url.go:27:2:27:2 | definition of u | url.go:28:14:28:14 | u | -| url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | definition of u | +| url.go:27:2:27:2 | SSA def(u) | url.go:28:14:28:14 | u | +| url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | SSA def(u) | | url.go:28:14:28:14 | u | url.go:29:14:29:14 | u | | url.go:28:14:28:14 | u [postupdate] | url.go:29:14:29:14 | u | | url.go:29:14:29:14 | u | url.go:30:11:30:11 | u | | url.go:29:14:29:14 | u [postupdate] | url.go:30:11:30:11 | u | -| url.go:30:2:30:3 | definition of bs | url.go:31:14:31:15 | bs | -| url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | definition of bs | +| url.go:30:2:30:3 | SSA def(bs) | url.go:31:14:31:15 | bs | +| url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | SSA def(bs) | | url.go:30:11:30:11 | u | url.go:32:9:32:9 | u | | url.go:30:11:30:11 | u [postupdate] | url.go:32:9:32:9 | u | -| url.go:32:2:32:2 | definition of u | url.go:33:14:33:14 | u | -| url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | definition of u | +| url.go:32:2:32:2 | SSA def(u) | url.go:33:14:33:14 | u | +| url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | SSA def(u) | | url.go:33:14:33:14 | u | url.go:34:14:34:14 | u | | url.go:33:14:33:14 | u [postupdate] | url.go:34:14:34:14 | u | | url.go:34:14:34:14 | u | url.go:35:14:35:14 | u | | url.go:34:14:34:14 | u [postupdate] | url.go:35:14:35:14 | u | | url.go:35:14:35:14 | u | url.go:36:6:36:6 | u | | url.go:35:14:35:14 | u [postupdate] | url.go:36:6:36:6 | u | -| url.go:36:2:36:2 | definition of u | url.go:37:9:37:9 | u | +| url.go:36:2:36:2 | SSA def(u) | url.go:37:9:37:9 | u | | url.go:36:6:36:6 | u | url.go:36:25:36:25 | u | | url.go:36:6:36:6 | u [postupdate] | url.go:36:25:36:25 | u | -| url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | definition of u | -| url.go:42:2:42:3 | definition of ui | url.go:43:11:43:12 | ui | -| url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | definition of ui | -| url.go:43:2:43:3 | definition of pw | url.go:44:14:44:15 | pw | -| url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | definition of pw | +| url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | SSA def(u) | +| url.go:42:2:42:3 | SSA def(ui) | url.go:43:11:43:12 | ui | +| url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | SSA def(ui) | +| url.go:43:2:43:3 | SSA def(pw) | url.go:44:14:44:15 | pw | +| url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | SSA def(pw) | | url.go:43:11:43:12 | ui | url.go:45:14:45:15 | ui | | url.go:43:11:43:12 | ui [postupdate] | url.go:45:14:45:15 | ui | | url.go:45:14:45:15 | ui | url.go:46:9:46:10 | ui | | url.go:45:14:45:15 | ui [postupdate] | url.go:46:9:46:10 | ui | -| url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | definition of q | -| url.go:49:12:49:12 | definition of q | url.go:50:25:50:25 | q | -| url.go:50:2:50:2 | definition of v | url.go:51:14:51:14 | v | -| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | definition of v | +| url.go:49:12:49:12 | SSA def(q) | url.go:50:25:50:25 | q | +| url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | SSA def(q) | +| url.go:50:2:50:2 | SSA def(v) | url.go:51:14:51:14 | v | +| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | SSA def(v) | | url.go:51:14:51:14 | v | url.go:52:14:52:14 | v | | url.go:51:14:51:14 | v [postupdate] | url.go:52:14:52:14 | v | | url.go:52:14:52:14 | v | url.go:53:9:53:9 | v | | url.go:52:14:52:14 | v [postupdate] | url.go:53:9:53:9 | v | -| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | definition of q | -| url.go:56:12:56:12 | definition of q | url.go:57:29:57:29 | q | -| url.go:57:2:57:8 | definition of joined1 | url.go:58:38:58:44 | joined1 | -| url.go:57:2:57:39 | ... := ...[0] | url.go:57:2:57:8 | definition of joined1 | -| url.go:58:2:58:8 | definition of joined2 | url.go:59:24:59:30 | joined2 | -| url.go:58:2:58:45 | ... := ...[0] | url.go:58:2:58:8 | definition of joined2 | -| url.go:59:2:59:6 | definition of asUrl | url.go:60:15:60:19 | asUrl | -| url.go:59:2:59:31 | ... := ...[0] | url.go:59:2:59:6 | definition of asUrl | -| url.go:60:2:60:10 | definition of joinedUrl | url.go:61:9:61:17 | joinedUrl | -| url.go:60:15:60:37 | call to JoinPath | url.go:60:2:60:10 | definition of joinedUrl | -| url.go:64:13:64:13 | argument corresponding to q | url.go:64:13:64:13 | definition of q | -| url.go:64:13:64:13 | definition of q | url.go:66:27:66:27 | q | -| url.go:65:2:65:9 | definition of cleanUrl | url.go:66:9:66:16 | cleanUrl | -| url.go:65:2:65:48 | ... := ...[0] | url.go:65:2:65:9 | definition of cleanUrl | +| url.go:56:12:56:12 | SSA def(q) | url.go:57:29:57:29 | q | +| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | SSA def(q) | +| url.go:57:2:57:8 | SSA def(joined1) | url.go:58:38:58:44 | joined1 | +| url.go:57:2:57:39 | ... := ...[0] | url.go:57:2:57:8 | SSA def(joined1) | +| url.go:58:2:58:8 | SSA def(joined2) | url.go:59:24:59:30 | joined2 | +| url.go:58:2:58:45 | ... := ...[0] | url.go:58:2:58:8 | SSA def(joined2) | +| url.go:59:2:59:6 | SSA def(asUrl) | url.go:60:15:60:19 | asUrl | +| url.go:59:2:59:31 | ... := ...[0] | url.go:59:2:59:6 | SSA def(asUrl) | +| url.go:60:2:60:10 | SSA def(joinedUrl) | url.go:61:9:61:17 | joinedUrl | +| url.go:60:15:60:37 | call to JoinPath | url.go:60:2:60:10 | SSA def(joinedUrl) | +| url.go:64:13:64:13 | SSA def(q) | url.go:66:27:66:27 | q | +| url.go:64:13:64:13 | argument corresponding to q | url.go:64:13:64:13 | SSA def(q) | +| url.go:65:2:65:9 | SSA def(cleanUrl) | url.go:66:9:66:16 | cleanUrl | +| url.go:65:2:65:48 | ... := ...[0] | url.go:65:2:65:9 | SSA def(cleanUrl) | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getEntryNode.expected b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getEntryNode.expected index 8c3a2b043dce..a64298b64442 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getEntryNode.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getEntryNode.expected @@ -25,15 +25,15 @@ | result | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 | | result | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump | | result | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | -| result | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | definition of err | -| result | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | definition of bytesBuffer | +| result | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | SSA def(err) | +| result | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | SSA def(bytesBuffer) | | result 0 | main.go:51:2:51:14 | call to op | main.go:51:2:51:14 | call to op | | result 0 | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 | | result 0 | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump | -| result 0 | main.go:54:10:54:15 | call to test | main.go:54:2:54:2 | definition of x | -| result 0 | main.go:56:9:56:15 | call to test2 | main.go:56:2:56:2 | definition of x | +| result 0 | main.go:54:10:54:15 | call to test | main.go:54:2:54:2 | SSA def(x) | +| result 0 | main.go:56:9:56:15 | call to test2 | main.go:56:2:56:2 | SSA def(x) | | result 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | -| result 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | definition of err | -| result 0 | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | definition of bytesBuffer | -| result 1 | main.go:54:10:54:15 | call to test | main.go:54:5:54:5 | definition of y | -| result 1 | main.go:56:9:56:15 | call to test2 | main.go:56:5:56:5 | definition of y | +| result 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | SSA def(err) | +| result 0 | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | SSA def(bytesBuffer) | +| result 1 | main.go:54:10:54:15 | call to test | main.go:54:5:54:5 | SSA def(y) | +| result 1 | main.go:56:9:56:15 | call to test2 | main.go:56:5:56:5 | SSA def(y) | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getExitNode.expected b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getExitNode.expected index b9878f7e1691..b101ce537fca 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getExitNode.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getExitNode.expected @@ -1,14 +1,14 @@ -| parameter 0 | main.go:5:1:11:1 | function declaration | main.go:5:9:5:10 | definition of op | -| parameter 0 | main.go:13:1:20:1 | function declaration | main.go:13:10:13:11 | definition of op | -| parameter 0 | main.go:40:1:48:1 | function declaration | main.go:40:12:40:12 | definition of b | -| parameter 0 | reset.go:8:1:16:1 | function declaration | reset.go:8:27:8:27 | definition of r | -| parameter 0 | tst2.go:8:1:12:1 | function declaration | tst2.go:8:12:8:15 | definition of data | -| parameter 0 | tst.go:8:1:11:1 | function declaration | tst.go:8:12:8:17 | definition of reader | +| parameter 0 | main.go:5:1:11:1 | function declaration | main.go:5:9:5:10 | SSA def(op) | +| parameter 0 | main.go:13:1:20:1 | function declaration | main.go:13:10:13:11 | SSA def(op) | +| parameter 0 | main.go:40:1:48:1 | function declaration | main.go:40:12:40:12 | SSA def(b) | +| parameter 0 | reset.go:8:1:16:1 | function declaration | reset.go:8:27:8:27 | SSA def(r) | +| parameter 0 | tst2.go:8:1:12:1 | function declaration | tst2.go:8:12:8:15 | SSA def(data) | +| parameter 0 | tst.go:8:1:11:1 | function declaration | tst.go:8:12:8:17 | SSA def(reader) | | parameter 0 | tst.go:13:1:13:25 | function declaration | tst.go:13:12:13:13 | initialization of xs | -| parameter 0 | tst.go:15:1:19:1 | function declaration | tst.go:15:12:15:12 | definition of x | -| parameter 1 | main.go:5:1:11:1 | function declaration | main.go:5:20:5:20 | definition of x | -| parameter 1 | main.go:13:1:20:1 | function declaration | main.go:13:21:13:21 | definition of x | -| parameter 1 | tst.go:15:1:19:1 | function declaration | tst.go:15:15:15:15 | definition of y | -| parameter 2 | main.go:5:1:11:1 | function declaration | main.go:5:27:5:27 | definition of y | -| parameter 2 | main.go:13:1:20:1 | function declaration | main.go:13:28:13:28 | definition of y | -| receiver | main.go:26:1:29:1 | function declaration | main.go:26:7:26:7 | definition of c | +| parameter 0 | tst.go:15:1:19:1 | function declaration | tst.go:15:12:15:12 | SSA def(x) | +| parameter 1 | main.go:5:1:11:1 | function declaration | main.go:5:20:5:20 | SSA def(x) | +| parameter 1 | main.go:13:1:20:1 | function declaration | main.go:13:21:13:21 | SSA def(x) | +| parameter 1 | tst.go:15:1:19:1 | function declaration | tst.go:15:15:15:15 | SSA def(y) | +| parameter 2 | main.go:5:1:11:1 | function declaration | main.go:5:27:5:27 | SSA def(y) | +| parameter 2 | main.go:13:1:20:1 | function declaration | main.go:13:28:13:28 | SSA def(y) | +| receiver | main.go:26:1:29:1 | function declaration | main.go:26:7:26:7 | SSA def(c) | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected index 5908aa8d113e..660e3b62b707 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected @@ -78,135 +78,135 @@ | main.go:7:6:7:9 | function sink | main.go:148:2:148:5 | sink | | main.go:7:6:7:9 | function sink | main.go:149:2:149:5 | sink | | main.go:7:6:7:9 | function sink | main.go:150:2:150:5 | sink | -| main.go:22:2:22:6 | definition of outer | main.go:25:7:25:11 | outer | -| main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | definition of outer | -| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | definition of outer | +| main.go:22:2:22:6 | SSA def(outer) | main.go:25:7:25:11 | outer | +| main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | SSA def(outer) | +| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | SSA def(outer) | | main.go:25:7:25:11 | outer | main.go:26:7:26:11 | outer | | main.go:26:7:26:11 | outer | main.go:27:7:27:11 | outer | | main.go:27:7:27:11 | outer | main.go:28:7:28:11 | outer | -| main.go:30:2:30:7 | definition of outerp | main.go:33:7:33:12 | outerp | -| main.go:30:12:32:2 | &... | main.go:30:2:30:7 | definition of outerp | -| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | definition of outerp | +| main.go:30:2:30:7 | SSA def(outerp) | main.go:33:7:33:12 | outerp | +| main.go:30:12:32:2 | &... | main.go:30:2:30:7 | SSA def(outerp) | +| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | SSA def(outerp) | | main.go:33:7:33:12 | outerp | main.go:34:7:34:12 | outerp | | main.go:33:7:33:12 | outerp [postupdate] | main.go:34:7:34:12 | outerp | | main.go:34:7:34:12 | outerp | main.go:35:7:35:12 | outerp | | main.go:34:7:34:12 | outerp [postupdate] | main.go:35:7:35:12 | outerp | | main.go:35:7:35:12 | outerp | main.go:36:7:36:12 | outerp | | main.go:35:7:35:12 | outerp [postupdate] | main.go:36:7:36:12 | outerp | -| main.go:40:2:40:6 | definition of outer | main.go:41:7:41:11 | outer | -| main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | definition of outer | -| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | definition of outer | +| main.go:40:2:40:6 | SSA def(outer) | main.go:41:7:41:11 | outer | +| main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | SSA def(outer) | +| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | SSA def(outer) | | main.go:41:7:41:11 | outer | main.go:42:7:42:11 | outer | | main.go:42:7:42:11 | outer | main.go:43:7:43:11 | outer | | main.go:43:7:43:11 | outer | main.go:44:7:44:11 | outer | -| main.go:46:2:46:7 | definition of outerp | main.go:47:7:47:12 | outerp | -| main.go:46:12:46:42 | &... | main.go:46:2:46:7 | definition of outerp | -| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | definition of outerp | +| main.go:46:2:46:7 | SSA def(outerp) | main.go:47:7:47:12 | outerp | +| main.go:46:12:46:42 | &... | main.go:46:2:46:7 | SSA def(outerp) | +| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | SSA def(outerp) | | main.go:47:7:47:12 | outerp | main.go:48:7:48:12 | outerp | | main.go:47:7:47:12 | outerp [postupdate] | main.go:48:7:48:12 | outerp | | main.go:48:7:48:12 | outerp | main.go:49:7:49:12 | outerp | | main.go:48:7:48:12 | outerp [postupdate] | main.go:49:7:49:12 | outerp | | main.go:49:7:49:12 | outerp | main.go:50:7:50:12 | outerp | | main.go:49:7:49:12 | outerp [postupdate] | main.go:50:7:50:12 | outerp | -| main.go:54:2:54:6 | definition of inner | main.go:55:19:55:23 | inner | -| main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | definition of inner | -| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | definition of inner | -| main.go:55:2:55:7 | definition of middle | main.go:56:17:56:22 | middle | -| main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | definition of middle | -| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | definition of middle | -| main.go:56:2:56:6 | definition of outer | main.go:57:7:57:11 | outer | -| main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | definition of outer | -| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | definition of outer | +| main.go:54:2:54:6 | SSA def(inner) | main.go:55:19:55:23 | inner | +| main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | SSA def(inner) | +| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | SSA def(inner) | +| main.go:55:2:55:7 | SSA def(middle) | main.go:56:17:56:22 | middle | +| main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | SSA def(middle) | +| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | SSA def(middle) | +| main.go:56:2:56:6 | SSA def(outer) | main.go:57:7:57:11 | outer | +| main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | SSA def(outer) | +| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | SSA def(outer) | | main.go:57:7:57:11 | outer | main.go:58:7:58:11 | outer | | main.go:58:7:58:11 | outer | main.go:59:7:59:11 | outer | | main.go:59:7:59:11 | outer | main.go:60:7:60:11 | outer | -| main.go:62:2:62:7 | definition of innerp | main.go:63:20:63:25 | innerp | -| main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | definition of innerp | -| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | definition of innerp | -| main.go:63:2:63:8 | definition of middlep | main.go:64:18:64:24 | middlep | -| main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | definition of middlep | -| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | definition of middlep | -| main.go:64:2:64:7 | definition of outerp | main.go:65:7:65:12 | outerp | -| main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | definition of outerp | -| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | definition of outerp | +| main.go:62:2:62:7 | SSA def(innerp) | main.go:63:20:63:25 | innerp | +| main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | SSA def(innerp) | +| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | SSA def(innerp) | +| main.go:63:2:63:8 | SSA def(middlep) | main.go:64:18:64:24 | middlep | +| main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | SSA def(middlep) | +| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | SSA def(middlep) | +| main.go:64:2:64:7 | SSA def(outerp) | main.go:65:7:65:12 | outerp | +| main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | SSA def(outerp) | +| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | SSA def(outerp) | | main.go:65:7:65:12 | outerp | main.go:66:7:66:12 | outerp | | main.go:66:7:66:12 | outerp | main.go:67:7:67:12 | outerp | | main.go:67:7:67:12 | outerp | main.go:68:7:68:12 | outerp | -| main.go:72:2:72:6 | definition of inner | main.go:73:26:73:30 | inner | -| main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | definition of inner | -| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | definition of inner | -| main.go:73:2:73:7 | definition of middle | main.go:74:25:74:30 | middle | -| main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | definition of middle | -| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | definition of middle | -| main.go:74:2:74:6 | definition of outer | main.go:75:7:75:11 | outer | -| main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | definition of outer | -| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | definition of outer | +| main.go:72:2:72:6 | SSA def(inner) | main.go:73:26:73:30 | inner | +| main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | SSA def(inner) | +| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | SSA def(inner) | +| main.go:73:2:73:7 | SSA def(middle) | main.go:74:25:74:30 | middle | +| main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | SSA def(middle) | +| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | SSA def(middle) | +| main.go:74:2:74:6 | SSA def(outer) | main.go:75:7:75:11 | outer | +| main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | SSA def(outer) | +| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | SSA def(outer) | | main.go:75:7:75:11 | outer | main.go:76:7:76:11 | outer | | main.go:76:7:76:11 | outer | main.go:77:7:77:11 | outer | | main.go:77:7:77:11 | outer | main.go:78:7:78:11 | outer | -| main.go:80:2:80:7 | definition of innerp | main.go:81:27:81:32 | innerp | -| main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | definition of innerp | -| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | definition of innerp | -| main.go:81:2:81:8 | definition of middlep | main.go:82:26:82:32 | middlep | -| main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | definition of middlep | -| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | definition of middlep | -| main.go:82:2:82:7 | definition of outerp | main.go:83:7:83:12 | outerp | -| main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | definition of outerp | -| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | definition of outerp | +| main.go:80:2:80:7 | SSA def(innerp) | main.go:81:27:81:32 | innerp | +| main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | SSA def(innerp) | +| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | SSA def(innerp) | +| main.go:81:2:81:8 | SSA def(middlep) | main.go:82:26:82:32 | middlep | +| main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | SSA def(middlep) | +| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | SSA def(middlep) | +| main.go:82:2:82:7 | SSA def(outerp) | main.go:83:7:83:12 | outerp | +| main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | SSA def(outerp) | +| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | SSA def(outerp) | | main.go:83:7:83:12 | outerp | main.go:84:7:84:12 | outerp | | main.go:84:7:84:12 | outerp | main.go:85:7:85:12 | outerp | | main.go:85:7:85:12 | outerp | main.go:86:7:86:12 | outerp | -| main.go:90:6:90:10 | definition of outer | main.go:91:2:91:6 | outer | -| main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | definition of outer | +| main.go:90:6:90:10 | SSA def(outer) | main.go:91:2:91:6 | outer | +| main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | SSA def(outer) | | main.go:91:2:91:6 | outer | main.go:92:7:92:11 | outer | | main.go:91:2:91:6 | outer [postupdate] | main.go:92:7:92:11 | outer | | main.go:92:7:92:11 | outer | main.go:93:7:93:11 | outer | | main.go:93:7:93:11 | outer | main.go:94:7:94:11 | outer | | main.go:94:7:94:11 | outer | main.go:95:7:95:11 | outer | -| main.go:97:6:97:11 | definition of outerp | main.go:98:2:98:7 | outerp | -| main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | definition of outerp | +| main.go:97:6:97:11 | SSA def(outerp) | main.go:98:2:98:7 | outerp | +| main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | SSA def(outerp) | | main.go:98:2:98:7 | outerp | main.go:99:7:99:12 | outerp | | main.go:98:2:98:7 | outerp [postupdate] | main.go:99:7:99:12 | outerp | | main.go:99:7:99:12 | outerp | main.go:100:7:100:12 | outerp | | main.go:100:7:100:12 | outerp | main.go:101:7:101:12 | outerp | | main.go:101:7:101:12 | outerp | main.go:102:7:102:12 | outerp | -| main.go:106:6:106:10 | definition of outer | main.go:107:2:107:6 | outer | -| main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | definition of outer | +| main.go:106:6:106:10 | SSA def(outer) | main.go:107:2:107:6 | outer | +| main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | SSA def(outer) | | main.go:107:2:107:6 | outer | main.go:108:7:108:11 | outer | | main.go:107:2:107:6 | outer [postupdate] | main.go:108:7:108:11 | outer | | main.go:108:7:108:11 | outer | main.go:109:7:109:11 | outer | | main.go:109:7:109:11 | outer | main.go:110:7:110:11 | outer | | main.go:110:7:110:11 | outer | main.go:111:7:111:11 | outer | -| main.go:113:6:113:11 | definition of outerp | main.go:114:2:114:7 | outerp | -| main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | definition of outerp | +| main.go:113:6:113:11 | SSA def(outerp) | main.go:114:2:114:7 | outerp | +| main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | SSA def(outerp) | | main.go:114:2:114:7 | outerp | main.go:115:7:115:12 | outerp | | main.go:114:2:114:7 | outerp [postupdate] | main.go:115:7:115:12 | outerp | | main.go:115:7:115:12 | outerp | main.go:116:7:116:12 | outerp | | main.go:116:7:116:12 | outerp | main.go:117:7:117:12 | outerp | | main.go:117:7:117:12 | outerp | main.go:118:7:118:12 | outerp | -| main.go:122:6:122:10 | definition of outer | main.go:123:2:123:6 | outer | -| main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | definition of outer | +| main.go:122:6:122:10 | SSA def(outer) | main.go:123:2:123:6 | outer | +| main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | SSA def(outer) | | main.go:123:2:123:6 | outer | main.go:124:7:124:11 | outer | | main.go:123:2:123:6 | outer [postupdate] | main.go:124:7:124:11 | outer | | main.go:124:7:124:11 | outer | main.go:125:7:125:11 | outer | | main.go:125:7:125:11 | outer | main.go:126:7:126:11 | outer | | main.go:126:7:126:11 | outer | main.go:127:7:127:11 | outer | -| main.go:129:6:129:11 | definition of outerp | main.go:130:2:130:7 | outerp | -| main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | definition of outerp | +| main.go:129:6:129:11 | SSA def(outerp) | main.go:130:2:130:7 | outerp | +| main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | SSA def(outerp) | | main.go:130:2:130:7 | outerp | main.go:131:7:131:12 | outerp | | main.go:130:2:130:7 | outerp [postupdate] | main.go:131:7:131:12 | outerp | | main.go:131:7:131:12 | outerp | main.go:132:7:132:12 | outerp | | main.go:132:7:132:12 | outerp | main.go:133:7:133:12 | outerp | | main.go:133:7:133:12 | outerp | main.go:134:7:134:12 | outerp | -| main.go:138:6:138:10 | definition of outer | main.go:139:2:139:6 | outer | -| main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | definition of outer | +| main.go:138:6:138:10 | SSA def(outer) | main.go:139:2:139:6 | outer | +| main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | SSA def(outer) | | main.go:139:2:139:6 | outer | main.go:140:7:140:11 | outer | | main.go:139:2:139:6 | outer [postupdate] | main.go:140:7:140:11 | outer | | main.go:140:7:140:11 | outer | main.go:141:7:141:11 | outer | | main.go:141:7:141:11 | outer | main.go:142:7:142:11 | outer | | main.go:142:7:142:11 | outer | main.go:143:7:143:11 | outer | -| main.go:145:6:145:11 | definition of outerp | main.go:146:2:146:7 | outerp | -| main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | definition of outerp | +| main.go:145:6:145:11 | SSA def(outerp) | main.go:146:2:146:7 | outerp | +| main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | SSA def(outerp) | | main.go:146:2:146:7 | outerp | main.go:147:7:147:12 | outerp | | main.go:146:2:146:7 | outerp [postupdate] | main.go:147:7:147:12 | outerp | | main.go:147:7:147:12 | outerp | main.go:148:7:148:12 | outerp | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected index 9fe33491cfd8..775eff4a49e5 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected @@ -1,42 +1,42 @@ -| main.go:15:12:15:12 | x | main.go:13:6:13:6 | definition of x | main.go:13:6:13:6 | x | -| main.go:15:15:15:15 | y | main.go:14:2:14:2 | definition of y | main.go:14:2:14:2 | y | -| main.go:17:3:17:3 | y | main.go:14:2:14:2 | definition of y | main.go:14:2:14:2 | y | -| main.go:19:12:19:12 | x | main.go:13:6:13:6 | definition of x | main.go:13:6:13:6 | x | -| main.go:19:15:19:15 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y | -| main.go:21:7:21:7 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y | -| main.go:23:12:23:12 | x | main.go:23:2:23:10 | x = phi(def@13:6, def@21:3) | main.go:13:6:13:6 | x | -| main.go:23:15:23:15 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y | -| main.go:27:10:27:10 | x | main.go:26:10:26:10 | definition of x | main.go:26:10:26:10 | x | -| main.go:29:10:29:10 | b | main.go:27:5:27:5 | definition of b | main.go:27:5:27:5 | b | -| main.go:29:13:29:13 | a | main.go:27:2:27:2 | definition of a | main.go:27:2:27:2 | a | -| main.go:31:9:31:9 | a | main.go:31:9:31:9 | a = phi(def@27:2, def@29:3) | main.go:27:2:27:2 | a | -| main.go:31:12:31:12 | b | main.go:31:9:31:9 | b = phi(def@27:5, def@29:6) | main.go:27:5:27:5 | b | -| main.go:35:3:35:3 | x | main.go:34:11:34:11 | definition of x | main.go:34:11:34:11 | x | -| main.go:40:10:40:10 | x | main.go:39:2:39:2 | definition of x | main.go:39:2:39:2 | x | -| main.go:42:8:42:10 | ptr | main.go:40:2:40:4 | definition of ptr | main.go:40:2:40:4 | ptr | -| main.go:44:12:44:12 | x | main.go:39:2:39:2 | definition of x | main.go:39:2:39:2 | x | -| main.go:47:13:47:18 | implicit read of result | main.go:48:2:48:7 | definition of result | main.go:47:13:47:18 | result | -| main.go:52:14:52:19 | implicit read of result | main.go:52:14:52:19 | definition of result | main.go:52:14:52:19 | result | -| main.go:61:12:61:12 | x | main.go:58:6:58:9 | x = phi(def@57:6, def@59:3) | main.go:57:6:57:6 | x | -| main.go:64:16:64:16 | i | main.go:65:6:65:9 | i = phi(def@64:16, def@64:6) | main.go:64:6:64:6 | i | -| main.go:70:12:70:12 | y | main.go:65:6:65:9 | y = phi(def@63:2, def@68:3) | main.go:63:2:63:2 | y | -| main.go:73:16:73:16 | i | main.go:74:3:74:3 | i = phi(def@73:16, def@73:6) | main.go:73:6:73:6 | i | -| main.go:79:12:79:12 | z | main.go:74:3:74:3 | definition of z | main.go:72:2:72:2 | z | -| main.go:82:18:82:18 | implicit read of a | main.go:84:5:84:5 | definition of a | main.go:82:18:82:18 | a | -| main.go:82:25:82:25 | implicit read of b | main.go:82:25:82:25 | definition of b | main.go:82:25:82:25 | b | -| main.go:84:9:84:9 | x | main.go:83:2:83:2 | definition of x | main.go:83:2:83:2 | x | -| main.go:84:15:84:15 | x | main.go:83:2:83:2 | definition of x | main.go:83:2:83:2 | x | -| main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | definition of wrapper | main.go:95:22:95:28 | wrapper | -| main.go:100:9:100:9 | x | main.go:97:2:99:3 | capture variable x | main.go:96:2:96:2 | x | -| main.go:105:2:105:8 | wrapper | main.go:103:20:103:26 | definition of wrapper | main.go:103:20:103:26 | wrapper | -| main.go:106:8:106:8 | x | main.go:105:16:108:2 | capture variable x | main.go:104:2:104:2 | x | -| main.go:107:7:107:7 | y | main.go:106:3:106:3 | definition of y | main.go:106:3:106:3 | y | -| main.go:109:9:109:9 | x | main.go:104:2:104:2 | definition of x | main.go:104:2:104:2 | x | -| main.go:114:2:114:8 | wrapper | main.go:112:29:112:35 | definition of wrapper | main.go:112:29:112:35 | wrapper | -| main.go:115:8:115:8 | x | main.go:114:16:117:2 | capture variable x | main.go:113:2:113:2 | x | -| main.go:116:7:116:7 | y | main.go:115:3:115:3 | definition of y | main.go:115:3:115:3 | y | -| main.go:118:9:118:9 | x | main.go:114:2:117:3 | capture variable x | main.go:113:2:113:2 | x | -| main.go:135:2:135:2 | p | main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | main.go:128:6:128:6 | p | -| main.go:137:12:137:12 | p | main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | main.go:128:6:128:6 | p | -| main.go:137:17:137:17 | p | main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | main.go:128:6:128:6 | p | -| main.go:137:24:137:24 | p | main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | main.go:128:6:128:6 | p | +| main.go:15:12:15:12 | x | main.go:13:6:13:6 | SSA def(x) | main.go:13:6:13:6 | x | +| main.go:15:15:15:15 | y | main.go:14:2:14:2 | SSA def(y) | main.go:14:2:14:2 | y | +| main.go:17:3:17:3 | y | main.go:14:2:14:2 | SSA def(y) | main.go:14:2:14:2 | y | +| main.go:19:12:19:12 | x | main.go:13:6:13:6 | SSA def(x) | main.go:13:6:13:6 | x | +| main.go:19:15:19:15 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y | +| main.go:21:7:21:7 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y | +| main.go:23:12:23:12 | x | main.go:23:2:23:10 | SSA phi(x) | main.go:13:6:13:6 | x | +| main.go:23:15:23:15 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y | +| main.go:27:10:27:10 | x | main.go:26:10:26:10 | SSA def(x) | main.go:26:10:26:10 | x | +| main.go:29:10:29:10 | b | main.go:27:5:27:5 | SSA def(b) | main.go:27:5:27:5 | b | +| main.go:29:13:29:13 | a | main.go:27:2:27:2 | SSA def(a) | main.go:27:2:27:2 | a | +| main.go:31:9:31:9 | a | main.go:31:9:31:9 | SSA phi(a) | main.go:27:2:27:2 | a | +| main.go:31:12:31:12 | b | main.go:31:9:31:9 | SSA phi(b) | main.go:27:5:27:5 | b | +| main.go:35:3:35:3 | x | main.go:34:11:34:11 | SSA def(x) | main.go:34:11:34:11 | x | +| main.go:40:10:40:10 | x | main.go:39:2:39:2 | SSA def(x) | main.go:39:2:39:2 | x | +| main.go:42:8:42:10 | ptr | main.go:40:2:40:4 | SSA def(ptr) | main.go:40:2:40:4 | ptr | +| main.go:44:12:44:12 | x | main.go:39:2:39:2 | SSA def(x) | main.go:39:2:39:2 | x | +| main.go:47:13:47:18 | implicit read of result | main.go:48:2:48:7 | SSA def(result) | main.go:47:13:47:18 | result | +| main.go:52:14:52:19 | implicit read of result | main.go:52:14:52:19 | SSA def(result) | main.go:52:14:52:19 | result | +| main.go:61:12:61:12 | x | main.go:58:6:58:9 | SSA phi(x) | main.go:57:6:57:6 | x | +| main.go:64:16:64:16 | i | main.go:65:6:65:9 | SSA phi(i) | main.go:64:6:64:6 | i | +| main.go:70:12:70:12 | y | main.go:65:6:65:9 | SSA phi(y) | main.go:63:2:63:2 | y | +| main.go:73:16:73:16 | i | main.go:74:3:74:3 | SSA phi(i) | main.go:73:6:73:6 | i | +| main.go:79:12:79:12 | z | main.go:74:3:74:3 | SSA def(z) | main.go:72:2:72:2 | z | +| main.go:82:18:82:18 | implicit read of a | main.go:84:5:84:5 | SSA def(a) | main.go:82:18:82:18 | a | +| main.go:82:25:82:25 | implicit read of b | main.go:82:25:82:25 | SSA def(b) | main.go:82:25:82:25 | b | +| main.go:84:9:84:9 | x | main.go:83:2:83:2 | SSA def(x) | main.go:83:2:83:2 | x | +| main.go:84:15:84:15 | x | main.go:83:2:83:2 | SSA def(x) | main.go:83:2:83:2 | x | +| main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | SSA def(wrapper) | main.go:95:22:95:28 | wrapper | +| main.go:100:9:100:9 | x | main.go:97:2:99:3 | SSA def(x) | main.go:96:2:96:2 | x | +| main.go:105:2:105:8 | wrapper | main.go:103:20:103:26 | SSA def(wrapper) | main.go:103:20:103:26 | wrapper | +| main.go:106:8:106:8 | x | main.go:105:16:108:2 | SSA def(x) | main.go:104:2:104:2 | x | +| main.go:107:7:107:7 | y | main.go:106:3:106:3 | SSA def(y) | main.go:106:3:106:3 | y | +| main.go:109:9:109:9 | x | main.go:104:2:104:2 | SSA def(x) | main.go:104:2:104:2 | x | +| main.go:114:2:114:8 | wrapper | main.go:112:29:112:35 | SSA def(wrapper) | main.go:112:29:112:35 | wrapper | +| main.go:115:8:115:8 | x | main.go:114:16:117:2 | SSA def(x) | main.go:113:2:113:2 | x | +| main.go:116:7:116:7 | y | main.go:115:3:115:3 | SSA def(y) | main.go:115:3:115:3 | y | +| main.go:118:9:118:9 | x | main.go:114:2:117:3 | SSA def(x) | main.go:113:2:113:2 | x | +| main.go:135:2:135:2 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p | +| main.go:137:12:137:12 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p | +| main.go:137:17:137:17 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p | +| main.go:137:24:137:24 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected index 30a38580f789..76c71bdea206 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected @@ -1,73 +1,73 @@ #select -| test.go:154:14:154:21 | password | test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:155:17:155:24 | password | test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:156:14:156:21 | password | test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:157:18:157:25 | password | test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:158:14:158:21 | password | test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:159:13:159:20 | password | test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:160:22:160:29 | password | test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:161:15:161:22 | password | test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:162:14:162:21 | password | test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:163:13:163:20 | password | test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:164:16:164:23 | password | test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:165:13:165:20 | password | test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:166:16:166:23 | password | test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:167:13:167:20 | password | test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:168:17:168:24 | password | test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:169:13:169:20 | password | test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:170:12:170:19 | password | test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:171:21:171:28 | password | test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:172:14:172:21 | password | test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:173:13:173:20 | password | test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:174:12:174:19 | password | test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:175:15:175:22 | password | test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:176:15:176:22 | password | test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:177:18:177:25 | password | test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:178:15:178:22 | password | test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:179:19:179:26 | password | test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:180:15:180:22 | password | test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:181:14:181:21 | password | test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:182:23:182:30 | password | test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:183:16:183:23 | password | test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:184:15:184:22 | password | test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:185:14:185:21 | password | test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:186:17:186:24 | password | test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | -| test.go:187:16:187:23 | password | test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:154:14:154:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:155:17:155:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:156:14:156:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:157:18:157:25 | password | test.go:153:17:153:24 | SSA def(password) | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:158:14:158:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:159:13:159:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:160:22:160:29 | password | test.go:153:17:153:24 | SSA def(password) | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:161:15:161:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:162:14:162:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:163:13:163:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:164:16:164:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:165:13:165:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:166:16:166:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:167:13:167:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:168:17:168:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:169:13:169:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:170:12:170:19 | password | test.go:153:17:153:24 | SSA def(password) | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:171:21:171:28 | password | test.go:153:17:153:24 | SSA def(password) | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:172:14:172:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:173:13:173:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:174:12:174:19 | password | test.go:153:17:153:24 | SSA def(password) | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:175:15:175:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:176:15:176:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:177:18:177:25 | password | test.go:153:17:153:24 | SSA def(password) | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:178:15:178:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:179:19:179:26 | password | test.go:153:17:153:24 | SSA def(password) | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:180:15:180:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:181:14:181:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:182:23:182:30 | password | test.go:153:17:153:24 | SSA def(password) | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:183:16:183:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:184:15:184:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:185:14:185:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:186:17:186:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | +| test.go:187:16:187:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password | edges -| test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | provenance | | -| test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | provenance | Sink:MaD:1 | -| test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | provenance | Sink:MaD:2 | -| test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | provenance | Sink:MaD:3 | -| test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | provenance | Sink:MaD:4 | -| test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | provenance | Sink:MaD:5 | -| test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | provenance | Sink:MaD:6 | -| test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | provenance | Sink:MaD:7 | -| test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | provenance | Sink:MaD:8 | -| test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | provenance | Sink:MaD:9 | -| test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | provenance | Sink:MaD:10 | -| test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | provenance | Sink:MaD:11 | -| test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | provenance | Sink:MaD:12 | -| test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | provenance | Sink:MaD:13 | -| test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | provenance | Sink:MaD:14 | -| test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | provenance | Sink:MaD:15 | -| test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | provenance | Sink:MaD:16 | -| test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | provenance | Sink:MaD:17 | -| test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | provenance | Sink:MaD:18 | -| test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | provenance | Sink:MaD:19 | -| test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | provenance | Sink:MaD:20 | -| test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | provenance | Sink:MaD:21 | -| test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | provenance | Sink:MaD:22 | -| test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:154:14:154:21 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:155:17:155:24 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:156:14:156:21 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:157:18:157:25 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:158:14:158:21 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:159:13:159:20 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:160:22:160:29 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:161:15:161:22 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:162:14:162:21 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:163:13:163:20 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:164:16:164:23 | password | provenance | | +| test.go:153:17:153:24 | SSA def(password) | test.go:165:13:165:20 | password | provenance | Sink:MaD:1 | +| test.go:153:17:153:24 | SSA def(password) | test.go:166:16:166:23 | password | provenance | Sink:MaD:2 | +| test.go:153:17:153:24 | SSA def(password) | test.go:167:13:167:20 | password | provenance | Sink:MaD:3 | +| test.go:153:17:153:24 | SSA def(password) | test.go:168:17:168:24 | password | provenance | Sink:MaD:4 | +| test.go:153:17:153:24 | SSA def(password) | test.go:169:13:169:20 | password | provenance | Sink:MaD:5 | +| test.go:153:17:153:24 | SSA def(password) | test.go:170:12:170:19 | password | provenance | Sink:MaD:6 | +| test.go:153:17:153:24 | SSA def(password) | test.go:171:21:171:28 | password | provenance | Sink:MaD:7 | +| test.go:153:17:153:24 | SSA def(password) | test.go:172:14:172:21 | password | provenance | Sink:MaD:8 | +| test.go:153:17:153:24 | SSA def(password) | test.go:173:13:173:20 | password | provenance | Sink:MaD:9 | +| test.go:153:17:153:24 | SSA def(password) | test.go:174:12:174:19 | password | provenance | Sink:MaD:10 | +| test.go:153:17:153:24 | SSA def(password) | test.go:175:15:175:22 | password | provenance | Sink:MaD:11 | +| test.go:153:17:153:24 | SSA def(password) | test.go:176:15:176:22 | password | provenance | Sink:MaD:12 | +| test.go:153:17:153:24 | SSA def(password) | test.go:177:18:177:25 | password | provenance | Sink:MaD:13 | +| test.go:153:17:153:24 | SSA def(password) | test.go:178:15:178:22 | password | provenance | Sink:MaD:14 | +| test.go:153:17:153:24 | SSA def(password) | test.go:179:19:179:26 | password | provenance | Sink:MaD:15 | +| test.go:153:17:153:24 | SSA def(password) | test.go:180:15:180:22 | password | provenance | Sink:MaD:16 | +| test.go:153:17:153:24 | SSA def(password) | test.go:181:14:181:21 | password | provenance | Sink:MaD:17 | +| test.go:153:17:153:24 | SSA def(password) | test.go:182:23:182:30 | password | provenance | Sink:MaD:18 | +| test.go:153:17:153:24 | SSA def(password) | test.go:183:16:183:23 | password | provenance | Sink:MaD:19 | +| test.go:153:17:153:24 | SSA def(password) | test.go:184:15:184:22 | password | provenance | Sink:MaD:20 | +| test.go:153:17:153:24 | SSA def(password) | test.go:185:14:185:21 | password | provenance | Sink:MaD:21 | +| test.go:153:17:153:24 | SSA def(password) | test.go:186:17:186:24 | password | provenance | Sink:MaD:22 | +| test.go:153:17:153:24 | SSA def(password) | test.go:187:16:187:23 | password | provenance | | models | 1 | Sink: group:beego-logs; ; false; Alert; ; ; Argument[0..1]; log-injection; manual | | 2 | Sink: group:beego-logs; ; false; Critical; ; ; Argument[0..1]; log-injection; manual | @@ -92,7 +92,7 @@ models | 21 | Sink: group:beego-logs; BeeLogger; true; Warn; ; ; Argument[0..1]; log-injection; manual | | 22 | Sink: group:beego-logs; BeeLogger; true; Warning; ; ; Argument[0..1]; log-injection; manual | nodes -| test.go:153:17:153:24 | definition of password | semmle.label | definition of password | +| test.go:153:17:153:24 | SSA def(password) | semmle.label | SSA def(password) | | test.go:154:14:154:21 | password | semmle.label | password | | test.go:155:17:155:24 | password | semmle.label | password | | test.go:156:14:156:21 | password | semmle.label | password | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected index 703066d64494..18fbba68ceb1 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected @@ -1,8 +1,8 @@ edges -| main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance | | +| main.go:18:46:18:48 | SSA def(req) | main.go:21:28:21:31 | name | provenance | | nodes -| main.go:18:46:18:48 | definition of req | semmle.label | definition of req | +| main.go:18:46:18:48 | SSA def(req) | semmle.label | SSA def(req) | | main.go:21:28:21:31 | name | semmle.label | name | subpaths #select -| main.go:21:28:21:31 | name | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | definition of req | user-provided value | +| main.go:21:28:21:31 | name | main.go:18:46:18:48 | SSA def(req) | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | SSA def(req) | user-provided value | diff --git a/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected b/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected index b4bd7b815d5d..9db748ebabd0 100644 --- a/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected +++ b/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected @@ -1,2 +1,2 @@ -| tests.go:61:30:61:35 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:59:2:59:7 | definition of result | result | tests.go:59:10:59:12 | definition of err | err | -| tests.go:243:27:243:32 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:241:2:241:7 | definition of result | result | tests.go:241:10:241:12 | definition of err | err | +| tests.go:61:30:61:35 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:59:2:59:7 | SSA def(result) | result | tests.go:59:10:59:12 | SSA def(err) | err | +| tests.go:243:27:243:32 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:241:2:241:7 | SSA def(result) | result | tests.go:241:10:241:12 | SSA def(err) | err | diff --git a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected index 41034c557961..183026e9b88a 100644 --- a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected +++ b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected @@ -9,17 +9,17 @@ | tests.go:130:3:130:3 | f | tests.go:126:5:126:78 | ... := ...[0] | tests.go:130:3:130:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:126:15:126:78 | call to OpenFile | call to OpenFile | | tests.go:151:8:151:8 | f | tests.go:147:2:147:74 | ... := ...[0] | tests.go:151:8:151:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:147:12:147:74 | call to OpenFile | call to OpenFile | edges -| tests.go:9:24:9:24 | definition of f | tests.go:10:8:10:8 | f | provenance | | -| tests.go:13:32:13:32 | definition of f | tests.go:14:13:16:2 | capture variable f | provenance | | -| tests.go:14:13:16:2 | capture variable f | tests.go:15:3:15:3 | f | provenance | | +| tests.go:9:24:9:24 | SSA def(f) | tests.go:10:8:10:8 | f | provenance | | +| tests.go:13:32:13:32 | SSA def(f) | tests.go:14:13:16:2 | SSA def(f) | provenance | | +| tests.go:14:13:16:2 | SSA def(f) | tests.go:15:3:15:3 | f | provenance | | | tests.go:32:5:32:78 | ... := ...[0] | tests.go:33:21:33:21 | f | provenance | Src:MaD:1 | | tests.go:32:5:32:78 | ... := ...[0] | tests.go:34:29:34:29 | f | provenance | Src:MaD:1 | -| tests.go:33:21:33:21 | f | tests.go:9:24:9:24 | definition of f | provenance | | -| tests.go:34:29:34:29 | f | tests.go:13:32:13:32 | definition of f | provenance | | +| tests.go:33:21:33:21 | f | tests.go:9:24:9:24 | SSA def(f) | provenance | | +| tests.go:34:29:34:29 | f | tests.go:13:32:13:32 | SSA def(f) | provenance | | | tests.go:46:5:46:76 | ... := ...[0] | tests.go:47:21:47:21 | f | provenance | Src:MaD:1 | | tests.go:46:5:46:76 | ... := ...[0] | tests.go:48:29:48:29 | f | provenance | Src:MaD:1 | -| tests.go:47:21:47:21 | f | tests.go:9:24:9:24 | definition of f | provenance | | -| tests.go:48:29:48:29 | f | tests.go:13:32:13:32 | definition of f | provenance | | +| tests.go:47:21:47:21 | f | tests.go:9:24:9:24 | SSA def(f) | provenance | | +| tests.go:48:29:48:29 | f | tests.go:13:32:13:32 | SSA def(f) | provenance | | | tests.go:55:5:55:78 | ... := ...[0] | tests.go:57:3:57:3 | f | provenance | Src:MaD:1 | | tests.go:67:5:67:76 | ... := ...[0] | tests.go:69:3:69:3 | f | provenance | Src:MaD:1 | | tests.go:109:5:109:78 | ... := ...[0] | tests.go:111:9:111:9 | f | provenance | Src:MaD:1 | @@ -28,10 +28,10 @@ edges models | 1 | Source: os; ; false; OpenFile; ; ; ReturnValue[0]; file; manual | nodes -| tests.go:9:24:9:24 | definition of f | semmle.label | definition of f | +| tests.go:9:24:9:24 | SSA def(f) | semmle.label | SSA def(f) | | tests.go:10:8:10:8 | f | semmle.label | f | -| tests.go:13:32:13:32 | definition of f | semmle.label | definition of f | -| tests.go:14:13:16:2 | capture variable f | semmle.label | capture variable f | +| tests.go:13:32:13:32 | SSA def(f) | semmle.label | SSA def(f) | +| tests.go:14:13:16:2 | SSA def(f) | semmle.label | SSA def(f) | | tests.go:15:3:15:3 | f | semmle.label | f | | tests.go:32:5:32:78 | ... := ...[0] | semmle.label | ... := ...[0] | | tests.go:33:21:33:21 | f | semmle.label | f | diff --git a/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected b/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected index 3276c0771093..73e5f0aa503d 100644 --- a/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected +++ b/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected @@ -5,18 +5,18 @@ | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | symlink creation | | UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | symlink creation | edges -| UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | provenance | Sink:MaD:1 | -| UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | provenance | Sink:MaD:1 | -| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName | provenance | | -| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName | provenance | | +| UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | provenance | Sink:MaD:1 | +| UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | provenance | Sink:MaD:1 | +| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | provenance | | +| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | provenance | | models | 1 | Sink: os; ; false; Symlink; ; ; Argument[0..1]; path-injection; manual | nodes | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | semmle.label | selection of Linkname | | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | semmle.label | selection of Name | | UnsafeUnzipSymlink.go:43:25:43:35 | selection of Name | semmle.label | selection of Name | -| UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName | semmle.label | definition of linkName | -| UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName | semmle.label | definition of fileName | +| UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | semmle.label | SSA def(linkName) | +| UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | semmle.label | SSA def(fileName) | | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | semmle.label | linkName | | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | semmle.label | fileName | | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | semmle.label | selection of Linkname | diff --git a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected index 7cb981667da2..3bfd80a120ca 100644 --- a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected +++ b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected @@ -4,12 +4,12 @@ | tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:14:16:34 | call to Dir | Unsanitized archive entry, which may contain '..', is used in a $@. | tarslip.go:16:14:16:34 | call to Dir | file system operation | | tst.go:23:2:43:2 | range statement[1] | tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path | Unsanitized archive entry, which may contain '..', is used in a $@. | tst.go:29:20:29:23 | path | file system operation | edges -| UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | provenance | | +| UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | provenance | | | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | provenance | FunctionModel Sink:MaD:3 | | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | provenance | | | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | provenance | | -| UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | provenance | | -| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | provenance | | +| UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | provenance | | +| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | provenance | | | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:12:24:12:29 | selection of Name | provenance | | | ZipSlip.go:12:3:12:30 | ... := ...[0] | ZipSlip.go:14:20:14:20 | p | provenance | Sink:MaD:1 | | ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | MaD:4 | @@ -23,7 +23,7 @@ models | 4 | Summary: path/filepath; ; false; Abs; ; ; Argument[0]; ReturnValue[0]; taint; manual | | 5 | Summary: path; ; false; Dir; ; ; Argument[0]; ReturnValue; taint; manual | nodes -| UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | semmle.label | definition of candidate | +| UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | semmle.label | SSA def(candidate) | | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | semmle.label | call to Join | | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | semmle.label | candidate | | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | semmle.label | ... := ...[0] | diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index 78dde84a9475..b029c6d2b849 100644 --- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -48,14 +48,14 @@ edges | GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:17:36:17:42 | tainted | provenance | | | GitSubcommands.go:33:13:33:19 | selection of URL | GitSubcommands.go:33:13:33:27 | call to Query | provenance | Src:MaD:2 MaD:7 | | GitSubcommands.go:33:13:33:27 | call to Query | GitSubcommands.go:38:32:38:38 | tainted | provenance | | -| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | | -| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | -| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | Config | -| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | Config | -| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | Config | -| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config | +| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | | +| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | +| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | Config | +| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | Config | +| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | Config | +| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config | | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:2 MaD:7 | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | provenance | | +| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | provenance | | | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance | | | SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | provenance | | | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node | provenance | | @@ -181,7 +181,7 @@ nodes | GitSubcommands.go:33:13:33:19 | selection of URL | semmle.label | selection of URL | | GitSubcommands.go:33:13:33:27 | call to Query | semmle.label | call to Query | | GitSubcommands.go:38:32:38:38 | tainted | semmle.label | tainted | -| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | semmle.label | definition of tainted | +| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | semmle.label | SSA def(tainted) | | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query | | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | semmle.label | array literal [array] | diff --git a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected index 41ec62706d04..c7f959372ee2 100644 --- a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected @@ -1,11 +1,11 @@ #select | stored.go:30:22:30:25 | name | stored.go:18:3:18:28 | ... := ...[0] | stored.go:30:22:30:25 | name | Stored cross-site scripting vulnerability due to $@. | stored.go:18:3:18:28 | ... := ...[0] | stored value | -| stored.go:61:22:61:25 | path | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | Stored cross-site scripting vulnerability due to $@. | stored.go:59:30:59:33 | definition of path | stored value | +| stored.go:61:22:61:25 | path | stored.go:59:30:59:33 | SSA def(path) | stored.go:61:22:61:25 | path | Stored cross-site scripting vulnerability due to $@. | stored.go:59:30:59:33 | SSA def(path) | stored value | edges | stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance | Src:MaD:1 | | stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... [postupdate] | provenance | FunctionModel | | stored.go:25:29:25:33 | &... [postupdate] | stored.go:30:22:30:25 | name | provenance | | -| stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance | | +| stored.go:59:30:59:33 | SSA def(path) | stored.go:61:22:61:25 | path | provenance | | models | 1 | Source: database/sql; DB; true; Query; ; ; ReturnValue[0]; database; manual | nodes @@ -13,7 +13,7 @@ nodes | stored.go:25:14:25:17 | rows | semmle.label | rows | | stored.go:25:29:25:33 | &... [postupdate] | semmle.label | &... [postupdate] | | stored.go:30:22:30:25 | name | semmle.label | name | -| stored.go:59:30:59:33 | definition of path | semmle.label | definition of path | +| stored.go:59:30:59:33 | SSA def(path) | semmle.label | SSA def(path) | | stored.go:61:22:61:25 | path | semmle.label | path | subpaths testFailures diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index f748c7a77738..565fedba467d 100644 --- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -1,80 +1,80 @@ #select | klog.go:23:15:23:20 | header | klog.go:21:30:21:37 | selection of Header | klog.go:23:15:23:20 | header | $@ flows to a logging call. | klog.go:21:30:21:37 | selection of Header | Sensitive data returned by HTTP request headers | | klog.go:29:13:29:41 | call to Get | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | $@ flows to a logging call. | klog.go:29:13:29:20 | selection of Header | Sensitive data returned by HTTP request headers | -| main.go:19:12:19:19 | password | main.go:17:2:17:9 | definition of password | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:20:19:20:26 | password | main.go:17:2:17:9 | definition of password | main.go:20:19:20:26 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:21:13:21:20 | password | main.go:17:2:17:9 | definition of password | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:22:14:22:21 | password | main.go:17:2:17:9 | definition of password | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:24:13:24:20 | password | main.go:17:2:17:9 | definition of password | main.go:24:13:24:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:27:20:27:27 | password | main.go:17:2:17:9 | definition of password | main.go:27:20:27:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:30:14:30:21 | password | main.go:17:2:17:9 | definition of password | main.go:30:14:30:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:33:15:33:22 | password | main.go:17:2:17:9 | definition of password | main.go:33:15:33:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:36:13:36:20 | password | main.go:17:2:17:9 | definition of password | main.go:36:13:36:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:39:20:39:27 | password | main.go:17:2:17:9 | definition of password | main.go:39:20:39:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:42:14:42:21 | password | main.go:17:2:17:9 | definition of password | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:45:15:45:22 | password | main.go:17:2:17:9 | definition of password | main.go:45:15:45:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:47:16:47:23 | password | main.go:17:2:17:9 | definition of password | main.go:47:16:47:23 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:51:10:51:17 | password | main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:52:17:52:24 | password | main.go:17:2:17:9 | definition of password | main.go:52:17:52:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:53:11:53:18 | password | main.go:17:2:17:9 | definition of password | main.go:53:11:53:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:54:12:54:19 | password | main.go:17:2:17:9 | definition of password | main.go:54:12:54:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:56:11:56:18 | password | main.go:17:2:17:9 | definition of password | main.go:56:11:56:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:59:18:59:25 | password | main.go:17:2:17:9 | definition of password | main.go:59:18:59:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:62:12:62:19 | password | main.go:17:2:17:9 | definition of password | main.go:62:12:62:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:65:13:65:20 | password | main.go:17:2:17:9 | definition of password | main.go:65:13:65:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:68:11:68:18 | password | main.go:17:2:17:9 | definition of password | main.go:68:11:68:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:71:18:71:25 | password | main.go:17:2:17:9 | definition of password | main.go:71:18:71:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:74:12:74:19 | password | main.go:17:2:17:9 | definition of password | main.go:74:12:74:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:77:13:77:20 | password | main.go:17:2:17:9 | definition of password | main.go:77:13:77:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:79:14:79:21 | password | main.go:17:2:17:9 | definition of password | main.go:79:14:79:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:82:12:82:19 | password | main.go:17:2:17:9 | definition of password | main.go:82:12:82:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:83:17:83:24 | password | main.go:17:2:17:9 | definition of password | main.go:83:17:83:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:87:29:87:34 | fields | main.go:17:2:17:9 | definition of password | main.go:87:29:87:34 | fields | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| main.go:90:35:90:42 | password | main.go:17:2:17:9 | definition of password | main.go:90:35:90:42 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | -| overrides.go:13:14:13:23 | call to String | overrides.go:8:2:8:9 | definition of password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:8:2:8:9 | definition of password | Sensitive data returned by an access to password | -| passwords.go:9:14:9:14 | x | passwords.go:21:2:21:9 | definition of password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | -| passwords.go:25:14:25:21 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| main.go:19:12:19:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:20:19:20:26 | password | main.go:17:2:17:9 | SSA def(password) | main.go:20:19:20:26 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:21:13:21:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:22:14:22:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:24:13:24:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:24:13:24:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:27:20:27:27 | password | main.go:17:2:17:9 | SSA def(password) | main.go:27:20:27:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:30:14:30:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:30:14:30:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:33:15:33:22 | password | main.go:17:2:17:9 | SSA def(password) | main.go:33:15:33:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:36:13:36:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:36:13:36:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:39:20:39:27 | password | main.go:17:2:17:9 | SSA def(password) | main.go:39:20:39:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:42:14:42:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:45:15:45:22 | password | main.go:17:2:17:9 | SSA def(password) | main.go:45:15:45:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:47:16:47:23 | password | main.go:17:2:17:9 | SSA def(password) | main.go:47:16:47:23 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:51:10:51:17 | password | main.go:17:2:17:9 | SSA def(password) | main.go:51:10:51:17 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:52:17:52:24 | password | main.go:17:2:17:9 | SSA def(password) | main.go:52:17:52:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:53:11:53:18 | password | main.go:17:2:17:9 | SSA def(password) | main.go:53:11:53:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:54:12:54:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:54:12:54:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:56:11:56:18 | password | main.go:17:2:17:9 | SSA def(password) | main.go:56:11:56:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:59:18:59:25 | password | main.go:17:2:17:9 | SSA def(password) | main.go:59:18:59:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:62:12:62:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:62:12:62:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:65:13:65:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:65:13:65:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:68:11:68:18 | password | main.go:17:2:17:9 | SSA def(password) | main.go:68:11:68:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:71:18:71:25 | password | main.go:17:2:17:9 | SSA def(password) | main.go:71:18:71:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:74:12:74:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:74:12:74:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:77:13:77:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:77:13:77:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:79:14:79:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:79:14:79:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:82:12:82:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:82:12:82:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:83:17:83:24 | password | main.go:17:2:17:9 | SSA def(password) | main.go:83:17:83:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:87:29:87:34 | fields | main.go:17:2:17:9 | SSA def(password) | main.go:87:29:87:34 | fields | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| main.go:90:35:90:42 | password | main.go:17:2:17:9 | SSA def(password) | main.go:90:35:90:42 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password | +| overrides.go:13:14:13:23 | call to String | overrides.go:8:2:8:9 | SSA def(password) | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:8:2:8:9 | SSA def(password) | Sensitive data returned by an access to password | +| passwords.go:9:14:9:14 | x | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | +| passwords.go:25:14:25:21 | password | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password | | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword | | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword | -| passwords.go:32:12:32:19 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | -| passwords.go:34:14:34:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:32:12:32:19 | password | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | +| passwords.go:34:14:34:35 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | | passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password | -| passwords.go:44:14:44:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | -| passwords.go:51:14:51:27 | fixed_password | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:50:2:50:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password | +| passwords.go:44:14:44:17 | obj2 | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | +| passwords.go:51:14:51:27 | fixed_password | passwords.go:50:2:50:15 | SSA def(fixed_password) | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:50:2:50:15 | SSA def(fixed_password) | Sensitive data returned by an access to fixed_password | | passwords.go:89:14:89:26 | utilityObject | passwords.go:87:16:87:36 | call to make | passwords.go:89:14:89:26 | utilityObject | $@ flows to a logging call. | passwords.go:87:16:87:36 | call to make | Sensitive data returned by an access to passwordSet | -| passwords.go:92:23:92:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:92:23:92:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | -| passwords.go:102:15:102:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:102:15:102:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | -| passwords.go:108:16:108:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:108:16:108:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | -| passwords.go:113:15:113:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:113:15:113:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | -| passwords.go:117:14:117:45 | ...+... | passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:14:117:45 | ...+... | $@ flows to a logging call. | passwords.go:116:6:116:14 | definition of password1 | Sensitive data returned by an access to password1 | -| passwords.go:127:14:127:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:92:23:92:28 | secret | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:92:23:92:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | +| passwords.go:102:15:102:40 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:102:15:102:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | +| passwords.go:108:16:108:41 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:108:16:108:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | +| passwords.go:113:15:113:40 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:113:15:113:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | +| passwords.go:117:14:117:45 | ...+... | passwords.go:116:6:116:14 | SSA def(password1) | passwords.go:117:14:117:45 | ...+... | $@ flows to a logging call. | passwords.go:116:6:116:14 | SSA def(password1) | Sensitive data returned by an access to password1 | +| passwords.go:127:14:127:19 | config | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | | passwords.go:127:14:127:19 | config | passwords.go:121:13:121:14 | x3 | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:14 | x3 | Sensitive data returned by an access to password | | passwords.go:127:14:127:19 | config | passwords.go:124:13:124:25 | call to getPassword | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword | -| passwords.go:128:14:128:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:128:14:128:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:128:14:128:21 | selection of x | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:128:14:128:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password | | passwords.go:129:14:129:21 | selection of y | passwords.go:124:13:124:25 | call to getPassword | passwords.go:129:14:129:21 | selection of y | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword | -| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | definition of password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | definition of password | Sensitive data returned by an access to password | +| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | SSA def(password) | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | SSA def(password) | Sensitive data returned by an access to password | edges | klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance | | | klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:11 Config | | klog.go:22:4:25:4 | range statement[1] | klog.go:23:15:23:20 | header | provenance | | | klog.go:22:27:22:33 | headers | klog.go:22:4:25:4 | range statement[1] | provenance | Config | | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:11 Config | -| main.go:17:2:17:9 | definition of password | main.go:19:12:19:19 | password | provenance | | -| main.go:17:2:17:9 | definition of password | main.go:20:19:20:26 | password | provenance | | -| main.go:17:2:17:9 | definition of password | main.go:21:13:21:20 | password | provenance | Sink:MaD:6 | -| main.go:17:2:17:9 | definition of password | main.go:22:14:22:21 | password | provenance | | -| main.go:17:2:17:9 | definition of password | main.go:24:13:24:20 | password | provenance | | -| main.go:17:2:17:9 | definition of password | main.go:27:20:27:27 | password | provenance | | -| main.go:17:2:17:9 | definition of password | main.go:30:14:30:21 | password | provenance | Sink:MaD:3 | -| main.go:17:2:17:9 | definition of password | main.go:33:15:33:22 | password | provenance | | -| main.go:17:2:17:9 | definition of password | main.go:36:13:36:20 | password | provenance | | -| main.go:17:2:17:9 | definition of password | main.go:39:20:39:27 | password | provenance | | -| main.go:17:2:17:9 | definition of password | main.go:42:14:42:21 | password | provenance | Sink:MaD:5 | -| main.go:17:2:17:9 | definition of password | main.go:45:15:45:22 | password | provenance | | -| main.go:17:2:17:9 | definition of password | main.go:47:16:47:23 | password | provenance | Sink:MaD:4 | -| main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | provenance | | -| main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:19:12:19:19 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:20:19:20:26 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:21:13:21:20 | password | provenance | Sink:MaD:6 | +| main.go:17:2:17:9 | SSA def(password) | main.go:22:14:22:21 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:24:13:24:20 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:27:20:27:27 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:30:14:30:21 | password | provenance | Sink:MaD:3 | +| main.go:17:2:17:9 | SSA def(password) | main.go:33:15:33:22 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:36:13:36:20 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:39:20:39:27 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:42:14:42:21 | password | provenance | Sink:MaD:5 | +| main.go:17:2:17:9 | SSA def(password) | main.go:45:15:45:22 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:47:16:47:23 | password | provenance | Sink:MaD:4 | +| main.go:17:2:17:9 | SSA def(password) | main.go:51:10:51:17 | password | provenance | | +| main.go:17:2:17:9 | SSA def(password) | main.go:51:10:51:17 | password | provenance | | | main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance | | | main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance | | | main.go:52:17:52:24 | password | main.go:53:11:53:18 | password | provenance | | @@ -177,14 +177,14 @@ edges | main.go:86:2:86:7 | fields [postupdate] | main.go:87:29:87:34 | fields | provenance | Sink:MaD:2 | | main.go:86:19:86:26 | password | main.go:86:2:86:7 | fields [postupdate] | provenance | Config | | main.go:86:19:86:26 | password | main.go:90:35:90:42 | password | provenance | Sink:MaD:1 | -| overrides.go:8:2:8:9 | definition of password | overrides.go:9:9:9:16 | password | provenance | | +| overrides.go:8:2:8:9 | SSA def(password) | overrides.go:9:9:9:16 | password | provenance | | | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance | | -| passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | | -| passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | provenance | | -| passwords.go:21:2:21:9 | definition of password | passwords.go:30:8:30:15 | password | provenance | | -| passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | provenance | | -| passwords.go:21:2:21:9 | definition of password | passwords.go:34:28:34:35 | password | provenance | | -| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | | +| passwords.go:8:12:8:12 | SSA def(x) | passwords.go:9:14:9:14 | x | provenance | | +| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:25:14:25:21 | password | provenance | | +| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:30:8:30:15 | password | provenance | | +| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:32:12:32:19 | password | provenance | | +| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:34:28:34:35 | password | provenance | | +| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | SSA def(x) | provenance | | | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config | | passwords.go:34:28:34:35 | password | passwords.go:42:6:42:13 | password | provenance | | | passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | | @@ -197,7 +197,7 @@ edges | passwords.go:48:11:48:18 | password | passwords.go:108:34:108:41 | password | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:113:33:113:40 | password | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:123:13:123:20 | password | provenance | | -| passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | provenance | | +| passwords.go:50:2:50:15 | SSA def(fixed_password) | passwords.go:51:14:51:27 | fixed_password | provenance | | | passwords.go:86:19:88:2 | struct literal | passwords.go:89:14:89:26 | utilityObject | provenance | | | passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal | provenance | Config | | passwords.go:102:33:102:40 | password | passwords.go:102:15:102:40 | ...+... | provenance | Config | @@ -209,7 +209,7 @@ edges | passwords.go:108:34:108:41 | password | passwords.go:123:13:123:20 | password | provenance | | | passwords.go:113:33:113:40 | password | passwords.go:113:15:113:40 | ...+... | provenance | Config | | passwords.go:113:33:113:40 | password | passwords.go:123:13:123:20 | password | provenance | | -| passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:28:117:36 | password1 | provenance | | +| passwords.go:116:6:116:14 | SSA def(password1) | passwords.go:117:28:117:36 | password1 | provenance | | | passwords.go:117:28:117:36 | password1 | passwords.go:117:28:117:45 | call to String | provenance | Config | | passwords.go:117:28:117:45 | call to String | passwords.go:117:14:117:45 | ...+... | provenance | Config | | passwords.go:120:12:125:2 | struct literal | passwords.go:127:14:127:19 | config | provenance | | @@ -222,13 +222,13 @@ edges | passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [y] | provenance | | | passwords.go:128:14:128:19 | config [x] | passwords.go:128:14:128:21 | selection of x | provenance | | | passwords.go:129:14:129:19 | config [y] | passwords.go:129:14:129:21 | selection of y | provenance | | -| protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance | | +| protobuf.go:9:2:9:9 | SSA def(password) | protobuf.go:12:22:12:29 | password | provenance | | | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance | | | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | | | protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | provenance | | | protobuf.go:14:14:14:18 | query [pointer, Description] | protobuf.go:14:14:14:35 | call to GetDescription | provenance | | -| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | provenance | | -| protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | provenance | | +| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | provenance | | +| protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | provenance | | | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | provenance | | | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | provenance | | models @@ -251,7 +251,7 @@ nodes | klog.go:23:15:23:20 | header | semmle.label | header | | klog.go:29:13:29:20 | selection of Header | semmle.label | selection of Header | | klog.go:29:13:29:41 | call to Get | semmle.label | call to Get | -| main.go:17:2:17:9 | definition of password | semmle.label | definition of password | +| main.go:17:2:17:9 | SSA def(password) | semmle.label | SSA def(password) | | main.go:19:12:19:19 | password | semmle.label | password | | main.go:20:19:20:26 | password | semmle.label | password | | main.go:21:13:21:20 | password | semmle.label | password | @@ -297,12 +297,12 @@ nodes | main.go:86:19:86:26 | password | semmle.label | password | | main.go:87:29:87:34 | fields | semmle.label | fields | | main.go:90:35:90:42 | password | semmle.label | password | -| overrides.go:8:2:8:9 | definition of password | semmle.label | definition of password | +| overrides.go:8:2:8:9 | SSA def(password) | semmle.label | SSA def(password) | | overrides.go:9:9:9:16 | password | semmle.label | password | | overrides.go:13:14:13:23 | call to String | semmle.label | call to String | -| passwords.go:8:12:8:12 | definition of x | semmle.label | definition of x | +| passwords.go:8:12:8:12 | SSA def(x) | semmle.label | SSA def(x) | | passwords.go:9:14:9:14 | x | semmle.label | x | -| passwords.go:21:2:21:9 | definition of password | semmle.label | definition of password | +| passwords.go:21:2:21:9 | SSA def(password) | semmle.label | SSA def(password) | | passwords.go:25:14:25:21 | password | semmle.label | password | | passwords.go:26:14:26:23 | selection of password | semmle.label | selection of password | | passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword | @@ -318,7 +318,7 @@ nodes | passwords.go:42:6:42:13 | password | semmle.label | password | | passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 | | passwords.go:48:11:48:18 | password | semmle.label | password | -| passwords.go:50:2:50:15 | definition of fixed_password | semmle.label | definition of fixed_password | +| passwords.go:50:2:50:15 | SSA def(fixed_password) | semmle.label | SSA def(fixed_password) | | passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password | | passwords.go:86:19:88:2 | struct literal | semmle.label | struct literal | | passwords.go:87:16:87:36 | call to make | semmle.label | call to make | @@ -330,7 +330,7 @@ nodes | passwords.go:108:34:108:41 | password | semmle.label | password | | passwords.go:113:15:113:40 | ...+... | semmle.label | ...+... | | passwords.go:113:33:113:40 | password | semmle.label | password | -| passwords.go:116:6:116:14 | definition of password1 | semmle.label | definition of password1 | +| passwords.go:116:6:116:14 | SSA def(password1) | semmle.label | SSA def(password1) | | passwords.go:117:14:117:45 | ...+... | semmle.label | ...+... | | passwords.go:117:28:117:36 | password1 | semmle.label | password1 | | passwords.go:117:28:117:45 | call to String | semmle.label | call to String | @@ -345,15 +345,15 @@ nodes | passwords.go:128:14:128:21 | selection of x | semmle.label | selection of x | | passwords.go:129:14:129:19 | config [y] | semmle.label | config [y] | | passwords.go:129:14:129:21 | selection of y | semmle.label | selection of y | -| protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password | +| protobuf.go:9:2:9:9 | SSA def(password) | semmle.label | SSA def(password) | | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | semmle.label | implicit dereference [postupdate] [Description] | | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | semmle.label | query [postupdate] [pointer, Description] | | protobuf.go:12:22:12:29 | password | semmle.label | password | | protobuf.go:14:14:14:18 | query [pointer, Description] | semmle.label | query [pointer, Description] | | protobuf.go:14:14:14:35 | call to GetDescription | semmle.label | call to GetDescription | -| protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | semmle.label | definition of x [pointer, Description] | +| protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | semmle.label | SSA def(x) [pointer, Description] | | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | semmle.label | implicit dereference [Description] | | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | semmle.label | x [pointer, Description] | | protos/query/query.pb.go:119:10:119:22 | selection of Description | semmle.label | selection of Description | subpaths -| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription | +| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription | diff --git a/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected b/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected index b81d24f26654..b65cbbbc5dba 100644 --- a/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected +++ b/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected @@ -3,18 +3,18 @@ edges | InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | provenance | | | InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal | InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion | provenance | | | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | provenance | | -| InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | provenance | | -| InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | provenance | | +| InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | provenance | | +| InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | provenance | | | InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | provenance | | | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | provenance | | | InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | provenance | | -| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | provenance | | +| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance | | | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | provenance | | | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | provenance | | | InsecureHostKeyCallbackExample.go:110:3:115:3 | function literal | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | provenance | | -| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | provenance | | -| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | provenance | | -| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback | provenance | | +| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance | | +| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance | | +| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | provenance | | nodes | InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | semmle.label | type conversion | | InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal | semmle.label | function literal | @@ -24,9 +24,9 @@ nodes | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | semmle.label | callback | | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | semmle.label | function literal | | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | semmle.label | type conversion | -| InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | semmle.label | definition of callback | +| InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | semmle.label | SSA def(callback) | | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | semmle.label | callback | -| InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback | semmle.label | definition of callback | +| InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | semmle.label | SSA def(callback) | | InsecureHostKeyCallbackExample.go:76:28:76:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey | | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | semmle.label | callback | | InsecureHostKeyCallbackExample.go:92:28:92:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey | diff --git a/go/ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected b/go/ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected index 556b1722b59b..b37e3395a866 100644 --- a/go/ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected +++ b/go/ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected @@ -1,7 +1,7 @@ edges | InsufficientKeySize.go:13:10:13:13 | 1024 | InsufficientKeySize.go:14:31:14:34 | size | provenance | | -| InsufficientKeySize.go:18:7:18:10 | 1024 | InsufficientKeySize.go:25:11:25:14 | definition of size | provenance | | -| InsufficientKeySize.go:25:11:25:14 | definition of size | InsufficientKeySize.go:26:31:26:34 | size | provenance | | +| InsufficientKeySize.go:18:7:18:10 | 1024 | InsufficientKeySize.go:25:11:25:14 | SSA def(size) | provenance | | +| InsufficientKeySize.go:25:11:25:14 | SSA def(size) | InsufficientKeySize.go:26:31:26:34 | size | provenance | | | InsufficientKeySize.go:30:13:30:16 | 1024 | InsufficientKeySize.go:32:32:32:38 | keyBits | provenance | | | InsufficientKeySize.go:44:13:44:16 | 1024 | InsufficientKeySize.go:47:32:47:38 | keyBits | provenance | | | InsufficientKeySize.go:61:21:61:24 | 1024 | InsufficientKeySize.go:67:31:67:37 | keyBits | provenance | | @@ -10,7 +10,7 @@ nodes | InsufficientKeySize.go:13:10:13:13 | 1024 | semmle.label | 1024 | | InsufficientKeySize.go:14:31:14:34 | size | semmle.label | size | | InsufficientKeySize.go:18:7:18:10 | 1024 | semmle.label | 1024 | -| InsufficientKeySize.go:25:11:25:14 | definition of size | semmle.label | definition of size | +| InsufficientKeySize.go:25:11:25:14 | SSA def(size) | semmle.label | SSA def(size) | | InsufficientKeySize.go:26:31:26:34 | size | semmle.label | size | | InsufficientKeySize.go:30:13:30:16 | 1024 | semmle.label | 1024 | | InsufficientKeySize.go:32:32:32:38 | keyBits | semmle.label | keyBits | diff --git a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected index 2bfca2aa643a..c1f41d118e76 100644 --- a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected +++ b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected @@ -5,15 +5,15 @@ edges | go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | Src:MaD:3 MaD:5 | | go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:6 | | go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | provenance | | -| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken | provenance | | -| go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken | provenance | | +| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | SSA def(signedToken) | provenance | | +| go-jose.v3.go:29:19:29:29 | SSA def(signedToken) | go-jose.v3.go:31:37:31:47 | signedToken | provenance | | | go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:2 | | go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:4 | | golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | Src:MaD:3 MaD:5 | | golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:6 | | golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | provenance | | -| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance | | -| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:1 | +| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | SSA def(signedToken) | provenance | | +| golang-jwt-v5.go:32:29:32:39 | SSA def(signedToken) | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:1 | models | 1 | Sink: github.com/golang-jwt/jwt; Parser; true; ParseUnverified; ; ; Argument[0]; jwt; manual | | 2 | Sink: group:go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual | @@ -26,7 +26,7 @@ nodes | go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query | | go-jose.v3.go:25:16:25:47 | call to Get | semmle.label | call to Get | | go-jose.v3.go:26:15:26:25 | signedToken | semmle.label | signedToken | -| go-jose.v3.go:29:19:29:29 | definition of signedToken | semmle.label | definition of signedToken | +| go-jose.v3.go:29:19:29:29 | SSA def(signedToken) | semmle.label | SSA def(signedToken) | | go-jose.v3.go:31:2:31:48 | ... := ...[0] | semmle.label | ... := ...[0] | | go-jose.v3.go:31:37:31:47 | signedToken | semmle.label | signedToken | | go-jose.v3.go:33:12:33:23 | DecodedToken | semmle.label | DecodedToken | @@ -34,6 +34,6 @@ nodes | golang-jwt-v5.go:28:16:28:28 | call to Query | semmle.label | call to Query | | golang-jwt-v5.go:28:16:28:47 | call to Get | semmle.label | call to Get | | golang-jwt-v5.go:29:25:29:35 | signedToken | semmle.label | signedToken | -| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | semmle.label | definition of signedToken | +| golang-jwt-v5.go:32:29:32:39 | SSA def(signedToken) | semmle.label | SSA def(signedToken) | | golang-jwt-v5.go:34:58:34:68 | signedToken | semmle.label | signedToken | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected index 8d4aaba1446c..9135bafbf54e 100644 --- a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected +++ b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected @@ -9,31 +9,31 @@ | main.go:69:5:69:22 | ...!=... | main.go:76:19:76:21 | argument corresponding to url | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:76:19:76:21 | argument corresponding to url | this value | main.go:77:25:77:39 | call to getTarget1 | redirect | | main.go:83:5:83:20 | ...!=... | main.go:87:9:87:14 | selection of Path | main.go:91:25:91:39 | call to getTarget2 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:87:9:87:14 | selection of Path | this value | main.go:91:25:91:39 | call to getTarget2 | redirect | edges +| BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | provenance | | | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | BadRedirectCheck.go:5:10:5:14 | redir | provenance | | -| BadRedirectCheck.go:3:18:3:22 | definition of redir | BadRedirectCheck.go:5:10:5:14 | redir | provenance | | | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl | provenance | Sink:MaD:1 | | cves.go:14:23:14:25 | argument corresponding to url | cves.go:16:26:16:28 | url | provenance | Sink:MaD:1 | | cves.go:33:14:33:34 | call to Get | cves.go:37:25:37:32 | redirect | provenance | Sink:MaD:1 | | cves.go:41:14:41:34 | call to Get | cves.go:45:25:45:32 | redirect | provenance | Sink:MaD:1 | | main.go:10:18:10:25 | argument corresponding to redirect | main.go:11:37:11:44 | redirect | provenance | | -| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | definition of redir | provenance | | +| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | provenance | | | main.go:11:37:11:44 | redirect | main.go:11:25:11:45 | call to sanitizeUrl | provenance | Sink:MaD:1 | | main.go:32:24:32:26 | argument corresponding to url | main.go:34:26:34:28 | url | provenance | Sink:MaD:1 | +| main.go:68:17:68:24 | SSA def(redirect) | main.go:73:20:73:27 | redirect | provenance | | | main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:20:73:27 | redirect | provenance | | -| main.go:68:17:68:24 | definition of redirect | main.go:73:20:73:27 | redirect | provenance | | | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | provenance | Sink:MaD:1 | | main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:2 | | main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:2 | | main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url | provenance | | -| main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | provenance | | +| main.go:77:36:77:38 | url | main.go:68:17:68:24 | SSA def(redirect) | provenance | | | main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 | provenance | MaD:2 Sink:MaD:1 | | main.go:87:9:87:14 | selection of Path | main.go:91:25:91:39 | call to getTarget2 | provenance | Sink:MaD:1 | models | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | | 2 | Summary: path; ; false; Clean; ; ; Argument[0]; ReturnValue; taint; manual | nodes +| BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | semmle.label | SSA def(redir) | | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | semmle.label | argument corresponding to redir | -| BadRedirectCheck.go:3:18:3:22 | definition of redir | semmle.label | definition of redir | | BadRedirectCheck.go:5:10:5:14 | redir | semmle.label | redir | | BadRedirectCheck.go:5:10:5:14 | redir | semmle.label | redir | | cves.go:14:23:14:25 | argument corresponding to url | semmle.label | argument corresponding to url | @@ -47,8 +47,8 @@ nodes | main.go:11:37:11:44 | redirect | semmle.label | redirect | | main.go:32:24:32:26 | argument corresponding to url | semmle.label | argument corresponding to url | | main.go:34:26:34:28 | url | semmle.label | url | +| main.go:68:17:68:24 | SSA def(redirect) | semmle.label | SSA def(redirect) | | main.go:68:17:68:24 | argument corresponding to redirect | semmle.label | argument corresponding to redirect | -| main.go:68:17:68:24 | definition of redirect | semmle.label | definition of redirect | | main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean | | main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean | | main.go:73:20:73:27 | redirect | semmle.label | redirect | @@ -59,5 +59,5 @@ nodes | main.go:87:9:87:14 | selection of Path | semmle.label | selection of Path | | main.go:91:25:91:39 | call to getTarget2 | semmle.label | call to getTarget2 | subpaths -| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | definition of redir | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl | -| main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | +| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl | +| main.go:77:36:77:38 | url | main.go:68:17:68:24 | SSA def(redirect) | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | From a8997679b5c3137b15fff786ba9a8edf616dda08 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 24 Mar 2026 11:47:58 +0000 Subject: [PATCH 8/9] Test changes to investigate --- .../GlobalValueNumber.expected | 17 ++- .../go/dataflow/SSA/SsaDefinition.expected | 100 ++++++++------- .../go/dataflow/SSA/SsaWithFields.expected | 114 +++++++++--------- .../GoKit/RemoteFlowSources.expected | 4 + .../go/frameworks/GoMicro/gomicro.expected | 2 + .../frameworks/Twirp/RequestForgery.expected | 26 ++-- .../semmle/go/frameworks/Yaml/tests.expected | 4 + .../go/frameworks/gqlgen/gqlgen.expected | 2 + .../DeadStoreOfLocal.expected | 2 + 9 files changed, 139 insertions(+), 132 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected b/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected index 93b3593ec94e..6903b7dbe490 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected @@ -1,18 +1,18 @@ | main.go:6:2:6:5 | 1 | main.go:14:7:14:7 | 1 | -| main.go:10:2:10:2 | definition of x | main.go:10:7:10:7 | 0 | +| main.go:10:2:10:2 | SSA def(x) | main.go:10:7:10:7 | 0 | | main.go:10:7:10:7 | 0 | main.go:10:7:10:7 | 0 | -| main.go:11:6:11:6 | definition of y | main.go:10:7:10:7 | 0 | +| main.go:11:6:11:6 | SSA def(y) | main.go:10:7:10:7 | 0 | | main.go:11:6:11:6 | zero value for y | main.go:10:7:10:7 | 0 | | main.go:12:2:12:18 | call to Println | main.go:12:2:12:18 | call to Println | | main.go:12:14:12:14 | x | main.go:10:7:10:7 | 0 | | main.go:12:17:12:17 | y | main.go:10:7:10:7 | 0 | -| main.go:14:2:14:2 | definition of z | main.go:14:7:14:7 | 1 | +| main.go:14:2:14:2 | SSA def(z) | main.go:14:7:14:7 | 1 | | main.go:14:7:14:7 | 1 | main.go:14:7:14:7 | 1 | | main.go:15:2:15:9 | call to bump | main.go:15:2:15:9 | call to bump | | main.go:16:2:16:21 | call to Println | main.go:16:2:16:21 | call to Println | | main.go:16:14:16:14 | x | main.go:10:7:10:7 | 0 | | main.go:16:17:16:17 | y | main.go:10:7:10:7 | 0 | -| main.go:18:2:18:3 | definition of ss | main.go:18:8:18:24 | call to make | +| main.go:18:2:18:3 | SSA def(ss) | main.go:18:8:18:24 | call to make | | main.go:18:8:18:24 | call to make | main.go:18:8:18:24 | call to make | | main.go:18:23:18:23 | 3 | main.go:18:23:18:23 | 3 | | main.go:19:5:19:5 | 2 | main.go:19:5:19:5 | 2 | @@ -20,22 +20,19 @@ | main.go:20:2:20:16 | call to Println | main.go:20:2:20:16 | call to Println | | main.go:23:14:23:16 | implicit read of res | main.go:24:8:24:8 | 4 | | main.go:23:14:23:16 | zero value for res | main.go:10:7:10:7 | 0 | -| main.go:24:2:24:4 | definition of res | main.go:24:8:24:8 | 4 | +| main.go:24:2:24:4 | SSA def(res) | main.go:24:8:24:8 | 4 | | main.go:24:8:24:8 | 4 | main.go:24:8:24:8 | 4 | | main.go:28:15:28:17 | implicit read of res | main.go:30:9:30:9 | 6 | | main.go:28:15:28:17 | zero value for res | main.go:10:7:10:7 | 0 | | main.go:29:8:29:8 | 5 | main.go:29:8:29:8 | 5 | | main.go:30:9:30:9 | 6 | main.go:30:9:30:9 | 6 | -| main.go:30:9:30:9 | definition of res | main.go:30:9:30:9 | 6 | -| main.go:33:15:33:17 | definition of res | main.go:10:7:10:7 | 0 | +| main.go:30:9:30:9 | SSA def(res) | main.go:30:9:30:9 | 6 | | main.go:33:15:33:17 | zero value for res | main.go:10:7:10:7 | 0 | -| main.go:34:2:34:4 | definition of res | main.go:34:8:34:8 | 7 | | main.go:34:8:34:8 | 7 | main.go:34:8:34:8 | 7 | | main.go:35:8:37:4 | function call | main.go:35:8:37:4 | function call | -| main.go:36:3:36:5 | definition of res | main.go:36:9:36:9 | 8 | | main.go:36:9:36:9 | 8 | main.go:36:9:36:9 | 8 | | main.go:38:9:38:9 | 9 | main.go:38:9:38:9 | 9 | -| main.go:38:9:38:9 | definition of res | main.go:38:9:38:9 | 9 | +| main.go:38:9:38:9 | SSA def(res) | main.go:38:9:38:9 | 9 | | regressions.go:5:11:5:31 | call to Sizeof | regressions.go:5:11:5:31 | call to Sizeof | | regressions.go:7:11:7:15 | false | regressions.go:7:11:7:15 | false | | regressions.go:9:11:9:12 | !... | regressions.go:11:11:11:14 | true | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected index ddff7565818c..229177161df5 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected @@ -1,51 +1,49 @@ -| main.go:13:6:13:6 | definition of x | -| main.go:14:2:14:2 | definition of y | -| main.go:17:3:17:3 | definition of y | -| main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | -| main.go:21:3:21:3 | definition of x | -| main.go:23:2:23:10 | x = phi(def@13:6, def@21:3) | -| main.go:26:10:26:10 | definition of x | -| main.go:27:2:27:2 | definition of a | -| main.go:27:5:27:5 | definition of b | -| main.go:29:3:29:3 | definition of a | -| main.go:29:6:29:6 | definition of b | -| main.go:31:9:31:9 | a = phi(def@27:2, def@29:3) | -| main.go:31:9:31:9 | b = phi(def@27:5, def@29:6) | -| main.go:34:11:34:11 | definition of x | -| main.go:39:2:39:2 | definition of x | -| main.go:40:2:40:4 | definition of ptr | -| main.go:48:2:48:7 | definition of result | -| main.go:52:14:52:19 | definition of result | -| main.go:57:6:57:6 | definition of x | -| main.go:58:6:58:9 | x = phi(def@57:6, def@59:3) | -| main.go:59:3:59:3 | definition of x | -| main.go:63:2:63:2 | definition of y | -| main.go:64:6:64:6 | definition of i | -| main.go:64:16:64:18 | definition of i | -| main.go:65:6:65:9 | i = phi(def@64:16, def@64:6) | -| main.go:65:6:65:9 | y = phi(def@63:2, def@68:3) | -| main.go:68:3:68:3 | definition of y | -| main.go:73:6:73:6 | definition of i | -| main.go:73:16:73:18 | definition of i | -| main.go:74:3:74:3 | definition of z | -| main.go:74:3:74:3 | i = phi(def@73:16, def@73:6) | -| main.go:82:25:82:25 | definition of b | -| main.go:83:2:83:2 | definition of x | -| main.go:84:5:84:5 | definition of a | -| main.go:95:22:95:28 | definition of wrapper | -| main.go:96:2:96:2 | definition of x | -| main.go:97:2:99:3 | capture variable x | -| main.go:98:3:98:3 | definition of x | -| main.go:103:20:103:26 | definition of wrapper | -| main.go:104:2:104:2 | definition of x | -| main.go:105:16:108:2 | capture variable x | -| main.go:106:3:106:3 | definition of y | -| main.go:112:29:112:35 | definition of wrapper | -| main.go:113:2:113:2 | definition of x | -| main.go:114:2:117:3 | capture variable x | -| main.go:114:16:117:2 | capture variable x | -| main.go:115:3:115:3 | definition of y | -| main.go:116:3:116:3 | definition of x | -| main.go:130:3:130:3 | definition of p | -| main.go:132:3:132:3 | definition of p | -| main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | +| main.go:13:6:13:6 | SSA def(x) | +| main.go:14:2:14:2 | SSA def(y) | +| main.go:17:3:17:3 | SSA def(y) | +| main.go:19:2:19:10 | SSA phi(y) | +| main.go:21:3:21:3 | SSA def(x) | +| main.go:23:2:23:10 | SSA phi(x) | +| main.go:26:10:26:10 | SSA def(x) | +| main.go:27:2:27:2 | SSA def(a) | +| main.go:27:5:27:5 | SSA def(b) | +| main.go:29:3:29:3 | SSA def(a) | +| main.go:29:6:29:6 | SSA def(b) | +| main.go:31:9:31:9 | SSA phi(a) | +| main.go:31:9:31:9 | SSA phi(b) | +| main.go:34:11:34:11 | SSA def(x) | +| main.go:39:2:39:2 | SSA def(x) | +| main.go:40:2:40:4 | SSA def(ptr) | +| main.go:48:2:48:7 | SSA def(result) | +| main.go:52:14:52:19 | SSA def(result) | +| main.go:57:6:57:6 | SSA def(x) | +| main.go:58:6:58:9 | SSA phi(x) | +| main.go:59:3:59:3 | SSA def(x) | +| main.go:63:2:63:2 | SSA def(y) | +| main.go:64:6:64:6 | SSA def(i) | +| main.go:64:16:64:18 | SSA def(i) | +| main.go:65:6:65:9 | SSA phi(i) | +| main.go:65:6:65:9 | SSA phi(y) | +| main.go:68:3:68:3 | SSA def(y) | +| main.go:73:6:73:6 | SSA def(i) | +| main.go:73:16:73:18 | SSA def(i) | +| main.go:74:3:74:3 | SSA def(z) | +| main.go:74:3:74:3 | SSA phi(i) | +| main.go:82:25:82:25 | SSA def(b) | +| main.go:83:2:83:2 | SSA def(x) | +| main.go:84:5:84:5 | SSA def(a) | +| main.go:95:22:95:28 | SSA def(wrapper) | +| main.go:96:2:96:2 | SSA def(x) | +| main.go:97:2:99:3 | SSA def(x) | +| main.go:103:20:103:26 | SSA def(wrapper) | +| main.go:104:2:104:2 | SSA def(x) | +| main.go:105:16:108:2 | SSA def(x) | +| main.go:106:3:106:3 | SSA def(y) | +| main.go:112:29:112:35 | SSA def(wrapper) | +| main.go:113:2:113:2 | SSA def(x) | +| main.go:114:2:117:3 | SSA def(x) | +| main.go:114:16:117:2 | SSA def(x) | +| main.go:115:3:115:3 | SSA def(y) | +| main.go:130:3:130:3 | SSA def(p) | +| main.go:132:3:132:3 | SSA def(p) | +| main.go:135:2:135:2 | SSA phi(p) | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected index 40b9195fc879..ca2dd6dcb2e5 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected @@ -1,58 +1,56 @@ -| main.go:13:6:13:6 | (def@13:6) | x | -| main.go:14:2:14:2 | (def@14:2) | y | -| main.go:17:3:17:3 | (def@17:3) | y | -| main.go:19:2:19:10 | (phi@19:2) | y | -| main.go:21:3:21:3 | (def@21:3) | x | -| main.go:23:2:23:10 | (phi@23:2) | x | -| main.go:26:10:26:10 | (def@26:10) | x | -| main.go:27:2:27:2 | (def@27:2) | a | -| main.go:27:5:27:5 | (def@27:5) | b | -| main.go:29:3:29:3 | (def@29:3) | a | -| main.go:29:6:29:6 | (def@29:6) | b | -| main.go:31:9:31:9 | (phi@31:9) | a | -| main.go:31:9:31:9 | (phi@31:9) | b | -| main.go:34:11:34:11 | (def@34:11) | x | -| main.go:39:2:39:2 | (def@39:2) | x | -| main.go:40:2:40:4 | (def@40:2) | ptr | -| main.go:48:2:48:7 | (def@48:2) | result | -| main.go:52:14:52:19 | (def@52:14) | result | -| main.go:57:6:57:6 | (def@57:6) | x | -| main.go:58:6:58:9 | (phi@58:6) | x | -| main.go:59:3:59:3 | (def@59:3) | x | -| main.go:63:2:63:2 | (def@63:2) | y | -| main.go:64:6:64:6 | (def@64:6) | i | -| main.go:64:16:64:18 | (def@64:16) | i | -| main.go:65:6:65:9 | (phi@65:6) | i | -| main.go:65:6:65:9 | (phi@65:6) | y | -| main.go:68:3:68:3 | (def@68:3) | y | -| main.go:73:6:73:6 | (def@73:6) | i | -| main.go:73:16:73:18 | (def@73:16) | i | -| main.go:74:3:74:3 | (def@74:3) | z | -| main.go:74:3:74:3 | (phi@74:3) | i | -| main.go:82:25:82:25 | (def@82:25) | b | -| main.go:83:2:83:2 | (def@83:2) | x | -| main.go:84:5:84:5 | (def@84:5) | a | -| main.go:95:22:95:28 | (def@95:22) | wrapper | -| main.go:95:22:95:28 | (def@95:22).s | wrapper.s | -| main.go:96:2:96:2 | (def@96:2) | x | -| main.go:97:2:99:3 | (capture@97:2) | x | -| main.go:98:3:98:3 | (def@98:3) | x | -| main.go:103:20:103:26 | (def@103:20) | wrapper | -| main.go:103:20:103:26 | (def@103:20).s | wrapper.s | -| main.go:104:2:104:2 | (def@104:2) | x | -| main.go:105:16:108:2 | (capture@105:16) | x | -| main.go:106:3:106:3 | (def@106:3) | y | -| main.go:112:29:112:35 | (def@112:29) | wrapper | -| main.go:112:29:112:35 | (def@112:29).s | wrapper.s | -| main.go:113:2:113:2 | (def@113:2) | x | -| main.go:114:2:117:3 | (capture@114:2) | x | -| main.go:114:16:117:2 | (capture@114:16) | x | -| main.go:115:3:115:3 | (def@115:3) | y | -| main.go:116:3:116:3 | (def@116:3) | x | -| main.go:130:3:130:3 | (def@130:3) | p | -| main.go:132:3:132:3 | (def@132:3) | p | -| main.go:135:2:135:2 | (phi@135:2) | p | -| main.go:135:2:135:2 | (phi@135:2).a | p.a | -| main.go:135:2:135:2 | (phi@135:2).b | p.b | -| main.go:135:2:135:2 | (phi@135:2).b.a | p.b.a | -| main.go:135:2:135:2 | (phi@135:2).c | p.c | +| main.go:13:6:13:6 | (SSA def(x)) | x | +| main.go:14:2:14:2 | (SSA def(y)) | y | +| main.go:17:3:17:3 | (SSA def(y)) | y | +| main.go:19:2:19:10 | (SSA phi(y)) | y | +| main.go:21:3:21:3 | (SSA def(x)) | x | +| main.go:23:2:23:10 | (SSA phi(x)) | x | +| main.go:26:10:26:10 | (SSA def(x)) | x | +| main.go:27:2:27:2 | (SSA def(a)) | a | +| main.go:27:5:27:5 | (SSA def(b)) | b | +| main.go:29:3:29:3 | (SSA def(a)) | a | +| main.go:29:6:29:6 | (SSA def(b)) | b | +| main.go:31:9:31:9 | (SSA phi(a)) | a | +| main.go:31:9:31:9 | (SSA phi(b)) | b | +| main.go:34:11:34:11 | (SSA def(x)) | x | +| main.go:39:2:39:2 | (SSA def(x)) | x | +| main.go:40:2:40:4 | (SSA def(ptr)) | ptr | +| main.go:48:2:48:7 | (SSA def(result)) | result | +| main.go:52:14:52:19 | (SSA def(result)) | result | +| main.go:57:6:57:6 | (SSA def(x)) | x | +| main.go:58:6:58:9 | (SSA phi(x)) | x | +| main.go:59:3:59:3 | (SSA def(x)) | x | +| main.go:63:2:63:2 | (SSA def(y)) | y | +| main.go:64:6:64:6 | (SSA def(i)) | i | +| main.go:64:16:64:18 | (SSA def(i)) | i | +| main.go:65:6:65:9 | (SSA phi(i)) | i | +| main.go:65:6:65:9 | (SSA phi(y)) | y | +| main.go:68:3:68:3 | (SSA def(y)) | y | +| main.go:73:6:73:6 | (SSA def(i)) | i | +| main.go:73:16:73:18 | (SSA def(i)) | i | +| main.go:74:3:74:3 | (SSA def(z)) | z | +| main.go:74:3:74:3 | (SSA phi(i)) | i | +| main.go:82:25:82:25 | (SSA def(b)) | b | +| main.go:83:2:83:2 | (SSA def(x)) | x | +| main.go:84:5:84:5 | (SSA def(a)) | a | +| main.go:95:22:95:28 | (SSA def(wrapper)) | wrapper | +| main.go:95:22:95:28 | (SSA def(wrapper)).s | wrapper.s | +| main.go:96:2:96:2 | (SSA def(x)) | x | +| main.go:97:2:99:3 | (SSA def(x)) | x | +| main.go:103:20:103:26 | (SSA def(wrapper)) | wrapper | +| main.go:103:20:103:26 | (SSA def(wrapper)).s | wrapper.s | +| main.go:104:2:104:2 | (SSA def(x)) | x | +| main.go:105:16:108:2 | (SSA def(x)) | x | +| main.go:106:3:106:3 | (SSA def(y)) | y | +| main.go:112:29:112:35 | (SSA def(wrapper)) | wrapper | +| main.go:112:29:112:35 | (SSA def(wrapper)).s | wrapper.s | +| main.go:113:2:113:2 | (SSA def(x)) | x | +| main.go:114:2:117:3 | (SSA def(x)) | x | +| main.go:114:16:117:2 | (SSA def(x)) | x | +| main.go:115:3:115:3 | (SSA def(y)) | y | +| main.go:130:3:130:3 | (SSA def(p)) | p | +| main.go:132:3:132:3 | (SSA def(p)) | p | +| main.go:135:2:135:2 | (SSA phi(p)) | p | +| main.go:135:2:135:2 | (SSA phi(p)).a | p.a | +| main.go:135:2:135:2 | (SSA phi(p)).b | p.b | +| main.go:135:2:135:2 | (SSA phi(p)).b.a | p.b.a | +| main.go:135:2:135:2 | (SSA phi(p)).c | p.c | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoKit/RemoteFlowSources.expected b/go/ql/test/library-tests/semmle/go/frameworks/GoKit/RemoteFlowSources.expected index 42831abaf155..bc4b28ae428f 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoKit/RemoteFlowSources.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoKit/RemoteFlowSources.expected @@ -1,2 +1,6 @@ invalidModelRow testFailures +| main.go:15:33:15:39 | SSA def(request) | Unexpected result: source="SSA def(request)" | +| main.go:15:77:15:111 | comment | Missing result: source="definition of request" | +| main.go:20:36:20:42 | SSA def(request) | Unexpected result: source="SSA def(request)" | +| main.go:20:80:20:114 | comment | Missing result: source="definition of request" | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/gomicro.expected b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/gomicro.expected index 42831abaf155..5d3937b65559 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/gomicro.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/gomicro.expected @@ -1,2 +1,4 @@ invalidModelRow testFailures +| main.go:18:46:18:48 | SSA def(req) | Unexpected result: serverRequest="SSA def(req)" | +| main.go:18:89:18:126 | comment | Missing result: serverRequest="definition of req" | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected index 7b1fa1a31215..a50f131a747c 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected @@ -1,19 +1,19 @@ #select | server/main.go:30:38:30:48 | selection of Text | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | user-provided value | -| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | definition of params | user-provided value | +| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | SSA def(params) | user-provided value | edges -| client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | definition of params | provenance | | +| client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | SSA def(params) | provenance | | | client/main.go:16:35:16:78 | &... [postupdate] | client/main.go:16:35:16:78 | &... | provenance | | | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance | | | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:1 MaD:3 | | rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | provenance | MaD:2 | -| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | | -| rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | | -| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | | -| server/main.go:19:56:19:61 | definition of params | server/main.go:19:56:19:61 | definition of params [Return] | provenance | | -| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | | -| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance | | +| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | provenance | | +| rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | | +| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | SSA def(params) | provenance | | +| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:19:56:19:61 | SSA def(params) [Return] | provenance | | +| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | provenance | | +| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | provenance | | +| server/main.go:19:56:19:61 | SSA def(params) [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance | | models | 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual | | 2 | Summary: google.golang.org/protobuf/proto; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual | @@ -25,10 +25,10 @@ nodes | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body | | rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf | | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | semmle.label | reqContent [postupdate] | -| rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | semmle.label | capture variable reqContent | +| rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | semmle.label | SSA def(reqContent) | | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent | -| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params | -| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params | -| server/main.go:19:56:19:61 | definition of params [Return] | semmle.label | definition of params [Return] | +| server/main.go:19:56:19:61 | SSA def(params) | semmle.label | SSA def(params) | +| server/main.go:19:56:19:61 | SSA def(params) | semmle.label | SSA def(params) | +| server/main.go:19:56:19:61 | SSA def(params) [Return] | semmle.label | SSA def(params) [Return] | | server/main.go:30:38:30:48 | selection of Text | semmle.label | selection of Text | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.expected b/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.expected index 42831abaf155..f02a219e6bfb 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.expected @@ -1,2 +1,6 @@ invalidModelRow testFailures +| yaml.go:27:7:27:25 | call to NewEncoder | Unexpected result: ttfnmodelstep="SSA def(e) -> w [postupdate]" | +| yaml.go:27:27:27:80 | comment | Missing result: ttfnmodelstep="definition of e -> w [postupdate]" | +| yaml.go:36:8:36:26 | call to NewEncoder | Unexpected result: ttfnmodelstep="SSA def(e1) -> w [postupdate]" | +| yaml.go:36:28:36:82 | comment | Missing result: ttfnmodelstep="definition of e1 -> w [postupdate]" | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/gqlgen/gqlgen.expected b/go/ql/test/library-tests/semmle/go/frameworks/gqlgen/gqlgen.expected index 42831abaf155..5609b85b3ee2 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/gqlgen/gqlgen.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/gqlgen/gqlgen.expected @@ -1,2 +1,4 @@ invalidModelRow testFailures +| graph/schema.resolvers.go:14:60:14:64 | SSA def(input) | Unexpected result: resolverParameter="SSA def(input)" | +| graph/schema.resolvers.go:14:104:14:147 | comment | Missing result: resolverParameter="definition of input" | diff --git a/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/DeadStoreOfLocal.expected b/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/DeadStoreOfLocal.expected index 5b2010251ef7..d9444556f2ca 100644 --- a/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/DeadStoreOfLocal.expected +++ b/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/DeadStoreOfLocal.expected @@ -16,6 +16,8 @@ | testdata.go:172:3:172:3 | assignment to x | This definition of x is never used. | | testdata.go:180:3:180:5 | increment statement | This definition of x is never used. | | testdata.go:201:2:201:2 | assignment to x | This definition of x is never used. | +| testdata.go:227:3:227:5 | increment statement | This definition of x is never used. | +| testdata.go:235:3:235:3 | assignment to x | This definition of x is never used. | | testdata.go:262:2:262:2 | assignment to x | This definition of x is never used. | | testdata.go:268:2:268:2 | assignment to x | This definition of x is never used. | | testdata.go:309:2:309:2 | assignment to a | This definition of a is never used. | From 5a786ac4e028f7519c1cff618889fddc28aa8202 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 25 Mar 2026 19:11:42 +0000 Subject: [PATCH 9/9] Fix captured variable liveness and re-enable toString overrides - Extend synthetic uncertain reads to function exits of any function that writes a captured variable, not just the declaring function. This ensures writes to captured variables inside closures remain live (matching the old `v.isCaptured()` liveness shortcut). - Uncomment toString overrides for SsaExplicitDefinition, SsaVariableCapture, SsaPhiNode, and SsaVariable to restore original output formats. - Revert test expected files to pre-test-changes state matching the correct toString formats and capture variable results. Agent-Logs-Url: https://github.com/github/codeql/sessions/6dbf9d42-b2e2-42a2-984b-8ea31df4e633 Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com> --- go/ql/lib/semmle/go/dataflow/SSA.qll | 36 +++--- go/ql/lib/semmle/go/dataflow/SsaImpl.qll | 26 ++-- .../GlobalValueNumber.expected | 17 +-- .../go/dataflow/SSA/SsaDefinition.expected | 100 +++++++-------- .../go/dataflow/SSA/SsaWithFields.expected | 114 +++++++++--------- .../GoKit/RemoteFlowSources.expected | 4 - .../go/frameworks/GoMicro/gomicro.expected | 2 - .../frameworks/Twirp/RequestForgery.expected | 26 ++-- .../semmle/go/frameworks/Yaml/tests.expected | 4 - .../go/frameworks/gqlgen/gqlgen.expected | 2 - .../DeadStoreOfLocal.expected | 2 - 11 files changed, 170 insertions(+), 163 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/SSA.qll b/go/ql/lib/semmle/go/dataflow/SSA.qll index 5fe2098e3106..ee1a6d489fe5 100644 --- a/go/ql/lib/semmle/go/dataflow/SSA.qll +++ b/go/ql/lib/semmle/go/dataflow/SSA.qll @@ -82,17 +82,18 @@ class SsaVariable extends Definition { /** Gets a use that refers to this SSA variable. */ IR::Instruction getAUse() { result = this.getAUseIn(_) } - // /** - // * Gets a textual representation of this element. - // * - // * The format is `kind@LINE:COL`, where `kind` is one of `def`, `capture`, or `phi`. - // */ - // override string toString() { - // exists(Location loc | loc = this.(SsaDefinition).getLocation() | - // result = - // this.(SsaDefinition).getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn() - // ) - // } + /** + * Gets a textual representation of this element. + * + * The format is `kind@LINE:COL`, where `kind` is one of `def`, `capture`, or `phi`. + */ + override string toString() { + exists(Location loc | loc = this.(SsaDefinition).getLocation() | + result = + this.(SsaDefinition).getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn() + ) + } + /** * DEPRECATED: Use `getLocation()` instead. * @@ -170,7 +171,8 @@ class SsaExplicitDefinition extends SsaDefinition, WriteDefinition { IR::Instruction getRhs() { this.getInstruction().writes(_, result) } override string getKind() { result = "def" } - // override string toString() { result = "definition of " + this.getSourceVariable() } + + override string toString() { result = "definition of " + this.getSourceVariable() } } /** Provides a helper predicate for working with explicit SSA definitions. */ @@ -195,7 +197,8 @@ abstract class SsaImplicitDefinition extends SsaDefinition { } */ class SsaVariableCapture extends SsaImplicitDefinition, UncertainWriteDefinition { override string getKind() { result = "capture" } - // override string toString() { result = "capture variable " + this.getSourceVariable() } + + override string toString() { result = "capture variable " + this.getSourceVariable() } } /** @@ -227,9 +230,10 @@ class SsaPhiNode extends SsaPseudoDefinition, PhiNode { override SsaVariable getAnInput() { phiHasInputFromBlock(this, result, _) } override string getKind() { result = "phi" } - // override string toString() { - // result = this.getSourceVariable() + " = phi(" + this.ppInputs() + ")" - // } + + override string toString() { + result = this.getSourceVariable() + " = phi(" + this.ppInputs() + ")" + } } /** diff --git a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll index a33bb7da1e55..ff2069de60fb 100644 --- a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll @@ -96,20 +96,30 @@ private module Internal { /** * Holds if the `i`th node of basic block `bb` reads source variable `v`. * - * We also add a synthetic uncertain read at the exit node of the declaring - * function for captured variables. This ensures that definitions of captured - * variables are included in the SSA graph even when the variable is not - * locally read in the declaring function (but may be read by a nested function). + * We add a synthetic uncertain read at the exit node of every function + * that references a captured variable `v`. This ensures that definitions + * of captured variables are included in the SSA graph even when the + * variable is not locally read in that function scope (but may be read + * by another function sharing the same closure). */ cached predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { useAt(bb, i, v) and certain = true or v.isCaptured() and - bb.getScope() = v.getDeclaringFunction() and - bb.getLastNode().isExitNode() and - i = bb.length() - 1 and - certain = false + exists(FuncDef f | + f = bb.getScope() and + bb.getLastNode().isExitNode() and + i = bb.length() - 1 and + certain = false + | + // The declaring function: captures may be read after calls to closures + f = v.getDeclaringFunction() + or + // Any function that writes `v`: the write may be observed by the + // declaring function or another closure sharing the same variable + any(IR::Instruction def | def.writes(v, _)).getRoot() = f + ) } } } diff --git a/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected b/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected index 6903b7dbe490..93b3593ec94e 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected @@ -1,18 +1,18 @@ | main.go:6:2:6:5 | 1 | main.go:14:7:14:7 | 1 | -| main.go:10:2:10:2 | SSA def(x) | main.go:10:7:10:7 | 0 | +| main.go:10:2:10:2 | definition of x | main.go:10:7:10:7 | 0 | | main.go:10:7:10:7 | 0 | main.go:10:7:10:7 | 0 | -| main.go:11:6:11:6 | SSA def(y) | main.go:10:7:10:7 | 0 | +| main.go:11:6:11:6 | definition of y | main.go:10:7:10:7 | 0 | | main.go:11:6:11:6 | zero value for y | main.go:10:7:10:7 | 0 | | main.go:12:2:12:18 | call to Println | main.go:12:2:12:18 | call to Println | | main.go:12:14:12:14 | x | main.go:10:7:10:7 | 0 | | main.go:12:17:12:17 | y | main.go:10:7:10:7 | 0 | -| main.go:14:2:14:2 | SSA def(z) | main.go:14:7:14:7 | 1 | +| main.go:14:2:14:2 | definition of z | main.go:14:7:14:7 | 1 | | main.go:14:7:14:7 | 1 | main.go:14:7:14:7 | 1 | | main.go:15:2:15:9 | call to bump | main.go:15:2:15:9 | call to bump | | main.go:16:2:16:21 | call to Println | main.go:16:2:16:21 | call to Println | | main.go:16:14:16:14 | x | main.go:10:7:10:7 | 0 | | main.go:16:17:16:17 | y | main.go:10:7:10:7 | 0 | -| main.go:18:2:18:3 | SSA def(ss) | main.go:18:8:18:24 | call to make | +| main.go:18:2:18:3 | definition of ss | main.go:18:8:18:24 | call to make | | main.go:18:8:18:24 | call to make | main.go:18:8:18:24 | call to make | | main.go:18:23:18:23 | 3 | main.go:18:23:18:23 | 3 | | main.go:19:5:19:5 | 2 | main.go:19:5:19:5 | 2 | @@ -20,19 +20,22 @@ | main.go:20:2:20:16 | call to Println | main.go:20:2:20:16 | call to Println | | main.go:23:14:23:16 | implicit read of res | main.go:24:8:24:8 | 4 | | main.go:23:14:23:16 | zero value for res | main.go:10:7:10:7 | 0 | -| main.go:24:2:24:4 | SSA def(res) | main.go:24:8:24:8 | 4 | +| main.go:24:2:24:4 | definition of res | main.go:24:8:24:8 | 4 | | main.go:24:8:24:8 | 4 | main.go:24:8:24:8 | 4 | | main.go:28:15:28:17 | implicit read of res | main.go:30:9:30:9 | 6 | | main.go:28:15:28:17 | zero value for res | main.go:10:7:10:7 | 0 | | main.go:29:8:29:8 | 5 | main.go:29:8:29:8 | 5 | | main.go:30:9:30:9 | 6 | main.go:30:9:30:9 | 6 | -| main.go:30:9:30:9 | SSA def(res) | main.go:30:9:30:9 | 6 | +| main.go:30:9:30:9 | definition of res | main.go:30:9:30:9 | 6 | +| main.go:33:15:33:17 | definition of res | main.go:10:7:10:7 | 0 | | main.go:33:15:33:17 | zero value for res | main.go:10:7:10:7 | 0 | +| main.go:34:2:34:4 | definition of res | main.go:34:8:34:8 | 7 | | main.go:34:8:34:8 | 7 | main.go:34:8:34:8 | 7 | | main.go:35:8:37:4 | function call | main.go:35:8:37:4 | function call | +| main.go:36:3:36:5 | definition of res | main.go:36:9:36:9 | 8 | | main.go:36:9:36:9 | 8 | main.go:36:9:36:9 | 8 | | main.go:38:9:38:9 | 9 | main.go:38:9:38:9 | 9 | -| main.go:38:9:38:9 | SSA def(res) | main.go:38:9:38:9 | 9 | +| main.go:38:9:38:9 | definition of res | main.go:38:9:38:9 | 9 | | regressions.go:5:11:5:31 | call to Sizeof | regressions.go:5:11:5:31 | call to Sizeof | | regressions.go:7:11:7:15 | false | regressions.go:7:11:7:15 | false | | regressions.go:9:11:9:12 | !... | regressions.go:11:11:11:14 | true | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected index 229177161df5..ddff7565818c 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected @@ -1,49 +1,51 @@ -| main.go:13:6:13:6 | SSA def(x) | -| main.go:14:2:14:2 | SSA def(y) | -| main.go:17:3:17:3 | SSA def(y) | -| main.go:19:2:19:10 | SSA phi(y) | -| main.go:21:3:21:3 | SSA def(x) | -| main.go:23:2:23:10 | SSA phi(x) | -| main.go:26:10:26:10 | SSA def(x) | -| main.go:27:2:27:2 | SSA def(a) | -| main.go:27:5:27:5 | SSA def(b) | -| main.go:29:3:29:3 | SSA def(a) | -| main.go:29:6:29:6 | SSA def(b) | -| main.go:31:9:31:9 | SSA phi(a) | -| main.go:31:9:31:9 | SSA phi(b) | -| main.go:34:11:34:11 | SSA def(x) | -| main.go:39:2:39:2 | SSA def(x) | -| main.go:40:2:40:4 | SSA def(ptr) | -| main.go:48:2:48:7 | SSA def(result) | -| main.go:52:14:52:19 | SSA def(result) | -| main.go:57:6:57:6 | SSA def(x) | -| main.go:58:6:58:9 | SSA phi(x) | -| main.go:59:3:59:3 | SSA def(x) | -| main.go:63:2:63:2 | SSA def(y) | -| main.go:64:6:64:6 | SSA def(i) | -| main.go:64:16:64:18 | SSA def(i) | -| main.go:65:6:65:9 | SSA phi(i) | -| main.go:65:6:65:9 | SSA phi(y) | -| main.go:68:3:68:3 | SSA def(y) | -| main.go:73:6:73:6 | SSA def(i) | -| main.go:73:16:73:18 | SSA def(i) | -| main.go:74:3:74:3 | SSA def(z) | -| main.go:74:3:74:3 | SSA phi(i) | -| main.go:82:25:82:25 | SSA def(b) | -| main.go:83:2:83:2 | SSA def(x) | -| main.go:84:5:84:5 | SSA def(a) | -| main.go:95:22:95:28 | SSA def(wrapper) | -| main.go:96:2:96:2 | SSA def(x) | -| main.go:97:2:99:3 | SSA def(x) | -| main.go:103:20:103:26 | SSA def(wrapper) | -| main.go:104:2:104:2 | SSA def(x) | -| main.go:105:16:108:2 | SSA def(x) | -| main.go:106:3:106:3 | SSA def(y) | -| main.go:112:29:112:35 | SSA def(wrapper) | -| main.go:113:2:113:2 | SSA def(x) | -| main.go:114:2:117:3 | SSA def(x) | -| main.go:114:16:117:2 | SSA def(x) | -| main.go:115:3:115:3 | SSA def(y) | -| main.go:130:3:130:3 | SSA def(p) | -| main.go:132:3:132:3 | SSA def(p) | -| main.go:135:2:135:2 | SSA phi(p) | +| main.go:13:6:13:6 | definition of x | +| main.go:14:2:14:2 | definition of y | +| main.go:17:3:17:3 | definition of y | +| main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | +| main.go:21:3:21:3 | definition of x | +| main.go:23:2:23:10 | x = phi(def@13:6, def@21:3) | +| main.go:26:10:26:10 | definition of x | +| main.go:27:2:27:2 | definition of a | +| main.go:27:5:27:5 | definition of b | +| main.go:29:3:29:3 | definition of a | +| main.go:29:6:29:6 | definition of b | +| main.go:31:9:31:9 | a = phi(def@27:2, def@29:3) | +| main.go:31:9:31:9 | b = phi(def@27:5, def@29:6) | +| main.go:34:11:34:11 | definition of x | +| main.go:39:2:39:2 | definition of x | +| main.go:40:2:40:4 | definition of ptr | +| main.go:48:2:48:7 | definition of result | +| main.go:52:14:52:19 | definition of result | +| main.go:57:6:57:6 | definition of x | +| main.go:58:6:58:9 | x = phi(def@57:6, def@59:3) | +| main.go:59:3:59:3 | definition of x | +| main.go:63:2:63:2 | definition of y | +| main.go:64:6:64:6 | definition of i | +| main.go:64:16:64:18 | definition of i | +| main.go:65:6:65:9 | i = phi(def@64:16, def@64:6) | +| main.go:65:6:65:9 | y = phi(def@63:2, def@68:3) | +| main.go:68:3:68:3 | definition of y | +| main.go:73:6:73:6 | definition of i | +| main.go:73:16:73:18 | definition of i | +| main.go:74:3:74:3 | definition of z | +| main.go:74:3:74:3 | i = phi(def@73:16, def@73:6) | +| main.go:82:25:82:25 | definition of b | +| main.go:83:2:83:2 | definition of x | +| main.go:84:5:84:5 | definition of a | +| main.go:95:22:95:28 | definition of wrapper | +| main.go:96:2:96:2 | definition of x | +| main.go:97:2:99:3 | capture variable x | +| main.go:98:3:98:3 | definition of x | +| main.go:103:20:103:26 | definition of wrapper | +| main.go:104:2:104:2 | definition of x | +| main.go:105:16:108:2 | capture variable x | +| main.go:106:3:106:3 | definition of y | +| main.go:112:29:112:35 | definition of wrapper | +| main.go:113:2:113:2 | definition of x | +| main.go:114:2:117:3 | capture variable x | +| main.go:114:16:117:2 | capture variable x | +| main.go:115:3:115:3 | definition of y | +| main.go:116:3:116:3 | definition of x | +| main.go:130:3:130:3 | definition of p | +| main.go:132:3:132:3 | definition of p | +| main.go:135:2:135:2 | p = phi(def@130:3, def@132:3) | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected index ca2dd6dcb2e5..40b9195fc879 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected @@ -1,56 +1,58 @@ -| main.go:13:6:13:6 | (SSA def(x)) | x | -| main.go:14:2:14:2 | (SSA def(y)) | y | -| main.go:17:3:17:3 | (SSA def(y)) | y | -| main.go:19:2:19:10 | (SSA phi(y)) | y | -| main.go:21:3:21:3 | (SSA def(x)) | x | -| main.go:23:2:23:10 | (SSA phi(x)) | x | -| main.go:26:10:26:10 | (SSA def(x)) | x | -| main.go:27:2:27:2 | (SSA def(a)) | a | -| main.go:27:5:27:5 | (SSA def(b)) | b | -| main.go:29:3:29:3 | (SSA def(a)) | a | -| main.go:29:6:29:6 | (SSA def(b)) | b | -| main.go:31:9:31:9 | (SSA phi(a)) | a | -| main.go:31:9:31:9 | (SSA phi(b)) | b | -| main.go:34:11:34:11 | (SSA def(x)) | x | -| main.go:39:2:39:2 | (SSA def(x)) | x | -| main.go:40:2:40:4 | (SSA def(ptr)) | ptr | -| main.go:48:2:48:7 | (SSA def(result)) | result | -| main.go:52:14:52:19 | (SSA def(result)) | result | -| main.go:57:6:57:6 | (SSA def(x)) | x | -| main.go:58:6:58:9 | (SSA phi(x)) | x | -| main.go:59:3:59:3 | (SSA def(x)) | x | -| main.go:63:2:63:2 | (SSA def(y)) | y | -| main.go:64:6:64:6 | (SSA def(i)) | i | -| main.go:64:16:64:18 | (SSA def(i)) | i | -| main.go:65:6:65:9 | (SSA phi(i)) | i | -| main.go:65:6:65:9 | (SSA phi(y)) | y | -| main.go:68:3:68:3 | (SSA def(y)) | y | -| main.go:73:6:73:6 | (SSA def(i)) | i | -| main.go:73:16:73:18 | (SSA def(i)) | i | -| main.go:74:3:74:3 | (SSA def(z)) | z | -| main.go:74:3:74:3 | (SSA phi(i)) | i | -| main.go:82:25:82:25 | (SSA def(b)) | b | -| main.go:83:2:83:2 | (SSA def(x)) | x | -| main.go:84:5:84:5 | (SSA def(a)) | a | -| main.go:95:22:95:28 | (SSA def(wrapper)) | wrapper | -| main.go:95:22:95:28 | (SSA def(wrapper)).s | wrapper.s | -| main.go:96:2:96:2 | (SSA def(x)) | x | -| main.go:97:2:99:3 | (SSA def(x)) | x | -| main.go:103:20:103:26 | (SSA def(wrapper)) | wrapper | -| main.go:103:20:103:26 | (SSA def(wrapper)).s | wrapper.s | -| main.go:104:2:104:2 | (SSA def(x)) | x | -| main.go:105:16:108:2 | (SSA def(x)) | x | -| main.go:106:3:106:3 | (SSA def(y)) | y | -| main.go:112:29:112:35 | (SSA def(wrapper)) | wrapper | -| main.go:112:29:112:35 | (SSA def(wrapper)).s | wrapper.s | -| main.go:113:2:113:2 | (SSA def(x)) | x | -| main.go:114:2:117:3 | (SSA def(x)) | x | -| main.go:114:16:117:2 | (SSA def(x)) | x | -| main.go:115:3:115:3 | (SSA def(y)) | y | -| main.go:130:3:130:3 | (SSA def(p)) | p | -| main.go:132:3:132:3 | (SSA def(p)) | p | -| main.go:135:2:135:2 | (SSA phi(p)) | p | -| main.go:135:2:135:2 | (SSA phi(p)).a | p.a | -| main.go:135:2:135:2 | (SSA phi(p)).b | p.b | -| main.go:135:2:135:2 | (SSA phi(p)).b.a | p.b.a | -| main.go:135:2:135:2 | (SSA phi(p)).c | p.c | +| main.go:13:6:13:6 | (def@13:6) | x | +| main.go:14:2:14:2 | (def@14:2) | y | +| main.go:17:3:17:3 | (def@17:3) | y | +| main.go:19:2:19:10 | (phi@19:2) | y | +| main.go:21:3:21:3 | (def@21:3) | x | +| main.go:23:2:23:10 | (phi@23:2) | x | +| main.go:26:10:26:10 | (def@26:10) | x | +| main.go:27:2:27:2 | (def@27:2) | a | +| main.go:27:5:27:5 | (def@27:5) | b | +| main.go:29:3:29:3 | (def@29:3) | a | +| main.go:29:6:29:6 | (def@29:6) | b | +| main.go:31:9:31:9 | (phi@31:9) | a | +| main.go:31:9:31:9 | (phi@31:9) | b | +| main.go:34:11:34:11 | (def@34:11) | x | +| main.go:39:2:39:2 | (def@39:2) | x | +| main.go:40:2:40:4 | (def@40:2) | ptr | +| main.go:48:2:48:7 | (def@48:2) | result | +| main.go:52:14:52:19 | (def@52:14) | result | +| main.go:57:6:57:6 | (def@57:6) | x | +| main.go:58:6:58:9 | (phi@58:6) | x | +| main.go:59:3:59:3 | (def@59:3) | x | +| main.go:63:2:63:2 | (def@63:2) | y | +| main.go:64:6:64:6 | (def@64:6) | i | +| main.go:64:16:64:18 | (def@64:16) | i | +| main.go:65:6:65:9 | (phi@65:6) | i | +| main.go:65:6:65:9 | (phi@65:6) | y | +| main.go:68:3:68:3 | (def@68:3) | y | +| main.go:73:6:73:6 | (def@73:6) | i | +| main.go:73:16:73:18 | (def@73:16) | i | +| main.go:74:3:74:3 | (def@74:3) | z | +| main.go:74:3:74:3 | (phi@74:3) | i | +| main.go:82:25:82:25 | (def@82:25) | b | +| main.go:83:2:83:2 | (def@83:2) | x | +| main.go:84:5:84:5 | (def@84:5) | a | +| main.go:95:22:95:28 | (def@95:22) | wrapper | +| main.go:95:22:95:28 | (def@95:22).s | wrapper.s | +| main.go:96:2:96:2 | (def@96:2) | x | +| main.go:97:2:99:3 | (capture@97:2) | x | +| main.go:98:3:98:3 | (def@98:3) | x | +| main.go:103:20:103:26 | (def@103:20) | wrapper | +| main.go:103:20:103:26 | (def@103:20).s | wrapper.s | +| main.go:104:2:104:2 | (def@104:2) | x | +| main.go:105:16:108:2 | (capture@105:16) | x | +| main.go:106:3:106:3 | (def@106:3) | y | +| main.go:112:29:112:35 | (def@112:29) | wrapper | +| main.go:112:29:112:35 | (def@112:29).s | wrapper.s | +| main.go:113:2:113:2 | (def@113:2) | x | +| main.go:114:2:117:3 | (capture@114:2) | x | +| main.go:114:16:117:2 | (capture@114:16) | x | +| main.go:115:3:115:3 | (def@115:3) | y | +| main.go:116:3:116:3 | (def@116:3) | x | +| main.go:130:3:130:3 | (def@130:3) | p | +| main.go:132:3:132:3 | (def@132:3) | p | +| main.go:135:2:135:2 | (phi@135:2) | p | +| main.go:135:2:135:2 | (phi@135:2).a | p.a | +| main.go:135:2:135:2 | (phi@135:2).b | p.b | +| main.go:135:2:135:2 | (phi@135:2).b.a | p.b.a | +| main.go:135:2:135:2 | (phi@135:2).c | p.c | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoKit/RemoteFlowSources.expected b/go/ql/test/library-tests/semmle/go/frameworks/GoKit/RemoteFlowSources.expected index bc4b28ae428f..42831abaf155 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoKit/RemoteFlowSources.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoKit/RemoteFlowSources.expected @@ -1,6 +1,2 @@ invalidModelRow testFailures -| main.go:15:33:15:39 | SSA def(request) | Unexpected result: source="SSA def(request)" | -| main.go:15:77:15:111 | comment | Missing result: source="definition of request" | -| main.go:20:36:20:42 | SSA def(request) | Unexpected result: source="SSA def(request)" | -| main.go:20:80:20:114 | comment | Missing result: source="definition of request" | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/gomicro.expected b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/gomicro.expected index 5d3937b65559..42831abaf155 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/gomicro.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/gomicro.expected @@ -1,4 +1,2 @@ invalidModelRow testFailures -| main.go:18:46:18:48 | SSA def(req) | Unexpected result: serverRequest="SSA def(req)" | -| main.go:18:89:18:126 | comment | Missing result: serverRequest="definition of req" | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected index a50f131a747c..7b1fa1a31215 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected @@ -1,19 +1,19 @@ #select | server/main.go:30:38:30:48 | selection of Text | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | user-provided value | -| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | SSA def(params) | user-provided value | +| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | definition of params | user-provided value | edges -| client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | SSA def(params) | provenance | | +| client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | definition of params | provenance | | | client/main.go:16:35:16:78 | &... [postupdate] | client/main.go:16:35:16:78 | &... | provenance | | | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance | | | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:1 MaD:3 | | rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | provenance | MaD:2 | -| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | provenance | | -| rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | | -| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | SSA def(params) | provenance | | -| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:19:56:19:61 | SSA def(params) [Return] | provenance | | -| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | provenance | | -| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | provenance | | -| server/main.go:19:56:19:61 | SSA def(params) [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance | | +| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | | +| rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | | +| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | | +| server/main.go:19:56:19:61 | definition of params | server/main.go:19:56:19:61 | definition of params [Return] | provenance | | +| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | | +| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | | +| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance | | models | 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual | | 2 | Summary: google.golang.org/protobuf/proto; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual | @@ -25,10 +25,10 @@ nodes | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body | | rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf | | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | semmle.label | reqContent [postupdate] | -| rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | semmle.label | SSA def(reqContent) | +| rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | semmle.label | capture variable reqContent | | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent | -| server/main.go:19:56:19:61 | SSA def(params) | semmle.label | SSA def(params) | -| server/main.go:19:56:19:61 | SSA def(params) | semmle.label | SSA def(params) | -| server/main.go:19:56:19:61 | SSA def(params) [Return] | semmle.label | SSA def(params) [Return] | +| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params | +| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params | +| server/main.go:19:56:19:61 | definition of params [Return] | semmle.label | definition of params [Return] | | server/main.go:30:38:30:48 | selection of Text | semmle.label | selection of Text | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.expected b/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.expected index f02a219e6bfb..42831abaf155 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.expected @@ -1,6 +1,2 @@ invalidModelRow testFailures -| yaml.go:27:7:27:25 | call to NewEncoder | Unexpected result: ttfnmodelstep="SSA def(e) -> w [postupdate]" | -| yaml.go:27:27:27:80 | comment | Missing result: ttfnmodelstep="definition of e -> w [postupdate]" | -| yaml.go:36:8:36:26 | call to NewEncoder | Unexpected result: ttfnmodelstep="SSA def(e1) -> w [postupdate]" | -| yaml.go:36:28:36:82 | comment | Missing result: ttfnmodelstep="definition of e1 -> w [postupdate]" | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/gqlgen/gqlgen.expected b/go/ql/test/library-tests/semmle/go/frameworks/gqlgen/gqlgen.expected index 5609b85b3ee2..42831abaf155 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/gqlgen/gqlgen.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/gqlgen/gqlgen.expected @@ -1,4 +1,2 @@ invalidModelRow testFailures -| graph/schema.resolvers.go:14:60:14:64 | SSA def(input) | Unexpected result: resolverParameter="SSA def(input)" | -| graph/schema.resolvers.go:14:104:14:147 | comment | Missing result: resolverParameter="definition of input" | diff --git a/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/DeadStoreOfLocal.expected b/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/DeadStoreOfLocal.expected index d9444556f2ca..5b2010251ef7 100644 --- a/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/DeadStoreOfLocal.expected +++ b/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/DeadStoreOfLocal.expected @@ -16,8 +16,6 @@ | testdata.go:172:3:172:3 | assignment to x | This definition of x is never used. | | testdata.go:180:3:180:5 | increment statement | This definition of x is never used. | | testdata.go:201:2:201:2 | assignment to x | This definition of x is never used. | -| testdata.go:227:3:227:5 | increment statement | This definition of x is never used. | -| testdata.go:235:3:235:3 | assignment to x | This definition of x is never used. | | testdata.go:262:2:262:2 | assignment to x | This definition of x is never used. | | testdata.go:268:2:268:2 | assignment to x | This definition of x is never used. | | testdata.go:309:2:309:2 | assignment to a | This definition of a is never used. |