Update .expected files (no new results)

Author: owen-mc

go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected

@@ -24,7 +24,11 @@ edges
 | test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | provenance |  |
 | test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | provenance |  |
 | test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | provenance |  |
+| test.go:160:2:160:23 | []type{args} [array] | test.go:160:14:160:22 | &... | provenance |  |
+| test.go:160:14:160:22 | &... | test.go:160:2:160:23 | []type{args} [array] | provenance |  |
 | test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | provenance |  |
+| test.go:164:2:164:25 | []type{args} [array] | test.go:164:15:164:24 | &... | provenance |  |
+| test.go:164:15:164:24 | &... | test.go:164:2:164:25 | []type{args} [array] | provenance |  |
 | test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | provenance |  |
 nodes
 | test.go:80:13:80:16 | &... | semmle.label | &... |
@@ -76,8 +80,10 @@ nodes
 | test.go:153:13:153:47 | type conversion | semmle.label | type conversion |
 | test.go:156:18:156:30 | &... | semmle.label | &... |
 | test.go:157:13:157:38 | type conversion | semmle.label | type conversion |
+| test.go:160:2:160:23 | []type{args} [array] | semmle.label | []type{args} [array] |
 | test.go:160:14:160:22 | &... | semmle.label | &... |
 | test.go:161:13:161:28 | type conversion | semmle.label | type conversion |
+| test.go:164:2:164:25 | []type{args} [array] | semmle.label | []type{args} [array] |
 | test.go:164:15:164:24 | &... | semmle.label | &... |
 | test.go:165:13:165:32 | type conversion | semmle.label | type conversion |
 subpaths

go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected

@@ -3,12 +3,15 @@
 edges
 | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows | provenance |  |
 | StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... | provenance | FunctionModel |
+| StoredCommand.go:13:2:13:20 | []type{args} [array] | StoredCommand.go:13:12:13:19 | &... | provenance |  |
+| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:13:2:13:20 | []type{args} [array] | provenance |  |
 | StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 |
 models
 | 1 | Sink: os/exec; ; false; Command; ; ; Argument[0]; command-injection; manual |
 nodes
 | StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] |
 | StoredCommand.go:13:2:13:5 | rows | semmle.label | rows |
+| StoredCommand.go:13:2:13:20 | []type{args} [array] | semmle.label | []type{args} [array] |
 | StoredCommand.go:13:12:13:19 | &... | semmle.label | &... |
 | StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName |
 subpaths

go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected

@@ -32,8 +32,10 @@ edges
 | contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:8  |
 | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:7  |
 | reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:7  |
+| reflectedxsstest.go:32:2:32:8 | definition of content | reflectedxsstest.go:33:49:33:55 | content | provenance |  |
 | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content | provenance |  |
 | reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:13 |
+| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:32:2:32:8 | definition of content | provenance |  |
 | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:12 |
 | reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion | provenance |  |
 | reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | provenance |  |
@@ -63,11 +65,33 @@ edges
 | tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | Src:MaD:6 MaD:18 |
 | tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance |  |
 | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5  |
+| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5  |
+| websocketXss.go:32:3:32:28 | []type{args} [array] | websocketXss.go:30:7:30:10 | definition of xnet | provenance |  |
+| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:32:3:32:28 | []type{args} [array] | provenance |  |
+| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4  |
 | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4  |
+| websocketXss.go:36:3:36:29 | []type{args} [array] | websocketXss.go:34:3:34:7 | definition of xnet2 | provenance |  |
+| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:36:3:36:29 | []type{args} [array] | provenance |  |
+| websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11  |
 | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11  |
+| websocketXss.go:40:6:40:11 | definition of nhooyr | websocketXss.go:41:24:41:29 | nhooyr | provenance |  |
+| websocketXss.go:40:6:40:11 | definition of nhooyr | websocketXss.go:41:24:41:29 | nhooyr | provenance |  |
+| websocketXss.go:41:3:41:30 | []type{args} [array] | websocketXss.go:40:6:40:11 | definition of nhooyr | provenance |  |
+| websocketXss.go:41:24:41:29 | nhooyr | websocketXss.go:41:3:41:30 | []type{args} [array] | provenance |  |
 | websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1  |
+| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1  |
+| websocketXss.go:48:3:48:34 | []type{args} [array] | websocketXss.go:46:7:46:16 | definition of gorillaMsg | provenance |  |
+| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:48:3:48:34 | []type{args} [array] | provenance |  |
+| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2  |
 | websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2  |
+| websocketXss.go:52:3:52:32 | []type{args} [array] | websocketXss.go:50:3:50:10 | definition of gorilla2 | provenance |  |
+| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:52:3:52:32 | []type{args} [array] | provenance |  |
+| websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3  |
 | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3  |
+| websocketXss.go:54:6:54:13 | definition of gorilla3 | websocketXss.go:55:24:55:31 | gorilla3 | provenance |  |
+| websocketXss.go:54:6:54:13 | definition of gorilla3 | websocketXss.go:55:24:55:31 | gorilla3 | provenance |  |
+| websocketXss.go:55:3:55:32 | []type{args} [array] | websocketXss.go:54:6:54:13 | definition of gorilla3 | provenance |  |
+| websocketXss.go:55:24:55:31 | gorilla3 | websocketXss.go:55:3:55:32 | []type{args} [array] | provenance |  |
 models
 | 1 | Source: github.com/gorilla/websocket; ; false; ReadJSON; ; ; Argument[1]; remote; manual |
 | 2 | Source: github.com/gorilla/websocket; Conn; true; ReadJSON; ; ; Argument[0]; remote; manual |
@@ -108,6 +132,7 @@ nodes
 | contenttype.go:114:50:114:53 | data | semmle.label | data |
 | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | semmle.label | ... := ...[0] |
 | reflectedxsstest.go:31:2:31:44 | ... := ...[1] | semmle.label | ... := ...[1] |
+| reflectedxsstest.go:32:2:32:8 | definition of content | semmle.label | definition of content |
 | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | reflectedxsstest.go:32:34:32:37 | file | semmle.label | file |
 | reflectedxsstest.go:33:10:33:57 | type conversion | semmle.label | type conversion |
@@ -142,15 +167,29 @@ nodes
 | tst.go:48:14:48:34 | call to Get | semmle.label | call to Get |
 | tst.go:53:12:53:26 | type conversion | semmle.label | type conversion |
 | websocketXss.go:30:7:30:10 | definition of xnet | semmle.label | definition of xnet |
+| websocketXss.go:32:3:32:28 | []type{args} [array] | semmle.label | []type{args} [array] |
+| websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet |
 | websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet |
 | websocketXss.go:34:3:34:7 | definition of xnet2 | semmle.label | definition of xnet2 |
+| websocketXss.go:36:3:36:29 | []type{args} [array] | semmle.label | []type{args} [array] |
+| websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 |
 | websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 |
 | websocketXss.go:40:3:40:40 | ... := ...[1] | semmle.label | ... := ...[1] |
+| websocketXss.go:40:6:40:11 | definition of nhooyr | semmle.label | definition of nhooyr |
+| websocketXss.go:41:3:41:30 | []type{args} [array] | semmle.label | []type{args} [array] |
+| websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr |
 | websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr |
 | websocketXss.go:46:7:46:16 | definition of gorillaMsg | semmle.label | definition of gorillaMsg |
+| websocketXss.go:48:3:48:34 | []type{args} [array] | semmle.label | []type{args} [array] |
+| websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg |
 | websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg |
 | websocketXss.go:50:3:50:10 | definition of gorilla2 | semmle.label | definition of gorilla2 |
+| websocketXss.go:52:3:52:32 | []type{args} [array] | semmle.label | []type{args} [array] |
+| websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 |
 | websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 |
 | websocketXss.go:54:3:54:38 | ... := ...[1] | semmle.label | ... := ...[1] |
+| websocketXss.go:54:6:54:13 | definition of gorilla3 | semmle.label | definition of gorilla3 |
+| websocketXss.go:55:3:55:32 | []type{args} [array] | semmle.label | []type{args} [array] |
+| websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 |
 | websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 |
 subpaths

go/ql/test/query-tests/Security/CWE-079/StoredXss.expected

@@ -1,14 +1,21 @@
 edges
 | StoredXss.go:13:21:13:31 | call to Name | StoredXss.go:13:21:13:36 | ...+... | provenance |  |
 | stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance |  |
+| stored.go:25:14:25:17 | rows | stored.go:25:24:25:26 | &... | provenance | FunctionModel |
 | stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... | provenance | FunctionModel |
+| stored.go:25:14:25:34 | []type{args} [array] | stored.go:25:24:25:26 | &... | provenance |  |
+| stored.go:25:14:25:34 | []type{args} [array] | stored.go:25:29:25:33 | &... | provenance |  |
+| stored.go:25:24:25:26 | &... | stored.go:25:14:25:34 | []type{args} [array] | provenance |  |
+| stored.go:25:29:25:33 | &... | stored.go:25:14:25:34 | []type{args} [array] | provenance |  |
 | stored.go:25:29:25:33 | &... | stored.go:30:22:30:25 | name | provenance |  |
 | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance |  |
 nodes
 | StoredXss.go:13:21:13:31 | call to Name | semmle.label | call to Name |
 | StoredXss.go:13:21:13:36 | ...+... | semmle.label | ...+... |
 | stored.go:18:3:18:28 | ... := ...[0] | semmle.label | ... := ...[0] |
 | stored.go:25:14:25:17 | rows | semmle.label | rows |
+| stored.go:25:14:25:34 | []type{args} [array] | semmle.label | []type{args} [array] |
+| stored.go:25:24:25:26 | &... | semmle.label | &... |
 | stored.go:25:29:25:33 | &... | semmle.label | &... |
 | stored.go:30:22:30:25 | name | semmle.label | name |
 | stored.go:59:30:59:33 | definition of path | semmle.label | definition of path |

go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected

@@ -26,6 +26,7 @@
 | mongoDB.go:81:18:81:25 | pipeline | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:81:18:81:25 | pipeline | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
 edges
 | SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:23 |
+| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:11:3:11:29 | index expression | provenance |  |
 | SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q | provenance | Sink:MaD:1 |
 | SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | Src:MaD:21 MaD:26 |
 | SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance |  |
@@ -36,6 +37,7 @@ edges
 | issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:22 |
 | issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance |  |
 | issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:23 |
+| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:21:3:21:33 | index expression | provenance |  |
 | issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | Sink:MaD:1 |
 | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance |  |
 | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel |
@@ -44,6 +46,7 @@ edges
 | issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:22 |
 | issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance |  |
 | issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:23 |
+| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:31:3:31:31 | selection of Category | provenance |  |
 | issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 | provenance | Sink:MaD:1 |
 | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance |  |
 | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel |
@@ -52,11 +55,13 @@ edges
 | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance |  |
 | issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance |  |
 | issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:23 |
+| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:40:3:40:31 | selection of Category | provenance |  |
 | issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance | Sink:MaD:1 |
 | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance |  |
 | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | FunctionModel |
 | main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | Src:MaD:18 Sink:MaD:1 |
 | main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:23 Sink:MaD:2 |
+| main.go:15:11:15:84 | []type{args} [array] | main.go:15:63:15:83 | index expression | provenance |  |
 | main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | Src:MaD:21 MaD:26 |
 | main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression | provenance |  |
 | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | []type{args} [array] | provenance |  |
@@ -71,6 +76,7 @@ edges
 | main.go:30:13:30:27 | call to Query | main.go:30:13:30:39 | index expression | provenance |  |
 | main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] | provenance |  |
 | main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:23 |
+| main.go:33:7:34:23 | []type{args} [array] | main.go:34:3:34:22 | selection of Category | provenance |  |
 | main.go:33:7:34:23 | call to Sprintf | main.go:35:11:35:11 | q | provenance | Sink:MaD:1 |
 | main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit dereference [Category] | provenance |  |
 | main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance |  |
@@ -84,6 +90,7 @@ edges
 | main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance |  |
 | main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance |  |
 | main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:23 |
+| main.go:42:7:43:23 | []type{args} [array] | main.go:43:3:43:22 | selection of Category | provenance |  |
 | main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q | provenance | Sink:MaD:1 |
 | main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance |  |
 | main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance |  |
@@ -97,6 +104,7 @@ edges
 | main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance |  |
 | main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance |  |
 | main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:23 |
+| main.go:51:7:52:23 | []type{args} [array] | main.go:52:3:52:22 | selection of Category | provenance |  |
 | main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | Sink:MaD:1 |
 | main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance |  |
 | main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance |  |
@@ -110,6 +118,7 @@ edges
 | main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance |  |
 | main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance |  |
 | main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:23 |
+| main.go:60:7:61:26 | []type{args} [array] | main.go:61:3:61:25 | selection of Category | provenance |  |
 | main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | Sink:MaD:1 |
 | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance |  |
 | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel |