diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll index 9b111de7a049..1af2a9028dac 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll @@ -286,6 +286,10 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { no /** Extra data-flow steps needed for lambda flow analysis. */ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } +predicate knownSourceModel(Node source, string model) { none() } + +predicate knownSinkModel(Node sink, string model) { none() } + /** * Holds if flow is allowed to pass from parameter `p` and back to itself as a * side-effect, resulting in a summary from `p` to itself. diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll index 0b932e7f05f6..b4f325e01dfb 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll @@ -516,7 +516,7 @@ private module ThisFlow { */ cached predicate localFlowStep(Node nodeFrom, Node nodeTo) { - simpleLocalFlowStep(nodeFrom, nodeTo) + simpleLocalFlowStep(nodeFrom, nodeTo, _) or // Field flow is not strictly a "step" but covers the whole function // transitively. There's no way to get a step-like relation out of the global @@ -530,64 +530,67 @@ predicate localFlowStep(Node nodeFrom, Node nodeTo) { * This is the local flow predicate that's used as a building block in global * data flow. It may have less flow than the `localFlowStep` predicate. */ -predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - // Expr -> Expr - exprToExprStep_nocfg(nodeFrom.asExpr(), nodeTo.asExpr()) - or - // Assignment -> LValue post-update node - // - // This is used for assignments whose left-hand side is not a variable - // assignment or a storeStep but is still modeled by other means. It could be - // a call to `operator*` or `operator[]` where taint should flow to the - // post-update node of the qualifier. - exists(AssignExpr assign | - nodeFrom.asExpr() = assign and - nodeTo.(PostUpdateNode).getPreUpdateNode().asExpr() = assign.getLValue() - ) - or - // Node -> FlowVar -> VariableAccess - exists(FlowVar var | - ( - exprToVarStep(nodeFrom.asExpr(), var) - or - varSourceBaseCase(var, nodeFrom.asParameter()) - or - varSourceBaseCase(var, nodeFrom.asUninitialized()) - or - var.definedPartiallyAt(nodeFrom.asPartialDefinition()) - ) and - varToNodeStep(var, nodeTo) - ) - or - // Expr -> DefinitionByReferenceNode - exprToDefinitionByReferenceStep(nodeFrom.asExpr(), nodeTo.asDefiningArgument()) - or - // `this` -> adjacent-`this` - ThisFlow::adjacentThisRefs(nodeFrom, nodeTo) - or - // post-update-`this` -> following-`this`-ref - ThisFlow::adjacentThisRefs(nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo) - or - // In `f(&x->a)`, this step provides the flow from post-`&` to post-`x->a`, - // from which there is field flow to `x` via reverse read. - exists(PartialDefinition def, Expr inner, Expr outer | - def.definesExpressions(inner, outer) and - inner = nodeTo.(InnerPartialDefinitionNode).getPreUpdateNode().asExpr() and - outer = nodeFrom.(PartialDefinitionNode).getPreUpdateNode().asExpr() - ) - or - // Reverse flow: data that flows from the post-update node of a reference - // returned by a function call, back into the qualifier of that function. - // This allows data to flow 'in' through references returned by a modeled - // function such as `operator[]`. - exists(DataFlowFunction f, Call call, FunctionInput inModel, FunctionOutput outModel | - call.getTarget() = f and - inModel.isReturnValueDeref() and - outModel.isQualifierObject() and - f.hasDataFlow(inModel, outModel) and - nodeFrom.(PostUpdateNode).getPreUpdateNode().asExpr() = call and - nodeTo.asDefiningArgument() = call.getQualifier() - ) +predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { + ( + // Expr -> Expr + exprToExprStep_nocfg(nodeFrom.asExpr(), nodeTo.asExpr()) + or + // Assignment -> LValue post-update node + // + // This is used for assignments whose left-hand side is not a variable + // assignment or a storeStep but is still modeled by other means. It could be + // a call to `operator*` or `operator[]` where taint should flow to the + // post-update node of the qualifier. + exists(AssignExpr assign | + nodeFrom.asExpr() = assign and + nodeTo.(PostUpdateNode).getPreUpdateNode().asExpr() = assign.getLValue() + ) + or + // Node -> FlowVar -> VariableAccess + exists(FlowVar var | + ( + exprToVarStep(nodeFrom.asExpr(), var) + or + varSourceBaseCase(var, nodeFrom.asParameter()) + or + varSourceBaseCase(var, nodeFrom.asUninitialized()) + or + var.definedPartiallyAt(nodeFrom.asPartialDefinition()) + ) and + varToNodeStep(var, nodeTo) + ) + or + // Expr -> DefinitionByReferenceNode + exprToDefinitionByReferenceStep(nodeFrom.asExpr(), nodeTo.asDefiningArgument()) + or + // `this` -> adjacent-`this` + ThisFlow::adjacentThisRefs(nodeFrom, nodeTo) + or + // post-update-`this` -> following-`this`-ref + ThisFlow::adjacentThisRefs(nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo) + or + // In `f(&x->a)`, this step provides the flow from post-`&` to post-`x->a`, + // from which there is field flow to `x` via reverse read. + exists(PartialDefinition def, Expr inner, Expr outer | + def.definesExpressions(inner, outer) and + inner = nodeTo.(InnerPartialDefinitionNode).getPreUpdateNode().asExpr() and + outer = nodeFrom.(PartialDefinitionNode).getPreUpdateNode().asExpr() + ) + or + // Reverse flow: data that flows from the post-update node of a reference + // returned by a function call, back into the qualifier of that function. + // This allows data to flow 'in' through references returned by a modeled + // function such as `operator[]`. + exists(DataFlowFunction f, Call call, FunctionInput inModel, FunctionOutput outModel | + call.getTarget() = f and + inModel.isReturnValueDeref() and + outModel.isQualifierObject() and + f.hasDataFlow(inModel, outModel) and + nodeFrom.(PostUpdateNode).getPreUpdateNode().asExpr() = call and + nodeTo.asDefiningArgument() = call.getQualifier() + ) + ) and + model = "" } /** diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll index 4f097fa4bf32..3075d3974575 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll @@ -32,8 +32,8 @@ predicate localTaintStep(DataFlow::Node src, DataFlow::Node sink) { * Holds if the additional step from `src` to `sink` should be included in all * global taint flow configurations. */ -predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { - localAdditionalTaintStep(src, sink) +predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink, string model) { + localAdditionalTaintStep(src, sink) and model = "" } /** diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 2af37d10af36..3c853c431f2a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -1020,6 +1020,10 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { no /** Extra data-flow steps needed for lambda flow analysis. */ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } +predicate knownSourceModel(Node source, string model) { none() } + +predicate knownSinkModel(Node sink, string model) { none() } + /** * Holds if flow is allowed to pass from parameter `p` and back to itself as a * side-effect, resulting in a summary from `p` to itself. @@ -1096,7 +1100,7 @@ private predicate localFlowStepWithSummaries(Node node1, Node node2) { or readStep(node1, _, node2) or - DataFlowImplCommon::argumentValueFlowsThrough(node1, _, node2) + DataFlowImplCommon::argumentValueFlowsThrough(node1, _, node2, _) } /** Holds if `node` flows to a node that is used in a `SwitchInstruction`. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 001e8eaac9f6..e131da219a03 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -1892,7 +1892,7 @@ private module Cached { * (intra-procedural) step. */ cached - predicate localFlowStep(Node nodeFrom, Node nodeTo) { simpleLocalFlowStep(nodeFrom, nodeTo) } + predicate localFlowStep(Node nodeFrom, Node nodeTo) { simpleLocalFlowStep(nodeFrom, nodeTo, _) } private predicate indirectionOperandFlow(RawIndirectOperand nodeFrom, Node nodeTo) { nodeFrom != nodeTo and @@ -1962,41 +1962,45 @@ private module Cached { * data flow. It may have less flow than the `localFlowStep` predicate. */ cached - predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - // Post update node -> Node flow - Ssa::postUpdateFlow(nodeFrom, nodeTo) - or - // Def-use/Use-use flow - Ssa::ssaFlow(nodeFrom, nodeTo) - or - // Operand -> Instruction flow - simpleInstructionLocalFlowStep(nodeFrom.asOperand(), nodeTo.asInstruction()) - or - // Instruction -> Operand flow - exists(Instruction iFrom, Operand opTo | - iFrom = nodeFrom.asInstruction() and opTo = nodeTo.asOperand() - | - simpleOperandLocalFlowStep(iFrom, opTo) and - // Omit when the instruction node also represents the operand. - not iFrom = Ssa::getIRRepresentationOfOperand(opTo) - ) - or - // Phi node -> Node flow - Ssa::fromPhiNode(nodeFrom, nodeTo) - or - // Indirect operand -> (indirect) instruction flow - indirectionOperandFlow(nodeFrom, nodeTo) - or - // Indirect instruction -> indirect operand flow - indirectionInstructionFlow(nodeFrom, nodeTo) + predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { + ( + // Post update node -> Node flow + Ssa::postUpdateFlow(nodeFrom, nodeTo) + or + // Def-use/Use-use flow + Ssa::ssaFlow(nodeFrom, nodeTo) + or + // Operand -> Instruction flow + simpleInstructionLocalFlowStep(nodeFrom.asOperand(), nodeTo.asInstruction()) + or + // Instruction -> Operand flow + exists(Instruction iFrom, Operand opTo | + iFrom = nodeFrom.asInstruction() and opTo = nodeTo.asOperand() + | + simpleOperandLocalFlowStep(iFrom, opTo) and + // Omit when the instruction node also represents the operand. + not iFrom = Ssa::getIRRepresentationOfOperand(opTo) + ) + or + // Phi node -> Node flow + Ssa::fromPhiNode(nodeFrom, nodeTo) + or + // Indirect operand -> (indirect) instruction flow + indirectionOperandFlow(nodeFrom, nodeTo) + or + // Indirect instruction -> indirect operand flow + indirectionInstructionFlow(nodeFrom, nodeTo) + ) and + model = "" or // Flow through modeled functions - modelFlow(nodeFrom, nodeTo) + modelFlow(nodeFrom, nodeTo, model) or // Reverse flow: data that flows from the definition node back into the indirection returned // by a function. This allows data to flow 'in' through references returned by a modeled // function such as `operator[]`. - reverseFlow(nodeFrom, nodeTo) + reverseFlow(nodeFrom, nodeTo) and + model = "" } private predicate simpleInstructionLocalFlowStep(Operand opFrom, Instruction iTo) { @@ -2011,12 +2015,13 @@ private module Cached { opTo.getDef() = iFrom } - private predicate modelFlow(Node nodeFrom, Node nodeTo) { + private predicate modelFlow(Node nodeFrom, Node nodeTo, string model) { exists( CallInstruction call, DataFlowFunction func, FunctionInput modelIn, FunctionOutput modelOut | call.getStaticCallTarget() = func and - func.hasDataFlow(modelIn, modelOut) + func.hasDataFlow(modelIn, modelOut) and + model = "DataFlowFunction" | nodeFrom = callInput(call, modelIn) and nodeTo = callOutput(call, modelOut) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll index 9a9608db2b2f..cf612ce73687 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll @@ -10,7 +10,7 @@ private import PrintIRUtilities */ private string getFromFlow(Node node2, int order1, int order2) { exists(Node node1 | - simpleLocalFlowStep(node1, node2) and + simpleLocalFlowStep(node1, node2, _) and result = nodeId(node1, order1, order2) ) } @@ -20,7 +20,7 @@ private string getFromFlow(Node node2, int order1, int order2) { */ private string getToFlow(Node node1, int order1, int order2) { exists(Node node2 | - simpleLocalFlowStep(node1, node2) and + simpleLocalFlowStep(node1, node2, _) and result = nodeId(node2, order1, order2) ) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll index 0f69094e8d3d..fce2e21f6c04 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll @@ -15,7 +15,7 @@ private import semmle.code.cpp.ir.dataflow.FlowSteps predicate localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { DataFlow::localFlowStep(nodeFrom, nodeTo) or - localAdditionalTaintStep(nodeFrom, nodeTo) + localAdditionalTaintStep(nodeFrom, nodeTo, _) } /** @@ -24,10 +24,11 @@ predicate localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { * different objects. */ cached -predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - operandToInstructionTaintStep(nodeFrom.asOperand(), nodeTo.asInstruction()) +predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) { + operandToInstructionTaintStep(nodeFrom.asOperand(), nodeTo.asInstruction()) and + model = "" or - modeledTaintStep(nodeFrom, nodeTo) + modeledTaintStep(nodeFrom, nodeTo, model) or // Flow from (the indirection of) an operand of a pointer arithmetic instruction to the // indirection of the pointer arithmetic instruction. This provides flow from `source` @@ -35,15 +36,18 @@ predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeT exists(PointerArithmeticInstruction pai, int indirectionIndex | nodeHasOperand(nodeFrom, pai.getAnOperand(), pragma[only_bind_into](indirectionIndex)) and hasInstructionAndIndex(nodeTo, pai, indirectionIndex + 1) - ) + ) and + model = "" or - any(Ssa::Indirection ind).isAdditionalTaintStep(nodeFrom, nodeTo) + any(Ssa::Indirection ind).isAdditionalTaintStep(nodeFrom, nodeTo) and + model = "" or // object->field conflation for content that is a `TaintInheritingContent`. exists(DataFlow::ContentSet f | readStep(nodeFrom, f, nodeTo) and f.getAReadContent() instanceof TaintInheritingContent - ) + ) and + model = "" } /** @@ -120,8 +124,8 @@ predicate localExprTaint(Expr e1, Expr e2) { * Holds if the additional step from `src` to `sink` should be included in all * global taint flow configurations. */ -predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { - localAdditionalTaintStep(src, sink) +predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink, string model) { + localAdditionalTaintStep(src, sink, model) } /** @@ -141,7 +145,7 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() } * Holds if taint can flow from `nodeIn` to `nodeOut` through a call to a * modeled function. */ -predicate modeledTaintStep(DataFlow::Node nodeIn, DataFlow::Node nodeOut) { +predicate modeledTaintStep(DataFlow::Node nodeIn, DataFlow::Node nodeOut, string model) { // Normal taint steps exists(CallInstruction call, TaintFunction func, FunctionInput modelIn, FunctionOutput modelOut | call.getStaticCallTarget() = func and @@ -150,7 +154,8 @@ predicate modeledTaintStep(DataFlow::Node nodeIn, DataFlow::Node nodeOut) { nodeIn = callInput(call, modelIn) and nodeOut = callOutput(call, modelOut) or exists(int d | nodeIn = callInput(call, modelIn, d) and nodeOut = callOutput(call, modelOut, d)) - ) + ) and + model = "TaintFunction" or // Taint flow from one argument to another and data flow from an argument to a // return value. This happens in functions like `strcat` and `memcpy`. We @@ -167,7 +172,8 @@ predicate modeledTaintStep(DataFlow::Node nodeIn, DataFlow::Node nodeOut) { func.(TaintFunction).hasTaintFlow(modelIn, modelMidOut) and func.(DataFlowFunction).hasDataFlow(modelMidIn, modelOut) and modelMidOut.isParameterDeref(indexMid) and - modelMidIn.isParameter(indexMid) + modelMidIn.isParameter(indexMid) and + model = "TaintFunction" ) or // Taint flow from a pointer argument to an output, when the model specifies flow from the deref @@ -180,9 +186,11 @@ predicate modeledTaintStep(DataFlow::Node nodeIn, DataFlow::Node nodeOut) { indirectArgument.hasAddressOperandAndIndirectionIndex(nodeIn.asOperand(), _) and call.getStaticCallTarget() = func and ( - func.(DataFlowFunction).hasDataFlow(modelIn, modelOut) + func.(DataFlowFunction).hasDataFlow(modelIn, modelOut) and + model = "DataFlowFunction" or - func.(TaintFunction).hasTaintFlow(modelIn, modelOut) + func.(TaintFunction).hasTaintFlow(modelIn, modelOut) and + model = "TaintFunction" ) and nodeOut = callOutput(call, modelOut) ) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/cpp/ql/src/Security/CWE/CWE-611/XXE.ql b/cpp/ql/src/Security/CWE/CWE-611/XXE.ql index 50cd63acb409..56a74d2f70b5 100644 --- a/cpp/ql/src/Security/CWE/CWE-611/XXE.ql +++ b/cpp/ql/src/Security/CWE/CWE-611/XXE.ql @@ -35,7 +35,7 @@ module XxeConfig implements DataFlow::StateConfigSig { ) { // create additional flow steps for `XxeFlowStateTransformer`s state2 = node2.asIndirectExpr().(XxeFlowStateTransformer).transform(state1) and - DataFlow::simpleLocalFlowStep(node1, node2) + DataFlow::simpleLocalFlowStep(node1, node2, _) } predicate isBarrier(DataFlow::Node node, FlowState flowstate) { diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected index c3c94158da8a..c733d1242fd8 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected +++ b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected @@ -1,6 +1,6 @@ edges | NonConstantFormat.c:28:27:28:30 | **argv | NonConstantFormat.c:30:10:30:16 | *access to array | provenance | | -| NonConstantFormat.c:45:11:45:47 | *call to any_random_function | NonConstantFormat.c:45:9:45:48 | *call to gettext | provenance | | +| NonConstantFormat.c:45:11:45:47 | *call to any_random_function | NonConstantFormat.c:45:9:45:48 | *call to gettext | provenance | DataFlowFunction | | nested.cpp:19:29:19:32 | *fmt0 | nested.cpp:21:23:21:26 | *fmt0 | provenance | | | nested.cpp:27:32:27:34 | *fmt | nested.cpp:28:16:28:18 | *fmt | provenance | | | nested.cpp:28:16:28:18 | *fmt | nested.cpp:19:29:19:32 | *fmt0 | provenance | | @@ -9,9 +9,9 @@ edges | nested.cpp:42:24:42:34 | *call to ext_fmt_str | nested.cpp:34:37:34:39 | *fmt | provenance | | | nested.cpp:86:19:86:46 | *call to __builtin_alloca | nested.cpp:87:18:87:20 | *fmt | provenance | | | test.cpp:46:27:46:30 | **argv | test.cpp:130:20:130:26 | *access to array | provenance | | -| test.cpp:167:31:167:34 | *data | test.cpp:170:12:170:14 | *res | provenance | | +| test.cpp:167:31:167:34 | *data | test.cpp:170:12:170:14 | *res | provenance | DataFlowFunction | | test.cpp:193:32:193:34 | *str | test.cpp:195:31:195:33 | *str | provenance | | -| test.cpp:193:32:193:34 | *str | test.cpp:197:11:197:14 | *wstr | provenance | | +| test.cpp:193:32:193:34 | *str | test.cpp:197:11:197:14 | *wstr | provenance | TaintFunction | | test.cpp:204:25:204:36 | *call to get_string | test.cpp:205:12:205:20 | *... + ... | provenance | | | test.cpp:204:25:204:36 | *call to get_string | test.cpp:206:12:206:16 | *hello | provenance | | | test.cpp:209:25:209:36 | *call to get_string | test.cpp:211:12:211:16 | *hello | provenance | | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected index 3b34718d9543..197154d5e176 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected @@ -1,5 +1,5 @@ edges -| test.c:8:27:8:30 | **argv | test.c:17:11:17:18 | *fileName | provenance | | +| test.c:8:27:8:30 | **argv | test.c:17:11:17:18 | *fileName | provenance | TaintFunction | | test.c:8:27:8:30 | **argv | test.c:32:11:32:18 | *fileName | provenance | | | test.c:8:27:8:30 | **argv | test.c:57:10:57:16 | *access to array | provenance | | | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | *fileName | provenance | | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected index a52bd778a04f..5f78ec84fd45 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected @@ -14,17 +14,17 @@ edges | test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | *filename | provenance | | | test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | *path | provenance | | | test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance | | -| test.cpp:106:20:106:38 | *call to getenv | test.cpp:107:33:107:36 | *path | provenance | | -| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | *call to c_str | provenance | | +| test.cpp:106:20:106:38 | *call to getenv | test.cpp:107:33:107:36 | *path | provenance | TaintFunction | +| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | *call to c_str | provenance | TaintFunction | | test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance | | -| test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:19:114:22 | *path | provenance | | -| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | | -| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | | +| test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:19:114:22 | *path | provenance | TaintFunction | +| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction | +| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction | | test.cpp:114:17:114:17 | call to operator+ | test.cpp:114:10:114:23 | call to operator+ | provenance | | | test.cpp:114:19:114:22 | *path | test.cpp:114:10:114:23 | call to operator+ | provenance | | | test.cpp:114:19:114:22 | *path | test.cpp:114:17:114:17 | call to operator+ | provenance | | -| test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:19:120:22 | *path | provenance | | -| test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | *call to data | provenance | | +| test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:19:120:22 | *path | provenance | TaintFunction | +| test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | *call to data | provenance | TaintFunction | | test.cpp:120:19:120:22 | *path | test.cpp:120:17:120:17 | call to operator+ | provenance | | | test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | *str | provenance | | | test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | *command | provenance | | @@ -34,31 +34,31 @@ edges | test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance | | | test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance | | | test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | | -| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | | +| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | TaintFunction | | test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | | | test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | | | test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | | -| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | | +| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | TaintFunction | | test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | | | test.cpp:180:22:180:29 | *filename | test.cpp:180:13:180:19 | strncat output argument | provenance | | | test.cpp:186:47:186:54 | *filename | test.cpp:187:18:187:25 | *filename | provenance | | | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance | | | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance | | | test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | | -| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | | +| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | TaintFunction | | test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance | | | test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance | | | test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | | -| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | | +| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | TaintFunction | | test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | *filename | provenance | | | test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance | | | test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance | | | test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | provenance | | -| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | | -| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | | +| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction | +| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction | | test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | *filename | provenance | | -| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | | -| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | | +| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction | +| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction | | test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance | | | test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance | | | test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected index 6a28ffc96ec0..d8b59cd470aa 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected @@ -1,7 +1,7 @@ edges | search.c:14:24:14:28 | *query | search.c:17:8:17:12 | *query | provenance | | | search.c:22:24:22:28 | *query | search.c:23:39:23:43 | *query | provenance | | -| search.c:55:24:55:28 | *query | search.c:62:8:62:17 | *query_text | provenance | | +| search.c:55:24:55:28 | *query | search.c:62:8:62:17 | *query_text | provenance | TaintFunction | | search.c:67:21:67:26 | *call to getenv | search.c:71:17:71:25 | *raw_query | provenance | | | search.c:67:21:67:26 | *call to getenv | search.c:73:17:73:25 | *raw_query | provenance | | | search.c:67:21:67:26 | *call to getenv | search.c:77:17:77:25 | *raw_query | provenance | | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected index 2300fddefd79..94ba87ee6eed 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected @@ -1,8 +1,8 @@ edges -| test.c:14:27:14:30 | **argv | test.c:21:18:21:23 | *query1 | provenance | | +| test.c:14:27:14:30 | **argv | test.c:21:18:21:23 | *query1 | provenance | TaintFunction | | test.c:14:27:14:30 | **argv | test.c:35:16:35:23 | *userName | provenance | | | test.c:35:16:35:23 | *userName | test.c:40:25:40:32 | *username | provenance | | -| test.c:38:7:38:20 | **globalUsername | test.c:51:18:51:23 | *query1 | provenance | | +| test.c:38:7:38:20 | **globalUsername | test.c:51:18:51:23 | *query1 | provenance | TaintFunction | | test.c:40:25:40:32 | *username | test.c:38:7:38:20 | **globalUsername | provenance | | | test.c:75:8:75:16 | gets output argument | test.c:76:17:76:25 | *userInput | provenance | | | test.c:75:8:75:16 | gets output argument | test.c:77:20:77:28 | *userInput | provenance | | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected index d49af567a735..8c17b0c3a8e1 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected @@ -1,6 +1,6 @@ edges | test.cpp:37:73:37:76 | *data | test.cpp:43:32:43:35 | *data | provenance | | -| test.cpp:64:30:64:35 | *call to getenv | test.cpp:73:24:73:27 | *data | provenance | | +| test.cpp:64:30:64:35 | *call to getenv | test.cpp:73:24:73:27 | *data | provenance | TaintFunction | | test.cpp:73:24:73:27 | *data | test.cpp:37:73:37:76 | *data | provenance | | nodes | test.cpp:37:73:37:76 | *data | semmle.label | *data | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected index 10286da7a386..efc2be4368b3 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected @@ -1,5 +1,5 @@ edges -| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | provenance | | +| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | provenance | TaintFunction | nodes | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | semmle.label | fgets output argument | | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | semmle.label | data | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected index 141d1351540c..53f7c75bea0a 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected @@ -1,7 +1,7 @@ edges -| test1.c:7:26:7:29 | **argv | test1.c:9:9:9:9 | i | provenance | | -| test1.c:7:26:7:29 | **argv | test1.c:11:9:11:9 | i | provenance | | -| test1.c:7:26:7:29 | **argv | test1.c:13:9:13:9 | i | provenance | | +| test1.c:7:26:7:29 | **argv | test1.c:9:9:9:9 | i | provenance | TaintFunction | +| test1.c:7:26:7:29 | **argv | test1.c:11:9:11:9 | i | provenance | TaintFunction | +| test1.c:7:26:7:29 | **argv | test1.c:13:9:13:9 | i | provenance | TaintFunction | | test1.c:9:9:9:9 | i | test1.c:16:16:16:16 | i | provenance | | | test1.c:11:9:11:9 | i | test1.c:32:16:32:16 | i | provenance | | | test1.c:13:9:13:9 | i | test1.c:48:16:48:16 | i | provenance | | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected index a977543a8ecb..e54ec8d53bb6 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected @@ -1,7 +1,7 @@ edges | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | provenance | | | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | *data | provenance | | -| char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | *data | provenance | | +| char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | *data | provenance | TaintFunction | nodes | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | semmle.label | recv output argument | | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | semmle.label | *data | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected index 6b0a955e7b1b..2542f39a52b0 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected @@ -11,20 +11,20 @@ edges | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:107:15:107:19 | *access to array | provenance | | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:110:9:110:11 | ** ... | provenance | | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:111:15:111:17 | ** ... | provenance | | -| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:116:9:116:10 | *i3 | provenance | | -| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:117:15:117:16 | *i3 | provenance | | -| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:117:15:117:16 | *i3 | provenance | | -| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:121:9:121:10 | *i4 | provenance | | -| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:122:15:122:16 | *i4 | provenance | | -| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:122:15:122:16 | *i4 | provenance | | +| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:116:9:116:10 | *i3 | provenance | DataFlowFunction | +| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction | +| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction | +| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:121:9:121:10 | *i4 | provenance | DataFlowFunction | +| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction | +| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:127:9:127:10 | *i5 | provenance | | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:128:15:128:16 | *i5 | provenance | | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:128:15:128:16 | *i5 | provenance | | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:131:9:131:14 | *... + ... | provenance | | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:132:15:132:20 | *... + ... | provenance | | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:132:15:132:20 | *... + ... | provenance | | -| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:135:9:135:12 | *... ++ | provenance | | -| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:136:15:136:18 | *-- ... | provenance | | +| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:135:9:135:12 | *... ++ | provenance | DataFlowFunction | +| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:136:15:136:18 | *-- ... | provenance | DataFlowFunction | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:139:9:139:26 | *... ? ... : ... | provenance | | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:140:15:140:32 | *... ? ... : ... | provenance | | | argvLocal.c:13:27:13:30 | **argv | argvLocal.c:144:9:144:10 | *i7 | provenance | | @@ -41,20 +41,20 @@ edges | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:107:15:107:19 | *access to array | provenance | | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:110:9:110:11 | ** ... | provenance | | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:111:15:111:17 | ** ... | provenance | | -| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:116:9:116:10 | *i3 | provenance | | -| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:117:15:117:16 | *i3 | provenance | | -| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:117:15:117:16 | *i3 | provenance | | -| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:121:9:121:10 | *i4 | provenance | | -| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance | | -| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance | | +| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:116:9:116:10 | *i3 | provenance | DataFlowFunction | +| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction | +| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction | +| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:121:9:121:10 | *i4 | provenance | DataFlowFunction | +| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction | +| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:127:9:127:10 | *i5 | provenance | | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:128:15:128:16 | *i5 | provenance | | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:128:15:128:16 | *i5 | provenance | | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:131:9:131:14 | *... + ... | provenance | | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:132:15:132:20 | *... + ... | provenance | | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:132:15:132:20 | *... + ... | provenance | | -| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:135:9:135:12 | *... ++ | provenance | | -| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:136:15:136:18 | *-- ... | provenance | | +| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:135:9:135:12 | *... ++ | provenance | DataFlowFunction | +| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:136:15:136:18 | *-- ... | provenance | DataFlowFunction | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:139:9:139:26 | *... ? ... : ... | provenance | | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:140:15:140:32 | *... ? ... : ... | provenance | | | argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:144:9:144:10 | *i7 | provenance | | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected index 7889b8803746..34acbeabcbfd 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected @@ -9,7 +9,7 @@ edges | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:116:9:116:13 | *access to array | provenance | | | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:121:9:121:10 | *v8 | provenance | | | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:130:9:130:10 | *v9 | provenance | | -| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance | | +| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance | TaintFunction | | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:91:9:91:10 | *v2 | provenance | | | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:116:9:116:13 | *access to array | provenance | | | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:121:9:121:10 | *v8 | provenance | | @@ -19,7 +19,7 @@ edges | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:116:9:116:13 | *access to array | provenance | | | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:121:9:121:10 | *v8 | provenance | | | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:130:9:130:10 | *v9 | provenance | | -| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance | | +| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance | TaintFunction | | consts.cpp:106:13:106:19 | *call to varFunc | consts.cpp:107:9:107:10 | *v5 | provenance | | | consts.cpp:111:7:111:13 | *call to varFunc | consts.cpp:112:9:112:10 | *v6 | provenance | | | consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | *v11 | provenance | | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected index cfcb159b3f18..b217da749d8b 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected @@ -1,28 +1,28 @@ edges -| test.cpp:39:27:39:30 | **argv | test.cpp:43:38:43:44 | tainted | provenance | | -| test.cpp:39:27:39:30 | **argv | test.cpp:44:38:44:63 | ... * ... | provenance | | -| test.cpp:39:27:39:30 | **argv | test.cpp:46:38:46:63 | ... + ... | provenance | | -| test.cpp:39:27:39:30 | **argv | test.cpp:49:32:49:35 | size | provenance | | -| test.cpp:39:27:39:30 | **argv | test.cpp:50:17:50:30 | size | provenance | | -| test.cpp:39:27:39:30 | **argv | test.cpp:53:35:53:60 | ... * ... | provenance | | -| test.cpp:124:18:124:31 | *call to getenv | test.cpp:128:24:128:41 | ... * ... | provenance | | -| test.cpp:133:19:133:32 | *call to getenv | test.cpp:135:10:135:27 | ... * ... | provenance | | -| test.cpp:148:20:148:33 | *call to getenv | test.cpp:152:11:152:28 | ... * ... | provenance | | +| test.cpp:39:27:39:30 | **argv | test.cpp:43:38:43:44 | tainted | provenance | TaintFunction | +| test.cpp:39:27:39:30 | **argv | test.cpp:44:38:44:63 | ... * ... | provenance | TaintFunction | +| test.cpp:39:27:39:30 | **argv | test.cpp:46:38:46:63 | ... + ... | provenance | TaintFunction | +| test.cpp:39:27:39:30 | **argv | test.cpp:49:32:49:35 | size | provenance | TaintFunction | +| test.cpp:39:27:39:30 | **argv | test.cpp:50:17:50:30 | size | provenance | TaintFunction | +| test.cpp:39:27:39:30 | **argv | test.cpp:53:35:53:60 | ... * ... | provenance | TaintFunction | +| test.cpp:124:18:124:31 | *call to getenv | test.cpp:128:24:128:41 | ... * ... | provenance | TaintFunction | +| test.cpp:133:19:133:32 | *call to getenv | test.cpp:135:10:135:27 | ... * ... | provenance | TaintFunction | +| test.cpp:148:20:148:33 | *call to getenv | test.cpp:152:11:152:28 | ... * ... | provenance | TaintFunction | | test.cpp:209:8:209:23 | *get_tainted_size | test.cpp:241:9:241:24 | call to get_tainted_size | provenance | | -| test.cpp:211:14:211:27 | *call to getenv | test.cpp:209:8:209:23 | *get_tainted_size | provenance | | +| test.cpp:211:14:211:27 | *call to getenv | test.cpp:209:8:209:23 | *get_tainted_size | provenance | TaintFunction | | test.cpp:230:21:230:21 | s | test.cpp:231:21:231:21 | s | provenance | | -| test.cpp:237:24:237:37 | *call to getenv | test.cpp:239:9:239:18 | local_size | provenance | | -| test.cpp:237:24:237:37 | *call to getenv | test.cpp:245:11:245:20 | local_size | provenance | | -| test.cpp:237:24:237:37 | *call to getenv | test.cpp:247:10:247:19 | local_size | provenance | | +| test.cpp:237:24:237:37 | *call to getenv | test.cpp:239:9:239:18 | local_size | provenance | TaintFunction | +| test.cpp:237:24:237:37 | *call to getenv | test.cpp:245:11:245:20 | local_size | provenance | TaintFunction | +| test.cpp:237:24:237:37 | *call to getenv | test.cpp:247:10:247:19 | local_size | provenance | TaintFunction | | test.cpp:247:10:247:19 | local_size | test.cpp:230:21:230:21 | s | provenance | | | test.cpp:250:20:250:27 | *out_size | test.cpp:289:17:289:20 | get_size output argument | provenance | | | test.cpp:250:20:250:27 | *out_size | test.cpp:305:18:305:21 | get_size output argument | provenance | | -| test.cpp:251:18:251:31 | *call to getenv | test.cpp:250:20:250:27 | *out_size | provenance | | -| test.cpp:259:20:259:33 | *call to getenv | test.cpp:263:11:263:29 | ... * ... | provenance | | +| test.cpp:251:18:251:31 | *call to getenv | test.cpp:250:20:250:27 | *out_size | provenance | TaintFunction | +| test.cpp:259:20:259:33 | *call to getenv | test.cpp:263:11:263:29 | ... * ... | provenance | TaintFunction | | test.cpp:289:17:289:20 | get_size output argument | test.cpp:291:11:291:28 | ... * ... | provenance | | | test.cpp:305:18:305:21 | get_size output argument | test.cpp:308:10:308:27 | ... * ... | provenance | | -| test.cpp:353:18:353:31 | *call to getenv | test.cpp:355:35:355:38 | size | provenance | | -| test.cpp:353:18:353:31 | *call to getenv | test.cpp:356:35:356:38 | size | provenance | | +| test.cpp:353:18:353:31 | *call to getenv | test.cpp:355:35:355:38 | size | provenance | TaintFunction | +| test.cpp:353:18:353:31 | *call to getenv | test.cpp:356:35:356:38 | size | provenance | TaintFunction | nodes | test.cpp:39:27:39:30 | **argv | semmle.label | **argv | | test.cpp:43:38:43:44 | tainted | semmle.label | tainted | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected index 801231316527..83fe7b7cbc7a 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected @@ -2,18 +2,18 @@ edges | test2.cpp:12:21:12:21 | v | test2.cpp:14:11:14:11 | v | provenance | | | test2.cpp:25:22:25:23 | fscanf output argument | test2.cpp:27:13:27:13 | v | provenance | | | test2.cpp:27:13:27:13 | v | test2.cpp:12:21:12:21 | v | provenance | | -| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:39:9:39:11 | num | provenance | | -| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:40:3:40:5 | num | provenance | | -| test3.c:10:27:10:30 | **argv | test.c:14:15:14:28 | maxConnections | provenance | | -| test3.c:10:27:10:30 | **argv | test.c:44:7:44:10 | len2 | provenance | | -| test3.c:10:27:10:30 | **argv | test.c:54:7:54:10 | len3 | provenance | | +| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:39:9:39:11 | num | provenance | TaintFunction | +| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:40:3:40:5 | num | provenance | TaintFunction | +| test3.c:10:27:10:30 | **argv | test.c:14:15:14:28 | maxConnections | provenance | TaintFunction | +| test3.c:10:27:10:30 | **argv | test.c:44:7:44:10 | len2 | provenance | TaintFunction | +| test3.c:10:27:10:30 | **argv | test.c:54:7:54:10 | len3 | provenance | TaintFunction | | test5.cpp:5:5:5:17 | *getTaintedInt | test5.cpp:17:6:17:18 | call to getTaintedInt | provenance | | | test5.cpp:5:5:5:17 | *getTaintedInt | test5.cpp:18:6:18:18 | call to getTaintedInt | provenance | | -| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | *getTaintedInt | provenance | | +| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | *getTaintedInt | provenance | TaintFunction | | test5.cpp:18:6:18:18 | call to getTaintedInt | test5.cpp:19:6:19:6 | y | provenance | | -| test.c:10:27:10:30 | **argv | test.c:14:15:14:28 | maxConnections | provenance | | -| test.c:10:27:10:30 | **argv | test.c:44:7:44:10 | len2 | provenance | | -| test.c:10:27:10:30 | **argv | test.c:54:7:54:10 | len3 | provenance | | +| test.c:10:27:10:30 | **argv | test.c:14:15:14:28 | maxConnections | provenance | TaintFunction | +| test.c:10:27:10:30 | **argv | test.c:44:7:44:10 | len2 | provenance | TaintFunction | +| test.c:10:27:10:30 | **argv | test.c:54:7:54:10 | len3 | provenance | TaintFunction | nodes | test2.cpp:12:21:12:21 | v | semmle.label | v | | test2.cpp:14:11:14:11 | v | semmle.label | v | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected index 42992d988bac..feebe68cdaea 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected @@ -1,7 +1,7 @@ edges | test2.cpp:62:18:62:25 | password | test2.cpp:65:31:65:34 | cpy1 | provenance | | -| test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | *buf | provenance | | -| test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | *buffer | provenance | | +| test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | *buf | provenance | DataFlowFunction | +| test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | *buffer | provenance | TaintFunction | | test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword | provenance | | | test.cpp:73:63:73:73 | thePassword | test.cpp:73:43:73:53 | thePassword | provenance | | nodes diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected index 8be2ec60f4a9..020ed7eff756 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected @@ -10,8 +10,8 @@ edges | test3.cpp:138:24:138:32 | password1 | test3.cpp:117:28:117:33 | buffer | provenance | | | test3.cpp:138:24:138:32 | password1 | test3.cpp:138:21:138:22 | call to id | provenance | | | test3.cpp:144:16:144:29 | call to get_global_str | test3.cpp:146:15:146:18 | data | provenance | | -| test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | *buffer | provenance | | -| test3.cpp:270:16:270:23 | password | test3.cpp:272:15:272:18 | *data | provenance | | +| test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | *buffer | provenance | TaintFunction | +| test3.cpp:270:16:270:23 | password | test3.cpp:272:15:272:18 | *data | provenance | DataFlowFunction | | test3.cpp:278:20:278:23 | data | test3.cpp:280:14:280:17 | data | provenance | | | test3.cpp:283:20:283:23 | data | test3.cpp:285:14:285:17 | data | provenance | | | test3.cpp:288:20:288:23 | data | test3.cpp:290:14:290:17 | data | provenance | | @@ -25,10 +25,10 @@ edges | test3.cpp:322:16:322:24 | password2 | test3.cpp:325:11:325:14 | data | provenance | | | test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data | provenance | | | test3.cpp:325:11:325:14 | data | test3.cpp:298:20:298:23 | data | provenance | | -| test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | *buffer | provenance | | -| test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | *buffer | provenance | | -| test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | *buffer | provenance | | -| test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | *buffer | provenance | | +| test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | *buffer | provenance | TaintFunction | +| test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | *buffer | provenance | TaintFunction | +| test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | *buffer | provenance | TaintFunction | +| test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | *buffer | provenance | TaintFunction | | test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str | provenance | | | test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str | provenance | | nodes diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected index fa12a3030f17..d90e93264743 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected @@ -8,9 +8,9 @@ edges | test.cpp:38:11:38:15 | *url_g | test.cpp:11:26:11:28 | *url | provenance | | | test.cpp:39:11:39:15 | *url_l | test.cpp:11:26:11:28 | *url | provenance | | | test.cpp:40:11:40:17 | *access to array | test.cpp:11:26:11:28 | *url | provenance | | -| test.cpp:46:18:46:26 | *http:// | test.cpp:49:11:49:16 | *buffer | provenance | | +| test.cpp:46:18:46:26 | *http:// | test.cpp:49:11:49:16 | *buffer | provenance | DataFlowFunction | | test.cpp:49:11:49:16 | *buffer | test.cpp:11:26:11:28 | *url | provenance | | -| test.cpp:110:21:110:40 | *http://example.com | test.cpp:121:11:121:13 | *ptr | provenance | | +| test.cpp:110:21:110:40 | *http://example.com | test.cpp:121:11:121:13 | *ptr | provenance | TaintFunction | | test.cpp:121:11:121:13 | *ptr | test.cpp:11:26:11:28 | *url | provenance | | nodes | test.cpp:11:26:11:28 | *url | semmle.label | *url | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected index 82fd2be33f87..e29be944944c 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected @@ -1,7 +1,7 @@ edges | tests2.cpp:50:13:50:19 | **global1 | tests2.cpp:82:14:82:20 | *global1 | provenance | | | tests2.cpp:50:23:50:43 | *call to mysql_get_client_info | tests2.cpp:50:13:50:19 | **global1 | provenance | | -| tests2.cpp:78:18:78:38 | *call to mysql_get_client_info | tests2.cpp:81:14:81:19 | *buffer | provenance | | +| tests2.cpp:78:18:78:38 | *call to mysql_get_client_info | tests2.cpp:81:14:81:19 | *buffer | provenance | DataFlowFunction | | tests2.cpp:91:42:91:45 | *str1 | tests2.cpp:93:14:93:17 | *str1 | provenance | | | tests2.cpp:101:8:101:15 | *call to getpwuid | tests2.cpp:102:14:102:15 | *pw | provenance | | | tests2.cpp:109:3:109:4 | *c1 [post update] [*ptr] | tests2.cpp:111:14:111:15 | *c1 [*ptr] | provenance | | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected index 32e7895b7948..3b15303793e0 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected @@ -5,7 +5,7 @@ edges | tests.cpp:86:29:86:31 | *msg | tests.cpp:88:15:88:17 | *msg | provenance | | | tests.cpp:97:13:97:34 | *call to getenv | tests.cpp:86:29:86:31 | *msg | provenance | | | tests.cpp:107:30:107:32 | *msg | tests.cpp:111:15:111:17 | *tmp | provenance | | -| tests.cpp:114:30:114:32 | *msg | tests.cpp:119:7:119:12 | *buffer | provenance | | +| tests.cpp:114:30:114:32 | *msg | tests.cpp:119:7:119:12 | *buffer | provenance | TaintFunction | | tests.cpp:122:30:122:32 | *msg | tests.cpp:124:15:124:17 | *msg | provenance | | | tests.cpp:131:14:131:35 | *call to getenv | tests.cpp:107:30:107:32 | *msg | provenance | | | tests.cpp:132:14:132:35 | *call to getenv | tests.cpp:114:30:114:32 | *msg | provenance | | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected index 9b02e597ba29..aff61c20137a 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected @@ -1,5 +1,5 @@ edges -| test.cpp:20:29:20:47 | *call to getenv | test.cpp:24:10:24:35 | ! ... | provenance | | +| test.cpp:20:29:20:47 | *call to getenv | test.cpp:24:10:24:35 | ! ... | provenance | TaintFunction | nodes | test.cpp:20:29:20:47 | *call to getenv | semmle.label | *call to getenv | | test.cpp:24:10:24:35 | ! ... | semmle.label | ! ... | diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll index bd63689c8ee8..0e3821103ef5 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll @@ -5,6 +5,7 @@ private import DataFlowImplCommon private import ControlFlowReachability private import FlowSummaryImpl as FlowSummaryImpl private import semmle.code.csharp.dataflow.FlowSummary as FlowSummary +private import semmle.code.csharp.dataflow.internal.ExternalFlow private import semmle.code.csharp.Conversion private import semmle.code.csharp.dataflow.internal.SsaImpl as SsaImpl private import semmle.code.csharp.ExprOrStmtParent @@ -796,7 +797,7 @@ module LocalFlow { node1 = unique(FlowSummaryNode n1 | FlowSummaryImpl::Private::Steps::summaryLocalStep(n1.getSummaryNode(), - node2.(FlowSummaryNode).getSummaryNode(), true) + node2.(FlowSummaryNode).getSummaryNode(), true, _) ) } } @@ -809,36 +810,39 @@ predicate localMustFlowStep = LocalFlow::localMustFlowStep/2; * is handled by the global data-flow library, but includes various other steps * that are only relevant for global flow. */ -predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - LocalFlow::localFlowStepCommon(nodeFrom, nodeTo) - or - exists(SsaImpl::DefinitionExt def | - not LocalFlow::usesInstanceField(def) and - not def instanceof VariableCapture::CapturedSsaDefinitionExt - | - LocalFlow::localSsaFlowStep(def, nodeFrom, nodeTo) - or - LocalFlow::localSsaFlowStepUseUse(def, nodeFrom, nodeTo) and - not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) and - nodeFrom != nodeTo +predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { + ( + LocalFlow::localFlowStepCommon(nodeFrom, nodeTo) or - // Flow into phi (read)/uncertain SSA definition node from read - exists(Node read | LocalFlow::localFlowSsaInputFromRead(read, def, nodeTo) | - nodeFrom = read and - not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) + exists(SsaImpl::DefinitionExt def | + not LocalFlow::usesInstanceField(def) and + not def instanceof VariableCapture::CapturedSsaDefinitionExt + | + LocalFlow::localSsaFlowStep(def, nodeFrom, nodeTo) or - nodeFrom.(PostUpdateNode).getPreUpdateNode() = read + LocalFlow::localSsaFlowStepUseUse(def, nodeFrom, nodeTo) and + not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) and + nodeFrom != nodeTo + or + // Flow into phi (read)/uncertain SSA definition node from read + exists(Node read | LocalFlow::localFlowSsaInputFromRead(read, def, nodeTo) | + nodeFrom = read and + not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) + or + nodeFrom.(PostUpdateNode).getPreUpdateNode() = read + ) ) - ) + or + nodeTo.(ObjectCreationNode).getPreUpdateNode() = nodeFrom.(ObjectInitializerNode) + or + VariableCapture::valueStep(nodeFrom, nodeTo) + or + nodeTo = nodeFrom.(LocalFunctionCreationNode).getAnAccess(true) + ) and + model = "" or FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), - nodeTo.(FlowSummaryNode).getSummaryNode(), true) - or - nodeTo.(ObjectCreationNode).getPreUpdateNode() = nodeFrom.(ObjectInitializerNode) - or - VariableCapture::valueStep(nodeFrom, nodeTo) - or - nodeTo = nodeFrom.(LocalFunctionCreationNode).getAnAccess(true) + nodeTo.(FlowSummaryNode).getSummaryNode(), true, model) } /** @@ -902,7 +906,7 @@ private predicate fieldOrPropertyStore(Expr e, Content c, Expr src, Expr q, bool FlowSummaryImpl::Private::SummarizedCallableImpl sc, FlowSummaryImpl::Private::SummaryComponentStack input | - sc.propagatesFlow(input, _, _) and + sc.propagatesFlow(input, _, _, _) and input.contains(FlowSummaryImpl::Private::SummaryComponent::content(f.getContent())) ) ) @@ -2874,6 +2878,10 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves preservesValue = true } +predicate knownSourceModel(Node source, string model) { sourceNode(source, _, model) } + +predicate knownSinkModel(Node sink, string model) { sinkNode(sink, _, model) } + /** * Holds if flow is allowed to pass from parameter `p` and back to itself as a * side-effect, resulting in a summary from `p` to itself. diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll index 3a09ec2e51b7..a7776cd9600d 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll @@ -97,9 +97,9 @@ private import semmle.code.csharp.commons.QualifiedName private import codeql.mad.ModelValidation as SharedModelVal private predicate relevantNamespace(string namespace) { - sourceModel(namespace, _, _, _, _, _, _, _, _) or - sinkModel(namespace, _, _, _, _, _, _, _, _) or - summaryModel(namespace, _, _, _, _, _, _, _, _, _) + sourceModel(namespace, _, _, _, _, _, _, _, _, _) or + sinkModel(namespace, _, _, _, _, _, _, _, _, _) or + summaryModel(namespace, _, _, _, _, _, _, _, _, _, _) } private predicate namespaceLink(string shortns, string longns) { @@ -129,7 +129,7 @@ predicate modelCoverage(string namespace, int namespaces, string kind, string pa strictcount(string subns, string type, boolean subtypes, string name, string signature, string ext, string output, string provenance | canonicalNamespaceLink(namespace, subns) and - sourceModel(subns, type, subtypes, name, signature, ext, output, kind, provenance) + sourceModel(subns, type, subtypes, name, signature, ext, output, kind, provenance, _) ) or part = "sink" and @@ -137,7 +137,7 @@ predicate modelCoverage(string namespace, int namespaces, string kind, string pa strictcount(string subns, string type, boolean subtypes, string name, string signature, string ext, string input, string provenance | canonicalNamespaceLink(namespace, subns) and - sinkModel(subns, type, subtypes, name, signature, ext, input, kind, provenance) + sinkModel(subns, type, subtypes, name, signature, ext, input, kind, provenance, _) ) or part = "summary" and @@ -145,7 +145,7 @@ predicate modelCoverage(string namespace, int namespaces, string kind, string pa strictcount(string subns, string type, boolean subtypes, string name, string signature, string ext, string input, string output, string provenance | canonicalNamespaceLink(namespace, subns) and - summaryModel(subns, type, subtypes, name, signature, ext, input, output, kind, provenance) + summaryModel(subns, type, subtypes, name, signature, ext, input, output, kind, provenance, _) ) ) } @@ -155,10 +155,10 @@ module ModelValidation { private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax private predicate getRelevantAccessPath(string path) { - summaryModel(_, _, _, _, _, _, path, _, _, _) or - summaryModel(_, _, _, _, _, _, _, path, _, _) or - sinkModel(_, _, _, _, _, _, path, _, _) or - sourceModel(_, _, _, _, _, _, path, _, _) + summaryModel(_, _, _, _, _, _, path, _, _, _, _) or + summaryModel(_, _, _, _, _, _, _, path, _, _, _) or + sinkModel(_, _, _, _, _, _, path, _, _, _) or + sourceModel(_, _, _, _, _, _, path, _, _, _) } private module MkAccessPath = AccessPathSyntax::AccessPath; @@ -169,9 +169,9 @@ module ModelValidation { private string getInvalidModelInput() { exists(string pred, AccessPath input, AccessPathToken part | - sinkModel(_, _, _, _, _, _, input, _, _) and pred = "sink" + sinkModel(_, _, _, _, _, _, input, _, _, _) and pred = "sink" or - summaryModel(_, _, _, _, _, _, input, _, _, _) and pred = "summary" + summaryModel(_, _, _, _, _, _, input, _, _, _, _) and pred = "summary" | ( invalidSpecComponent(input, part) and @@ -191,9 +191,9 @@ module ModelValidation { private string getInvalidModelOutput() { exists(string pred, AccessPath output, AccessPathToken part | - sourceModel(_, _, _, _, _, _, output, _, _) and pred = "source" + sourceModel(_, _, _, _, _, _, output, _, _, _) and pred = "source" or - summaryModel(_, _, _, _, _, _, _, output, _, _) and pred = "summary" + summaryModel(_, _, _, _, _, _, _, output, _, _, _) and pred = "summary" | ( invalidSpecComponent(output, part) and @@ -208,11 +208,11 @@ module ModelValidation { } private module KindValConfig implements SharedModelVal::KindValidationConfigSig { - predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _) } + predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _, _) } - predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _) } + predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _, _) } - predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _) } + predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _, _) } predicate neutralKind(string kind) { neutralModel(_, _, _, _, kind, _) } } @@ -224,11 +224,11 @@ module ModelValidation { string pred, string namespace, string type, string name, string signature, string ext, string provenance | - sourceModel(namespace, type, _, name, signature, ext, _, _, provenance) and pred = "source" + sourceModel(namespace, type, _, name, signature, ext, _, _, provenance, _) and pred = "source" or - sinkModel(namespace, type, _, name, signature, ext, _, _, provenance) and pred = "sink" + sinkModel(namespace, type, _, name, signature, ext, _, _, provenance, _) and pred = "sink" or - summaryModel(namespace, type, _, name, signature, ext, _, _, _, provenance) and + summaryModel(namespace, type, _, name, signature, ext, _, _, _, provenance, _) and pred = "summary" or neutralModel(namespace, type, name, signature, _, provenance) and @@ -268,11 +268,11 @@ module ModelValidation { private predicate elementSpec( string namespace, string type, boolean subtypes, string name, string signature, string ext ) { - sourceModel(namespace, type, subtypes, name, signature, ext, _, _, _) + sourceModel(namespace, type, subtypes, name, signature, ext, _, _, _, _) or - sinkModel(namespace, type, subtypes, name, signature, ext, _, _, _) + sinkModel(namespace, type, subtypes, name, signature, ext, _, _, _, _) or - summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _) + summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, _) or neutralModel(namespace, type, name, signature, _, _) and ext = "" and subtypes = false } @@ -393,14 +393,14 @@ Declaration interpretElement( * A callable where there exists a MaD sink model that applies to it. */ class SinkCallable extends Callable { - SinkCallable() { SourceSinkInterpretationInput::sinkElement(this, _, _, _) } + SinkCallable() { SourceSinkInterpretationInput::sinkElement(this, _, _, _, _) } } /** * A callable where there exists a MaD source model that applies to it. */ class SourceCallable extends Callable { - SourceCallable() { SourceSinkInterpretationInput::sourceElement(this, _, _, _) } + SourceCallable() { SourceSinkInterpretationInput::sourceElement(this, _, _, _, _) } } cached @@ -410,9 +410,9 @@ private module Cached { * model. */ cached - predicate sourceNode(Node node, string kind) { + predicate sourceNode(Node node, string kind, string model) { exists(SourceSinkInterpretationInput::InterpretNode n | - isSourceNode(n, kind) and n.asNode() = node + isSourceNode(n, kind, model) and n.asNode() = node ) } @@ -421,15 +421,27 @@ private module Cached { * model. */ cached - predicate sinkNode(Node node, string kind) { + predicate sinkNode(Node node, string kind, string model) { exists(SourceSinkInterpretationInput::InterpretNode n | - isSinkNode(n, kind) and n.asNode() = node + isSinkNode(n, kind, model) and n.asNode() = node ) } } import Cached +/** + * Holds if `node` is specified as a source with the given kind in a MaD flow + * model. + */ +predicate sourceNode(Node node, string kind) { sourceNode(node, kind, _) } + +/** + * Holds if `node` is specified as a sink with the given kind in a MaD flow + * model. + */ +predicate sinkNode(Node node, string kind) { sinkNode(node, kind, _) } + /** Holds if the summary should apply for all overrides of `c`. */ predicate isBaseCallableOrPrototype(UnboundCallable c) { c.getDeclaringType() instanceof Interface @@ -517,12 +529,15 @@ string asPartialNeutralModel(UnboundCallable c) { } private predicate interpretSummary( - UnboundCallable c, string input, string output, string kind, string provenance + UnboundCallable c, string input, string output, string kind, string provenance, string model ) { exists( - string namespace, string type, boolean subtypes, string name, string signature, string ext + string namespace, string type, boolean subtypes, string name, string signature, string ext, + QlBuiltins::ExtensionId madId | - summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance) and + summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance, + madId) and + model = "MaD:" + madId.toString() and c = interpretElement(namespace, type, subtypes, name, signature, ext) ) } @@ -536,18 +551,22 @@ private predicate interpretNeutral(UnboundCallable c, string kind, string proven // adapter class for converting Mad summaries to `SummarizedCallable`s private class SummarizedCallableAdapter extends SummarizedCallable { - SummarizedCallableAdapter() { interpretSummary(this, _, _, _, _) } + SummarizedCallableAdapter() { interpretSummary(this, _, _, _, _, _) } - private predicate relevantSummaryElementManual(string input, string output, string kind) { + private predicate relevantSummaryElementManual( + string input, string output, string kind, string model + ) { exists(Provenance provenance | - interpretSummary(this, input, output, kind, provenance) and + interpretSummary(this, input, output, kind, provenance, model) and provenance.isManual() ) } - private predicate relevantSummaryElementGenerated(string input, string output, string kind) { + private predicate relevantSummaryElementGenerated( + string input, string output, string kind, string model + ) { exists(Provenance provenance | - interpretSummary(this, input, output, kind, provenance) and + interpretSummary(this, input, output, kind, provenance, model) and provenance.isGenerated() ) and not exists(Provenance provenance | @@ -556,19 +575,21 @@ private class SummarizedCallableAdapter extends SummarizedCallable { ) } - override predicate propagatesFlow(string input, string output, boolean preservesValue) { + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { exists(string kind | - this.relevantSummaryElementManual(input, output, kind) + this.relevantSummaryElementManual(input, output, kind, model) or - not this.relevantSummaryElementManual(_, _, _) and - this.relevantSummaryElementGenerated(input, output, kind) + not this.relevantSummaryElementManual(_, _, _, _) and + this.relevantSummaryElementGenerated(input, output, kind, model) | if kind = "value" then preservesValue = true else preservesValue = false ) } override predicate hasProvenance(Provenance provenance) { - interpretSummary(this, _, _, _, provenance) + interpretSummary(this, _, _, _, provenance, _) } } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlowExtensions.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlowExtensions.qll index 3d1f6de268ac..f761a0a9f5cd 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlowExtensions.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlowExtensions.qll @@ -7,7 +7,7 @@ */ extensible predicate sourceModel( string namespace, string type, boolean subtypes, string name, string signature, string ext, - string output, string kind, string provenance + string output, string kind, string provenance, QlBuiltins::ExtensionId madId ); /** @@ -15,7 +15,7 @@ extensible predicate sourceModel( */ extensible predicate sinkModel( string namespace, string type, boolean subtypes, string name, string signature, string ext, - string input, string kind, string provenance + string input, string kind, string provenance, QlBuiltins::ExtensionId madId ); /** @@ -23,7 +23,7 @@ extensible predicate sinkModel( */ extensible predicate summaryModel( string namespace, string type, boolean subtypes, string name, string signature, string ext, - string input, string output, string kind, string provenance + string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId ); /** diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index 82c2a7dcd3de..596654797ab1 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -169,20 +169,28 @@ module SourceSinkInterpretationInput implements class Element = Cs::Element; - predicate sourceElement(Element e, string output, string kind, Public::Provenance provenance) { + predicate sourceElement( + Element e, string output, string kind, Public::Provenance provenance, string model + ) { exists( - string namespace, string type, boolean subtypes, string name, string signature, string ext + string namespace, string type, boolean subtypes, string name, string signature, string ext, + QlBuiltins::ExtensionId madId | - sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance) and + sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance, madId) and + model = "MaD:" + madId.toString() and e = interpretElement(namespace, type, subtypes, name, signature, ext) ) } - predicate sinkElement(Element e, string input, string kind, Public::Provenance provenance) { + predicate sinkElement( + Element e, string input, string kind, Public::Provenance provenance, string model + ) { exists( - string namespace, string type, boolean subtypes, string name, string signature, string ext + string namespace, string type, boolean subtypes, string name, string signature, string ext, + QlBuiltins::ExtensionId madId | - sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance) and + sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance, madId) and + model = "MaD:" + madId.toString() and e = interpretElement(namespace, type, subtypes, name, signature, ext) ) } @@ -380,10 +388,13 @@ private class SummarizedCallableWithCallback extends Public::SummarizedCallable SummarizedCallableWithCallback() { mayInvokeCallback(this, pos) } - override predicate propagatesFlow(string input, string output, boolean preservesValue) { + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { input = "Argument[" + pos + "]" and output = "Argument[" + pos + "].Parameter[delegate-self]" and - preservesValue = true + preservesValue = true and + model = "heuristic-callback" } override predicate hasProvenance(Public::Provenance provenance) { provenance = "hq-generated" } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index d91380a74f59..714be21b9110 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -150,21 +150,24 @@ private module Cached { * in all global taint flow configurations. */ cached - predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - localTaintStepCommon(nodeFrom, nodeTo) - or - // Taint members - readStep(nodeFrom, any(TaintedMember m).(FieldOrProperty).getContent(), nodeTo) - or - // Although flow through collections is modeled precisely using stores/reads, we still - // allow flow out of a _tainted_ collection. This is needed in order to support taint- - // tracking configurations where the source is a collection - readStep(nodeFrom, TElementContent(), nodeTo) + predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) { + ( + localTaintStepCommon(nodeFrom, nodeTo) + or + // Taint members + readStep(nodeFrom, any(TaintedMember m).(FieldOrProperty).getContent(), nodeTo) + or + // Although flow through collections is modeled precisely using stores/reads, we still + // allow flow out of a _tainted_ collection. This is needed in order to support taint- + // tracking configurations where the source is a collection + readStep(nodeFrom, TElementContent(), nodeTo) + or + nodeTo = nodeFrom.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false) + ) and + model = "" or FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), - nodeTo.(FlowSummaryNode).getSummaryNode(), false) - or - nodeTo = nodeFrom.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false) + nodeTo.(FlowSummaryNode).getSummaryNode(), false, model) } } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll index 739546dde46a..d2a905bf94d2 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll @@ -99,7 +99,9 @@ module EntityFramework { // see `SummarizedCallableImpl` qldoc private class EFSummarizedCallableAdapter extends SummarizedCallable instanceof EFSummarizedCallable { - override predicate propagatesFlow(string input, string output, boolean preservesValue) { + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { none() } @@ -174,11 +176,13 @@ module EntityFramework { } override predicate propagatesFlow( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue, + string model ) { input = SummaryComponentStack::argument(0) and output = SummaryComponentStack::return() and - preservesValue = false + preservesValue = false and + model = "RawSqlStringConstructorSummarizedCallable" } } @@ -188,11 +192,13 @@ module EntityFramework { } override predicate propagatesFlow( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue, + string model ) { input = SummaryComponentStack::argument(0) and output = SummaryComponentStack::return() and - preservesValue = false + preservesValue = false and + model = "RawSqlStringConversionSummarizedCallable" } } @@ -463,12 +469,14 @@ module EntityFramework { DbContextClassSetPropertySynthetic() { this = p.getGetter() } override predicate propagatesFlow( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue, + string model ) { exists(string name, DbContextClass c | preservesValue = true and name = c.getSyntheticName(output, _, p) and - input = SummaryComponentStack::syntheticGlobal(name) + input = SummaryComponentStack::syntheticGlobal(name) and + model = "DbContextClassSetPropertySynthetic" ) } } @@ -479,13 +487,15 @@ module EntityFramework { DbContextSaveChanges() { this = c.getASaveChanges() } override predicate propagatesFlow( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue, + string model ) { exists(string name, Property mapped | preservesValue = true and c.input(input, mapped) and name = c.getSyntheticName(_, mapped, _) and - output = SummaryComponentStack::syntheticGlobal(name) + output = SummaryComponentStack::syntheticGlobal(name) and + model = "DbContextSaveChanges" ) } } diff --git a/csharp/ql/src/Telemetry/ExternalApi.qll b/csharp/ql/src/Telemetry/ExternalApi.qll index 73f38bda26ef..ebb2411d3a0e 100644 --- a/csharp/ql/src/Telemetry/ExternalApi.qll +++ b/csharp/ql/src/Telemetry/ExternalApi.qll @@ -74,7 +74,7 @@ class ExternalApi extends Callable { predicate hasSummary() { this instanceof SummarizedCallable or - defaultAdditionalTaintStep(this.getAnInput(), _) + defaultAdditionalTaintStep(this.getAnInput(), _, _) } /** Holds if this API is a known source. */ diff --git a/csharp/ql/src/utils/modelconverter/ExtractSinks.ql b/csharp/ql/src/utils/modelconverter/ExtractSinks.ql index 1f3f3b99021e..aef2e8fa10ef 100644 --- a/csharp/ql/src/utils/modelconverter/ExtractSinks.ql +++ b/csharp/ql/src/utils/modelconverter/ExtractSinks.ql @@ -12,7 +12,7 @@ from string name, string signature0, string signature, string ext, string input, string kind, string provenance where - sinkModel(namespace0, type0, subtypes, name0, signature0, ext, input, kind, provenance) and + sinkModel(namespace0, type0, subtypes, name0, signature0, ext, input, kind, provenance, _) and interpretCallable(namespace0, namespace, type0, type, name0, name, signature0, signature) select namespace, type, subtypes, name, signature, ext, input, kind, provenance order by namespace, type, name, signature, input, kind diff --git a/csharp/ql/src/utils/modelconverter/ExtractSources.ql b/csharp/ql/src/utils/modelconverter/ExtractSources.ql index ad2ad46bfcc1..d940178ca05d 100644 --- a/csharp/ql/src/utils/modelconverter/ExtractSources.ql +++ b/csharp/ql/src/utils/modelconverter/ExtractSources.ql @@ -12,7 +12,7 @@ from string name, string signature0, string signature, string ext, string output, string kind, string provenance where - sourceModel(namespace0, type0, subtypes, name0, signature0, ext, output, kind, provenance) and + sourceModel(namespace0, type0, subtypes, name0, signature0, ext, output, kind, provenance, _) and interpretCallable(namespace0, namespace, type0, type, name0, name, signature0, signature) select namespace, type, subtypes, name, signature, ext, output, kind, provenance order by namespace, type, name, signature, output, kind diff --git a/csharp/ql/src/utils/modelconverter/ExtractSummaries.ql b/csharp/ql/src/utils/modelconverter/ExtractSummaries.ql index 93769c5b3844..c6c5a257f749 100644 --- a/csharp/ql/src/utils/modelconverter/ExtractSummaries.ql +++ b/csharp/ql/src/utils/modelconverter/ExtractSummaries.ql @@ -12,7 +12,8 @@ from string name, string signature0, string signature, string ext, string input, string output, string kind, string provenance where - summaryModel(namespace0, type0, subtypes, name0, signature0, ext, input, output, kind, provenance) and + summaryModel(namespace0, type0, subtypes, name0, signature0, ext, input, output, kind, provenance, + _) and interpretCallable(namespace0, namespace, type0, type, name0, name, signature0, signature) select namespace, type, subtypes, name, signature, ext, input, output, kind, provenance order by namespace, type, name, signature, input, output, kind diff --git a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll index de64071fac09..a618cecd041a 100644 --- a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll +++ b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll @@ -34,7 +34,7 @@ class ExternalEndpoint extends Endpoint { override predicate hasSummary() { Endpoint.super.hasSummary() or - defaultAdditionalTaintStep(this.getAnInput(), _) + defaultAdditionalTaintStep(this.getAnInput(), _, _) } override predicate isSource() { diff --git a/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected b/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected index 2886fe7af7d0..119ad546b1b1 100644 --- a/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected +++ b/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected @@ -4,10 +4,10 @@ edges | HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | provenance | | | HashWithoutSalt.cs:38:16:38:24 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | provenance | | | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:38:16:38:24 | access to local variable passBytes : Byte[] | provenance | | -| HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | provenance | | +| HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | provenance | MaD:1871 | | HashWithoutSalt.cs:70:16:70:24 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | provenance | | | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:70:16:70:24 | access to local variable passBytes : Byte[] | provenance | | -| HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | provenance | | +| HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | provenance | MaD:1871 | nodes | HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | semmle.label | access to local variable passBuff : IBuffer | | HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | semmle.label | call to method ConvertStringToBinary : IBuffer | diff --git a/csharp/ql/test/library-tests/dataflow/async/Async.expected b/csharp/ql/test/library-tests/dataflow/async/Async.expected index 743f8d120b2e..b8ac6c20987b 100644 --- a/csharp/ql/test/library-tests/dataflow/async/Async.expected +++ b/csharp/ql/test/library-tests/dataflow/async/Async.expected @@ -30,8 +30,8 @@ edges | Async.cs:46:44:46:44 | x : String | Async.cs:48:32:48:32 | access to parameter x : String | provenance | | | Async.cs:46:44:46:44 | x : String | Async.cs:48:32:48:32 | access to parameter x : String | provenance | | | Async.cs:48:16:48:33 | call to method FromResult : Task [property Result] : String | Async.cs:43:14:43:30 | call to method ReturnTask : Task [property Result] : String | provenance | | -| Async.cs:48:32:48:32 | access to parameter x : String | Async.cs:48:16:48:33 | call to method FromResult : Task [property Result] : String | provenance | | -| Async.cs:48:32:48:32 | access to parameter x : String | Async.cs:48:16:48:33 | call to method FromResult : Task [property Result] : String | provenance | | +| Async.cs:48:32:48:32 | access to parameter x : String | Async.cs:48:16:48:33 | call to method FromResult : Task [property Result] : String | provenance | MaD:1995 | +| Async.cs:48:32:48:32 | access to parameter x : String | Async.cs:48:16:48:33 | call to method FromResult : Task [property Result] : String | provenance | MaD:1995 | | Async.cs:51:52:51:52 | x : String | Async.cs:51:58:51:58 | access to parameter x : String | provenance | | | Async.cs:51:52:51:52 | x : String | Async.cs:51:58:51:58 | access to parameter x : String | provenance | | | Async.cs:51:58:51:58 | access to parameter x : String | Async.cs:32:14:32:32 | call to method ReturnAwait2 : Task [property Result] : String | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected b/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected index 7a71e3d37cb4..c1f6fa6a21fa 100644 --- a/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected +++ b/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected @@ -4,31 +4,34 @@ edges | CollectionFlow.cs:14:52:14:53 | access to parameter ts : A[] [element] : A | CollectionFlow.cs:14:52:14:56 | access to array element | provenance | | | CollectionFlow.cs:14:52:14:53 | access to parameter ts : null [element] : A | CollectionFlow.cs:14:52:14:56 | access to array element | provenance | | | CollectionFlow.cs:16:49:16:52 | list : List [element] : A | CollectionFlow.cs:16:63:16:66 | access to parameter list : List [element] : A | provenance | | -| CollectionFlow.cs:16:63:16:66 | access to parameter list : List [element] : A | CollectionFlow.cs:16:63:16:69 | access to indexer | provenance | | +| CollectionFlow.cs:16:63:16:66 | access to parameter list : List [element] : A | CollectionFlow.cs:16:63:16:69 | access to indexer | provenance | MaD:617 | | CollectionFlow.cs:18:61:18:64 | dict : Dictionary [element, property Value] : A | CollectionFlow.cs:18:75:18:78 | access to parameter dict : Dictionary [element, property Value] : A | provenance | | -| CollectionFlow.cs:18:75:18:78 | access to parameter dict : Dictionary [element, property Value] : A | CollectionFlow.cs:18:75:18:81 | access to indexer | provenance | | +| CollectionFlow.cs:18:75:18:78 | access to parameter dict : Dictionary [element, property Value] : A | CollectionFlow.cs:18:75:18:81 | access to indexer | provenance | MaD:610 | | CollectionFlow.cs:20:59:20:62 | dict : Dictionary [element, property Key] : A | CollectionFlow.cs:20:73:20:76 | access to parameter dict : Dictionary [element, property Key] : A | provenance | | -| CollectionFlow.cs:20:73:20:76 | access to parameter dict : Dictionary [element, property Key] : A | CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection [element] : A | provenance | | -| CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection [element] : A | CollectionFlow.cs:20:73:20:89 | call to method First | provenance | | +| CollectionFlow.cs:20:73:20:76 | access to parameter dict : Dictionary [element, property Key] : A | CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection [element] : A | provenance | MaD:600 | +| CollectionFlow.cs:20:73:20:76 | access to parameter dict : Dictionary [element, property Key] : A | CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection [element] : A | provenance | MaD:611 | +| CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection [element] : A | CollectionFlow.cs:20:73:20:89 | call to method First | provenance | MaD:1204 | | CollectionFlow.cs:22:34:22:35 | ts : A[] [element] : A | CollectionFlow.cs:22:41:22:42 | access to parameter ts : A[] [element] : A | provenance | | | CollectionFlow.cs:22:34:22:35 | ts : null [element] : A | CollectionFlow.cs:22:41:22:42 | access to parameter ts : null [element] : A | provenance | | | CollectionFlow.cs:22:41:22:42 | access to parameter ts : A[] [element] : A | CollectionFlow.cs:22:41:22:45 | access to array element : A | provenance | | | CollectionFlow.cs:22:41:22:42 | access to parameter ts : null [element] : A | CollectionFlow.cs:22:41:22:45 | access to array element : A | provenance | | | CollectionFlow.cs:24:43:24:46 | list : List [element] : A | CollectionFlow.cs:24:52:24:55 | access to parameter list : List [element] : A | provenance | | -| CollectionFlow.cs:24:52:24:55 | access to parameter list : List [element] : A | CollectionFlow.cs:24:52:24:58 | access to indexer : A | provenance | | +| CollectionFlow.cs:24:52:24:55 | access to parameter list : List [element] : A | CollectionFlow.cs:24:52:24:58 | access to indexer : A | provenance | MaD:617 | | CollectionFlow.cs:26:58:26:61 | dict : Dictionary [element, property Value] : A | CollectionFlow.cs:26:67:26:70 | access to parameter dict : Dictionary [element, property Value] : A | provenance | | -| CollectionFlow.cs:26:67:26:70 | access to parameter dict : Dictionary [element, property Value] : A | CollectionFlow.cs:26:67:26:73 | access to indexer : A | provenance | | +| CollectionFlow.cs:26:67:26:70 | access to parameter dict : Dictionary [element, property Value] : A | CollectionFlow.cs:26:67:26:73 | access to indexer : A | provenance | MaD:610 | | CollectionFlow.cs:28:59:28:62 | dict : Dictionary [element, property Value] : A | CollectionFlow.cs:28:68:28:71 | access to parameter dict : Dictionary [element, property Value] : A | provenance | | -| CollectionFlow.cs:28:68:28:71 | access to parameter dict : Dictionary [element, property Value] : A | CollectionFlow.cs:28:68:28:79 | call to method First> : KeyValuePair [property Value] : A | provenance | | +| CollectionFlow.cs:28:68:28:71 | access to parameter dict : Dictionary [element, property Value] : A | CollectionFlow.cs:28:68:28:79 | call to method First> : KeyValuePair [property Value] : A | provenance | MaD:1204 | | CollectionFlow.cs:28:68:28:79 | call to method First> : KeyValuePair [property Value] : A | CollectionFlow.cs:28:68:28:85 | access to property Value : A | provenance | | | CollectionFlow.cs:30:60:30:63 | dict : Dictionary [element, property Value] : A | CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary [element, property Value] : A | provenance | | -| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection [element] : A | provenance | | -| CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First : A | provenance | | +| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection [element] : A | provenance | MaD:601 | +| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection [element] : A | provenance | MaD:612 | +| CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First : A | provenance | MaD:1204 | | CollectionFlow.cs:32:58:32:61 | dict : Dictionary [element, property Key] : A | CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary [element, property Key] : A | provenance | | -| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection [element] : A | provenance | | -| CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First : A | provenance | | +| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection [element] : A | provenance | MaD:600 | +| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection [element] : A | provenance | MaD:611 | +| CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First : A | provenance | MaD:1204 | | CollectionFlow.cs:34:57:34:60 | dict : Dictionary [element, property Key] : A | CollectionFlow.cs:34:66:34:69 | access to parameter dict : Dictionary [element, property Key] : A | provenance | | -| CollectionFlow.cs:34:66:34:69 | access to parameter dict : Dictionary [element, property Key] : A | CollectionFlow.cs:34:66:34:77 | call to method First> : KeyValuePair [property Key] : A | provenance | | +| CollectionFlow.cs:34:66:34:69 | access to parameter dict : Dictionary [element, property Key] : A | CollectionFlow.cs:34:66:34:77 | call to method First> : KeyValuePair [property Key] : A | provenance | MaD:1204 | | CollectionFlow.cs:34:66:34:77 | call to method First> : KeyValuePair [property Key] : A | CollectionFlow.cs:34:66:34:81 | access to property Key : A | provenance | | | CollectionFlow.cs:36:49:36:52 | args : A[] [element] : A | CollectionFlow.cs:36:63:36:66 | access to parameter args : A[] [element] : A | provenance | | | CollectionFlow.cs:36:49:36:52 | args : null [element] : A | CollectionFlow.cs:36:63:36:66 | access to parameter args : null [element] : A | provenance | | @@ -75,8 +78,8 @@ edges | CollectionFlow.cs:98:9:98:12 | [post] access to local variable list : List [element] : A | CollectionFlow.cs:99:14:99:17 | access to local variable list : List [element] : A | provenance | | | CollectionFlow.cs:98:9:98:12 | [post] access to local variable list : List [element] : A | CollectionFlow.cs:100:22:100:25 | access to local variable list : List [element] : A | provenance | | | CollectionFlow.cs:98:9:98:12 | [post] access to local variable list : List [element] : A | CollectionFlow.cs:101:24:101:27 | access to local variable list : List [element] : A | provenance | | -| CollectionFlow.cs:98:19:98:19 | access to local variable a : A | CollectionFlow.cs:98:9:98:12 | [post] access to local variable list : List [element] : A | provenance | | -| CollectionFlow.cs:99:14:99:17 | access to local variable list : List [element] : A | CollectionFlow.cs:99:14:99:20 | access to indexer | provenance | | +| CollectionFlow.cs:98:19:98:19 | access to local variable a : A | CollectionFlow.cs:98:9:98:12 | [post] access to local variable list : List [element] : A | provenance | MaD:618 | +| CollectionFlow.cs:99:14:99:17 | access to local variable list : List [element] : A | CollectionFlow.cs:99:14:99:20 | access to indexer | provenance | MaD:617 | | CollectionFlow.cs:100:22:100:25 | access to local variable list : List [element] : A | CollectionFlow.cs:16:49:16:52 | list : List [element] : A | provenance | | | CollectionFlow.cs:101:24:101:27 | access to local variable list : List [element] : A | CollectionFlow.cs:24:43:24:46 | list : List [element] : A | provenance | | | CollectionFlow.cs:101:24:101:27 | access to local variable list : List [element] : A | CollectionFlow.cs:101:14:101:28 | call to method ListFirst | provenance | | @@ -86,8 +89,8 @@ edges | CollectionFlow.cs:116:13:116:16 | access to local variable list : List [element] : A | CollectionFlow.cs:118:22:118:25 | access to local variable list : List [element] : A | provenance | | | CollectionFlow.cs:116:13:116:16 | access to local variable list : List [element] : A | CollectionFlow.cs:119:24:119:27 | access to local variable list : List [element] : A | provenance | | | CollectionFlow.cs:116:20:116:38 | object creation of type List : List [element] : A | CollectionFlow.cs:116:13:116:16 | access to local variable list : List [element] : A | provenance | | -| CollectionFlow.cs:116:36:116:36 | access to local variable a : A | CollectionFlow.cs:116:20:116:38 | object creation of type List : List [element] : A | provenance | | -| CollectionFlow.cs:117:14:117:17 | access to local variable list : List [element] : A | CollectionFlow.cs:117:14:117:20 | access to indexer | provenance | | +| CollectionFlow.cs:116:36:116:36 | access to local variable a : A | CollectionFlow.cs:116:20:116:38 | object creation of type List : List [element] : A | provenance | MaD:605 | +| CollectionFlow.cs:117:14:117:17 | access to local variable list : List [element] : A | CollectionFlow.cs:117:14:117:20 | access to indexer | provenance | MaD:617 | | CollectionFlow.cs:118:22:118:25 | access to local variable list : List [element] : A | CollectionFlow.cs:16:49:16:52 | list : List [element] : A | provenance | | | CollectionFlow.cs:119:24:119:27 | access to local variable list : List [element] : A | CollectionFlow.cs:24:43:24:46 | list : List [element] : A | provenance | | | CollectionFlow.cs:119:24:119:27 | access to local variable list : List [element] : A | CollectionFlow.cs:119:14:119:28 | call to method ListFirst | provenance | | @@ -96,8 +99,8 @@ edges | CollectionFlow.cs:134:9:134:12 | [post] access to local variable list : List [element] : A | CollectionFlow.cs:135:14:135:17 | access to local variable list : List [element] : A | provenance | | | CollectionFlow.cs:134:9:134:12 | [post] access to local variable list : List [element] : A | CollectionFlow.cs:136:22:136:25 | access to local variable list : List [element] : A | provenance | | | CollectionFlow.cs:134:9:134:12 | [post] access to local variable list : List [element] : A | CollectionFlow.cs:137:24:137:27 | access to local variable list : List [element] : A | provenance | | -| CollectionFlow.cs:134:18:134:18 | access to local variable a : A | CollectionFlow.cs:134:9:134:12 | [post] access to local variable list : List [element] : A | provenance | | -| CollectionFlow.cs:135:14:135:17 | access to local variable list : List [element] : A | CollectionFlow.cs:135:14:135:20 | access to indexer | provenance | | +| CollectionFlow.cs:134:18:134:18 | access to local variable a : A | CollectionFlow.cs:134:9:134:12 | [post] access to local variable list : List [element] : A | provenance | MaD:605 | +| CollectionFlow.cs:135:14:135:17 | access to local variable list : List [element] : A | CollectionFlow.cs:135:14:135:20 | access to indexer | provenance | MaD:617 | | CollectionFlow.cs:136:22:136:25 | access to local variable list : List [element] : A | CollectionFlow.cs:16:49:16:52 | list : List [element] : A | provenance | | | CollectionFlow.cs:137:24:137:27 | access to local variable list : List [element] : A | CollectionFlow.cs:24:43:24:46 | list : List [element] : A | provenance | | | CollectionFlow.cs:137:24:137:27 | access to local variable list : List [element] : A | CollectionFlow.cs:137:14:137:28 | call to method ListFirst | provenance | | @@ -108,8 +111,8 @@ edges | CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:156:28:156:31 | access to local variable dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:157:29:157:32 | access to local variable dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:158:30:158:33 | access to local variable dict : Dictionary [element, property Value] : A | provenance | | -| CollectionFlow.cs:153:19:153:19 | access to local variable a : A | CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary [element, property Value] : A | provenance | | -| CollectionFlow.cs:154:14:154:17 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:154:14:154:20 | access to indexer | provenance | | +| CollectionFlow.cs:153:19:153:19 | access to local variable a : A | CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary [element, property Value] : A | provenance | MaD:614 | +| CollectionFlow.cs:154:14:154:17 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:154:14:154:20 | access to indexer | provenance | MaD:610 | | CollectionFlow.cs:155:23:155:26 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:18:61:18:64 | dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:156:28:156:31 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:26:58:26:61 | dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:156:28:156:31 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:156:14:156:32 | call to method DictIndexZero | provenance | | @@ -125,8 +128,8 @@ edges | CollectionFlow.cs:175:13:175:16 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:179:29:179:32 | access to local variable dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:175:13:175:16 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:180:30:180:33 | access to local variable dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:175:20:175:56 | object creation of type Dictionary : Dictionary [element, property Value] : A | CollectionFlow.cs:175:13:175:16 | access to local variable dict : Dictionary [element, property Value] : A | provenance | | -| CollectionFlow.cs:175:52:175:52 | access to local variable a : A | CollectionFlow.cs:175:20:175:56 | object creation of type Dictionary : Dictionary [element, property Value] : A | provenance | | -| CollectionFlow.cs:176:14:176:17 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:176:14:176:20 | access to indexer | provenance | | +| CollectionFlow.cs:175:52:175:52 | access to local variable a : A | CollectionFlow.cs:175:20:175:56 | object creation of type Dictionary : Dictionary [element, property Value] : A | provenance | MaD:609 | +| CollectionFlow.cs:176:14:176:17 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:176:14:176:20 | access to indexer | provenance | MaD:610 | | CollectionFlow.cs:177:23:177:26 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:18:61:18:64 | dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:178:28:178:31 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:26:58:26:61 | dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:178:28:178:31 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:178:14:178:32 | call to method DictIndexZero | provenance | | @@ -142,8 +145,8 @@ edges | CollectionFlow.cs:196:13:196:16 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:200:29:200:32 | access to local variable dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:196:13:196:16 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:201:30:201:33 | access to local variable dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:196:20:196:55 | object creation of type Dictionary : Dictionary [element, property Value] : A | CollectionFlow.cs:196:13:196:16 | access to local variable dict : Dictionary [element, property Value] : A | provenance | | -| CollectionFlow.cs:196:53:196:53 | access to local variable a : A | CollectionFlow.cs:196:20:196:55 | object creation of type Dictionary : Dictionary [element, property Value] : A | provenance | | -| CollectionFlow.cs:197:14:197:17 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:197:14:197:20 | access to indexer | provenance | | +| CollectionFlow.cs:196:53:196:53 | access to local variable a : A | CollectionFlow.cs:196:20:196:55 | object creation of type Dictionary : Dictionary [element, property Value] : A | provenance | MaD:614 | +| CollectionFlow.cs:197:14:197:17 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:197:14:197:20 | access to indexer | provenance | MaD:610 | | CollectionFlow.cs:198:23:198:26 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:18:61:18:64 | dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:199:28:199:31 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:26:58:26:61 | dict : Dictionary [element, property Value] : A | provenance | | | CollectionFlow.cs:199:28:199:31 | access to local variable dict : Dictionary [element, property Value] : A | CollectionFlow.cs:199:14:199:32 | call to method DictIndexZero | provenance | | @@ -158,9 +161,9 @@ edges | CollectionFlow.cs:218:13:218:16 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:221:28:221:31 | access to local variable dict : Dictionary [element, property Key] : A | provenance | | | CollectionFlow.cs:218:13:218:16 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:222:27:222:30 | access to local variable dict : Dictionary [element, property Key] : A | provenance | | | CollectionFlow.cs:218:20:218:56 | object creation of type Dictionary : Dictionary [element, property Key] : A | CollectionFlow.cs:218:13:218:16 | access to local variable dict : Dictionary [element, property Key] : A | provenance | | -| CollectionFlow.cs:218:49:218:49 | access to local variable a : A | CollectionFlow.cs:218:20:218:56 | object creation of type Dictionary : Dictionary [element, property Key] : A | provenance | | -| CollectionFlow.cs:219:14:219:17 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:219:14:219:22 | access to property Keys : Dictionary.KeyCollection [element] : A | provenance | | -| CollectionFlow.cs:219:14:219:22 | access to property Keys : Dictionary.KeyCollection [element] : A | CollectionFlow.cs:219:14:219:30 | call to method First | provenance | | +| CollectionFlow.cs:218:49:218:49 | access to local variable a : A | CollectionFlow.cs:218:20:218:56 | object creation of type Dictionary : Dictionary [element, property Key] : A | provenance | MaD:608 | +| CollectionFlow.cs:219:14:219:17 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:219:14:219:22 | access to property Keys : Dictionary.KeyCollection [element] : A | provenance | MaD:600 | +| CollectionFlow.cs:219:14:219:22 | access to property Keys : Dictionary.KeyCollection [element] : A | CollectionFlow.cs:219:14:219:30 | call to method First | provenance | MaD:1204 | | CollectionFlow.cs:220:21:220:24 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:20:59:20:62 | dict : Dictionary [element, property Key] : A | provenance | | | CollectionFlow.cs:221:28:221:31 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:32:58:32:61 | dict : Dictionary [element, property Key] : A | provenance | | | CollectionFlow.cs:221:28:221:31 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:221:14:221:32 | call to method DictKeysFirst | provenance | | @@ -173,9 +176,9 @@ edges | CollectionFlow.cs:237:13:237:16 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:240:28:240:31 | access to local variable dict : Dictionary [element, property Key] : A | provenance | | | CollectionFlow.cs:237:13:237:16 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:241:27:241:30 | access to local variable dict : Dictionary [element, property Key] : A | provenance | | | CollectionFlow.cs:237:20:237:55 | object creation of type Dictionary : Dictionary [element, property Key] : A | CollectionFlow.cs:237:13:237:16 | access to local variable dict : Dictionary [element, property Key] : A | provenance | | -| CollectionFlow.cs:237:48:237:48 | access to local variable a : A | CollectionFlow.cs:237:20:237:55 | object creation of type Dictionary : Dictionary [element, property Key] : A | provenance | | -| CollectionFlow.cs:238:14:238:17 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:238:14:238:22 | access to property Keys : Dictionary.KeyCollection [element] : A | provenance | | -| CollectionFlow.cs:238:14:238:22 | access to property Keys : Dictionary.KeyCollection [element] : A | CollectionFlow.cs:238:14:238:30 | call to method First | provenance | | +| CollectionFlow.cs:237:48:237:48 | access to local variable a : A | CollectionFlow.cs:237:20:237:55 | object creation of type Dictionary : Dictionary [element, property Key] : A | provenance | MaD:613 | +| CollectionFlow.cs:238:14:238:17 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:238:14:238:22 | access to property Keys : Dictionary.KeyCollection [element] : A | provenance | MaD:600 | +| CollectionFlow.cs:238:14:238:22 | access to property Keys : Dictionary.KeyCollection [element] : A | CollectionFlow.cs:238:14:238:30 | call to method First | provenance | MaD:1204 | | CollectionFlow.cs:239:21:239:24 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:20:59:20:62 | dict : Dictionary [element, property Key] : A | provenance | | | CollectionFlow.cs:240:28:240:31 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:32:58:32:61 | dict : Dictionary [element, property Key] : A | provenance | | | CollectionFlow.cs:240:28:240:31 | access to local variable dict : Dictionary [element, property Key] : A | CollectionFlow.cs:240:14:240:32 | call to method DictKeysFirst | provenance | | @@ -193,23 +196,23 @@ edges | CollectionFlow.cs:271:25:271:29 | { ..., ... } : null [element] : A | CollectionFlow.cs:271:13:271:15 | access to local variable as : null [element] : A | provenance | | | CollectionFlow.cs:271:27:271:27 | access to local variable a : A | CollectionFlow.cs:271:25:271:29 | { ..., ... } : null [element] : A | provenance | | | CollectionFlow.cs:272:13:272:22 | access to local variable enumerator : IEnumerator [property Current] : A | CollectionFlow.cs:274:18:274:27 | access to local variable enumerator : IEnumerator [property Current] : A | provenance | | -| CollectionFlow.cs:272:26:272:28 | access to local variable as : null [element] : A | CollectionFlow.cs:272:26:272:44 | call to method GetEnumerator : IEnumerator [property Current] : A | provenance | | +| CollectionFlow.cs:272:26:272:28 | access to local variable as : null [element] : A | CollectionFlow.cs:272:26:272:44 | call to method GetEnumerator : IEnumerator [property Current] : A | provenance | MaD:811 | | CollectionFlow.cs:272:26:272:44 | call to method GetEnumerator : IEnumerator [property Current] : A | CollectionFlow.cs:272:13:272:22 | access to local variable enumerator : IEnumerator [property Current] : A | provenance | | | CollectionFlow.cs:274:18:274:27 | access to local variable enumerator : IEnumerator [property Current] : A | CollectionFlow.cs:274:18:274:35 | access to property Current | provenance | | | CollectionFlow.cs:287:13:287:13 | access to local variable a : A | CollectionFlow.cs:289:18:289:18 | access to local variable a : A | provenance | | | CollectionFlow.cs:287:17:287:23 | object creation of type A : A | CollectionFlow.cs:287:13:287:13 | access to local variable a : A | provenance | | | CollectionFlow.cs:289:9:289:12 | [post] access to local variable list : List [element] : A | CollectionFlow.cs:290:26:290:29 | access to local variable list : List [element] : A | provenance | | -| CollectionFlow.cs:289:18:289:18 | access to local variable a : A | CollectionFlow.cs:289:9:289:12 | [post] access to local variable list : List [element] : A | provenance | | +| CollectionFlow.cs:289:18:289:18 | access to local variable a : A | CollectionFlow.cs:289:9:289:12 | [post] access to local variable list : List [element] : A | provenance | MaD:605 | | CollectionFlow.cs:290:13:290:22 | access to local variable enumerator : List.Enumerator [property Current] : A | CollectionFlow.cs:292:18:292:27 | access to local variable enumerator : List.Enumerator [property Current] : A | provenance | | -| CollectionFlow.cs:290:26:290:29 | access to local variable list : List [element] : A | CollectionFlow.cs:290:26:290:45 | call to method GetEnumerator : List.Enumerator [property Current] : A | provenance | | +| CollectionFlow.cs:290:26:290:29 | access to local variable list : List [element] : A | CollectionFlow.cs:290:26:290:45 | call to method GetEnumerator : List.Enumerator [property Current] : A | provenance | MaD:634 | | CollectionFlow.cs:290:26:290:45 | call to method GetEnumerator : List.Enumerator [property Current] : A | CollectionFlow.cs:290:13:290:22 | access to local variable enumerator : List.Enumerator [property Current] : A | provenance | | | CollectionFlow.cs:292:18:292:27 | access to local variable enumerator : List.Enumerator [property Current] : A | CollectionFlow.cs:292:18:292:35 | access to property Current | provenance | | | CollectionFlow.cs:306:13:306:13 | access to local variable a : A | CollectionFlow.cs:308:43:308:43 | access to local variable a : A | provenance | | | CollectionFlow.cs:306:17:306:23 | object creation of type A : A | CollectionFlow.cs:306:13:306:13 | access to local variable a : A | provenance | | | CollectionFlow.cs:308:9:308:12 | [post] access to local variable list : List [element, property Key] : A | CollectionFlow.cs:309:9:309:12 | access to local variable list : List [element, property Key] : A | provenance | | -| CollectionFlow.cs:308:18:308:47 | object creation of type KeyValuePair : KeyValuePair [property Key] : A | CollectionFlow.cs:308:9:308:12 | [post] access to local variable list : List [element, property Key] : A | provenance | | -| CollectionFlow.cs:308:43:308:43 | access to local variable a : A | CollectionFlow.cs:308:18:308:47 | object creation of type KeyValuePair : KeyValuePair [property Key] : A | provenance | | -| CollectionFlow.cs:309:9:309:12 | access to local variable list : List [element, property Key] : A | CollectionFlow.cs:309:21:309:23 | kvp : KeyValuePair [property Key] : A | provenance | | +| CollectionFlow.cs:308:18:308:47 | object creation of type KeyValuePair : KeyValuePair [property Key] : A | CollectionFlow.cs:308:9:308:12 | [post] access to local variable list : List [element, property Key] : A | provenance | MaD:605 | +| CollectionFlow.cs:308:43:308:43 | access to local variable a : A | CollectionFlow.cs:308:18:308:47 | object creation of type KeyValuePair : KeyValuePair [property Key] : A | provenance | MaD:620 | +| CollectionFlow.cs:309:9:309:12 | access to local variable list : List [element, property Key] : A | CollectionFlow.cs:309:21:309:23 | kvp : KeyValuePair [property Key] : A | provenance | MaD:1300 | | CollectionFlow.cs:309:21:309:23 | kvp : KeyValuePair [property Key] : A | CollectionFlow.cs:311:18:311:20 | access to parameter kvp : KeyValuePair [property Key] : A | provenance | | | CollectionFlow.cs:311:18:311:20 | access to parameter kvp : KeyValuePair [property Key] : A | CollectionFlow.cs:311:18:311:24 | access to property Key | provenance | | | CollectionFlow.cs:328:32:328:38 | element : A | CollectionFlow.cs:328:55:328:61 | access to parameter element : A | provenance | | @@ -226,7 +229,7 @@ edges | CollectionFlow.cs:337:20:337:22 | access to local variable as : A[] [element] : A | CollectionFlow.cs:22:34:22:35 | ts : A[] [element] : A | provenance | | | CollectionFlow.cs:337:20:337:22 | access to local variable as : A[] [element] : A | CollectionFlow.cs:337:14:337:23 | call to method First | provenance | | | CollectionFlow.cs:350:34:350:40 | element : A | CollectionFlow.cs:350:55:350:61 | access to parameter element : A | provenance | | -| CollectionFlow.cs:350:55:350:61 | access to parameter element : A | CollectionFlow.cs:350:46:350:49 | [post] access to parameter list : List [element] : A | provenance | | +| CollectionFlow.cs:350:55:350:61 | access to parameter element : A | CollectionFlow.cs:350:46:350:49 | [post] access to parameter list : List [element] : A | provenance | MaD:605 | | CollectionFlow.cs:354:13:354:13 | access to local variable a : A | CollectionFlow.cs:356:23:356:23 | access to local variable a : A | provenance | | | CollectionFlow.cs:354:17:354:23 | object creation of type A : A | CollectionFlow.cs:354:13:354:13 | access to local variable a : A | provenance | | | CollectionFlow.cs:356:17:356:20 | [post] access to local variable list : List [element] : A | CollectionFlow.cs:357:14:357:17 | access to local variable list : List [element] : A | provenance | | @@ -234,7 +237,7 @@ edges | CollectionFlow.cs:356:17:356:20 | [post] access to local variable list : List [element] : A | CollectionFlow.cs:359:24:359:27 | access to local variable list : List [element] : A | provenance | | | CollectionFlow.cs:356:23:356:23 | access to local variable a : A | CollectionFlow.cs:350:34:350:40 | element : A | provenance | | | CollectionFlow.cs:356:23:356:23 | access to local variable a : A | CollectionFlow.cs:356:17:356:20 | [post] access to local variable list : List [element] : A | provenance | | -| CollectionFlow.cs:357:14:357:17 | access to local variable list : List [element] : A | CollectionFlow.cs:357:14:357:20 | access to indexer | provenance | | +| CollectionFlow.cs:357:14:357:17 | access to local variable list : List [element] : A | CollectionFlow.cs:357:14:357:20 | access to indexer | provenance | MaD:617 | | CollectionFlow.cs:358:22:358:25 | access to local variable list : List [element] : A | CollectionFlow.cs:16:49:16:52 | list : List [element] : A | provenance | | | CollectionFlow.cs:359:24:359:27 | access to local variable list : List [element] : A | CollectionFlow.cs:24:43:24:46 | list : List [element] : A | provenance | | | CollectionFlow.cs:359:24:359:27 | access to local variable list : List [element] : A | CollectionFlow.cs:359:14:359:28 | call to method ListFirst | provenance | | @@ -260,7 +263,7 @@ edges | CollectionFlow.cs:435:17:435:17 | access to local variable l : List [element] : A | CollectionFlow.cs:436:14:436:14 | access to local variable l : List [element] : A | provenance | | | CollectionFlow.cs:435:21:435:23 | [...] : List [element] : A | CollectionFlow.cs:435:17:435:17 | access to local variable l : List [element] : A | provenance | | | CollectionFlow.cs:435:22:435:22 | access to local variable a : A | CollectionFlow.cs:435:21:435:23 | [...] : List [element] : A | provenance | | -| CollectionFlow.cs:436:14:436:14 | access to local variable l : List [element] : A | CollectionFlow.cs:436:14:436:17 | access to indexer | provenance | | +| CollectionFlow.cs:436:14:436:14 | access to local variable l : List [element] : A | CollectionFlow.cs:436:14:436:17 | access to indexer | provenance | MaD:617 | | CollectionFlow.cs:447:13:447:13 | access to local variable a : A | CollectionFlow.cs:448:21:448:21 | access to local variable a : A | provenance | | | CollectionFlow.cs:447:17:447:23 | object creation of type A : A | CollectionFlow.cs:447:13:447:13 | access to local variable a : A | provenance | | | CollectionFlow.cs:448:13:448:16 | access to local variable temp : A[] [element] : A | CollectionFlow.cs:449:22:449:28 | .. access to local variable temp : A[] [element] : A | provenance | | @@ -273,38 +276,38 @@ edges | CollectionFlow.cs:487:17:487:23 | object creation of type A : A | CollectionFlow.cs:487:13:487:13 | access to local variable a : A | provenance | | | CollectionFlow.cs:488:17:488:20 | access to local variable span : Span [element] : A | CollectionFlow.cs:489:14:489:17 | access to local variable span : Span [element] : A | provenance | | | CollectionFlow.cs:488:24:488:41 | object creation of type Span : Span [element] : A | CollectionFlow.cs:488:17:488:20 | access to local variable span : Span [element] : A | provenance | | -| CollectionFlow.cs:488:40:488:40 | access to local variable a : A | CollectionFlow.cs:488:24:488:41 | object creation of type Span : Span [element] : A | provenance | | -| CollectionFlow.cs:489:14:489:17 | access to local variable span : Span [element] : A | CollectionFlow.cs:489:14:489:20 | access to indexer | provenance | | +| CollectionFlow.cs:488:40:488:40 | access to local variable a : A | CollectionFlow.cs:488:24:488:41 | object creation of type Span : Span [element] : A | provenance | MaD:2646 | +| CollectionFlow.cs:489:14:489:17 | access to local variable span : Span [element] : A | CollectionFlow.cs:489:14:489:20 | access to indexer | provenance | MaD:2642 | | CollectionFlow.cs:494:13:494:13 | access to local variable a : A | CollectionFlow.cs:495:40:495:40 | access to local variable a : A | provenance | | | CollectionFlow.cs:494:17:494:23 | object creation of type A : A | CollectionFlow.cs:494:13:494:13 | access to local variable a : A | provenance | | | CollectionFlow.cs:495:17:495:20 | access to local variable span : Span [element] : A | CollectionFlow.cs:496:19:496:22 | access to local variable span : Span [element] : A | provenance | | | CollectionFlow.cs:495:24:495:41 | object creation of type Span : Span [element] : A | CollectionFlow.cs:495:17:495:20 | access to local variable span : Span [element] : A | provenance | | -| CollectionFlow.cs:495:40:495:40 | access to local variable a : A | CollectionFlow.cs:495:24:495:41 | object creation of type Span : Span [element] : A | provenance | | +| CollectionFlow.cs:495:40:495:40 | access to local variable a : A | CollectionFlow.cs:495:24:495:41 | object creation of type Span : Span [element] : A | provenance | MaD:2646 | | CollectionFlow.cs:496:13:496:15 | access to local variable arr : T[] [element] : A | CollectionFlow.cs:497:14:497:16 | access to local variable arr : T[] [element] : A | provenance | | -| CollectionFlow.cs:496:19:496:22 | access to local variable span : Span [element] : A | CollectionFlow.cs:496:19:496:32 | call to method ToArray : T[] [element] : A | provenance | | +| CollectionFlow.cs:496:19:496:22 | access to local variable span : Span [element] : A | CollectionFlow.cs:496:19:496:32 | call to method ToArray : T[] [element] : A | provenance | MaD:2649 | | CollectionFlow.cs:496:19:496:32 | call to method ToArray : T[] [element] : A | CollectionFlow.cs:496:13:496:15 | access to local variable arr : T[] [element] : A | provenance | | | CollectionFlow.cs:497:14:497:16 | access to local variable arr : T[] [element] : A | CollectionFlow.cs:497:14:497:19 | access to array element | provenance | | | CollectionFlow.cs:502:13:502:13 | access to local variable a : A | CollectionFlow.cs:503:21:503:21 | access to local variable a : A | provenance | | | CollectionFlow.cs:502:17:502:23 | object creation of type A : A | CollectionFlow.cs:502:13:502:13 | access to local variable a : A | provenance | | | CollectionFlow.cs:503:9:503:14 | [post] access to parameter target : Span [element] : A | CollectionFlow.cs:504:14:504:19 | access to parameter target : Span [element] : A | provenance | | -| CollectionFlow.cs:503:21:503:21 | access to local variable a : A | CollectionFlow.cs:503:9:503:14 | [post] access to parameter target : Span [element] : A | provenance | | -| CollectionFlow.cs:504:14:504:19 | access to parameter target : Span [element] : A | CollectionFlow.cs:504:14:504:22 | access to indexer | provenance | | +| CollectionFlow.cs:503:21:503:21 | access to local variable a : A | CollectionFlow.cs:503:9:503:14 | [post] access to parameter target : Span [element] : A | provenance | MaD:2641 | +| CollectionFlow.cs:504:14:504:19 | access to parameter target : Span [element] : A | CollectionFlow.cs:504:14:504:22 | access to indexer | provenance | MaD:2642 | | CollectionFlow.cs:509:13:509:18 | access to local variable source : Span [element] : A | CollectionFlow.cs:510:9:510:14 | access to local variable source : Span [element] : A | provenance | | | CollectionFlow.cs:509:22:509:51 | object creation of type Span : Span [element] : A | CollectionFlow.cs:509:13:509:18 | access to local variable source : Span [element] : A | provenance | | -| CollectionFlow.cs:509:34:509:50 | array creation of type A[] : null [element] : A | CollectionFlow.cs:509:22:509:51 | object creation of type Span : Span [element] : A | provenance | | +| CollectionFlow.cs:509:34:509:50 | array creation of type A[] : null [element] : A | CollectionFlow.cs:509:22:509:51 | object creation of type Span : Span [element] : A | provenance | MaD:2647 | | CollectionFlow.cs:509:40:509:50 | { ..., ... } : null [element] : A | CollectionFlow.cs:509:34:509:50 | array creation of type A[] : null [element] : A | provenance | | | CollectionFlow.cs:509:42:509:48 | object creation of type A : A | CollectionFlow.cs:509:40:509:50 | { ..., ... } : null [element] : A | provenance | | -| CollectionFlow.cs:510:9:510:14 | access to local variable source : Span [element] : A | CollectionFlow.cs:510:23:510:28 | [post] access to parameter target : Span [element] : A | provenance | | +| CollectionFlow.cs:510:9:510:14 | access to local variable source : Span [element] : A | CollectionFlow.cs:510:23:510:28 | [post] access to parameter target : Span [element] : A | provenance | MaD:2640 | | CollectionFlow.cs:510:23:510:28 | [post] access to parameter target : Span [element] : A | CollectionFlow.cs:511:14:511:19 | access to parameter target : Span [element] : A | provenance | | -| CollectionFlow.cs:511:14:511:19 | access to parameter target : Span [element] : A | CollectionFlow.cs:511:14:511:22 | access to indexer | provenance | | +| CollectionFlow.cs:511:14:511:19 | access to parameter target : Span [element] : A | CollectionFlow.cs:511:14:511:22 | access to indexer | provenance | MaD:2642 | | CollectionFlow.cs:516:13:516:13 | access to local variable a : A | CollectionFlow.cs:517:60:517:60 | access to local variable a : A | provenance | | | CollectionFlow.cs:516:17:516:23 | object creation of type A : A | CollectionFlow.cs:516:13:516:13 | access to local variable a : A | provenance | | | CollectionFlow.cs:517:25:517:28 | access to local variable span : ReadOnlySpan [element] : A | CollectionFlow.cs:518:14:518:17 | access to local variable span : ReadOnlySpan [element] : A | provenance | | | CollectionFlow.cs:517:32:517:63 | object creation of type ReadOnlySpan : ReadOnlySpan [element] : A | CollectionFlow.cs:517:25:517:28 | access to local variable span : ReadOnlySpan [element] : A | provenance | | -| CollectionFlow.cs:517:52:517:62 | array creation of type A[] : null [element] : A | CollectionFlow.cs:517:32:517:63 | object creation of type ReadOnlySpan : ReadOnlySpan [element] : A | provenance | | +| CollectionFlow.cs:517:52:517:62 | array creation of type A[] : null [element] : A | CollectionFlow.cs:517:32:517:63 | object creation of type ReadOnlySpan : ReadOnlySpan [element] : A | provenance | MaD:2635 | | CollectionFlow.cs:517:58:517:62 | { ..., ... } : null [element] : A | CollectionFlow.cs:517:52:517:62 | array creation of type A[] : null [element] : A | provenance | | | CollectionFlow.cs:517:60:517:60 | access to local variable a : A | CollectionFlow.cs:517:58:517:62 | { ..., ... } : null [element] : A | provenance | | -| CollectionFlow.cs:518:14:518:17 | access to local variable span : ReadOnlySpan [element] : A | CollectionFlow.cs:518:14:518:20 | access to indexer | provenance | | +| CollectionFlow.cs:518:14:518:17 | access to local variable span : ReadOnlySpan [element] : A | CollectionFlow.cs:518:14:518:20 | access to indexer | provenance | MaD:2630 | nodes | CollectionFlow.cs:14:40:14:41 | ts : A[] [element] : A | semmle.label | ts : A[] [element] : A | | CollectionFlow.cs:14:40:14:41 | ts : null [element] : A | semmle.label | ts : null [element] : A | diff --git a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected index 42bc2666fc19..6f7b007ceab1 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected +++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected @@ -2,95 +2,95 @@ invalidModelRow edges | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | provenance | | | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | provenance | | -| ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | provenance | | +| ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | provenance | MaD:0 | | ExternalFlow.cs:15:20:15:25 | access to local variable argIn1 : Object | ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | provenance | | | ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | ExternalFlow.cs:15:20:15:25 | access to local variable argIn1 : Object | provenance | | | ExternalFlow.cs:16:20:16:26 | access to local variable argOut1 : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | provenance | | | ExternalFlow.cs:16:30:16:41 | object creation of type Object : Object | ExternalFlow.cs:16:20:16:26 | access to local variable argOut1 : Object | provenance | | -| ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | provenance | | +| ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | provenance | MaD:1 | | ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | provenance | | | ExternalFlow.cs:23:20:23:23 | access to local variable arg2 : Object | ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | provenance | | | ExternalFlow.cs:23:27:23:38 | object creation of type Object : Object | ExternalFlow.cs:23:20:23:23 | access to local variable arg2 : Object | provenance | | | ExternalFlow.cs:24:13:24:29 | [post] this access : D | ExternalFlow.cs:25:18:25:21 | this access | provenance | | -| ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | ExternalFlow.cs:24:13:24:29 | [post] this access : D | provenance | | +| ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | ExternalFlow.cs:24:13:24:29 | [post] this access : D | provenance | MaD:2 | | ExternalFlow.cs:30:13:30:16 | [post] this access : D [field Field] : Object | ExternalFlow.cs:31:18:31:21 | this access : D [field Field] : Object | provenance | | | ExternalFlow.cs:30:26:30:37 | object creation of type Object : Object | ExternalFlow.cs:30:13:30:16 | [post] this access : D [field Field] : Object | provenance | | -| ExternalFlow.cs:31:18:31:21 | this access : D [field Field] : Object | ExternalFlow.cs:31:18:31:39 | call to method StepFieldGetter | provenance | | +| ExternalFlow.cs:31:18:31:21 | this access : D [field Field] : Object | ExternalFlow.cs:31:18:31:39 | call to method StepFieldGetter | provenance | MaD:3 | | ExternalFlow.cs:36:19:36:62 | (...) ... : D [field Field] : Object | ExternalFlow.cs:36:18:36:69 | access to field Field | provenance | | | ExternalFlow.cs:36:22:36:25 | [post] this access : D [field Field] : Object | ExternalFlow.cs:37:18:37:21 | this access : D [field Field] : Object | provenance | | | ExternalFlow.cs:36:22:36:55 | call to method StepFieldSetter : D [field Field2, field Field] : Object | ExternalFlow.cs:36:22:36:62 | access to field Field2 : Object [field Field] : Object | provenance | | | ExternalFlow.cs:36:22:36:62 | access to field Field2 : Object [field Field] : Object | ExternalFlow.cs:36:19:36:62 | (...) ... : D [field Field] : Object | provenance | | -| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:25 | [post] this access : D [field Field] : Object | provenance | | -| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:55 | call to method StepFieldSetter : D [field Field2, field Field] : Object | provenance | | +| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:25 | [post] this access : D [field Field] : Object | provenance | MaD:4 | +| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:55 | call to method StepFieldSetter : D [field Field2, field Field] : Object | provenance | MaD:4+MaD:5 | | ExternalFlow.cs:37:18:37:21 | this access : D [field Field] : Object | ExternalFlow.cs:37:18:37:27 | access to field Field | provenance | | | ExternalFlow.cs:42:13:42:16 | [post] this access : D [property Property] : Object | ExternalFlow.cs:43:18:43:21 | this access : D [property Property] : Object | provenance | | | ExternalFlow.cs:42:29:42:40 | object creation of type Object : Object | ExternalFlow.cs:42:13:42:16 | [post] this access : D [property Property] : Object | provenance | | -| ExternalFlow.cs:43:18:43:21 | this access : D [property Property] : Object | ExternalFlow.cs:43:18:43:42 | call to method StepPropertyGetter | provenance | | +| ExternalFlow.cs:43:18:43:21 | this access : D [property Property] : Object | ExternalFlow.cs:43:18:43:42 | call to method StepPropertyGetter | provenance | MaD:6 | | ExternalFlow.cs:48:13:48:16 | [post] this access : D [property Property] : Object | ExternalFlow.cs:49:18:49:21 | this access : D [property Property] : Object | provenance | | -| ExternalFlow.cs:48:37:48:48 | object creation of type Object : Object | ExternalFlow.cs:48:13:48:16 | [post] this access : D [property Property] : Object | provenance | | +| ExternalFlow.cs:48:37:48:48 | object creation of type Object : Object | ExternalFlow.cs:48:13:48:16 | [post] this access : D [property Property] : Object | provenance | MaD:7 | | ExternalFlow.cs:49:18:49:21 | this access : D [property Property] : Object | ExternalFlow.cs:49:18:49:30 | access to property Property | provenance | | | ExternalFlow.cs:54:13:54:16 | [post] this access : D [element] : Object | ExternalFlow.cs:55:18:55:21 | this access : D [element] : Object | provenance | | -| ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | ExternalFlow.cs:54:13:54:16 | [post] this access : D [element] : Object | provenance | | -| ExternalFlow.cs:55:18:55:21 | this access : D [element] : Object | ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter | provenance | | +| ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | ExternalFlow.cs:54:13:54:16 | [post] this access : D [element] : Object | provenance | MaD:9 | +| ExternalFlow.cs:55:18:55:21 | this access : D [element] : Object | ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter | provenance | MaD:8 | | ExternalFlow.cs:60:35:60:35 | o : Object | ExternalFlow.cs:60:47:60:47 | access to parameter o | provenance | | -| ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | ExternalFlow.cs:60:35:60:35 | o : Object | provenance | | +| ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | ExternalFlow.cs:60:35:60:35 | o : Object | provenance | MaD:10 | | ExternalFlow.cs:65:17:65:17 | access to local variable o : Object | ExternalFlow.cs:66:18:66:18 | access to local variable o | provenance | | | ExternalFlow.cs:65:21:65:60 | call to method Apply : Object | ExternalFlow.cs:65:17:65:17 | access to local variable o : Object | provenance | | -| ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | ExternalFlow.cs:65:21:65:60 | call to method Apply : Object | provenance | | +| ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | ExternalFlow.cs:65:21:65:60 | call to method Apply : Object | provenance | MaD:11 | | ExternalFlow.cs:71:17:71:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:72:17:72:20 | access to local variable objs : null [element] : Object | provenance | | | ExternalFlow.cs:71:30:71:45 | { ..., ... } : null [element] : Object | ExternalFlow.cs:71:17:71:20 | access to local variable objs : null [element] : Object | provenance | | | ExternalFlow.cs:71:32:71:43 | object creation of type Object : Object | ExternalFlow.cs:71:30:71:45 | { ..., ... } : null [element] : Object | provenance | | -| ExternalFlow.cs:72:17:72:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:72:23:72:23 | o : Object | provenance | | +| ExternalFlow.cs:72:17:72:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:72:23:72:23 | o : Object | provenance | MaD:14 | | ExternalFlow.cs:72:23:72:23 | o : Object | ExternalFlow.cs:72:35:72:35 | access to parameter o | provenance | | | ExternalFlow.cs:77:17:77:20 | access to local variable objs : T[] [element] : Object | ExternalFlow.cs:78:18:78:21 | access to local variable objs : T[] [element] : Object | provenance | | | ExternalFlow.cs:77:24:77:58 | call to method Map : T[] [element] : Object | ExternalFlow.cs:77:17:77:20 | access to local variable objs : T[] [element] : Object | provenance | | -| ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | ExternalFlow.cs:77:24:77:58 | call to method Map : T[] [element] : Object | provenance | | +| ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | ExternalFlow.cs:77:24:77:58 | call to method Map : T[] [element] : Object | provenance | MaD:15 | | ExternalFlow.cs:78:18:78:21 | access to local variable objs : T[] [element] : Object | ExternalFlow.cs:78:18:78:24 | access to array element | provenance | | | ExternalFlow.cs:83:17:83:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | provenance | | | ExternalFlow.cs:83:30:83:45 | { ..., ... } : null [element] : Object | ExternalFlow.cs:83:17:83:20 | access to local variable objs : null [element] : Object | provenance | | | ExternalFlow.cs:83:32:83:43 | object creation of type Object : Object | ExternalFlow.cs:83:30:83:45 | { ..., ... } : null [element] : Object | provenance | | | ExternalFlow.cs:84:17:84:21 | access to local variable objs2 : T[] [element] : Object | ExternalFlow.cs:85:18:85:22 | access to local variable objs2 : T[] [element] : Object | provenance | | | ExternalFlow.cs:84:25:84:41 | call to method Map : T[] [element] : Object | ExternalFlow.cs:84:17:84:21 | access to local variable objs2 : T[] [element] : Object | provenance | | -| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:25:84:41 | call to method Map : T[] [element] : Object | provenance | | -| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:35:84:35 | o : Object | provenance | | +| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:25:84:41 | call to method Map : T[] [element] : Object | provenance | MaD:14 | +| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:35:84:35 | o : Object | provenance | MaD:14 | | ExternalFlow.cs:84:35:84:35 | o : Object | ExternalFlow.cs:84:40:84:40 | access to parameter o : Object | provenance | | | ExternalFlow.cs:85:18:85:22 | access to local variable objs2 : T[] [element] : Object | ExternalFlow.cs:85:18:85:25 | access to array element | provenance | | | ExternalFlow.cs:90:17:90:17 | access to local variable s : String | ExternalFlow.cs:91:19:91:19 | access to local variable s : String | provenance | | | ExternalFlow.cs:90:21:90:34 | object creation of type String : String | ExternalFlow.cs:90:17:90:17 | access to local variable s : String | provenance | | -| ExternalFlow.cs:91:19:91:19 | access to local variable s : String | ExternalFlow.cs:91:30:91:30 | Int32 i : Int32 | provenance | | +| ExternalFlow.cs:91:19:91:19 | access to local variable s : String | ExternalFlow.cs:91:30:91:30 | Int32 i : Int32 | provenance | MaD:16 | | ExternalFlow.cs:91:30:91:30 | Int32 i : Int32 | ExternalFlow.cs:92:18:92:18 | (...) ... | provenance | | | ExternalFlow.cs:98:13:98:14 | [post] access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:103:16:103:17 | access to local variable d1 : D [field Field] : Object | provenance | | | ExternalFlow.cs:98:13:98:14 | [post] access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:104:18:104:19 | access to local variable d1 : D [field Field] : Object | provenance | | | ExternalFlow.cs:98:24:98:35 | object creation of type Object : Object | ExternalFlow.cs:98:13:98:14 | [post] access to local variable d1 : D [field Field] : Object | provenance | | | ExternalFlow.cs:100:20:100:20 | d : Object | ExternalFlow.cs:102:22:102:22 | access to parameter d | provenance | | -| ExternalFlow.cs:103:16:103:17 | access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:100:20:100:20 | d : Object | provenance | | +| ExternalFlow.cs:103:16:103:17 | access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:100:20:100:20 | d : Object | provenance | MaD:12 | | ExternalFlow.cs:104:18:104:19 | access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:104:18:104:25 | access to field Field | provenance | | | ExternalFlow.cs:111:13:111:13 | [post] access to local variable f : F [field MyField] : Object | ExternalFlow.cs:112:18:112:18 | access to local variable f : F [field MyField] : Object | provenance | | -| ExternalFlow.cs:111:24:111:35 | object creation of type Object : Object | ExternalFlow.cs:111:13:111:13 | [post] access to local variable f : F [field MyField] : Object | provenance | | -| ExternalFlow.cs:112:18:112:18 | access to local variable f : F [field MyField] : Object | ExternalFlow.cs:112:18:112:25 | access to property MyProp | provenance | | +| ExternalFlow.cs:111:24:111:35 | object creation of type Object : Object | ExternalFlow.cs:111:13:111:13 | [post] access to local variable f : F [field MyField] : Object | provenance | MaD:19 | +| ExternalFlow.cs:112:18:112:18 | access to local variable f : F [field MyField] : Object | ExternalFlow.cs:112:18:112:25 | access to property MyProp | provenance | MaD:18 | | ExternalFlow.cs:117:17:117:17 | access to local variable a : null [element] : Object | ExternalFlow.cs:118:29:118:29 | access to local variable a : null [element] : Object | provenance | | | ExternalFlow.cs:117:34:117:49 | { ..., ... } : null [element] : Object | ExternalFlow.cs:117:17:117:17 | access to local variable a : null [element] : Object | provenance | | | ExternalFlow.cs:117:36:117:47 | object creation of type Object : Object | ExternalFlow.cs:117:34:117:49 | { ..., ... } : null [element] : Object | provenance | | | ExternalFlow.cs:118:17:118:17 | access to local variable b : null [element] : Object | ExternalFlow.cs:120:18:120:18 | access to local variable b : null [element] : Object | provenance | | | ExternalFlow.cs:118:21:118:30 | call to method Reverse : null [element] : Object | ExternalFlow.cs:118:17:118:17 | access to local variable b : null [element] : Object | provenance | | -| ExternalFlow.cs:118:29:118:29 | access to local variable a : null [element] : Object | ExternalFlow.cs:118:21:118:30 | call to method Reverse : null [element] : Object | provenance | | +| ExternalFlow.cs:118:29:118:29 | access to local variable a : null [element] : Object | ExternalFlow.cs:118:21:118:30 | call to method Reverse : null [element] : Object | provenance | MaD:17 | | ExternalFlow.cs:120:18:120:18 | access to local variable b : null [element] : Object | ExternalFlow.cs:120:18:120:21 | access to array element | provenance | | | ExternalFlow.cs:205:17:205:18 | access to local variable o2 : Object | ExternalFlow.cs:206:38:206:39 | access to local variable o2 : Object | provenance | | | ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | ExternalFlow.cs:205:17:205:18 | access to local variable o2 : Object | provenance | | -| ExternalFlow.cs:206:38:206:39 | access to local variable o2 : Object | ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs | provenance | | +| ExternalFlow.cs:206:38:206:39 | access to local variable o2 : Object | ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs | provenance | MaD:24 | | ExternalFlow.cs:211:17:211:18 | access to local variable o1 : Object | ExternalFlow.cs:212:52:212:53 | access to local variable o1 : Object | provenance | | | ExternalFlow.cs:211:22:211:33 | object creation of type Object : Object | ExternalFlow.cs:211:17:211:18 | access to local variable o1 : Object | provenance | | -| ExternalFlow.cs:212:52:212:53 | access to local variable o1 : Object | ExternalFlow.cs:212:18:212:54 | call to method GeneratedFlowWithGeneratedNeutral | provenance | | +| ExternalFlow.cs:212:52:212:53 | access to local variable o1 : Object | ExternalFlow.cs:212:18:212:54 | call to method GeneratedFlowWithGeneratedNeutral | provenance | MaD:25 | | ExternalFlow.cs:244:17:244:17 | access to local variable h : HC | ExternalFlow.cs:245:21:245:21 | access to local variable h : HC | provenance | | | ExternalFlow.cs:244:21:244:28 | object creation of type HC : HC | ExternalFlow.cs:244:17:244:17 | access to local variable h : HC | provenance | | | ExternalFlow.cs:245:17:245:17 | access to local variable o : HC | ExternalFlow.cs:246:18:246:18 | access to local variable o | provenance | | -| ExternalFlow.cs:245:21:245:21 | access to local variable h : HC | ExternalFlow.cs:245:21:245:39 | call to method ExtensionMethod : HC | provenance | | +| ExternalFlow.cs:245:21:245:21 | access to local variable h : HC | ExternalFlow.cs:245:21:245:39 | call to method ExtensionMethod : HC | provenance | MaD:27 | | ExternalFlow.cs:245:21:245:39 | call to method ExtensionMethod : HC | ExternalFlow.cs:245:17:245:17 | access to local variable o : HC | provenance | | | ExternalFlow.cs:262:13:262:13 | [post] access to parameter a : MyInlineArray [element] : Object | ExternalFlow.cs:263:30:263:30 | access to parameter a : MyInlineArray [element] : Object | provenance | | | ExternalFlow.cs:262:20:262:31 | object creation of type Object : Object | ExternalFlow.cs:262:13:262:13 | [post] access to parameter a : MyInlineArray [element] : Object | provenance | | | ExternalFlow.cs:263:17:263:17 | access to local variable b : Object | ExternalFlow.cs:264:18:264:18 | access to local variable b | provenance | | | ExternalFlow.cs:263:21:263:31 | call to method GetFirst : Object | ExternalFlow.cs:263:17:263:17 | access to local variable b : Object | provenance | | -| ExternalFlow.cs:263:30:263:30 | access to parameter a : MyInlineArray [element] : Object | ExternalFlow.cs:263:21:263:31 | call to method GetFirst : Object | provenance | | +| ExternalFlow.cs:263:30:263:30 | access to parameter a : MyInlineArray [element] : Object | ExternalFlow.cs:263:21:263:31 | call to method GetFirst : Object | provenance | MaD:28 | nodes | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | semmle.label | access to local variable arg1 : Object | | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | semmle.label | object creation of type Object : Object | diff --git a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected index 67c1d0553b6f..22a4ab8250f3 100644 --- a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected @@ -12,7 +12,9 @@ edges | Capture.cs:25:9:25:18 | access to local function CaptureIn2 : CaptureIn2 [captured tainted] : String | Capture.cs:23:13:23:13 | access to local function M : M [captured tainted] : String | provenance | | | Capture.cs:29:17:29:22 | access to local variable sink29 : String | Capture.cs:30:19:30:24 | access to local variable sink29 | provenance | | | Capture.cs:29:26:29:32 | access to parameter tainted : String | Capture.cs:29:17:29:22 | access to local variable sink29 : String | provenance | | -| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | | +| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:1300 | +| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:1301 | +| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | heuristic-callback | | Capture.cs:50:50:50:55 | sink39 : String | Capture.cs:52:23:59:13 | (...) => ... : (...) => ... [captured sink39] : String | provenance | | | Capture.cs:52:23:59:13 | (...) => ... : (...) => ... [captured sink39] : String | Capture.cs:350:34:350:34 | a : (...) => ... [captured sink39] : String | provenance | | | Capture.cs:55:27:58:17 | (...) => ... : (...) => ... [captured sink39] : String | Capture.cs:350:34:350:34 | a : (...) => ... [captured sink39] : String | provenance | | @@ -23,6 +25,7 @@ edges | Capture.cs:81:13:81:13 | [post] access to local function M : M [captured sink31] : String | Capture.cs:83:9:83:19 | [post] access to local function CaptureOut2 : CaptureOut2 [captured sink31] : String | provenance | | | Capture.cs:83:9:83:19 | [post] access to local function CaptureOut2 : CaptureOut2 [captured sink31] : String | Capture.cs:84:15:84:20 | access to local variable sink31 | provenance | | | Capture.cs:89:22:89:35 | "taint source" : String | Capture.cs:92:30:92:40 | [post] access to local variable captureOut3 : (...) => ... [captured sink32] : String | provenance | | +| Capture.cs:89:22:89:35 | "taint source" : String | Capture.cs:92:30:92:40 | [post] access to local variable captureOut3 : (...) => ... [captured sink32] : String | provenance | heuristic-callback | | Capture.cs:92:30:92:40 | [post] access to local variable captureOut3 : (...) => ... [captured sink32] : String | Capture.cs:93:15:93:20 | access to local variable sink32 | provenance | | | Capture.cs:114:23:117:13 | [post] (...) => ... : (...) => ... [captured sink40] : String | Capture.cs:123:9:123:33 | [post] access to local function CaptureOutMultipleLambdas : CaptureOutMultipleLambdas [captured sink40] : String | provenance | | | Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | [post] access to parameter a : (...) => ... [captured sink40] : String | provenance | | @@ -42,8 +45,12 @@ edges | Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | Capture.cs:144:13:144:13 | access to local function M : M [captured tainted] : String | provenance | | | Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | Capture.cs:146:9:146:23 | [post] access to local function CaptureThrough2 : CaptureThrough2 [captured sink34] : String | provenance | | | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | Capture.cs:156:15:156:20 | access to local variable sink35 | provenance | | -| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | | -| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:1300 | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:1301 | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | heuristic-callback | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:1300 | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:1301 | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | heuristic-callback | | Capture.cs:162:13:162:18 | access to local variable sink36 : String | Capture.cs:163:15:163:20 | access to local variable sink36 | provenance | | | Capture.cs:162:22:162:36 | access to local function CaptureThrough4 : CaptureThrough4 [captured tainted] : String | Capture.cs:160:20:160:26 | access to parameter tainted : String | provenance | | | Capture.cs:162:22:162:36 | access to local function CaptureThrough4 : CaptureThrough4 [captured tainted] : String | Capture.cs:162:22:162:38 | call to local function CaptureThrough4 : String | provenance | | @@ -71,9 +78,11 @@ edges | Capture.cs:223:31:223:44 | "taint source" : String | Capture.cs:223:28:223:45 | call to method M3 : (...) => ... [captured s] : String | provenance | | | Capture.cs:228:17:228:30 | "taint source" : String | Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | provenance | | | Capture.cs:228:17:228:30 | "taint source" : String | Capture.cs:234:15:234:15 | access to local variable x | provenance | | -| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | | +| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | MaD:633 | +| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | heuristic-callback | | Capture.cs:229:20:233:9 | [post] (...) => ... : (...) => ... [captured x] : String | Capture.cs:234:15:234:15 | access to local variable x | provenance | | | Capture.cs:232:17:232:30 | "taint source" : String | Capture.cs:229:20:233:9 | [post] (...) => ... : (...) => ... [captured x] : String | provenance | | +| Capture.cs:232:17:232:30 | "taint source" : String | Capture.cs:229:20:233:9 | [post] (...) => ... : (...) => ... [captured x] : String | provenance | heuristic-callback | | Capture.cs:242:9:242:9 | [post] access to local variable c : Capture [field Field] : String | Capture.cs:249:9:249:9 | access to local variable a : Action [captured c, field Field] : String | provenance | | | Capture.cs:242:9:242:9 | [post] access to local variable c : Capture [field Field] : String | Capture.cs:251:15:251:15 | access to local variable c : Capture [field Field] : String | provenance | | | Capture.cs:242:19:242:32 | "taint source" : String | Capture.cs:242:9:242:9 | [post] access to local variable c : Capture [field Field] : String | provenance | | @@ -229,7 +238,7 @@ edges | GlobalDataFlow.cs:79:30:79:34 | access to local variable sink3 : String | GlobalDataFlow.cs:139:29:139:33 | access to local variable sink3 : String | provenance | | | GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | GlobalDataFlow.cs:82:15:82:20 | access to local variable sink13 | provenance | | | GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | GlobalDataFlow.cs:83:59:83:64 | access to local variable sink13 : String | provenance | | -| GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | GlobalDataFlow.cs:81:22:81:93 | call to method First : String | provenance | | +| GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | GlobalDataFlow.cs:81:22:81:93 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:81:22:81:93 | call to method First : String | GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | provenance | | | GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | provenance | | | GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | provenance | | @@ -238,26 +247,26 @@ edges | GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | provenance | | | GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | GlobalDataFlow.cs:84:15:84:20 | access to local variable sink14 | provenance | | | GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | GlobalDataFlow.cs:85:59:85:64 | access to local variable sink14 : String | provenance | | -| GlobalDataFlow.cs:83:22:83:87 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:83:22:83:95 | call to method First : String | provenance | | +| GlobalDataFlow.cs:83:22:83:87 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:83:22:83:95 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:83:22:83:95 | call to method First : String | GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | provenance | | -| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:83:22:83:87 | call to method Select : IEnumerable [element] : String | provenance | | -| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:315:31:315:40 | sinkParam8 : String | provenance | | +| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:83:22:83:87 | call to method Select : IEnumerable [element] : String | provenance | MaD:1300 | +| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:315:31:315:40 | sinkParam8 : String | provenance | MaD:1300 | | GlobalDataFlow.cs:83:57:83:66 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | provenance | | | GlobalDataFlow.cs:83:59:83:64 | access to local variable sink13 : String | GlobalDataFlow.cs:83:57:83:66 | { ..., ... } : null [element] : String | provenance | | | GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | GlobalDataFlow.cs:86:15:86:20 | access to local variable sink15 | provenance | | | GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | GlobalDataFlow.cs:87:106:87:111 | access to local variable sink15 : String | provenance | | -| GlobalDataFlow.cs:85:22:85:128 | call to method Zip : IEnumerable [element] : String | GlobalDataFlow.cs:85:22:85:136 | call to method First : String | provenance | | +| GlobalDataFlow.cs:85:22:85:128 | call to method Zip : IEnumerable [element] : String | GlobalDataFlow.cs:85:22:85:136 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:85:22:85:136 | call to method First : String | GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | provenance | | -| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:22:85:128 | call to method Zip : IEnumerable [element] : String | provenance | | -| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:118:85:118 | x : String | provenance | | +| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:22:85:128 | call to method Zip : IEnumerable [element] : String | provenance | MaD:1378 | +| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:118:85:118 | x : String | provenance | MaD:1378 | | GlobalDataFlow.cs:85:57:85:66 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | provenance | | | GlobalDataFlow.cs:85:59:85:64 | access to local variable sink14 : String | GlobalDataFlow.cs:85:57:85:66 | { ..., ... } : null [element] : String | provenance | | | GlobalDataFlow.cs:85:118:85:118 | x : String | GlobalDataFlow.cs:85:127:85:127 | access to parameter x : String | provenance | | | GlobalDataFlow.cs:87:13:87:18 | access to local variable sink16 : String | GlobalDataFlow.cs:88:15:88:20 | access to local variable sink16 | provenance | | -| GlobalDataFlow.cs:87:22:87:128 | call to method Zip : IEnumerable [element] : String | GlobalDataFlow.cs:87:22:87:136 | call to method First : String | provenance | | +| GlobalDataFlow.cs:87:22:87:128 | call to method Zip : IEnumerable [element] : String | GlobalDataFlow.cs:87:22:87:136 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:87:22:87:136 | call to method First : String | GlobalDataFlow.cs:87:13:87:18 | access to local variable sink16 : String | provenance | | -| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:22:87:128 | call to method Zip : IEnumerable [element] : String | provenance | | -| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:121:87:121 | y : String | provenance | | +| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:22:87:128 | call to method Zip : IEnumerable [element] : String | provenance | MaD:1379 | +| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:121:87:121 | y : String | provenance | MaD:1379 | | GlobalDataFlow.cs:87:104:87:113 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | provenance | | | GlobalDataFlow.cs:87:106:87:111 | access to local variable sink15 : String | GlobalDataFlow.cs:87:104:87:113 | { ..., ... } : null [element] : String | provenance | | | GlobalDataFlow.cs:87:121:87:121 | y : String | GlobalDataFlow.cs:87:127:87:127 | access to parameter y : String | provenance | | @@ -278,7 +287,7 @@ edges | GlobalDataFlow.cs:160:20:160:24 | access to local variable sink7 : String | GlobalDataFlow.cs:161:15:161:19 | access to local variable sink7 | provenance | | | GlobalDataFlow.cs:163:20:163:24 | access to local variable sink8 : String | GlobalDataFlow.cs:164:15:164:19 | access to local variable sink8 | provenance | | | GlobalDataFlow.cs:165:13:165:18 | access to local variable sink12 : String | GlobalDataFlow.cs:166:15:166:20 | access to local variable sink12 | provenance | | -| GlobalDataFlow.cs:165:22:165:31 | call to method OutYield : IEnumerable [element] : String | GlobalDataFlow.cs:165:22:165:39 | call to method First : String | provenance | | +| GlobalDataFlow.cs:165:22:165:31 | call to method OutYield : IEnumerable [element] : String | GlobalDataFlow.cs:165:22:165:39 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:165:22:165:39 | call to method First : String | GlobalDataFlow.cs:165:13:165:18 | access to local variable sink12 : String | provenance | | | GlobalDataFlow.cs:167:13:167:18 | access to local variable sink23 : String | GlobalDataFlow.cs:168:15:168:20 | access to local variable sink23 | provenance | | | GlobalDataFlow.cs:167:22:167:43 | call to method TaintedParam : String | GlobalDataFlow.cs:167:13:167:18 | access to local variable sink23 : String | provenance | | @@ -293,7 +302,7 @@ edges | GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable [element] : String | provenance | | | GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable [element] : String | provenance | | | GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable [element] : String | provenance | | -| GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable : IQueryable [element] : String | provenance | | +| GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable : IQueryable [element] : String | provenance | MaD:1647 | | GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable : IQueryable [element] : String | GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable [element] : String | provenance | | | GlobalDataFlow.cs:211:44:211:61 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | provenance | | | GlobalDataFlow.cs:211:46:211:59 | "taint source" : String | GlobalDataFlow.cs:211:44:211:61 | { ..., ... } : null [element] : String | provenance | | @@ -303,24 +312,24 @@ edges | GlobalDataFlow.cs:215:89:215:89 | access to parameter x : String | GlobalDataFlow.cs:215:76:215:90 | call to method ReturnCheck2 : String | provenance | | | GlobalDataFlow.cs:215:89:215:89 | access to parameter x : String | GlobalDataFlow.cs:321:32:321:41 | sinkParam9 : String | provenance | | | GlobalDataFlow.cs:216:13:216:18 | access to local variable sink24 : String | GlobalDataFlow.cs:217:15:217:20 | access to local variable sink24 | provenance | | -| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:214:35:214:45 | sinkParam10 : String | provenance | | -| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:216:22:216:39 | call to method Select : IEnumerable [element] : String | provenance | | -| GlobalDataFlow.cs:216:22:216:39 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:216:22:216:47 | call to method First : String | provenance | | +| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:214:35:214:45 | sinkParam10 : String | provenance | MaD:1300 | +| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:216:22:216:39 | call to method Select : IEnumerable [element] : String | provenance | MaD:1300 | +| GlobalDataFlow.cs:216:22:216:39 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:216:22:216:47 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:216:22:216:47 | call to method First : String | GlobalDataFlow.cs:216:13:216:18 | access to local variable sink24 : String | provenance | | | GlobalDataFlow.cs:218:13:218:18 | access to local variable sink25 : String | GlobalDataFlow.cs:219:15:219:20 | access to local variable sink25 | provenance | | -| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:215:71:215:71 | x : String | provenance | | -| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:218:22:218:39 | call to method Select : IQueryable [element] : String | provenance | | -| GlobalDataFlow.cs:218:22:218:39 | call to method Select : IQueryable [element] : String | GlobalDataFlow.cs:218:22:218:47 | call to method First : String | provenance | | +| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:215:71:215:71 | x : String | provenance | MaD:1744 | +| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:218:22:218:39 | call to method Select : IQueryable [element] : String | provenance | MaD:1744 | +| GlobalDataFlow.cs:218:22:218:39 | call to method Select : IQueryable [element] : String | GlobalDataFlow.cs:218:22:218:47 | call to method First : String | provenance | MaD:1671 | | GlobalDataFlow.cs:218:22:218:47 | call to method First : String | GlobalDataFlow.cs:218:13:218:18 | access to local variable sink25 : String | provenance | | | GlobalDataFlow.cs:220:13:220:18 | access to local variable sink26 : String | GlobalDataFlow.cs:221:15:221:20 | access to local variable sink26 | provenance | | -| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:220:22:220:49 | call to method Select : IEnumerable [element] : String | provenance | | -| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | provenance | | -| GlobalDataFlow.cs:220:22:220:49 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:220:22:220:57 | call to method First : String | provenance | | +| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:220:22:220:49 | call to method Select : IEnumerable [element] : String | provenance | MaD:1300 | +| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | provenance | MaD:1300 | +| GlobalDataFlow.cs:220:22:220:49 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:220:22:220:57 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:220:22:220:57 | call to method First : String | GlobalDataFlow.cs:220:13:220:18 | access to local variable sink26 : String | provenance | | | GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:242:22:242:25 | access to local variable task : Task [property Result] : String | provenance | | | GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:244:28:244:31 | access to local variable task : Task [property Result] : String | provenance | | | GlobalDataFlow.cs:241:20:241:49 | call to method Run : Task [property Result] : String | GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task [property Result] : String | provenance | | -| GlobalDataFlow.cs:241:35:241:48 | "taint source" : String | GlobalDataFlow.cs:241:20:241:49 | call to method Run : Task [property Result] : String | provenance | | +| GlobalDataFlow.cs:241:35:241:48 | "taint source" : String | GlobalDataFlow.cs:241:20:241:49 | call to method Run : Task [property Result] : String | provenance | MaD:1998 | | GlobalDataFlow.cs:242:13:242:18 | access to local variable sink41 : String | GlobalDataFlow.cs:243:15:243:20 | access to local variable sink41 | provenance | | | GlobalDataFlow.cs:242:22:242:25 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:242:22:242:32 | access to property Result : String | provenance | | | GlobalDataFlow.cs:242:22:242:32 | access to property Result : String | GlobalDataFlow.cs:242:13:242:18 | access to local variable sink41 : String | provenance | | @@ -351,7 +360,7 @@ edges | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | GlobalDataFlow.cs:329:15:329:25 | access to parameter sinkParam11 | provenance | | | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | GlobalDataFlow.cs:330:16:330:26 | access to parameter sinkParam11 : String | provenance | | | GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:157:21:157:25 | call to method Out : String | provenance | | -| GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:193:22:193:42 | object creation of type Lazy : Lazy [property Value] : String | provenance | | +| GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:193:22:193:42 | object creation of type Lazy : Lazy [property Value] : String | provenance | MaD:2616 | | GlobalDataFlow.cs:346:9:346:9 | access to parameter x : String | GlobalDataFlow.cs:160:20:160:24 | access to local variable sink7 : String | provenance | | | GlobalDataFlow.cs:346:13:346:26 | "taint source" : String | GlobalDataFlow.cs:346:9:346:9 | access to parameter x : String | provenance | | | GlobalDataFlow.cs:351:9:351:9 | access to parameter x : String | GlobalDataFlow.cs:163:20:163:24 | access to local variable sink8 : String | provenance | | @@ -385,15 +394,15 @@ edges | GlobalDataFlow.cs:438:22:438:35 | "taint source" : String | GlobalDataFlow.cs:201:22:201:32 | access to property OutProperty : String | provenance | | | GlobalDataFlow.cs:457:13:457:16 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | provenance | | | GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | GlobalDataFlow.cs:457:13:457:16 | access to local variable task : Task [property Result] : String | provenance | | -| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | provenance | | +| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | provenance | MaD:1998 | | GlobalDataFlow.cs:458:13:458:21 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | -| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | +| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:2010 | | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:458:13:458:21 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | | GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | -| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | +| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:1826 | | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | | GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | provenance | | -| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | | +| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | MaD:1827 | | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | provenance | | | GlobalDataFlow.cs:466:53:466:55 | arg : String | GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | provenance | | | GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected index de58feb32215..5cdb4beb1ee7 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected @@ -12,7 +12,9 @@ edges | Capture.cs:25:9:25:18 | access to local function CaptureIn2 : CaptureIn2 [captured tainted] : String | Capture.cs:23:13:23:13 | access to local function M : M [captured tainted] : String | provenance | | | Capture.cs:29:17:29:22 | access to local variable sink29 : String | Capture.cs:30:19:30:24 | access to local variable sink29 | provenance | | | Capture.cs:29:26:29:32 | access to parameter tainted : String | Capture.cs:29:17:29:22 | access to local variable sink29 : String | provenance | | -| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | | +| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:1300 | +| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:1301 | +| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | heuristic-callback | | Capture.cs:50:50:50:55 | sink39 : String | Capture.cs:52:23:59:13 | (...) => ... : (...) => ... [captured sink39] : String | provenance | | | Capture.cs:52:23:59:13 | (...) => ... : (...) => ... [captured sink39] : String | Capture.cs:350:34:350:34 | a : (...) => ... [captured sink39] : String | provenance | | | Capture.cs:55:27:58:17 | (...) => ... : (...) => ... [captured sink39] : String | Capture.cs:350:34:350:34 | a : (...) => ... [captured sink39] : String | provenance | | @@ -23,6 +25,7 @@ edges | Capture.cs:81:13:81:13 | [post] access to local function M : M [captured sink31] : String | Capture.cs:83:9:83:19 | [post] access to local function CaptureOut2 : CaptureOut2 [captured sink31] : String | provenance | | | Capture.cs:83:9:83:19 | [post] access to local function CaptureOut2 : CaptureOut2 [captured sink31] : String | Capture.cs:84:15:84:20 | access to local variable sink31 | provenance | | | Capture.cs:89:22:89:35 | "taint source" : String | Capture.cs:92:30:92:40 | [post] access to local variable captureOut3 : (...) => ... [captured sink32] : String | provenance | | +| Capture.cs:89:22:89:35 | "taint source" : String | Capture.cs:92:30:92:40 | [post] access to local variable captureOut3 : (...) => ... [captured sink32] : String | provenance | heuristic-callback | | Capture.cs:92:30:92:40 | [post] access to local variable captureOut3 : (...) => ... [captured sink32] : String | Capture.cs:93:15:93:20 | access to local variable sink32 | provenance | | | Capture.cs:114:23:117:13 | [post] (...) => ... : (...) => ... [captured sink40] : String | Capture.cs:123:9:123:33 | [post] access to local function CaptureOutMultipleLambdas : CaptureOutMultipleLambdas [captured sink40] : String | provenance | | | Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | [post] access to parameter a : (...) => ... [captured sink40] : String | provenance | | @@ -42,8 +45,12 @@ edges | Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | Capture.cs:144:13:144:13 | access to local function M : M [captured tainted] : String | provenance | | | Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | Capture.cs:146:9:146:23 | [post] access to local function CaptureThrough2 : CaptureThrough2 [captured sink34] : String | provenance | | | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | Capture.cs:156:15:156:20 | access to local variable sink35 | provenance | | -| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | | -| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:1300 | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:1301 | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | heuristic-callback | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:1300 | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:1301 | +| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | heuristic-callback | | Capture.cs:162:13:162:18 | access to local variable sink36 : String | Capture.cs:163:15:163:20 | access to local variable sink36 | provenance | | | Capture.cs:162:22:162:36 | access to local function CaptureThrough4 : CaptureThrough4 [captured tainted] : String | Capture.cs:160:20:160:26 | access to parameter tainted : String | provenance | | | Capture.cs:162:22:162:36 | access to local function CaptureThrough4 : CaptureThrough4 [captured tainted] : String | Capture.cs:162:22:162:38 | call to local function CaptureThrough4 : String | provenance | | @@ -71,9 +78,11 @@ edges | Capture.cs:223:31:223:44 | "taint source" : String | Capture.cs:223:28:223:45 | call to method M3 : (...) => ... [captured s] : String | provenance | | | Capture.cs:228:17:228:30 | "taint source" : String | Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | provenance | | | Capture.cs:228:17:228:30 | "taint source" : String | Capture.cs:234:15:234:15 | access to local variable x | provenance | | -| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | | +| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | MaD:633 | +| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | heuristic-callback | | Capture.cs:229:20:233:9 | [post] (...) => ... : (...) => ... [captured x] : String | Capture.cs:234:15:234:15 | access to local variable x | provenance | | | Capture.cs:232:17:232:30 | "taint source" : String | Capture.cs:229:20:233:9 | [post] (...) => ... : (...) => ... [captured x] : String | provenance | | +| Capture.cs:232:17:232:30 | "taint source" : String | Capture.cs:229:20:233:9 | [post] (...) => ... : (...) => ... [captured x] : String | provenance | heuristic-callback | | Capture.cs:242:9:242:9 | [post] access to local variable c : Capture [field Field] : String | Capture.cs:249:9:249:9 | access to local variable a : Action [captured c, field Field] : String | provenance | | | Capture.cs:242:9:242:9 | [post] access to local variable c : Capture [field Field] : String | Capture.cs:251:15:251:15 | access to local variable c : Capture [field Field] : String | provenance | | | Capture.cs:242:19:242:32 | "taint source" : String | Capture.cs:242:9:242:9 | [post] access to local variable c : Capture [field Field] : String | provenance | | @@ -229,7 +238,7 @@ edges | GlobalDataFlow.cs:79:30:79:34 | access to local variable sink3 : String | GlobalDataFlow.cs:139:29:139:33 | access to local variable sink3 : String | provenance | | | GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | GlobalDataFlow.cs:82:15:82:20 | access to local variable sink13 | provenance | | | GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | GlobalDataFlow.cs:83:59:83:64 | access to local variable sink13 : String | provenance | | -| GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | GlobalDataFlow.cs:81:22:81:93 | call to method First : String | provenance | | +| GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | GlobalDataFlow.cs:81:22:81:93 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:81:22:81:93 | call to method First : String | GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | provenance | | | GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | provenance | | | GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | provenance | | @@ -240,32 +249,32 @@ edges | GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | GlobalDataFlow.cs:85:59:85:64 | access to local variable sink14 : String | provenance | | | GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | GlobalDataFlow.cs:89:59:89:64 | access to local variable sink14 : String | provenance | | | GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | GlobalDataFlow.cs:91:75:91:80 | access to local variable sink14 : String | provenance | | -| GlobalDataFlow.cs:83:22:83:87 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:83:22:83:95 | call to method First : String | provenance | | +| GlobalDataFlow.cs:83:22:83:87 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:83:22:83:95 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:83:22:83:95 | call to method First : String | GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | provenance | | -| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:83:22:83:87 | call to method Select : IEnumerable [element] : String | provenance | | -| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:315:31:315:40 | sinkParam8 : String | provenance | | +| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:83:22:83:87 | call to method Select : IEnumerable [element] : String | provenance | MaD:1300 | +| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:315:31:315:40 | sinkParam8 : String | provenance | MaD:1300 | | GlobalDataFlow.cs:83:57:83:66 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | provenance | | | GlobalDataFlow.cs:83:59:83:64 | access to local variable sink13 : String | GlobalDataFlow.cs:83:57:83:66 | { ..., ... } : null [element] : String | provenance | | | GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | GlobalDataFlow.cs:86:15:86:20 | access to local variable sink15 | provenance | | | GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | GlobalDataFlow.cs:87:106:87:111 | access to local variable sink15 : String | provenance | | -| GlobalDataFlow.cs:85:22:85:128 | call to method Zip : IEnumerable [element] : String | GlobalDataFlow.cs:85:22:85:136 | call to method First : String | provenance | | +| GlobalDataFlow.cs:85:22:85:128 | call to method Zip : IEnumerable [element] : String | GlobalDataFlow.cs:85:22:85:136 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:85:22:85:136 | call to method First : String | GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | provenance | | -| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:22:85:128 | call to method Zip : IEnumerable [element] : String | provenance | | -| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:118:85:118 | x : String | provenance | | +| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:22:85:128 | call to method Zip : IEnumerable [element] : String | provenance | MaD:1378 | +| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:118:85:118 | x : String | provenance | MaD:1378 | | GlobalDataFlow.cs:85:57:85:66 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | provenance | | | GlobalDataFlow.cs:85:59:85:64 | access to local variable sink14 : String | GlobalDataFlow.cs:85:57:85:66 | { ..., ... } : null [element] : String | provenance | | | GlobalDataFlow.cs:85:118:85:118 | x : String | GlobalDataFlow.cs:85:127:85:127 | access to parameter x : String | provenance | | | GlobalDataFlow.cs:87:13:87:18 | access to local variable sink16 : String | GlobalDataFlow.cs:88:15:88:20 | access to local variable sink16 | provenance | | -| GlobalDataFlow.cs:87:22:87:128 | call to method Zip : IEnumerable [element] : String | GlobalDataFlow.cs:87:22:87:136 | call to method First : String | provenance | | +| GlobalDataFlow.cs:87:22:87:128 | call to method Zip : IEnumerable [element] : String | GlobalDataFlow.cs:87:22:87:136 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:87:22:87:136 | call to method First : String | GlobalDataFlow.cs:87:13:87:18 | access to local variable sink16 : String | provenance | | -| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:22:87:128 | call to method Zip : IEnumerable [element] : String | provenance | | -| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:121:87:121 | y : String | provenance | | +| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:22:87:128 | call to method Zip : IEnumerable [element] : String | provenance | MaD:1379 | +| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:121:87:121 | y : String | provenance | MaD:1379 | | GlobalDataFlow.cs:87:104:87:113 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | provenance | | | GlobalDataFlow.cs:87:106:87:111 | access to local variable sink15 : String | GlobalDataFlow.cs:87:104:87:113 | { ..., ... } : null [element] : String | provenance | | | GlobalDataFlow.cs:87:121:87:121 | y : String | GlobalDataFlow.cs:87:127:87:127 | access to parameter y : String | provenance | | | GlobalDataFlow.cs:89:13:89:18 | access to local variable sink17 : String | GlobalDataFlow.cs:90:15:90:20 | access to local variable sink17 | provenance | | | GlobalDataFlow.cs:89:22:89:110 | call to method Aggregate : String | GlobalDataFlow.cs:89:13:89:18 | access to local variable sink17 : String | provenance | | -| GlobalDataFlow.cs:89:23:89:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:89:22:89:110 | call to method Aggregate : String | provenance | | +| GlobalDataFlow.cs:89:23:89:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:89:22:89:110 | call to method Aggregate : String | provenance | MaD:1169 | | GlobalDataFlow.cs:89:57:89:66 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:89:23:89:66 | (...) ... : null [element] : String | provenance | | | GlobalDataFlow.cs:89:59:89:64 | access to local variable sink14 : String | GlobalDataFlow.cs:89:57:89:66 | { ..., ... } : null [element] : String | provenance | | | GlobalDataFlow.cs:91:13:91:18 | access to local variable sink18 : String | GlobalDataFlow.cs:92:15:92:20 | access to local variable sink18 | provenance | | @@ -273,12 +282,12 @@ edges | GlobalDataFlow.cs:91:13:91:18 | access to local variable sink18 : String | GlobalDataFlow.cs:97:23:97:28 | access to local variable sink18 : String | provenance | | | GlobalDataFlow.cs:91:13:91:18 | access to local variable sink18 : String | GlobalDataFlow.cs:100:24:100:29 | access to local variable sink18 : String | provenance | | | GlobalDataFlow.cs:91:22:91:110 | call to method Aggregate : String | GlobalDataFlow.cs:91:13:91:18 | access to local variable sink18 : String | provenance | | -| GlobalDataFlow.cs:91:75:91:80 | access to local variable sink14 : String | GlobalDataFlow.cs:91:22:91:110 | call to method Aggregate : String | provenance | | -| GlobalDataFlow.cs:94:24:94:29 | access to local variable sink18 : String | GlobalDataFlow.cs:94:36:94:41 | access to local variable sink21 : Int32 | provenance | | +| GlobalDataFlow.cs:91:75:91:80 | access to local variable sink14 : String | GlobalDataFlow.cs:91:22:91:110 | call to method Aggregate : String | provenance | MaD:1170 | +| GlobalDataFlow.cs:94:24:94:29 | access to local variable sink18 : String | GlobalDataFlow.cs:94:36:94:41 | access to local variable sink21 : Int32 | provenance | MaD:2614 | | GlobalDataFlow.cs:94:36:94:41 | access to local variable sink21 : Int32 | GlobalDataFlow.cs:95:15:95:20 | access to local variable sink21 | provenance | | -| GlobalDataFlow.cs:97:23:97:28 | access to local variable sink18 : String | GlobalDataFlow.cs:97:35:97:40 | access to local variable sink22 : Boolean | provenance | | +| GlobalDataFlow.cs:97:23:97:28 | access to local variable sink18 : String | GlobalDataFlow.cs:97:35:97:40 | access to local variable sink22 : Boolean | provenance | MaD:2274 | | GlobalDataFlow.cs:97:35:97:40 | access to local variable sink22 : Boolean | GlobalDataFlow.cs:98:15:98:20 | access to local variable sink22 | provenance | | -| GlobalDataFlow.cs:100:24:100:29 | access to local variable sink18 : String | GlobalDataFlow.cs:100:82:100:88 | access to local variable sink21b : Int32 | provenance | | +| GlobalDataFlow.cs:100:24:100:29 | access to local variable sink18 : String | GlobalDataFlow.cs:100:82:100:88 | access to local variable sink21b : Int32 | provenance | MaD:2612 | | GlobalDataFlow.cs:100:82:100:88 | access to local variable sink21b : Int32 | GlobalDataFlow.cs:101:15:101:21 | access to local variable sink21b | provenance | | | GlobalDataFlow.cs:138:40:138:40 | x : String | GlobalDataFlow.cs:138:63:138:63 | access to parameter x : String | provenance | | | GlobalDataFlow.cs:138:63:138:63 | access to parameter x : String | GlobalDataFlow.cs:138:45:138:64 | call to method ApplyFunc : String | provenance | | @@ -297,7 +306,7 @@ edges | GlobalDataFlow.cs:160:20:160:24 | access to local variable sink7 : String | GlobalDataFlow.cs:161:15:161:19 | access to local variable sink7 | provenance | | | GlobalDataFlow.cs:163:20:163:24 | access to local variable sink8 : String | GlobalDataFlow.cs:164:15:164:19 | access to local variable sink8 | provenance | | | GlobalDataFlow.cs:165:13:165:18 | access to local variable sink12 : String | GlobalDataFlow.cs:166:15:166:20 | access to local variable sink12 | provenance | | -| GlobalDataFlow.cs:165:22:165:31 | call to method OutYield : IEnumerable [element] : String | GlobalDataFlow.cs:165:22:165:39 | call to method First : String | provenance | | +| GlobalDataFlow.cs:165:22:165:31 | call to method OutYield : IEnumerable [element] : String | GlobalDataFlow.cs:165:22:165:39 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:165:22:165:39 | call to method First : String | GlobalDataFlow.cs:165:13:165:18 | access to local variable sink12 : String | provenance | | | GlobalDataFlow.cs:167:13:167:18 | access to local variable sink23 : String | GlobalDataFlow.cs:168:15:168:20 | access to local variable sink23 | provenance | | | GlobalDataFlow.cs:167:22:167:43 | call to method TaintedParam : String | GlobalDataFlow.cs:167:13:167:18 | access to local variable sink23 : String | provenance | | @@ -312,7 +321,7 @@ edges | GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable [element] : String | provenance | | | GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable [element] : String | provenance | | | GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable [element] : String | provenance | | -| GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable : IQueryable [element] : String | provenance | | +| GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable : IQueryable [element] : String | provenance | MaD:1647 | | GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable : IQueryable [element] : String | GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable [element] : String | provenance | | | GlobalDataFlow.cs:211:44:211:61 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | provenance | | | GlobalDataFlow.cs:211:46:211:59 | "taint source" : String | GlobalDataFlow.cs:211:44:211:61 | { ..., ... } : null [element] : String | provenance | | @@ -322,24 +331,24 @@ edges | GlobalDataFlow.cs:215:89:215:89 | access to parameter x : String | GlobalDataFlow.cs:215:76:215:90 | call to method ReturnCheck2 : String | provenance | | | GlobalDataFlow.cs:215:89:215:89 | access to parameter x : String | GlobalDataFlow.cs:321:32:321:41 | sinkParam9 : String | provenance | | | GlobalDataFlow.cs:216:13:216:18 | access to local variable sink24 : String | GlobalDataFlow.cs:217:15:217:20 | access to local variable sink24 | provenance | | -| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:214:35:214:45 | sinkParam10 : String | provenance | | -| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:216:22:216:39 | call to method Select : IEnumerable [element] : String | provenance | | -| GlobalDataFlow.cs:216:22:216:39 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:216:22:216:47 | call to method First : String | provenance | | +| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:214:35:214:45 | sinkParam10 : String | provenance | MaD:1300 | +| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:216:22:216:39 | call to method Select : IEnumerable [element] : String | provenance | MaD:1300 | +| GlobalDataFlow.cs:216:22:216:39 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:216:22:216:47 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:216:22:216:47 | call to method First : String | GlobalDataFlow.cs:216:13:216:18 | access to local variable sink24 : String | provenance | | | GlobalDataFlow.cs:218:13:218:18 | access to local variable sink25 : String | GlobalDataFlow.cs:219:15:219:20 | access to local variable sink25 | provenance | | -| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:215:71:215:71 | x : String | provenance | | -| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:218:22:218:39 | call to method Select : IQueryable [element] : String | provenance | | -| GlobalDataFlow.cs:218:22:218:39 | call to method Select : IQueryable [element] : String | GlobalDataFlow.cs:218:22:218:47 | call to method First : String | provenance | | +| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:215:71:215:71 | x : String | provenance | MaD:1744 | +| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:218:22:218:39 | call to method Select : IQueryable [element] : String | provenance | MaD:1744 | +| GlobalDataFlow.cs:218:22:218:39 | call to method Select : IQueryable [element] : String | GlobalDataFlow.cs:218:22:218:47 | call to method First : String | provenance | MaD:1671 | | GlobalDataFlow.cs:218:22:218:47 | call to method First : String | GlobalDataFlow.cs:218:13:218:18 | access to local variable sink25 : String | provenance | | | GlobalDataFlow.cs:220:13:220:18 | access to local variable sink26 : String | GlobalDataFlow.cs:221:15:221:20 | access to local variable sink26 | provenance | | -| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:220:22:220:49 | call to method Select : IEnumerable [element] : String | provenance | | -| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | provenance | | -| GlobalDataFlow.cs:220:22:220:49 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:220:22:220:57 | call to method First : String | provenance | | +| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:220:22:220:49 | call to method Select : IEnumerable [element] : String | provenance | MaD:1300 | +| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable [element] : String | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | provenance | MaD:1300 | +| GlobalDataFlow.cs:220:22:220:49 | call to method Select : IEnumerable [element] : String | GlobalDataFlow.cs:220:22:220:57 | call to method First : String | provenance | MaD:1204 | | GlobalDataFlow.cs:220:22:220:57 | call to method First : String | GlobalDataFlow.cs:220:13:220:18 | access to local variable sink26 : String | provenance | | | GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:242:22:242:25 | access to local variable task : Task [property Result] : String | provenance | | | GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:244:28:244:31 | access to local variable task : Task [property Result] : String | provenance | | | GlobalDataFlow.cs:241:20:241:49 | call to method Run : Task [property Result] : String | GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task [property Result] : String | provenance | | -| GlobalDataFlow.cs:241:35:241:48 | "taint source" : String | GlobalDataFlow.cs:241:20:241:49 | call to method Run : Task [property Result] : String | provenance | | +| GlobalDataFlow.cs:241:35:241:48 | "taint source" : String | GlobalDataFlow.cs:241:20:241:49 | call to method Run : Task [property Result] : String | provenance | MaD:1998 | | GlobalDataFlow.cs:242:13:242:18 | access to local variable sink41 : String | GlobalDataFlow.cs:243:15:243:20 | access to local variable sink41 | provenance | | | GlobalDataFlow.cs:242:22:242:25 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:242:22:242:32 | access to property Result : String | provenance | | | GlobalDataFlow.cs:242:22:242:32 | access to property Result : String | GlobalDataFlow.cs:242:13:242:18 | access to local variable sink41 : String | provenance | | @@ -370,7 +379,7 @@ edges | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | GlobalDataFlow.cs:329:15:329:25 | access to parameter sinkParam11 | provenance | | | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | GlobalDataFlow.cs:330:16:330:26 | access to parameter sinkParam11 : String | provenance | | | GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:157:21:157:25 | call to method Out : String | provenance | | -| GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:193:22:193:42 | object creation of type Lazy : Lazy [property Value] : String | provenance | | +| GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:193:22:193:42 | object creation of type Lazy : Lazy [property Value] : String | provenance | MaD:2616 | | GlobalDataFlow.cs:346:9:346:9 | access to parameter x : String | GlobalDataFlow.cs:160:20:160:24 | access to local variable sink7 : String | provenance | | | GlobalDataFlow.cs:346:13:346:26 | "taint source" : String | GlobalDataFlow.cs:346:9:346:9 | access to parameter x : String | provenance | | | GlobalDataFlow.cs:351:9:351:9 | access to parameter x : String | GlobalDataFlow.cs:163:20:163:24 | access to local variable sink8 : String | provenance | | @@ -404,18 +413,18 @@ edges | GlobalDataFlow.cs:438:22:438:35 | "taint source" : String | GlobalDataFlow.cs:201:22:201:32 | access to property OutProperty : String | provenance | | | GlobalDataFlow.cs:448:13:448:18 | access to local variable sink44 : String | GlobalDataFlow.cs:449:15:449:20 | access to local variable sink44 | provenance | | | GlobalDataFlow.cs:448:22:448:65 | call to method Join : String | GlobalDataFlow.cs:448:13:448:18 | access to local variable sink44 : String | provenance | | -| GlobalDataFlow.cs:448:51:448:64 | "taint source" : String | GlobalDataFlow.cs:448:22:448:65 | call to method Join : String | provenance | | +| GlobalDataFlow.cs:448:51:448:64 | "taint source" : String | GlobalDataFlow.cs:448:22:448:65 | call to method Join : String | provenance | MaD:2718 | | GlobalDataFlow.cs:457:13:457:16 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | provenance | | | GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | GlobalDataFlow.cs:457:13:457:16 | access to local variable task : Task [property Result] : String | provenance | | -| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | provenance | | +| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | provenance | MaD:1998 | | GlobalDataFlow.cs:458:13:458:21 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | -| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | +| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:2010 | | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:458:13:458:21 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | | GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | -| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | +| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:1826 | | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | | | GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | provenance | | -| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | | +| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | MaD:1827 | | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | provenance | | | GlobalDataFlow.cs:466:53:466:55 | arg : String | GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | provenance | | | GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | provenance | | @@ -466,32 +475,32 @@ edges | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | provenance | | | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | provenance | | | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | provenance | | -| GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | provenance | | +| GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | provenance | MaD:1903 | | GlobalDataFlowStringBuilder.cs:22:76:22:76 | s : String | GlobalDataFlowStringBuilder.cs:24:19:24:26 | (...) ... : AppendInterpolatedStringHandler | provenance | | -| GlobalDataFlowStringBuilder.cs:24:19:24:26 | (...) ... : AppendInterpolatedStringHandler | GlobalDataFlowStringBuilder.cs:24:9:24:10 | [post] access to parameter sb : StringBuilder | provenance | | +| GlobalDataFlowStringBuilder.cs:24:19:24:26 | (...) ... : AppendInterpolatedStringHandler | GlobalDataFlowStringBuilder.cs:24:9:24:10 | [post] access to parameter sb : StringBuilder | provenance | MaD:1915 | | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | provenance | | | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:35:20:35:21 | access to local variable sb : StringBuilder | provenance | | | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:40:20:40:26 | (...) ... : AppendInterpolatedStringHandler | provenance | | | GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | provenance | | | GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | provenance | | | GlobalDataFlowStringBuilder.cs:31:13:31:17 | access to local variable sink0 : String | GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | provenance | | -| GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | provenance | | +| GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | provenance | MaD:1973 | | GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:31:13:31:17 | access to local variable sink0 : String | provenance | | | GlobalDataFlowStringBuilder.cs:35:9:35:11 | [post] access to local variable sb1 : StringBuilder | GlobalDataFlowStringBuilder.cs:36:21:36:23 | access to local variable sb1 : StringBuilder | provenance | | -| GlobalDataFlowStringBuilder.cs:35:20:35:21 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:35:9:35:11 | [post] access to local variable sb1 : StringBuilder | provenance | | +| GlobalDataFlowStringBuilder.cs:35:20:35:21 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:35:9:35:11 | [post] access to local variable sb1 : StringBuilder | provenance | MaD:1908 | | GlobalDataFlowStringBuilder.cs:36:13:36:17 | access to local variable sink1 : String | GlobalDataFlowStringBuilder.cs:37:15:37:19 | access to local variable sink1 | provenance | | -| GlobalDataFlowStringBuilder.cs:36:21:36:23 | access to local variable sb1 : StringBuilder | GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString : String | provenance | | +| GlobalDataFlowStringBuilder.cs:36:21:36:23 | access to local variable sb1 : StringBuilder | GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString : String | provenance | MaD:1973 | | GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:36:13:36:17 | access to local variable sink1 : String | provenance | | | GlobalDataFlowStringBuilder.cs:40:9:40:11 | [post] access to local variable sb2 : StringBuilder | GlobalDataFlowStringBuilder.cs:41:21:41:23 | access to local variable sb2 : StringBuilder | provenance | | -| GlobalDataFlowStringBuilder.cs:40:20:40:26 | (...) ... : AppendInterpolatedStringHandler | GlobalDataFlowStringBuilder.cs:40:9:40:11 | [post] access to local variable sb2 : StringBuilder | provenance | | +| GlobalDataFlowStringBuilder.cs:40:20:40:26 | (...) ... : AppendInterpolatedStringHandler | GlobalDataFlowStringBuilder.cs:40:9:40:11 | [post] access to local variable sb2 : StringBuilder | provenance | MaD:1915 | | GlobalDataFlowStringBuilder.cs:41:13:41:17 | access to local variable sink2 : String | GlobalDataFlowStringBuilder.cs:42:15:42:19 | access to local variable sink2 | provenance | | -| GlobalDataFlowStringBuilder.cs:41:21:41:23 | access to local variable sb2 : StringBuilder | GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString : String | provenance | | +| GlobalDataFlowStringBuilder.cs:41:21:41:23 | access to local variable sb2 : StringBuilder | GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString : String | provenance | MaD:1973 | | GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:41:13:41:17 | access to local variable sink2 : String | provenance | | | GlobalDataFlowStringBuilder.cs:48:43:48:44 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:49:21:49:22 | access to local variable sb : StringBuilder | provenance | | | GlobalDataFlowStringBuilder.cs:48:47:48:60 | "taint source" : String | GlobalDataFlowStringBuilder.cs:22:76:22:76 | s : String | provenance | | | GlobalDataFlowStringBuilder.cs:48:47:48:60 | "taint source" : String | GlobalDataFlowStringBuilder.cs:48:43:48:44 | [post] access to local variable sb : StringBuilder | provenance | | | GlobalDataFlowStringBuilder.cs:49:13:49:17 | access to local variable sink3 : String | GlobalDataFlowStringBuilder.cs:50:15:50:19 | access to local variable sink3 | provenance | | -| GlobalDataFlowStringBuilder.cs:49:21:49:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString : String | provenance | | +| GlobalDataFlowStringBuilder.cs:49:21:49:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString : String | provenance | MaD:1973 | | GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:49:13:49:17 | access to local variable sink3 : String | provenance | | | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted : String | provenance | | | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted : String | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql index 9c19d00cb59b..64eef274760c 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql @@ -10,10 +10,10 @@ class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable { override predicate relevantSummary( SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue ) { - this.propagatesFlow(input, output, preservesValue) and + this.propagatesFlow(input, output, preservesValue, _) and not exists(IncludeSummarizedCallable rsc | isBaseCallableOrPrototype(rsc) and - rsc.propagatesFlow(input, output, preservesValue) and + rsc.propagatesFlow(input, output, preservesValue, _) and this.(UnboundCallable).overridesOrImplementsUnbound(rsc) ) } diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected index 9bcebb45cafb..cf10d8c14059 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected @@ -1,11 +1,11 @@ edges | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | | -| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | | +| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1880 | | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | | +| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1812 | +| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1130 | | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | | -| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | | +| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | nodes diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected index c436e675b991..2c69b575d178 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected @@ -1,15 +1,15 @@ edges | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | | -| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | | +| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1880 | | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | | +| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1812 | +| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1130 | | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | | -| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | | +| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | -| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | | -| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | | +| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:1 | nodes | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object | | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected index b6de356c3e97..1012d9aa5137 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected @@ -1,19 +1,19 @@ edges | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | | -| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | | +| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1880 | | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | | +| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1812 | +| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1130 | | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | | -| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | | +| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | -| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | | -| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | | -| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | | -| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | | -| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | | -| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | | +| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:1 | +| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:2 | +| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:4 | nodes | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object | | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected index df99e1a39a58..4c42430282ac 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected @@ -1,21 +1,21 @@ edges | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | | -| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | | +| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1880 | | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | | +| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1812 | +| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1130 | | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | | -| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | | +| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | -| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | | -| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | | -| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | | -| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | | -| Test.cs:53:20:53:25 | access to local variable result : String | Test.cs:56:42:56:96 | ... + ... | provenance | | -| Test.cs:53:29:53:52 | call to method GetCustom : String | Test.cs:53:20:53:25 | access to local variable result : String | provenance | | -| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | | -| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | | +| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:1 | +| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:2 | +| Test.cs:53:20:53:25 | access to local variable result : String | Test.cs:56:42:56:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:53:29:53:52 | call to method GetCustom : String | Test.cs:53:20:53:25 | access to local variable result : String | provenance | Src:MaD:3 | +| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:4 | nodes | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object | | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected index cf14d14c7942..5ff1fe12188b 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected @@ -1,17 +1,17 @@ edges | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | | -| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | | +| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1880 | | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | | +| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1812 | +| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1130 | | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | | -| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | | +| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | -| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | | -| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | | -| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | | -| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | | +| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:3 | +| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:5 | nodes | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object | | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected index e1a6e62f4920..06ffd4dc73e9 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected @@ -1,17 +1,17 @@ edges | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | | -| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | | +| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1880 | | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | | -| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | | +| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1812 | +| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1130 | | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | | -| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | | +| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | -| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | | -| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | | -| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | | -| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | | +| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:2 | +| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 | +| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:5 | nodes | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object | | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String | diff --git a/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected b/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected index d71043a46677..97cd26107268 100644 --- a/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected +++ b/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected @@ -14,14 +14,14 @@ edges | TypeFlowDispatch.cs:23:39:23:49 | call to method Source : String | TypeFlowDispatch.cs:16:46:16:46 | x : String | provenance | | | TypeFlowDispatch.cs:29:37:29:37 | l : List [element] : String | TypeFlowDispatch.cs:31:9:31:9 | access to parameter l : List [element] : String | provenance | | | TypeFlowDispatch.cs:29:37:29:37 | l : List [element] : String | TypeFlowDispatch.cs:31:9:31:9 | access to parameter l : List [element] : String | provenance | | -| TypeFlowDispatch.cs:31:9:31:9 | access to parameter l : List [element] : String | TypeFlowDispatch.cs:39:34:39:34 | x : String | provenance | | -| TypeFlowDispatch.cs:31:9:31:9 | access to parameter l : List [element] : String | TypeFlowDispatch.cs:39:34:39:34 | x : String | provenance | | +| TypeFlowDispatch.cs:31:9:31:9 | access to parameter l : List [element] : String | TypeFlowDispatch.cs:39:34:39:34 | x : String | provenance | MaD:633 | +| TypeFlowDispatch.cs:31:9:31:9 | access to parameter l : List [element] : String | TypeFlowDispatch.cs:39:34:39:34 | x : String | provenance | MaD:633 | | TypeFlowDispatch.cs:36:13:36:19 | access to local variable tainted : List [element] : String | TypeFlowDispatch.cs:39:25:39:31 | access to local variable tainted : List [element] : String | provenance | | | TypeFlowDispatch.cs:36:13:36:19 | access to local variable tainted : List [element] : String | TypeFlowDispatch.cs:39:25:39:31 | access to local variable tainted : List [element] : String | provenance | | | TypeFlowDispatch.cs:36:23:36:54 | object creation of type List : List [element] : String | TypeFlowDispatch.cs:36:13:36:19 | access to local variable tainted : List [element] : String | provenance | | | TypeFlowDispatch.cs:36:23:36:54 | object creation of type List : List [element] : String | TypeFlowDispatch.cs:36:13:36:19 | access to local variable tainted : List [element] : String | provenance | | -| TypeFlowDispatch.cs:36:42:36:52 | call to method Source : String | TypeFlowDispatch.cs:36:23:36:54 | object creation of type List : List [element] : String | provenance | | -| TypeFlowDispatch.cs:36:42:36:52 | call to method Source : String | TypeFlowDispatch.cs:36:23:36:54 | object creation of type List : List [element] : String | provenance | | +| TypeFlowDispatch.cs:36:42:36:52 | call to method Source : String | TypeFlowDispatch.cs:36:23:36:54 | object creation of type List : List [element] : String | provenance | MaD:605 | +| TypeFlowDispatch.cs:36:42:36:52 | call to method Source : String | TypeFlowDispatch.cs:36:23:36:54 | object creation of type List : List [element] : String | provenance | MaD:605 | | TypeFlowDispatch.cs:39:25:39:31 | access to local variable tainted : List [element] : String | TypeFlowDispatch.cs:29:37:29:37 | l : List [element] : String | provenance | | | TypeFlowDispatch.cs:39:25:39:31 | access to local variable tainted : List [element] : String | TypeFlowDispatch.cs:29:37:29:37 | l : List [element] : String | provenance | | | TypeFlowDispatch.cs:39:34:39:34 | x : String | TypeFlowDispatch.cs:39:46:39:46 | access to parameter x | provenance | | @@ -52,8 +52,8 @@ edges | TypeFlowDispatch.cs:74:13:74:19 | access to local variable tainted : List [element] : String | TypeFlowDispatch.cs:77:21:77:27 | access to local variable tainted : List [element] : String | provenance | | | TypeFlowDispatch.cs:74:23:74:54 | object creation of type List : List [element] : String | TypeFlowDispatch.cs:74:13:74:19 | access to local variable tainted : List [element] : String | provenance | | | TypeFlowDispatch.cs:74:23:74:54 | object creation of type List : List [element] : String | TypeFlowDispatch.cs:74:13:74:19 | access to local variable tainted : List [element] : String | provenance | | -| TypeFlowDispatch.cs:74:42:74:52 | call to method Source : String | TypeFlowDispatch.cs:74:23:74:54 | object creation of type List : List [element] : String | provenance | | -| TypeFlowDispatch.cs:74:42:74:52 | call to method Source : String | TypeFlowDispatch.cs:74:23:74:54 | object creation of type List : List [element] : String | provenance | | +| TypeFlowDispatch.cs:74:42:74:52 | call to method Source : String | TypeFlowDispatch.cs:74:23:74:54 | object creation of type List : List [element] : String | provenance | MaD:605 | +| TypeFlowDispatch.cs:74:42:74:52 | call to method Source : String | TypeFlowDispatch.cs:74:23:74:54 | object creation of type List : List [element] : String | provenance | MaD:605 | | TypeFlowDispatch.cs:77:21:77:27 | access to local variable tainted : List [element] : String | TypeFlowDispatch.cs:67:33:67:33 | l : List [element] : String | provenance | | | TypeFlowDispatch.cs:77:21:77:27 | access to local variable tainted : List [element] : String | TypeFlowDispatch.cs:67:33:67:33 | l : List [element] : String | provenance | | nodes diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected b/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected index 5af67fea01b6..d0d2af94d3f9 100644 --- a/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected +++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected @@ -4,15 +4,15 @@ edges | EntityFramework.cs:61:24:61:32 | "tainted" : String | EntityFramework.cs:59:13:62:13 | { ..., ... } : Person [property Name] : String | provenance | | | EntityFramework.cs:66:13:66:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:68:13:68:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | | EntityFramework.cs:66:13:66:23 | [post] access to property Persons : DbSet [element, property Name] : String | EntityFramework.cs:66:13:66:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | -| EntityFramework.cs:66:29:66:30 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:66:13:66:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | | -| EntityFramework.cs:68:13:68:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | provenance | | +| EntityFramework.cs:66:29:66:30 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:66:13:66:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | MaD:925 | +| EntityFramework.cs:68:13:68:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | provenance | DbContextSaveChanges | | EntityFramework.cs:80:17:80:18 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:88:29:88:30 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFramework.cs:81:13:84:13 | { ..., ... } : Person [property Name] : String | EntityFramework.cs:80:17:80:18 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFramework.cs:83:24:83:32 | "tainted" : String | EntityFramework.cs:81:13:84:13 | { ..., ... } : Person [property Name] : String | provenance | | | EntityFramework.cs:88:13:88:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:90:19:90:21 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | | EntityFramework.cs:88:13:88:23 | [post] access to property Persons : DbSet [element, property Name] : String | EntityFramework.cs:88:13:88:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | -| EntityFramework.cs:88:29:88:30 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:88:13:88:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | | -| EntityFramework.cs:90:19:90:21 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | provenance | | +| EntityFramework.cs:88:29:88:30 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:88:13:88:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | MaD:925 | +| EntityFramework.cs:90:19:90:21 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | provenance | DbContextSaveChanges | | EntityFramework.cs:102:17:102:18 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:109:27:109:28 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFramework.cs:103:13:106:13 | { ..., ... } : Person [property Name] : String | EntityFramework.cs:102:17:102:18 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFramework.cs:105:24:105:32 | "tainted" : String | EntityFramework.cs:103:13:106:13 | { ..., ... } : Person [property Name] : String | provenance | | @@ -33,26 +33,26 @@ edges | EntityFramework.cs:149:13:149:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | | | EntityFramework.cs:149:13:149:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | | | EntityFramework.cs:149:13:149:23 | [post] access to property Persons : DbSet [element, property Addresses, element, property Street] : String | EntityFramework.cs:149:13:149:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | | -| EntityFramework.cs:149:29:149:30 | access to local variable p1 : Person [property Addresses, element, property Street] : String | EntityFramework.cs:149:13:149:23 | [post] access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFramework.cs:150:13:150:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFramework.cs:150:13:150:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFramework.cs:154:13:154:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFramework.cs:154:13:154:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | +| EntityFramework.cs:149:29:149:30 | access to local variable p1 : Person [property Addresses, element, property Street] : String | EntityFramework.cs:149:13:149:23 | [post] access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | MaD:925 | +| EntityFramework.cs:150:13:150:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:150:13:150:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:154:13:154:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:154:13:154:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | | EntityFramework.cs:156:17:156:18 | access to local variable a1 : Address [property Street] : String | EntityFramework.cs:161:31:161:32 | access to local variable a1 : Address [property Street] : String | provenance | | | EntityFramework.cs:157:13:160:13 | { ..., ... } : Address [property Street] : String | EntityFramework.cs:156:17:156:18 | access to local variable a1 : Address [property Street] : String | provenance | | | EntityFramework.cs:159:26:159:34 | "tainted" : String | EntityFramework.cs:157:13:160:13 | { ..., ... } : Address [property Street] : String | provenance | | | EntityFramework.cs:161:13:161:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | | | EntityFramework.cs:161:13:161:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | | | EntityFramework.cs:161:13:161:25 | [post] access to property Addresses : DbSet [element, property Street] : String | EntityFramework.cs:161:13:161:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | | -| EntityFramework.cs:161:31:161:32 | access to local variable a1 : Address [property Street] : String | EntityFramework.cs:161:13:161:25 | [post] access to property Addresses : DbSet [element, property Street] : String | provenance | | -| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | +| EntityFramework.cs:161:31:161:32 | access to local variable a1 : Address [property Street] : String | EntityFramework.cs:161:13:161:25 | [post] access to property Addresses : DbSet [element, property Street] : String | provenance | MaD:925 | +| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | | EntityFramework.cs:172:17:172:18 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:182:71:182:72 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFramework.cs:173:13:176:13 | { ..., ... } : Person [property Name] : String | EntityFramework.cs:172:17:172:18 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFramework.cs:175:24:175:32 | "tainted" : String | EntityFramework.cs:173:13:176:13 | { ..., ... } : Person [property Name] : String | provenance | | @@ -71,26 +71,26 @@ edges | EntityFramework.cs:183:13:183:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFramework.cs:190:13:190:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | provenance | | | EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet [element, property Address, property Street] : String | EntityFramework.cs:183:13:183:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | provenance | | | EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet [element, property Person, property Name] : String | EntityFramework.cs:183:13:183:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | provenance | | -| EntityFramework.cs:183:37:183:53 | access to local variable personAddressMap1 : PersonAddressMap [property Address, property Street] : String | EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet [element, property Address, property Street] : String | provenance | | -| EntityFramework.cs:183:37:183:53 | access to local variable personAddressMap1 : PersonAddressMap [property Person, property Name] : String | EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet [element, property Person, property Name] : String | provenance | | -| EntityFramework.cs:184:13:184:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFramework.cs:184:13:184:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFramework.cs:184:13:184:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | provenance | | -| EntityFramework.cs:190:13:190:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFramework.cs:190:13:190:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFramework.cs:190:13:190:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | provenance | | +| EntityFramework.cs:183:37:183:53 | access to local variable personAddressMap1 : PersonAddressMap [property Address, property Street] : String | EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet [element, property Address, property Street] : String | provenance | MaD:925 | +| EntityFramework.cs:183:37:183:53 | access to local variable personAddressMap1 : PersonAddressMap [property Person, property Name] : String | EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet [element, property Person, property Name] : String | provenance | MaD:925 | +| EntityFramework.cs:184:13:184:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:184:13:184:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:184:13:184:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:190:13:190:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:190:13:190:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:190:13:190:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | provenance | DbContextSaveChanges | | EntityFramework.cs:193:35:193:35 | p : Person [property Name] : String | EntityFramework.cs:196:29:196:29 | access to parameter p : Person [property Name] : String | provenance | | | EntityFramework.cs:196:13:196:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:197:13:197:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | | EntityFramework.cs:196:13:196:23 | [post] access to property Persons : DbSet [element, property Name] : String | EntityFramework.cs:196:13:196:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | -| EntityFramework.cs:196:29:196:29 | access to parameter p : Person [property Name] : String | EntityFramework.cs:196:13:196:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | | -| EntityFramework.cs:197:13:197:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | provenance | | -| EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | EntityFramework.cs:204:18:204:36 | call to method First : Person [property Name] : String | provenance | | +| EntityFramework.cs:196:29:196:29 | access to parameter p : Person [property Name] : String | EntityFramework.cs:196:13:196:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | MaD:925 | +| EntityFramework.cs:197:13:197:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | provenance | DbContextSaveChanges | +| EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet [element, property Name] : String | EntityFramework.cs:204:18:204:36 | call to method First : Person [property Name] : String | provenance | MaD:1671 | | EntityFramework.cs:204:18:204:36 | call to method First : Person [property Name] : String | EntityFramework.cs:204:18:204:41 | access to property Name | provenance | | -| EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | EntityFramework.cs:212:18:212:38 | call to method First
: Address [property Street] : String | provenance | | +| EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet
[element, property Street] : String | EntityFramework.cs:212:18:212:38 | call to method First
: Address [property Street] : String | provenance | MaD:1671 | | EntityFramework.cs:212:18:212:38 | call to method First
: Address [property Street] : String | EntityFramework.cs:212:18:212:45 | access to property Street | provenance | | -| EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:36 | call to method First : Person [property Addresses, element, property Street] : String | provenance | | +| EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:36 | call to method First : Person [property Addresses, element, property Street] : String | provenance | MaD:1671 | | EntityFramework.cs:219:18:219:36 | call to method First : Person [property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:46 | access to property Addresses : ICollection
[element, property Street] : String | provenance | | -| EntityFramework.cs:219:18:219:46 | access to property Addresses : ICollection
[element, property Street] : String | EntityFramework.cs:219:18:219:54 | call to method First
: Address [property Street] : String | provenance | | +| EntityFramework.cs:219:18:219:46 | access to property Addresses : ICollection
[element, property Street] : String | EntityFramework.cs:219:18:219:54 | call to method First
: Address [property Street] : String | provenance | MaD:1204 | | EntityFramework.cs:219:18:219:54 | call to method First
: Address [property Street] : String | EntityFramework.cs:219:18:219:61 | access to property Street | provenance | | | EntityFrameworkCore.cs:82:17:82:27 | access to local variable taintSource : String | EntityFrameworkCore.cs:83:18:83:28 | access to local variable taintSource | provenance | | | EntityFrameworkCore.cs:82:17:82:27 | access to local variable taintSource : String | EntityFrameworkCore.cs:84:35:84:45 | access to local variable taintSource : String | provenance | | @@ -98,23 +98,23 @@ edges | EntityFrameworkCore.cs:82:17:82:27 | access to local variable taintSource : String | EntityFrameworkCore.cs:85:32:85:42 | access to local variable taintSource : String | provenance | | | EntityFrameworkCore.cs:82:31:82:39 | "tainted" : String | EntityFrameworkCore.cs:82:17:82:27 | access to local variable taintSource : String | provenance | | | EntityFrameworkCore.cs:84:18:84:46 | object creation of type RawSqlString : RawSqlString | EntityFrameworkCore.cs:84:18:84:46 | (...) ... | provenance | | -| EntityFrameworkCore.cs:84:35:84:45 | access to local variable taintSource : String | EntityFrameworkCore.cs:84:18:84:46 | object creation of type RawSqlString : RawSqlString | provenance | | +| EntityFrameworkCore.cs:84:35:84:45 | access to local variable taintSource : String | EntityFrameworkCore.cs:84:18:84:46 | object creation of type RawSqlString : RawSqlString | provenance | RawSqlStringConstructorSummarizedCallable | | EntityFrameworkCore.cs:85:18:85:42 | call to operator implicit conversion : RawSqlString | EntityFrameworkCore.cs:85:18:85:42 | (...) ... | provenance | | -| EntityFrameworkCore.cs:85:32:85:42 | access to local variable taintSource : String | EntityFrameworkCore.cs:85:18:85:42 | call to operator implicit conversion : RawSqlString | provenance | | +| EntityFrameworkCore.cs:85:32:85:42 | access to local variable taintSource : String | EntityFrameworkCore.cs:85:18:85:42 | call to operator implicit conversion : RawSqlString | provenance | RawSqlStringConversionSummarizedCallable | | EntityFrameworkCore.cs:91:17:91:18 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:99:29:99:30 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:92:13:95:13 | { ..., ... } : Person [property Name] : String | EntityFrameworkCore.cs:91:17:91:18 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:94:24:94:32 | "tainted" : String | EntityFrameworkCore.cs:92:13:95:13 | { ..., ... } : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:99:13:99:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:101:13:101:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | | EntityFrameworkCore.cs:99:13:99:23 | [post] access to property Persons : DbSet [element, property Name] : String | EntityFrameworkCore.cs:99:13:99:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | -| EntityFrameworkCore.cs:99:29:99:30 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:99:13:99:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | | -| EntityFrameworkCore.cs:101:13:101:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | provenance | | +| EntityFrameworkCore.cs:99:29:99:30 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:99:13:99:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | MaD:148 | +| EntityFrameworkCore.cs:101:13:101:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | provenance | DbContextSaveChanges | | EntityFrameworkCore.cs:113:17:113:18 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:121:29:121:30 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:114:13:117:13 | { ..., ... } : Person [property Name] : String | EntityFrameworkCore.cs:113:17:113:18 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:116:24:116:32 | "tainted" : String | EntityFrameworkCore.cs:114:13:117:13 | { ..., ... } : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:121:13:121:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:123:19:123:21 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | | EntityFrameworkCore.cs:121:13:121:23 | [post] access to property Persons : DbSet [element, property Name] : String | EntityFrameworkCore.cs:121:13:121:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | -| EntityFrameworkCore.cs:121:29:121:30 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:121:13:121:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | | -| EntityFrameworkCore.cs:123:19:123:21 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | provenance | | +| EntityFrameworkCore.cs:121:29:121:30 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:121:13:121:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | MaD:148 | +| EntityFrameworkCore.cs:123:19:123:21 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | provenance | DbContextSaveChanges | | EntityFrameworkCore.cs:135:17:135:18 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:142:27:142:28 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:136:13:139:13 | { ..., ... } : Person [property Name] : String | EntityFrameworkCore.cs:135:17:135:18 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:138:24:138:32 | "tainted" : String | EntityFrameworkCore.cs:136:13:139:13 | { ..., ... } : Person [property Name] : String | provenance | | @@ -135,26 +135,26 @@ edges | EntityFrameworkCore.cs:182:13:182:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | | | EntityFrameworkCore.cs:182:13:182:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | | | EntityFrameworkCore.cs:182:13:182:23 | [post] access to property Persons : DbSet [element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:182:13:182:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:182:29:182:30 | access to local variable p1 : Person [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:182:13:182:23 | [post] access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:183:13:183:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:183:13:183:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:187:13:187:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:187:13:187:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | +| EntityFrameworkCore.cs:182:29:182:30 | access to local variable p1 : Person [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:182:13:182:23 | [post] access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | MaD:148 | +| EntityFrameworkCore.cs:183:13:183:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:183:13:183:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:187:13:187:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:187:13:187:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | | EntityFrameworkCore.cs:189:17:189:18 | access to local variable a1 : Address [property Street] : String | EntityFrameworkCore.cs:194:31:194:32 | access to local variable a1 : Address [property Street] : String | provenance | | | EntityFrameworkCore.cs:190:13:193:13 | { ..., ... } : Address [property Street] : String | EntityFrameworkCore.cs:189:17:189:18 | access to local variable a1 : Address [property Street] : String | provenance | | | EntityFrameworkCore.cs:192:26:192:34 | "tainted" : String | EntityFrameworkCore.cs:190:13:193:13 | { ..., ... } : Address [property Street] : String | provenance | | | EntityFrameworkCore.cs:194:13:194:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | | | EntityFrameworkCore.cs:194:13:194:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | | | EntityFrameworkCore.cs:194:13:194:25 | [post] access to property Addresses : DbSet [element, property Street] : String | EntityFrameworkCore.cs:194:13:194:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:194:31:194:32 | access to local variable a1 : Address [property Street] : String | EntityFrameworkCore.cs:194:13:194:25 | [post] access to property Addresses : DbSet [element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | +| EntityFrameworkCore.cs:194:31:194:32 | access to local variable a1 : Address [property Street] : String | EntityFrameworkCore.cs:194:13:194:25 | [post] access to property Addresses : DbSet [element, property Street] : String | provenance | MaD:148 | +| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | | EntityFrameworkCore.cs:205:17:205:18 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:215:71:215:72 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:206:13:209:13 | { ..., ... } : Person [property Name] : String | EntityFrameworkCore.cs:205:17:205:18 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:208:24:208:32 | "tainted" : String | EntityFrameworkCore.cs:206:13:209:13 | { ..., ... } : Person [property Name] : String | provenance | | @@ -173,26 +173,26 @@ edges | EntityFrameworkCore.cs:216:13:216:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | provenance | | | EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet [element, property Address, property Street] : String | EntityFrameworkCore.cs:216:13:216:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | provenance | | | EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet [element, property Person, property Name] : String | EntityFrameworkCore.cs:216:13:216:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | provenance | | -| EntityFrameworkCore.cs:216:37:216:53 | access to local variable personAddressMap1 : PersonAddressMap [property Address, property Street] : String | EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet [element, property Address, property Street] : String | provenance | | -| EntityFrameworkCore.cs:216:37:216:53 | access to local variable personAddressMap1 : PersonAddressMap [property Person, property Name] : String | EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet [element, property Person, property Name] : String | provenance | | -| EntityFrameworkCore.cs:217:13:217:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:217:13:217:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:217:13:217:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | provenance | | -| EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | provenance | | +| EntityFrameworkCore.cs:216:37:216:53 | access to local variable personAddressMap1 : PersonAddressMap [property Address, property Street] : String | EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet [element, property Address, property Street] : String | provenance | MaD:148 | +| EntityFrameworkCore.cs:216:37:216:53 | access to local variable personAddressMap1 : PersonAddressMap [property Person, property Name] : String | EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet [element, property Person, property Name] : String | provenance | MaD:148 | +| EntityFrameworkCore.cs:217:13:217:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:217:13:217:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:217:13:217:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | provenance | DbContextSaveChanges | | EntityFrameworkCore.cs:226:35:226:35 | p : Person [property Name] : String | EntityFrameworkCore.cs:229:29:229:29 | access to parameter p : Person [property Name] : String | provenance | | | EntityFrameworkCore.cs:229:13:229:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:230:13:230:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | | EntityFrameworkCore.cs:229:13:229:23 | [post] access to property Persons : DbSet [element, property Name] : String | EntityFrameworkCore.cs:229:13:229:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | | -| EntityFrameworkCore.cs:229:29:229:29 | access to parameter p : Person [property Name] : String | EntityFrameworkCore.cs:229:13:229:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | | -| EntityFrameworkCore.cs:230:13:230:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | provenance | | -| EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | EntityFrameworkCore.cs:237:18:237:36 | call to method First : Person [property Name] : String | provenance | | +| EntityFrameworkCore.cs:229:29:229:29 | access to parameter p : Person [property Name] : String | EntityFrameworkCore.cs:229:13:229:23 | [post] access to property Persons : DbSet [element, property Name] : String | provenance | MaD:148 | +| EntityFrameworkCore.cs:230:13:230:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | provenance | DbContextSaveChanges | +| EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet [element, property Name] : String | EntityFrameworkCore.cs:237:18:237:36 | call to method First : Person [property Name] : String | provenance | MaD:1204 | | EntityFrameworkCore.cs:237:18:237:36 | call to method First : Person [property Name] : String | EntityFrameworkCore.cs:237:18:237:41 | access to property Name | provenance | | -| EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | EntityFrameworkCore.cs:245:18:245:38 | call to method First
: Address [property Street] : String | provenance | | +| EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet
[element, property Street] : String | EntityFrameworkCore.cs:245:18:245:38 | call to method First
: Address [property Street] : String | provenance | MaD:1204 | | EntityFrameworkCore.cs:245:18:245:38 | call to method First
: Address [property Street] : String | EntityFrameworkCore.cs:245:18:245:45 | access to property Street | provenance | | -| EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:36 | call to method First : Person [property Addresses, element, property Street] : String | provenance | | +| EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet [element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:36 | call to method First : Person [property Addresses, element, property Street] : String | provenance | MaD:1204 | | EntityFrameworkCore.cs:252:18:252:36 | call to method First : Person [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:46 | access to property Addresses : ICollection
[element, property Street] : String | provenance | | -| EntityFrameworkCore.cs:252:18:252:46 | access to property Addresses : ICollection
[element, property Street] : String | EntityFrameworkCore.cs:252:18:252:54 | call to method First
: Address [property Street] : String | provenance | | +| EntityFrameworkCore.cs:252:18:252:46 | access to property Addresses : ICollection
[element, property Street] : String | EntityFrameworkCore.cs:252:18:252:54 | call to method First
: Address [property Street] : String | provenance | MaD:1204 | | EntityFrameworkCore.cs:252:18:252:54 | call to method First
: Address [property Street] : String | EntityFrameworkCore.cs:252:18:252:61 | access to property Street | provenance | | nodes | EntityFramework.cs:58:17:58:18 | access to local variable p1 : Person [property Name] : String | semmle.label | access to local variable p1 : Person [property Name] : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected b/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected index 5c6dad11f8b9..3b127b4457c0 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected @@ -1,7 +1,7 @@ edges -| UntrustedData.cs:9:13:9:16 | access to local variable name : String | UntrustedData.cs:13:28:13:31 | access to local variable name | provenance | | +| UntrustedData.cs:9:13:9:16 | access to local variable name : String | UntrustedData.cs:13:28:13:31 | access to local variable name | provenance | Sink:MaD:2152 | | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:13:9:16 | access to local variable name : String | provenance | | -| UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:20:9:50 | access to indexer : String | provenance | | +| UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:20:9:50 | access to indexer : String | provenance | MaD:14108 | | UntrustedData.cs:9:20:9:50 | access to indexer : String | UntrustedData.cs:9:13:9:16 | access to local variable name : String | provenance | | nodes | UntrustedData.cs:9:13:9:16 | access to local variable name : String | semmle.label | access to local variable name : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected index 7369d77178b6..77bcb3af2b0a 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected @@ -6,7 +6,7 @@ edges | TaintedPath.cs:10:16:10:19 | access to local variable path : String | TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | provenance | | | TaintedPath.cs:10:16:10:19 | access to local variable path : String | TaintedPath.cs:51:26:51:29 | access to local variable path | provenance | | | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:10:16:10:19 | access to local variable path : String | provenance | | -| TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:10:23:10:53 | access to indexer : String | provenance | | +| TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:10:23:10:53 | access to indexer : String | provenance | MaD:14108 | | TaintedPath.cs:10:23:10:53 | access to indexer : String | TaintedPath.cs:10:16:10:19 | access to local variable path : String | provenance | | | TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | TaintedPath.cs:36:25:36:31 | access to local variable badPath | provenance | | | TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | TaintedPath.cs:38:49:38:55 | access to local variable badPath | provenance | | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected index 69bd71e4401e..f5589608fc82 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected @@ -2,29 +2,29 @@ edges | ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | ZipSlip.cs:30:71:30:78 | access to local variable fullPath : String | provenance | | | ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | ZipSlip.cs:38:81:38:88 | access to local variable fullPath : String | provenance | | | ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | provenance | | -| ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | provenance | | +| ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | provenance | MaD:1117 | | ZipSlip.cs:18:24:18:27 | access to local variable file : String | ZipSlip.cs:22:71:22:74 | access to local variable file : String | provenance | | | ZipSlip.cs:18:31:18:44 | access to property FullName : String | ZipSlip.cs:18:24:18:27 | access to local variable file : String | provenance | | | ZipSlip.cs:22:28:22:39 | access to local variable destFileName : String | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | provenance | | | ZipSlip.cs:22:43:22:75 | call to method Combine : String | ZipSlip.cs:22:28:22:39 | access to local variable destFileName : String | provenance | | -| ZipSlip.cs:22:71:22:74 | access to local variable file : String | ZipSlip.cs:22:43:22:75 | call to method Combine : String | provenance | | +| ZipSlip.cs:22:71:22:74 | access to local variable file : String | ZipSlip.cs:22:43:22:75 | call to method Combine : String | provenance | MaD:1100 | | ZipSlip.cs:30:28:30:39 | access to local variable destFilePath : String | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | provenance | | | ZipSlip.cs:30:28:30:39 | access to local variable destFilePath : String | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | provenance | | | ZipSlip.cs:30:43:30:79 | call to method Combine : String | ZipSlip.cs:30:28:30:39 | access to local variable destFilePath : String | provenance | | -| ZipSlip.cs:30:71:30:78 | access to local variable fullPath : String | ZipSlip.cs:30:43:30:79 | call to method Combine : String | provenance | | +| ZipSlip.cs:30:71:30:78 | access to local variable fullPath : String | ZipSlip.cs:30:43:30:79 | call to method Combine : String | provenance | MaD:1100 | | ZipSlip.cs:38:21:38:32 | access to local variable destFilePath : String | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | provenance | | | ZipSlip.cs:38:36:38:90 | call to method GetFullPath : String | ZipSlip.cs:38:21:38:32 | access to local variable destFilePath : String | provenance | | -| ZipSlip.cs:38:53:38:89 | call to method Combine : String | ZipSlip.cs:38:36:38:90 | call to method GetFullPath : String | provenance | | -| ZipSlip.cs:38:81:38:88 | access to local variable fullPath : String | ZipSlip.cs:38:53:38:89 | call to method Combine : String | provenance | | +| ZipSlip.cs:38:53:38:89 | call to method Combine : String | ZipSlip.cs:38:36:38:90 | call to method GetFullPath : String | provenance | MaD:1117 | +| ZipSlip.cs:38:81:38:88 | access to local variable fullPath : String | ZipSlip.cs:38:53:38:89 | call to method Combine : String | provenance | MaD:1100 | | ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | provenance | | | ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | provenance | | | ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | provenance | | | ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | provenance | | | ZipSlip.cs:61:47:61:86 | call to method Combine : String | ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | provenance | | -| ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:61:47:61:86 | call to method Combine : String | provenance | | +| ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:61:47:61:86 | call to method Combine : String | provenance | MaD:1100 | | ZipSlipBad.cs:9:16:9:27 | access to local variable destFileName : String | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | provenance | | | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | ZipSlipBad.cs:9:16:9:27 | access to local variable destFileName : String | provenance | | -| ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | provenance | | +| ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | provenance | MaD:1100 | nodes | ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | semmle.label | access to local variable fullPath : String | | ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | semmle.label | call to method GetFullPath : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected index b5f8eca16eb7..8c6cb60e24a6 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected @@ -8,12 +8,12 @@ edges | CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:34:39:34:47 | access to local variable userInput | provenance | | | CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:35:40:35:48 | access to local variable userInput | provenance | | | CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:36:47:36:55 | access to local variable userInput | provenance | | -| CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:27:32:27:51 | access to property Text : String | provenance | | +| CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:27:32:27:51 | access to property Text : String | provenance | MaD:2149 | | CommandInjection.cs:27:32:27:51 | access to property Text : String | CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | provenance | | | CommandInjection.cs:30:30:30:38 | access to local variable startInfo : ProcessStartInfo | CommandInjection.cs:31:27:31:35 | access to local variable startInfo | provenance | | | CommandInjection.cs:30:42:30:83 | object creation of type ProcessStartInfo : ProcessStartInfo | CommandInjection.cs:30:30:30:38 | access to local variable startInfo : ProcessStartInfo | provenance | | -| CommandInjection.cs:30:63:30:71 | access to local variable userInput : String | CommandInjection.cs:30:42:30:83 | object creation of type ProcessStartInfo : ProcessStartInfo | provenance | | -| CommandInjection.cs:30:74:30:82 | access to local variable userInput : String | CommandInjection.cs:30:42:30:83 | object creation of type ProcessStartInfo : ProcessStartInfo | provenance | | +| CommandInjection.cs:30:63:30:71 | access to local variable userInput : String | CommandInjection.cs:30:42:30:83 | object creation of type ProcessStartInfo : ProcessStartInfo | provenance | MaD:21445 | +| CommandInjection.cs:30:74:30:82 | access to local variable userInput : String | CommandInjection.cs:30:42:30:83 | object creation of type ProcessStartInfo : ProcessStartInfo | provenance | MaD:21446 | | CommandInjection.cs:51:54:51:80 | call to method GetString : String | CommandInjection.cs:51:46:51:80 | ... + ... | provenance | | nodes | CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | semmle.label | access to local variable userInput : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected index cad4dc8f7419..ce154d181e15 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected @@ -1,5 +1,5 @@ edges -| StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | provenance | | +| StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | provenance | Sink:MaD:2152 | nodes | StoredXSS.cs:22:44:22:86 | ... + ... | semmle.label | ... + ... | | StoredXSS.cs:22:60:22:86 | call to method GetString : String | semmle.label | call to method GetString : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected index 759128d06702..85c0513d5e96 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected @@ -4,16 +4,18 @@ edges | XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | provenance | | | XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | provenance | | | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | provenance | | -| XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:19:25:19:52 | access to indexer : String | provenance | | +| XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:19:25:19:52 | access to indexer : String | provenance | MaD:14108 | | XSSAspNet.cs:19:25:19:52 | access to indexer : String | XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | provenance | | | XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | provenance | | +| XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | provenance | MaD:14108 | | XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | provenance | | | XSSAspNetCore.cs:40:56:40:58 | foo : String | XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | provenance | | | XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | XSSAspNetCore.cs:58:43:58:62 | access to indexer : StringValues | provenance | | -| XSSAspNetCore.cs:58:43:58:62 | access to indexer : StringValues | XSSAspNetCore.cs:58:43:58:73 | call to method ToString | provenance | | +| XSSAspNetCore.cs:58:43:58:62 | access to indexer : StringValues | XSSAspNetCore.cs:58:43:58:73 | call to method ToString | provenance | MaD:214 | | XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | provenance | | | XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | | | XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | | +| XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | MaD:218 | | XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | provenance | | nodes | Index.cshtml:5:9:5:15 | access to local variable message : StringValues | semmle.label | access to local variable message : StringValues | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected index d04a3ae03ede..7388553e9f00 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected @@ -2,33 +2,34 @@ edges | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | provenance | | | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | provenance | | | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | provenance | | -| XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:25:48:25:67 | access to property Text : String | provenance | | -| XSS.cs:25:48:25:67 | access to property Text : String | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | provenance | | -| XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | XSS.cs:26:32:26:51 | call to method ToString | provenance | | -| XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | XSS.cs:27:29:27:48 | call to method ToString | provenance | | -| XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | XSS.cs:28:26:28:45 | call to method ToString | provenance | | -| XSS.cs:37:20:37:23 | access to local variable name : String | XSS.cs:38:36:38:39 | access to local variable name | provenance | | +| XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:25:48:25:67 | access to property Text : String | provenance | MaD:2149 | +| XSS.cs:25:48:25:67 | access to property Text : String | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | provenance | MaD:1934 | +| XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | XSS.cs:26:32:26:51 | call to method ToString | provenance | MaD:1973 | +| XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | XSS.cs:27:29:27:48 | call to method ToString | provenance | MaD:1973 | +| XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | XSS.cs:28:26:28:45 | call to method ToString | provenance | MaD:1973 | +| XSS.cs:37:20:37:23 | access to local variable name : String | XSS.cs:38:36:38:39 | access to local variable name | provenance | Sink:MaD:2152 | | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:37:20:37:23 | access to local variable name : String | provenance | | -| XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:37:27:37:61 | access to indexer : String | provenance | | +| XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:37:27:37:61 | access to indexer : String | provenance | MaD:14108 | | XSS.cs:37:27:37:61 | access to indexer : String | XSS.cs:37:20:37:23 | access to local variable name : String | provenance | | | XSS.cs:57:20:57:23 | access to local variable name : String | XSS.cs:59:22:59:25 | access to local variable name | provenance | | | XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:57:20:57:23 | access to local variable name : String | provenance | | -| XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:57:27:57:73 | access to indexer : String | provenance | | +| XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:57:27:57:73 | access to indexer : String | provenance | MaD:14108 | | XSS.cs:57:27:57:73 | access to indexer : String | XSS.cs:57:20:57:23 | access to local variable name : String | provenance | | | XSS.cs:75:20:75:23 | access to local variable name : String | XSS.cs:76:36:76:39 | access to local variable name | provenance | | | XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:75:20:75:23 | access to local variable name : String | provenance | | -| XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:75:27:75:61 | access to indexer : String | provenance | | +| XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:75:27:75:61 | access to indexer : String | provenance | MaD:14108 | | XSS.cs:75:27:75:61 | access to indexer : String | XSS.cs:75:20:75:23 | access to local variable name : String | provenance | | | XSS.cs:78:20:78:24 | access to local variable name2 : String | XSS.cs:79:36:79:40 | access to local variable name2 | provenance | | | XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | XSS.cs:78:20:78:24 | access to local variable name2 : String | provenance | | | XSS.cs:85:20:85:23 | access to local variable name : String | XSS.cs:86:28:86:31 | access to local variable name | provenance | | | XSS.cs:85:20:85:23 | access to local variable name : String | XSS.cs:87:31:87:34 | access to local variable name | provenance | | | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:85:20:85:23 | access to local variable name : String | provenance | | -| XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:85:27:85:61 | access to indexer : String | provenance | | +| XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:85:27:85:61 | access to indexer : String | provenance | MaD:14108 | | XSS.cs:85:27:85:61 | access to indexer : String | XSS.cs:85:20:85:23 | access to local variable name : String | provenance | | -| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | | +| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | Sink:MaD:1804 | +| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | Sink:MaD:29455 | | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:94:20:94:23 | access to local variable name : String | provenance | | -| XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:94:27:94:61 | access to indexer : String | provenance | | +| XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:94:27:94:61 | access to indexer : String | provenance | MaD:14108 | | XSS.cs:94:27:94:61 | access to indexer : String | XSS.cs:94:20:94:23 | access to local variable name : String | provenance | | | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | provenance | | | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | provenance | | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected index c156c3def8bb..0474f0d59307 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected @@ -1,65 +1,67 @@ edges -| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | provenance | | +| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | provenance | Sink:MaD:948 | | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | provenance | | -| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | | +| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | Src:MaD:1077 | +| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | Src:MaD:1078 | | SecondOrderSqlInjection.cs:35:37:35:38 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | provenance | | | SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | SecondOrderSqlInjection.cs:35:37:35:38 | access to local variable sr : StreamReader | provenance | | -| SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | provenance | | +| SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | provenance | MaD:1144 | | SecondOrderSqlInjection.cs:38:29:38:31 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | provenance | | -| SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | provenance | | +| SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | provenance | MaD:1165 | | SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | SecondOrderSqlInjection.cs:38:29:38:31 | access to local variable sql : String | provenance | | -| SecondOrderSqlInjection.cs:40:25:40:27 | access to local variable sql : String | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | provenance | | -| SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | provenance | | +| SecondOrderSqlInjection.cs:40:25:40:27 | access to local variable sql : String | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | provenance | Sink:MaD:938 | +| SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | provenance | MaD:2759 | | SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | SecondOrderSqlInjection.cs:40:25:40:27 | access to local variable sql : String | provenance | | -| SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | SqlInjection.cs:34:50:34:55 | access to local variable query1 | provenance | | -| SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:33:21:33:40 | access to property Text : String | provenance | | +| SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | SqlInjection.cs:34:50:34:55 | access to local variable query1 | provenance | Sink:MaD:951 | +| SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:33:21:33:40 | access to property Text : String | provenance | MaD:2149 | | SqlInjection.cs:33:21:33:40 | access to property Text : String | SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | provenance | | -| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:69:56:69:61 | access to local variable query1 | provenance | | -| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:70:55:70:60 | access to local variable query1 | provenance | | -| SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:68:33:68:52 | access to property Text : String | provenance | | +| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:69:56:69:61 | access to local variable query1 | provenance | Sink:MaD:917 | +| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:70:55:70:60 | access to local variable query1 | provenance | Sink:MaD:923 | +| SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:68:33:68:52 | access to property Text : String | provenance | MaD:2149 | | SqlInjection.cs:68:33:68:52 | access to property Text : String | SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | provenance | | -| SqlInjection.cs:81:21:81:26 | access to local variable query1 : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | provenance | | +| SqlInjection.cs:81:21:81:26 | access to local variable query1 : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | provenance | Sink:MaD:951 | | SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:81:21:81:26 | access to local variable query1 : String | provenance | | -| SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | provenance | | +| SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | provenance | Sink:MaD:947 | | SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | provenance | | | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | provenance | | -| SqlInjection.cs:93:21:93:23 | access to local variable cmd : SqlCommand | SqlInjection.cs:94:50:94:52 | access to local variable cmd | provenance | | +| SqlInjection.cs:93:21:93:23 | access to local variable cmd : SqlCommand | SqlInjection.cs:94:50:94:52 | access to local variable cmd | provenance | Sink:MaD:950 | | SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | SqlInjection.cs:93:21:93:23 | access to local variable cmd : SqlCommand | provenance | | -| SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | provenance | | -| SqlInjectionDapper.cs:20:21:20:25 | access to local variable query : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | provenance | | +| SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | provenance | MaD:953 | +| SqlInjectionDapper.cs:20:21:20:25 | access to local variable query : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | provenance | Sink:MaD:27 | | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:20:21:20:25 | access to local variable query : String | provenance | | -| SqlInjectionDapper.cs:29:21:29:25 | access to local variable query : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | provenance | | +| SqlInjectionDapper.cs:29:21:29:25 | access to local variable query : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | provenance | Sink:MaD:37 | | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:29:21:29:25 | access to local variable query : String | provenance | | -| SqlInjectionDapper.cs:38:21:38:25 | access to local variable query : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | provenance | | +| SqlInjectionDapper.cs:38:21:38:25 | access to local variable query : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | provenance | Sink:MaD:48 | | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:38:21:38:25 | access to local variable query : String | provenance | | -| SqlInjectionDapper.cs:47:21:47:25 | access to local variable query : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | provenance | | +| SqlInjectionDapper.cs:47:21:47:25 | access to local variable query : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | provenance | Sink:MaD:17 | | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | SqlInjectionDapper.cs:47:21:47:25 | access to local variable query : String | provenance | | -| SqlInjectionDapper.cs:57:21:57:25 | access to local variable query : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | provenance | | +| SqlInjectionDapper.cs:57:21:57:25 | access to local variable query : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | provenance | Sink:MaD:21 | | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | SqlInjectionDapper.cs:57:21:57:25 | access to local variable query : String | provenance | | -| SqlInjectionDapper.cs:66:21:66:25 | access to local variable query : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | provenance | | +| SqlInjectionDapper.cs:66:21:66:25 | access to local variable query : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | provenance | Sink:MaD:18 | | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | SqlInjectionDapper.cs:66:21:66:25 | access to local variable query : String | provenance | | | SqlInjectionDapper.cs:75:21:75:25 | access to local variable query : String | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | provenance | | | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | SqlInjectionDapper.cs:75:21:75:25 | access to local variable query : String | provenance | | -| SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | provenance | | -| SqlInjectionSqlite.cs:24:17:24:19 | access to local variable cmd : SQLiteCommand | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | provenance | | +| SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | provenance | MaD:2149 Sink:MaD:937 | +| SqlInjectionSqlite.cs:24:17:24:19 | access to local variable cmd : SQLiteCommand | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | provenance | Sink:MaD:940 | | SqlInjectionSqlite.cs:24:23:24:71 | object creation of type SQLiteCommand : SQLiteCommand | SqlInjectionSqlite.cs:24:17:24:19 | access to local variable cmd : SQLiteCommand | provenance | | -| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | provenance | | -| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | provenance | | -| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | SqlInjectionSqlite.cs:24:23:24:71 | object creation of type SQLiteCommand : SQLiteCommand | provenance | | -| SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | provenance | | -| SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | provenance | | +| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | provenance | MaD:2149 Sink:MaD:938 | +| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | provenance | MaD:2149 | +| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | SqlInjectionSqlite.cs:24:23:24:71 | object creation of type SQLiteCommand : SQLiteCommand | provenance | MaD:945 | +| SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | provenance | MaD:2149 Sink:MaD:941 | +| SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | provenance | MaD:2149 Sink:MaD:942 | | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | SqlInjectionSqlite.cs:51:59:51:60 | access to local variable fs : FileStream | provenance | | -| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | | -| SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | provenance | | -| SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | provenance | | +| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | Src:MaD:1077 | +| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | Src:MaD:1078 | +| SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | provenance | MaD:2149 | +| SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | provenance | MaD:1087 | | SqlInjectionSqlite.cs:51:37:51:38 | access to local variable sr : StreamReader | SqlInjectionSqlite.cs:54:35:54:36 | access to local variable sr : StreamReader | provenance | | | SqlInjectionSqlite.cs:51:42:51:76 | object creation of type StreamReader : StreamReader | SqlInjectionSqlite.cs:51:37:51:38 | access to local variable sr : StreamReader | provenance | | -| SqlInjectionSqlite.cs:51:59:51:60 | access to local variable fs : FileStream | SqlInjectionSqlite.cs:51:42:51:76 | object creation of type StreamReader : StreamReader | provenance | | +| SqlInjectionSqlite.cs:51:59:51:60 | access to local variable fs : FileStream | SqlInjectionSqlite.cs:51:42:51:76 | object creation of type StreamReader : StreamReader | provenance | MaD:1144 | | SqlInjectionSqlite.cs:54:29:54:31 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | provenance | | -| SqlInjectionSqlite.cs:54:35:54:36 | access to local variable sr : StreamReader | SqlInjectionSqlite.cs:54:35:54:47 | call to method ReadLine : String | provenance | | +| SqlInjectionSqlite.cs:54:35:54:36 | access to local variable sr : StreamReader | SqlInjectionSqlite.cs:54:35:54:47 | call to method ReadLine : String | provenance | MaD:1165 | | SqlInjectionSqlite.cs:54:35:54:47 | call to method ReadLine : String | SqlInjectionSqlite.cs:54:29:54:31 | access to local variable sql : String | provenance | | -| SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | provenance | | -| SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | provenance | | +| SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | provenance | Sink:MaD:938 | +| SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | provenance | MaD:2759 | | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | provenance | | nodes | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | semmle.label | ... + ... | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected index a04278ad9942..5d4e8a921728 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected @@ -6,7 +6,7 @@ edges | LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | LDAPInjection.cs:28:48:28:70 | ... + ... | provenance | | | LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | LDAPInjection.cs:30:20:30:42 | ... + ... | provenance | | | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | provenance | | -| LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:12:27:12:61 | access to indexer : String | provenance | | +| LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:12:27:12:61 | access to indexer : String | provenance | MaD:14108 | | LDAPInjection.cs:12:27:12:61 | access to indexer : String | LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | provenance | | | LDAPInjection.cs:41:80:41:106 | call to method GetString : String | LDAPInjection.cs:41:63:41:106 | ... + ... | provenance | | nodes diff --git a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected index 6902d6f063d4..ac1e0787c549 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected @@ -1,7 +1,7 @@ edges | Test.cs:8:12:8:23 | access to local variable employeeName : String | Test.cs:15:25:15:80 | ... + ... | provenance | | | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:12:8:23 | access to local variable employeeName : String | provenance | | -| Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:27:8:65 | access to indexer : String | provenance | | +| Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:27:8:65 | access to indexer : String | provenance | MaD:14108 | | Test.cs:8:27:8:65 | access to indexer : String | Test.cs:8:12:8:23 | access to local variable employeeName : String | provenance | | nodes | Test.cs:8:12:8:23 | access to local variable employeeName : String | semmle.label | access to local variable employeeName : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected index fe49b9ddb652..bf0fe1869f7c 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected @@ -2,7 +2,7 @@ edges | CodeInjection.cs:23:16:23:19 | access to local variable code : String | CodeInjection.cs:29:64:29:67 | access to local variable code | provenance | | | CodeInjection.cs:23:16:23:19 | access to local variable code : String | CodeInjection.cs:40:36:40:39 | access to local variable code | provenance | | | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:16:23:19 | access to local variable code : String | provenance | | -| CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:23:23:53 | access to indexer : String | provenance | | +| CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:23:23:53 | access to indexer : String | provenance | MaD:14108 | | CodeInjection.cs:23:23:23:53 | access to indexer : String | CodeInjection.cs:23:16:23:19 | access to local variable code : String | provenance | | nodes | CodeInjection.cs:23:16:23:19 | access to local variable code : String | semmle.label | access to local variable code : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected index 29ce3c2ba181..a6dcdb53c773 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected @@ -1,7 +1,7 @@ edges | ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | provenance | | | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | provenance | | -| ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:8:27:8:61 | access to indexer : String | provenance | | +| ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:8:27:8:61 | access to indexer : String | provenance | MaD:14108 | | ResourceInjection.cs:8:27:8:61 | access to indexer : String | ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | provenance | | | ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | provenance | | | ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | provenance | | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected index ab1522a27d14..457e77c0b133 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected @@ -5,13 +5,13 @@ edges | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:35:43:35:57 | access to local variable userProvidedXml : String | provenance | | | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | provenance | | | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | provenance | | -| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | provenance | | +| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | provenance | MaD:14108 | | MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | provenance | | -| MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | provenance | | -| MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | provenance | | -| MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | provenance | | -| MissingXMLValidation.cs:35:43:35:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:35:26:35:58 | object creation of type StringReader | provenance | | -| MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | provenance | | +| MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | provenance | MaD:1155 | +| MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | provenance | MaD:1155 | +| MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | provenance | MaD:1155 | +| MissingXMLValidation.cs:35:43:35:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:35:26:35:58 | object creation of type StringReader | provenance | MaD:1155 | +| MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | provenance | MaD:1155 | nodes | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String | | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected index 066dec77c675..228c0c879cd1 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected @@ -1,7 +1,7 @@ edges | Test.cs:7:12:7:22 | access to local variable libraryName : String | Test.cs:10:36:10:46 | access to local variable libraryName | provenance | | | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:12:7:22 | access to local variable libraryName : String | provenance | | -| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:26:7:63 | access to indexer : String | provenance | | +| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:26:7:63 | access to indexer : String | provenance | MaD:14108 | | Test.cs:7:26:7:63 | access to indexer : String | Test.cs:7:12:7:22 | access to local variable libraryName : String | provenance | | nodes | Test.cs:7:12:7:22 | access to local variable libraryName : String | semmle.label | access to local variable libraryName : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index c3cfcd6f5f6e..bbf67bc4d871 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -3,7 +3,7 @@ edges | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:29:50:29:72 | ... + ... | provenance | | | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:33:26:33:33 | access to local variable username | provenance | | | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | -| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | | +| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:14108 | | LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | provenance | | nodes diff --git a/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected b/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected index 1446b3700dda..5b71b9e59163 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected @@ -1,14 +1,14 @@ edges | ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | provenance | | -| ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | provenance | | +| ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | provenance | Src:MaD:2250 | | UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | provenance | | | UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | provenance | | | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | provenance | | -| UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:9:23:9:53 | access to indexer : String | provenance | | +| UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:9:23:9:53 | access to indexer : String | provenance | MaD:14108 | | UncontrolledFormatString.cs:9:23:9:53 | access to indexer : String | UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | provenance | | | UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | provenance | | | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | provenance | | -| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | provenance | | +| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | provenance | MaD:14108 | | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | provenance | | nodes | ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | semmle.label | access to local variable format : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected index e7e720e70fba..acd0bfc70c78 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected @@ -1,5 +1,6 @@ edges -| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | | +| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | Sink:MaD:2152 | +| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | MaD:868 Sink:MaD:2152 | | ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | provenance | | | ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | provenance | | | ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | provenance | | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected index 4ba1ed42f1d0..067456988671 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected @@ -1,10 +1,24 @@ edges -| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | | -| ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | provenance | | -| ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | provenance | | -| ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | provenance | | +| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | Sink:MaD:2152 | +| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:15674 Sink:MaD:2152 | +| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:26617 Sink:MaD:2152 | +| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:26619 Sink:MaD:2152 | +| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:37587 Sink:MaD:2152 | +| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:37598 Sink:MaD:2152 | +| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:58235 Sink:MaD:2152 | +| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:58267 Sink:MaD:2152 | +| ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | provenance | MaD:58317 Sink:MaD:2152 | +| ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | provenance | MaD:58317 | +| ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | provenance | MaD:58317 | | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | | -| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | | +| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:15674 | +| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:26617 | +| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:26619 | +| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:37587 | +| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:37598 | +| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:58235 | +| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:58267 | +| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | Sink:MaD:2152 | nodes | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | semmle.label | access to local variable ex : Exception | | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | semmle.label | call to method ToString | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected index 9e8afbc2b3a1..8c40df50c5e7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected @@ -3,18 +3,22 @@ edges | HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:41:50:41:50 | access to local variable c : Byte[] | provenance | | | HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:50:35:50:35 | access to local variable c : Byte[] | provenance | | | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | provenance | | -| HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | provenance | | +| HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | provenance | Sink:MaD:1852 | +| HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | provenance | Sink:MaD:47404 | | HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:36:37:36:37 | access to local variable d : Byte[] | provenance | | | HardcodedSymmetricEncryptionKey.cs:28:17:28:35 | access to local variable byteArrayFromString : Byte[] | HardcodedSymmetricEncryptionKey.cs:44:51:44:69 | access to local variable byteArrayFromString : Byte[] | provenance | | | HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | HardcodedSymmetricEncryptionKey.cs:28:17:28:35 | access to local variable byteArrayFromString : Byte[] | provenance | | -| HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | provenance | | +| HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | provenance | MaD:1871 | | HardcodedSymmetricEncryptionKey.cs:36:37:36:37 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | provenance | | | HardcodedSymmetricEncryptionKey.cs:41:50:41:50 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | provenance | | | HardcodedSymmetricEncryptionKey.cs:44:51:44:69 | access to local variable byteArrayFromString : Byte[] | HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | provenance | | | HardcodedSymmetricEncryptionKey.cs:50:35:50:35 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | provenance | | -| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | | -| HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | provenance | | -| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | | +| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | Sink:MaD:1850 | +| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | Sink:MaD:47405 | +| HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | provenance | Sink:MaD:1852 | +| HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | provenance | Sink:MaD:47407 | +| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | Sink:MaD:1851 | +| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | Sink:MaD:47406 | nodes | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | semmle.label | array creation of type Byte[] | | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | semmle.label | array creation of type Byte[] | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected index 8d1619156bbd..04ed2ea39659 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected @@ -3,15 +3,15 @@ edges | InsecureRandomness.cs:28:23:28:43 | (...) ... : Byte | InsecureRandomness.cs:28:13:28:16 | [post] access to local variable data : Byte[] [element] : Byte | provenance | | | InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | InsecureRandomness.cs:28:23:28:43 | (...) ... : Byte | provenance | | | InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | provenance | | -| InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | provenance | | -| InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | provenance | | -| InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | provenance | | +| InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | provenance | MaD:1903 | +| InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | provenance | MaD:1880 | +| InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | provenance | MaD:1973 | | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | provenance | | | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | provenance | | | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | provenance | | | InsecureRandomness.cs:60:23:60:40 | access to array element : String | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | provenance | | | InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:60:23:60:40 | access to array element : String | provenance | | -| InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | provenance | | +| InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | provenance | MaD:2754 | | InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | provenance | | | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | provenance | | | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | provenance | | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected index d9ee462e64ac..4850cecd31c4 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected @@ -1,23 +1,23 @@ edges -| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | provenance | | -| BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | provenance | | -| BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | provenance | | -| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | | -| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | | -| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | | -| DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | | -| DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | | -| DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | | -| ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | provenance | | -| ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | provenance | | -| ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | provenance | | -| UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | provenance | | -| XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | | -| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | | -| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | | -| XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | provenance | | -| XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | provenance | | -| XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | provenance | | +| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | provenance | MaD:1093 | +| BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | provenance | MaD:2149 | +| BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | provenance | MaD:1871 | +| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1093 | +| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:2149 | +| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:1871 | +| DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1093 | +| DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:2149 | +| DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:1871 | +| ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | provenance | MaD:1093 | +| ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | provenance | MaD:2149 | +| ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | provenance | MaD:1871 | +| UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | provenance | MaD:2149 | +| XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1093 | +| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:2149 | +| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:1871 | +| XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | provenance | MaD:1093 | +| XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | provenance | MaD:2149 | +| XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | provenance | MaD:1871 | nodes | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream | | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected index c50a361dac7f..b59d1b08d75d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected @@ -1,7 +1,7 @@ edges -| Test.cs:9:46:9:49 | access to parameter data : TextBox | Test.cs:9:46:9:54 | access to property Text | provenance | | -| Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | provenance | | -| Test.cs:25:46:25:49 | access to parameter data : TextBox | Test.cs:25:46:25:54 | access to property Text | provenance | | +| Test.cs:9:46:9:49 | access to parameter data : TextBox | Test.cs:9:46:9:54 | access to property Text | provenance | MaD:2149 | +| Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | provenance | MaD:2149 | +| Test.cs:25:46:25:49 | access to parameter data : TextBox | Test.cs:25:46:25:54 | access to property Text | provenance | MaD:2149 | nodes | Test.cs:9:46:9:49 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox | | Test.cs:9:46:9:54 | access to property Text | semmle.label | access to property Text | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected index b539b019f396..0e9861a39c1d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected @@ -1,19 +1,23 @@ edges | UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | provenance | | +| UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | provenance | MaD:14108 | | UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | provenance | | +| UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | provenance | MaD:14108 | | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:48:29:48:31 | access to local variable url | provenance | | | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:64:31:64:52 | $"..." | provenance | | | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:70:66:70:68 | access to local variable url : String | provenance | | | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:76:69:76:71 | access to local variable url : String | provenance | | | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:76:74:76:76 | access to local variable url : String | provenance | | | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | provenance | | -| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:23:22:23:52 | access to indexer : String | provenance | | +| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:23:22:23:52 | access to indexer : String | provenance | MaD:14108 | | UrlRedirect.cs:23:22:23:52 | access to indexer : String | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | provenance | | | UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | provenance | | +| UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | provenance | MaD:14108 | | UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | provenance | | -| UrlRedirect.cs:70:66:70:68 | access to local variable url : String | UrlRedirect.cs:70:31:70:69 | call to method Format | provenance | | -| UrlRedirect.cs:76:69:76:71 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | | -| UrlRedirect.cs:76:74:76:76 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | | +| UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | provenance | MaD:14108 | +| UrlRedirect.cs:70:66:70:68 | access to local variable url : String | UrlRedirect.cs:70:31:70:69 | call to method Format | provenance | MaD:2693 | +| UrlRedirect.cs:76:69:76:71 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | MaD:2695 | +| UrlRedirect.cs:76:74:76:76 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | MaD:2696 | | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:16:22:16:26 | access to parameter value | provenance | | | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | provenance | | | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | provenance | | @@ -24,7 +28,7 @@ edges | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:48:28:48:32 | access to parameter value | provenance | | | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | provenance | | | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:56:31:56:35 | access to parameter value | provenance | | -| UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | provenance | | +| UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | provenance | MaD:3000 | nodes | UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | | UrlRedirect2.cs:14:31:14:61 | access to indexer | semmle.label | access to indexer | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected b/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected index 4a3a88b7a746..6c0a559ad065 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected @@ -1,5 +1,6 @@ edges | Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | Test.cs:11:50:11:84 | access to indexer | provenance | | +| Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | Test.cs:11:50:11:84 | access to indexer | provenance | MaD:14108 | nodes | Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | | Test.cs:11:50:11:84 | access to indexer | semmle.label | access to indexer | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected index f957dc1e6a07..8fb8fe243218 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected @@ -1,11 +1,11 @@ edges | XPathInjection.cs:11:16:11:23 | access to local variable userName : String | XPathInjection.cs:14:13:14:13 | access to local variable s : String | provenance | | | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:11:16:11:23 | access to local variable userName : String | provenance | | -| XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:11:27:11:61 | access to indexer : String | provenance | | +| XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:11:27:11:61 | access to indexer : String | provenance | MaD:14108 | | XPathInjection.cs:11:27:11:61 | access to indexer : String | XPathInjection.cs:11:16:11:23 | access to local variable userName : String | provenance | | | XPathInjection.cs:12:16:12:23 | access to local variable password : String | XPathInjection.cs:14:13:14:13 | access to local variable s : String | provenance | | | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:12:16:12:23 | access to local variable password : String | provenance | | -| XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:12:27:12:61 | access to indexer : String | provenance | | +| XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:12:27:12:61 | access to indexer : String | provenance | MaD:14108 | | XPathInjection.cs:12:27:12:61 | access to indexer : String | XPathInjection.cs:12:16:12:23 | access to local variable password : String | provenance | | | XPathInjection.cs:14:13:14:13 | access to local variable s : String | XPathInjection.cs:17:33:17:33 | access to local variable s | provenance | | | XPathInjection.cs:14:13:14:13 | access to local variable s : String | XPathInjection.cs:20:29:20:29 | access to local variable s | provenance | | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected index 8edaf59b8310..2f8bea316eaa 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected @@ -5,7 +5,7 @@ edges | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | provenance | | | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | provenance | | | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | provenance | | -| ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | provenance | | +| ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | provenance | MaD:14108 | | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | provenance | | nodes | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | semmle.label | access to local variable userInput : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected index da9cf11906c5..cecda20a7d7d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected @@ -1,7 +1,7 @@ edges | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | ExponentialRegex.cs:16:40:16:48 | access to local variable userInput | provenance | | | ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | provenance | | -| ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | provenance | | +| ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | provenance | MaD:14108 | | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | provenance | | nodes | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | semmle.label | access to local variable userInput : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected index 51f0d59dec0f..39c434b2458a 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected @@ -1,7 +1,7 @@ edges | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | RegexInjection.cs:14:19:14:23 | access to local variable regex | provenance | | | RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | provenance | | -| RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:24:10:55 | access to indexer : String | provenance | | +| RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:24:10:55 | access to indexer : String | provenance | MaD:14108 | | RegexInjection.cs:10:24:10:55 | access to indexer : String | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | provenance | | nodes | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | semmle.label | access to local variable regex : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected index 7a86377ccb8d..dcc07d43b2b4 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected @@ -1,28 +1,28 @@ edges | ConditionalBypass.cs:12:16:12:22 | access to local variable isAdmin : String | ConditionalBypass.cs:16:13:16:30 | ... == ... | provenance | | | ConditionalBypass.cs:12:26:12:48 | access to property QueryString : NameValueCollection | ConditionalBypass.cs:12:16:12:22 | access to local variable isAdmin : String | provenance | | -| ConditionalBypass.cs:12:26:12:48 | access to property QueryString : NameValueCollection | ConditionalBypass.cs:12:26:12:59 | access to indexer : String | provenance | | +| ConditionalBypass.cs:12:26:12:48 | access to property QueryString : NameValueCollection | ConditionalBypass.cs:12:26:12:59 | access to indexer : String | provenance | MaD:14108 | | ConditionalBypass.cs:12:26:12:59 | access to indexer : String | ConditionalBypass.cs:12:16:12:22 | access to local variable isAdmin : String | provenance | | | ConditionalBypass.cs:19:20:19:30 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:22:13:22:23 | access to local variable adminCookie : HttpCookie | provenance | | | ConditionalBypass.cs:19:20:19:30 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:27:13:27:23 | access to local variable adminCookie : HttpCookie | provenance | | | ConditionalBypass.cs:19:34:19:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:19:20:19:30 | access to local variable adminCookie : HttpCookie | provenance | | -| ConditionalBypass.cs:22:13:22:23 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:22:13:22:29 | access to property Value : String | provenance | | +| ConditionalBypass.cs:22:13:22:23 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:22:13:22:29 | access to property Value : String | provenance | MaD:2154 | | ConditionalBypass.cs:22:13:22:29 | access to property Value : String | ConditionalBypass.cs:22:13:22:45 | call to method Equals | provenance | | -| ConditionalBypass.cs:27:13:27:23 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:27:13:27:29 | access to property Value : String | provenance | | +| ConditionalBypass.cs:27:13:27:23 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:27:13:27:29 | access to property Value : String | provenance | MaD:2154 | | ConditionalBypass.cs:27:13:27:29 | access to property Value : String | ConditionalBypass.cs:27:13:27:40 | ... == ... | provenance | | | ConditionalBypass.cs:42:21:42:28 | access to local variable hostInfo : IPHostEntry | ConditionalBypass.cs:44:13:44:20 | access to local variable hostInfo : IPHostEntry | provenance | | | ConditionalBypass.cs:42:21:42:28 | access to local variable hostInfo : IPHostEntry | ConditionalBypass.cs:49:13:49:20 | access to local variable hostInfo : IPHostEntry | provenance | | | ConditionalBypass.cs:42:32:42:66 | call to method GetHostByAddress : IPHostEntry | ConditionalBypass.cs:42:21:42:28 | access to local variable hostInfo : IPHostEntry | provenance | | -| ConditionalBypass.cs:44:13:44:20 | access to local variable hostInfo : IPHostEntry | ConditionalBypass.cs:44:13:44:29 | access to property HostName : String | provenance | | +| ConditionalBypass.cs:44:13:44:20 | access to local variable hostInfo : IPHostEntry | ConditionalBypass.cs:44:13:44:29 | access to property HostName : String | provenance | MaD:1820 | | ConditionalBypass.cs:44:13:44:29 | access to property HostName : String | ConditionalBypass.cs:44:13:44:46 | ... == ... | provenance | | -| ConditionalBypass.cs:49:13:49:20 | access to local variable hostInfo : IPHostEntry | ConditionalBypass.cs:49:13:49:29 | access to property HostName | provenance | | +| ConditionalBypass.cs:49:13:49:20 | access to local variable hostInfo : IPHostEntry | ConditionalBypass.cs:49:13:49:29 | access to property HostName | provenance | MaD:1820 | | ConditionalBypass.cs:70:20:70:30 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:72:13:72:23 | access to local variable adminCookie : HttpCookie | provenance | | | ConditionalBypass.cs:70:34:70:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:70:20:70:30 | access to local variable adminCookie : HttpCookie | provenance | | -| ConditionalBypass.cs:72:13:72:23 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:72:13:72:29 | access to property Value : String | provenance | | +| ConditionalBypass.cs:72:13:72:23 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:72:13:72:29 | access to property Value : String | provenance | MaD:2154 | | ConditionalBypass.cs:72:13:72:29 | access to property Value : String | ConditionalBypass.cs:72:13:72:40 | ... == ... | provenance | | | ConditionalBypass.cs:83:20:83:30 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:84:13:84:23 | access to local variable adminCookie : HttpCookie | provenance | | | ConditionalBypass.cs:83:34:83:52 | access to property Cookies : HttpCookieCollection | ConditionalBypass.cs:83:20:83:30 | access to local variable adminCookie : HttpCookie | provenance | | -| ConditionalBypass.cs:84:13:84:23 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:84:13:84:29 | access to property Value : String | provenance | | +| ConditionalBypass.cs:84:13:84:23 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:84:13:84:29 | access to property Value : String | provenance | MaD:2154 | | ConditionalBypass.cs:84:13:84:29 | access to property Value : String | ConditionalBypass.cs:84:13:84:40 | ... == ... | provenance | | nodes | ConditionalBypass.cs:12:16:12:22 | access to local variable isAdmin : String | semmle.label | access to local variable isAdmin : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected index 8bde8b3631e9..6fa809c28371 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected @@ -1,17 +1,17 @@ edges -| HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | HtmlEncode.cs:10:28:10:65 | ... + ... | provenance | | +| HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | HtmlEncode.cs:10:28:10:65 | ... + ... | provenance | Sink:MaD:2152 | | InappropriateEncoding.cs:13:13:13:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:16:17:16:22 | access to local variable query1 : String | provenance | | | InappropriateEncoding.cs:13:28:13:40 | call to method Encode : String | InappropriateEncoding.cs:13:13:13:24 | access to local variable encodedValue : String | provenance | | -| InappropriateEncoding.cs:16:17:16:22 | access to local variable query1 : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | provenance | | +| InappropriateEncoding.cs:16:17:16:22 | access to local variable query1 : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | provenance | Sink:MaD:951 | | InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | provenance | | | InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:36:22:36:59 | ... + ... | provenance | | | InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:37:59:37:70 | access to local variable encodedValue : String | provenance | | | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | provenance | | -| InappropriateEncoding.cs:37:59:37:70 | access to local variable encodedValue : String | InappropriateEncoding.cs:37:22:37:71 | call to method Format | provenance | | +| InappropriateEncoding.cs:37:59:37:70 | access to local variable encodedValue : String | InappropriateEncoding.cs:37:22:37:71 | call to method Format | provenance | MaD:2693 | | InappropriateEncoding.cs:55:13:55:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | provenance | | | InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode : String | InappropriateEncoding.cs:55:13:55:24 | access to local variable encodedValue : String | provenance | | | InappropriateEncoding.cs:66:16:66:42 | call to method Replace : String | InappropriateEncoding.cs:13:28:13:40 | call to method Encode : String | provenance | | -| SqlEncode.cs:14:17:14:21 | access to local variable query : String | SqlEncode.cs:15:46:15:50 | access to local variable query | provenance | | +| SqlEncode.cs:14:17:14:21 | access to local variable query : String | SqlEncode.cs:15:46:15:50 | access to local variable query | provenance | Sink:MaD:951 | | SqlEncode.cs:14:62:14:87 | call to method Replace : String | SqlEncode.cs:14:17:14:21 | access to local variable query : String | provenance | | | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | UrlEncode.cs:10:31:10:69 | ... + ... | provenance | | nodes diff --git a/csharp/ql/test/shared/FlowSummaries.qll b/csharp/ql/test/shared/FlowSummaries.qll index 2fecea3f62f4..47b1a005c5db 100644 --- a/csharp/ql/test/shared/FlowSummaries.qll +++ b/csharp/ql/test/shared/FlowSummaries.qll @@ -15,6 +15,6 @@ class IncludeSummarizedCallable extends SummarizedCallableImplFinal { predicate relevantSummary( SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue ) { - this.propagatesFlow(input, output, preservesValue) + this.propagatesFlow(input, output, preservesValue, _) } } diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll index 9df20606d27b..26572e27a781 100644 --- a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll @@ -82,9 +82,9 @@ private import codeql.mad.ModelValidation as SharedModelVal /** Holds if `package` have MaD framework coverage. */ private predicate packageHasMaDCoverage(string package) { - sourceModel(package, _, _, _, _, _, _, _, _) or - sinkModel(package, _, _, _, _, _, _, _, _) or - summaryModel(package, _, _, _, _, _, _, _, _, _) + sourceModel(package, _, _, _, _, _, _, _, _, _) or + sinkModel(package, _, _, _, _, _, _, _, _, _) or + summaryModel(package, _, _, _, _, _, _, _, _, _, _) } /** @@ -128,7 +128,7 @@ predicate modelCoverage(string package, int pkgs, string kind, string part, int strictcount(string subpkg, string type, boolean subtypes, string name, string signature, string ext, string output, string provenance | canonicalPackageHasASubpackage(package, subpkg) and - sourceModel(subpkg, type, subtypes, name, signature, ext, output, kind, provenance) + sourceModel(subpkg, type, subtypes, name, signature, ext, output, kind, provenance, _) ) or part = "sink" and @@ -136,7 +136,7 @@ predicate modelCoverage(string package, int pkgs, string kind, string part, int strictcount(string subpkg, string type, boolean subtypes, string name, string signature, string ext, string input, string provenance | canonicalPackageHasASubpackage(package, subpkg) and - sinkModel(subpkg, type, subtypes, name, signature, ext, input, kind, provenance) + sinkModel(subpkg, type, subtypes, name, signature, ext, input, kind, provenance, _) ) or part = "summary" and @@ -144,7 +144,8 @@ predicate modelCoverage(string package, int pkgs, string kind, string part, int strictcount(string subpkg, string type, boolean subtypes, string name, string signature, string ext, string input, string output, string provenance | canonicalPackageHasASubpackage(package, subpkg) and - summaryModel(subpkg, type, subtypes, name, signature, ext, input, output, kind, provenance) + summaryModel(subpkg, type, subtypes, name, signature, ext, input, output, kind, provenance, + _) ) ) } @@ -153,9 +154,9 @@ predicate modelCoverage(string package, int pkgs, string kind, string part, int module ModelValidation { private string getInvalidModelInput() { exists(string pred, AccessPath input, string part | - sinkModel(_, _, _, _, _, _, input, _, _) and pred = "sink" + sinkModel(_, _, _, _, _, _, input, _, _, _) and pred = "sink" or - summaryModel(_, _, _, _, _, _, input, _, _, _) and pred = "summary" + summaryModel(_, _, _, _, _, _, input, _, _, _, _) and pred = "summary" | ( invalidSpecComponent(input, part) and @@ -171,9 +172,9 @@ module ModelValidation { private string getInvalidModelOutput() { exists(string pred, string output, string part | - sourceModel(_, _, _, _, _, _, output, _, _) and pred = "source" + sourceModel(_, _, _, _, _, _, output, _, _, _) and pred = "source" or - summaryModel(_, _, _, _, _, _, _, output, _, _) and pred = "summary" + summaryModel(_, _, _, _, _, _, _, output, _, _, _) and pred = "summary" | invalidSpecComponent(output, part) and not part = "" and @@ -183,11 +184,11 @@ module ModelValidation { } private module KindValConfig implements SharedModelVal::KindValidationConfigSig { - predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _) } + predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _, _) } - predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _) } + predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _, _) } - predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _) } + predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _, _) } } private module KindVal = SharedModelVal::KindValidation; @@ -197,11 +198,12 @@ module ModelValidation { string pred, string package, string type, string name, string signature, string ext, string provenance | - sourceModel(package, type, _, name, signature, ext, _, _, provenance) and pred = "source" + sourceModel(package, type, _, name, signature, ext, _, _, provenance, _) and pred = "source" or - sinkModel(package, type, _, name, signature, ext, _, _, provenance) and pred = "sink" + sinkModel(package, type, _, name, signature, ext, _, _, provenance, _) and pred = "sink" or - summaryModel(package, type, _, name, signature, ext, _, _, _, provenance) and pred = "summary" + summaryModel(package, type, _, name, signature, ext, _, _, _, provenance, _) and + pred = "summary" | not package.replaceAll("$ANYVERSION", "").regexpMatch("[a-zA-Z0-9_\\./-]*") and result = "Dubious package \"" + package + "\" in " + pred + " model." @@ -237,9 +239,9 @@ pragma[nomagic] private predicate elementSpec( string package, string type, boolean subtypes, string name, string signature, string ext ) { - sourceModel(package, type, subtypes, name, signature, ext, _, _, _) or - sinkModel(package, type, subtypes, name, signature, ext, _, _, _) or - summaryModel(package, type, subtypes, name, signature, ext, _, _, _, _) + sourceModel(package, type, subtypes, name, signature, ext, _, _, _, _) or + sinkModel(package, type, subtypes, name, signature, ext, _, _, _, _) or + summaryModel(package, type, subtypes, name, signature, ext, _, _, _, _, _) } private string paramsStringPart(Function f, int i) { @@ -297,8 +299,8 @@ predicate hasExternalSpecification(Function f) { f = any(SummarizedCallable sc).asFunction() or exists(SourceSinkInterpretationInput::SourceOrSinkElement e | f = e.asEntity() | - SourceSinkInterpretationInput::sourceElement(e, _, _, _) or - SourceSinkInterpretationInput::sinkElement(e, _, _, _) + SourceSinkInterpretationInput::sourceElement(e, _, _, _, _) or + SourceSinkInterpretationInput::sinkElement(e, _, _, _, _) ) } @@ -351,9 +353,9 @@ private module Cached { * model. */ cached - predicate sourceNode(DataFlow::Node node, string kind) { + predicate sourceNode(DataFlow::Node node, string kind, string model) { exists(SourceSinkInterpretationInput::InterpretNode n | - isSourceNode(n, kind) and n.asNode() = node + isSourceNode(n, kind, model) and n.asNode() = node ) } @@ -362,57 +364,78 @@ private module Cached { * model. */ cached - predicate sinkNode(DataFlow::Node node, string kind) { + predicate sinkNode(DataFlow::Node node, string kind, string model) { exists(SourceSinkInterpretationInput::InterpretNode n | - isSinkNode(n, kind) and n.asNode() = node + isSinkNode(n, kind, model) and n.asNode() = node ) } } import Cached +/** + * Holds if `node` is specified as a source with the given kind in a MaD flow + * model. + */ +predicate sourceNode(DataFlow::Node node, string kind) { sourceNode(node, kind, _) } + +/** + * Holds if `node` is specified as a sink with the given kind in a MaD flow + * model. + */ +predicate sinkNode(DataFlow::Node node, string kind) { sinkNode(node, kind, _) } + private predicate interpretSummary( - Callable c, string input, string output, string kind, string provenance + Callable c, string input, string output, string kind, string provenance, string model ) { exists( - string namespace, string type, boolean subtypes, string name, string signature, string ext + string namespace, string type, boolean subtypes, string name, string signature, string ext, + QlBuiltins::ExtensionId madId | - summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance) and + summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance, + madId) and + model = "MaD:" + madId.toString() and c.asFunction() = interpretElement(namespace, type, subtypes, name, signature, ext).asEntity() ) } // adapter class for converting Mad summaries to `SummarizedCallable`s private class SummarizedCallableAdapter extends SummarizedCallable { - SummarizedCallableAdapter() { interpretSummary(this, _, _, _, _) } + SummarizedCallableAdapter() { interpretSummary(this, _, _, _, _, _) } - private predicate relevantSummaryElementManual(string input, string output, string kind) { + private predicate relevantSummaryElementManual( + string input, string output, string kind, string model + ) { exists(Provenance provenance | - interpretSummary(this, input, output, kind, provenance) and + interpretSummary(this, input, output, kind, provenance, model) and provenance.isManual() ) } - private predicate relevantSummaryElementGenerated(string input, string output, string kind) { + private predicate relevantSummaryElementGenerated( + string input, string output, string kind, string model + ) { exists(Provenance provenance | - interpretSummary(this, input, output, kind, provenance) and + interpretSummary(this, input, output, kind, provenance, model) and provenance.isGenerated() ) } - override predicate propagatesFlow(string input, string output, boolean preservesValue) { + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { exists(string kind | - this.relevantSummaryElementManual(input, output, kind) + this.relevantSummaryElementManual(input, output, kind, model) or - not this.relevantSummaryElementManual(_, _, _) and - this.relevantSummaryElementGenerated(input, output, kind) + not this.relevantSummaryElementManual(_, _, _, _) and + this.relevantSummaryElementGenerated(input, output, kind, model) | if kind = "value" then preservesValue = true else preservesValue = false ) } override predicate hasProvenance(Provenance provenance) { - interpretSummary(this, _, _, _, provenance) + interpretSummary(this, _, _, _, provenance, _) } } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index f750214010f3..ebfc08a797bf 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -4,6 +4,7 @@ private import DataFlowImplCommon private import ContainerFlow private import FlowSummaryImpl as FlowSummaryImpl private import semmle.go.dataflow.FlowSummary as FlowSummary +private import semmle.go.dataflow.ExternalFlow private import codeql.util.Unit import DataFlowNodes::Private @@ -410,6 +411,10 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { no /** Extra data-flow steps needed for lambda flow analysis. */ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } +predicate knownSourceModel(Node source, string model) { sourceNode(source, _, model) } + +predicate knownSinkModel(Node sink, string model) { sinkNode(sink, _, model) } + /** * Holds if flow is allowed to pass from parameter `p` and back to itself as a * side-effect, resulting in a summary from `p` to itself. diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll index 5a76d8592a8e..9f76e7c7c95b 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll @@ -104,7 +104,7 @@ predicate isReturnedWithError(Node node) { * (intra-procedural) step. */ predicate localFlowStep(Node nodeFrom, Node nodeTo) { - simpleLocalFlowStep(nodeFrom, nodeTo) + simpleLocalFlowStep(nodeFrom, nodeTo, _) or // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural @@ -118,14 +118,16 @@ predicate localFlowStep(Node nodeFrom, Node nodeTo) { * data flow. It may have less flow than the `localFlowStep` predicate. */ cached -predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - basicLocalFlowStep(nodeFrom, nodeTo) +predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { + basicLocalFlowStep(nodeFrom, nodeTo) and + model = "" or // step through function model - any(FunctionModel m).flowStep(nodeFrom, nodeTo) + any(FunctionModel m).flowStep(nodeFrom, nodeTo) and + model = "FunctionModel" or FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), - nodeTo.(FlowSummaryNode).getSummaryNode(), true) + nodeTo.(FlowSummaryNode).getSummaryNode(), true, model) } /** diff --git a/go/ql/lib/semmle/go/dataflow/internal/ExternalFlowExtensions.qll b/go/ql/lib/semmle/go/dataflow/internal/ExternalFlowExtensions.qll index 24a8ddf4b8de..327cd65df87f 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/ExternalFlowExtensions.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/ExternalFlowExtensions.qll @@ -7,7 +7,7 @@ */ extensible predicate sourceModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string output, string kind, string provenance + string output, string kind, string provenance, QlBuiltins::ExtensionId madId ); /** @@ -15,7 +15,7 @@ extensible predicate sourceModel( */ extensible predicate sinkModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string input, string kind, string provenance + string input, string kind, string provenance, QlBuiltins::ExtensionId madId ); /** @@ -23,5 +23,5 @@ extensible predicate sinkModel( */ extensible predicate summaryModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string input, string output, string kind, string provenance + string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId ); diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index 1a51af5c3fb3..d5f7d72b2d07 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -104,12 +104,14 @@ module SourceSinkInterpretationInput implements * `output`, kind `kind`, and provenance `provenance`. */ predicate sourceElement( - SourceOrSinkElement e, string output, string kind, Public::Provenance provenance + SourceOrSinkElement e, string output, string kind, Public::Provenance provenance, string model ) { exists( - string package, string type, boolean subtypes, string name, string signature, string ext + string package, string type, boolean subtypes, string name, string signature, string ext, + QlBuiltins::ExtensionId madId | - sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance) and + sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance, madId) and + model = "MaD:" + madId.toString() and e = interpretElement(package, type, subtypes, name, signature, ext) ) } @@ -119,12 +121,14 @@ module SourceSinkInterpretationInput implements * `input`, kind `kind` and provenance `provenance`. */ predicate sinkElement( - SourceOrSinkElement e, string input, string kind, Public::Provenance provenance + SourceOrSinkElement e, string input, string kind, Public::Provenance provenance, string model ) { exists( - string package, string type, boolean subtypes, string name, string signature, string ext + string package, string type, boolean subtypes, string name, string signature, string ext, + QlBuiltins::ExtensionId madId | - sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) and + sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, madId) and + model = "MaD:" + madId.toString() and e = interpretElement(package, type, subtypes, name, signature, ext) ) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index 77b9d867121a..9c645bac1da6 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -28,7 +28,7 @@ predicate localExprTaint(Expr src, Expr sink) { */ predicate localTaintStep(DataFlow::Node src, DataFlow::Node sink) { DataFlow::localFlowStep(src, sink) or - localAdditionalTaintStep(src, sink) or + localAdditionalTaintStep(src, sink, _) or // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(src, sink, _) @@ -86,18 +86,24 @@ class AdditionalTaintStep extends Unit { * Holds if the additional step from `pred` to `succ` should be included in all * global taint flow configurations. */ -predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - referenceStep(pred, succ) or - elementWriteStep(pred, succ) or - fieldReadStep(pred, succ) or - elementStep(pred, succ) or - tupleStep(pred, succ) or - stringConcatStep(pred, succ) or - sliceStep(pred, succ) or - any(FunctionModel fm).taintStep(pred, succ) or - any(AdditionalTaintStep a).step(pred, succ) or +predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) { + ( + referenceStep(pred, succ) or + elementWriteStep(pred, succ) or + fieldReadStep(pred, succ) or + elementStep(pred, succ) or + tupleStep(pred, succ) or + stringConcatStep(pred, succ) or + sliceStep(pred, succ) + ) and + model = "" + or + any(FunctionModel fm).taintStep(pred, succ) and model = "FunctionModel" + or + any(AdditionalTaintStep a).step(pred, succ) and model = "AdditionalTaintStep" + or FlowSummaryImpl::Private::Steps::summaryLocalStep(pred.(DataFlowPrivate::FlowSummaryNode) - .getSummaryNode(), succ.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false) + .getSummaryNode(), succ.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false, model) } /** @@ -207,8 +213,8 @@ abstract class FunctionModel extends Function { * Holds if the additional step from `src` to `sink` should be included in all * global taint flow configurations. */ -predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { - localAdditionalTaintStep(src, sink) +predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink, string model) { + localAdditionalTaintStep(src, sink, model) } /** diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll index 787bf40e9cc6..c63cf71737b1 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll @@ -159,7 +159,7 @@ module NetHttp { | this = call.getASyntacticArgument() and callable = call.getACalleeIncludingExternals() and - callable.propagatesFlow(input, output, _) + callable.propagatesFlow(input, output, _, _) | // A modeled function conveying taint from some input to the response writer, // e.g. `io.Copy(responseWriter, someTaintedReader)` diff --git a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll index 3447f2f6dbeb..df417397b138 100644 --- a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll +++ b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll @@ -509,7 +509,7 @@ private module ConversionWithoutBoundsCheckConfig implements DataFlow::StateConf ) { // Create additional flow steps for `BarrierFlowStateTransformer`s state2 = node2.(BarrierFlowStateTransformer).transform(state1) and - DataFlow::simpleLocalFlowStep(node1, node2) + DataFlow::simpleLocalFlowStep(node1, node2, _) } } diff --git a/go/ql/test/experimental/CWE-090/LDAPInjection.expected b/go/ql/test/experimental/CWE-090/LDAPInjection.expected index 2815643c014f..740121e56318 100644 --- a/go/ql/test/experimental/CWE-090/LDAPInjection.expected +++ b/go/ql/test/experimental/CWE-090/LDAPInjection.expected @@ -1,18 +1,18 @@ edges -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:671 | | LDAPInjection.go:62:3:62:33 | slice literal [array] | LDAPInjection.go:62:3:62:33 | slice literal | provenance | | | LDAPInjection.go:62:24:62:32 | untrusted | LDAPInjection.go:62:3:62:33 | slice literal [array] | provenance | | | LDAPInjection.go:69:3:69:33 | slice literal [array] | LDAPInjection.go:69:3:69:33 | slice literal | provenance | | diff --git a/go/ql/test/experimental/CWE-203/Timing.expected b/go/ql/test/experimental/CWE-203/Timing.expected index b1aa5487aa97..714a8475ddab 100644 --- a/go/ql/test/experimental/CWE-203/Timing.expected +++ b/go/ql/test/experimental/CWE-203/Timing.expected @@ -1,9 +1,9 @@ edges -| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | | +| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | MaD:652 | | timing.go:15:18:15:45 | call to Get | timing.go:17:31:17:42 | headerSecret | provenance | | -| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | | +| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | MaD:652 | | timing.go:28:18:28:45 | call to Get | timing.go:30:47:30:58 | headerSecret | provenance | | -| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | | +| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | MaD:652 | | timing.go:41:18:41:45 | call to Get | timing.go:42:25:42:36 | headerSecret | provenance | | nodes | timing.go:15:18:15:27 | selection of Header | semmle.label | selection of Header | diff --git a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected index 14629dfec2e0..0cc7cab4cfa8 100644 --- a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected +++ b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected @@ -1,5 +1,5 @@ edges -| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | | +| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | MaD:732 | | ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword | provenance | | | ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | provenance | | nodes diff --git a/go/ql/test/experimental/CWE-369/DivideByZero.expected b/go/ql/test/experimental/CWE-369/DivideByZero.expected index 0b6eeb933176..871b794cb308 100644 --- a/go/ql/test/experimental/CWE-369/DivideByZero.expected +++ b/go/ql/test/experimental/CWE-369/DivideByZero.expected @@ -1,24 +1,24 @@ edges -| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | | +| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | MaD:732 | | DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:11:27:11:32 | param1 | provenance | | | DivideByZero.go:11:2:11:33 | ... := ...[0] | DivideByZero.go:12:16:12:20 | value | provenance | | | DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] | provenance | | -| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | | +| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | MaD:732 | | DivideByZero.go:17:12:17:24 | call to Query | DivideByZero.go:18:11:18:24 | type conversion | provenance | | | DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value | provenance | | -| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | | +| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | MaD:732 | | DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:25:31:25:36 | param1 | provenance | | | DivideByZero.go:25:2:25:45 | ... := ...[0] | DivideByZero.go:26:16:26:20 | value | provenance | | | DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] | provenance | | -| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | | +| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | MaD:732 | | DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:32:33:32:38 | param1 | provenance | | | DivideByZero.go:32:2:32:43 | ... := ...[0] | DivideByZero.go:33:16:33:20 | value | provenance | | | DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] | provenance | | -| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | | +| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | MaD:732 | | DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:39:32:39:37 | param1 | provenance | | | DivideByZero.go:39:2:39:46 | ... := ...[0] | DivideByZero.go:40:16:40:20 | value | provenance | | | DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] | provenance | | -| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | | +| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | MaD:732 | | DivideByZero.go:54:12:54:24 | call to Query | DivideByZero.go:55:11:55:24 | type conversion | provenance | | | DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value | provenance | | nodes diff --git a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected index 5136387a80ab..ebdb7e467cf6 100644 --- a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected +++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected @@ -1,5 +1,5 @@ edges -| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | | +| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:667 | | test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | definition of file | provenance | | | test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | definition of file | provenance | | | test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | definition of file | provenance | | @@ -24,7 +24,7 @@ edges | test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance | | | test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | | | test.go:132:3:132:19 | ... := ...[0] | test.go:134:37:134:38 | rc | provenance | | -| test.go:132:12:132:12 | f | test.go:132:3:132:19 | ... := ...[0] | provenance | | +| test.go:132:12:132:12 | f | test.go:132:3:132:19 | ... := ...[0] | provenance | MaD:8 | | test.go:143:2:143:59 | ... := ...[0] | test.go:144:20:144:37 | implicit dereference | provenance | | | test.go:143:51:143:58 | filename | test.go:143:2:143:59 | ... := ...[0] | provenance | | | test.go:144:20:144:37 | implicit dereference | test.go:144:20:144:37 | implicit dereference | provenance | | @@ -34,18 +34,18 @@ edges | test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance | | | test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance | | | test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance | | -| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | | +| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:544 | | test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance | | | test.go:160:32:160:53 | call to NewReader | test.go:160:2:160:69 | ... := ...[0] | provenance | | -| test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | | +| test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:40 | | test.go:163:3:163:36 | ... := ...[0] | test.go:164:36:164:51 | fileReaderCloser | provenance | | -| test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | | +| test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:8 | | test.go:169:28:169:31 | definition of file | test.go:170:25:170:28 | file | provenance | | | test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance | | -| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | | +| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:544 | | test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance | | | test.go:171:41:171:62 | call to NewReader | test.go:171:2:171:78 | ... := ...[0] | provenance | | -| test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | | +| test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:40 | | test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance | | | test.go:175:26:175:36 | call to Open | test.go:176:36:176:51 | fileReaderCloser | provenance | | | test.go:181:17:181:20 | definition of file | test.go:184:41:184:44 | file | provenance | | @@ -53,49 +53,49 @@ edges | test.go:184:2:184:73 | ... := ...[0] | test.go:187:26:187:36 | bzip2Reader | provenance | | | test.go:184:41:184:44 | file | test.go:184:2:184:73 | ... := ...[0] | provenance | | | test.go:187:12:187:37 | call to NewReader | test.go:189:18:189:24 | tarRead | provenance | | -| test.go:187:26:187:36 | bzip2Reader | test.go:187:12:187:37 | call to NewReader | provenance | | +| test.go:187:26:187:36 | bzip2Reader | test.go:187:12:187:37 | call to NewReader | provenance | MaD:1 | | test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:208:12:208:15 | definition of file | test.go:211:33:211:36 | file | provenance | | | test.go:211:17:211:37 | call to NewReader | test.go:213:2:213:12 | bzip2Reader | provenance | | | test.go:211:17:211:37 | call to NewReader | test.go:214:26:214:36 | bzip2Reader | provenance | | | test.go:211:33:211:36 | file | test.go:211:17:211:37 | call to NewReader | provenance | | | test.go:214:12:214:37 | call to NewReader | test.go:216:18:216:24 | tarRead | provenance | | -| test.go:214:26:214:36 | bzip2Reader | test.go:214:12:214:37 | call to NewReader | provenance | | +| test.go:214:26:214:36 | bzip2Reader | test.go:214:12:214:37 | call to NewReader | provenance | MaD:1 | | test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:233:12:233:15 | definition of file | test.go:236:33:236:36 | file | provenance | | | test.go:236:17:236:37 | call to NewReader | test.go:238:2:238:12 | flateReader | provenance | | | test.go:236:17:236:37 | call to NewReader | test.go:239:26:239:36 | flateReader | provenance | | | test.go:236:33:236:36 | file | test.go:236:17:236:37 | call to NewReader | provenance | | | test.go:239:12:239:37 | call to NewReader | test.go:241:18:241:24 | tarRead | provenance | | -| test.go:239:26:239:36 | flateReader | test.go:239:12:239:37 | call to NewReader | provenance | | +| test.go:239:26:239:36 | flateReader | test.go:239:12:239:37 | call to NewReader | provenance | MaD:1 | | test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:258:21:258:24 | definition of file | test.go:261:42:261:45 | file | provenance | | | test.go:261:17:261:46 | call to NewReader | test.go:263:2:263:12 | flateReader | provenance | | | test.go:261:17:261:46 | call to NewReader | test.go:264:26:264:36 | flateReader | provenance | | | test.go:261:42:261:45 | file | test.go:261:17:261:46 | call to NewReader | provenance | | | test.go:264:12:264:37 | call to NewReader | test.go:266:18:266:24 | tarRead | provenance | | -| test.go:264:26:264:36 | flateReader | test.go:264:12:264:37 | call to NewReader | provenance | | +| test.go:264:26:264:36 | flateReader | test.go:264:12:264:37 | call to NewReader | provenance | MaD:1 | | test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:283:17:283:20 | definition of file | test.go:286:41:286:44 | file | provenance | | | test.go:286:2:286:73 | ... := ...[0] | test.go:288:2:288:12 | flateReader | provenance | | | test.go:286:2:286:73 | ... := ...[0] | test.go:289:26:289:36 | flateReader | provenance | | | test.go:286:41:286:44 | file | test.go:286:2:286:73 | ... := ...[0] | provenance | | | test.go:289:12:289:37 | call to NewReader | test.go:291:18:291:24 | tarRead | provenance | | -| test.go:289:26:289:36 | flateReader | test.go:289:12:289:37 | call to NewReader | provenance | | +| test.go:289:26:289:36 | flateReader | test.go:289:12:289:37 | call to NewReader | provenance | MaD:1 | | test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:308:20:308:23 | definition of file | test.go:311:43:311:46 | file | provenance | | | test.go:311:2:311:47 | ... := ...[0] | test.go:313:2:313:11 | zlibReader | provenance | | | test.go:311:2:311:47 | ... := ...[0] | test.go:314:26:314:35 | zlibReader | provenance | | | test.go:311:43:311:46 | file | test.go:311:2:311:47 | ... := ...[0] | provenance | | | test.go:314:12:314:36 | call to NewReader | test.go:316:18:316:24 | tarRead | provenance | | -| test.go:314:26:314:35 | zlibReader | test.go:314:12:314:36 | call to NewReader | provenance | | +| test.go:314:26:314:35 | zlibReader | test.go:314:12:314:36 | call to NewReader | provenance | MaD:1 | | test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:333:11:333:14 | definition of file | test.go:336:34:336:37 | file | provenance | | | test.go:336:2:336:38 | ... := ...[0] | test.go:338:2:338:11 | zlibReader | provenance | | | test.go:336:2:336:38 | ... := ...[0] | test.go:339:26:339:35 | zlibReader | provenance | | | test.go:336:34:336:37 | file | test.go:336:2:336:38 | ... := ...[0] | provenance | | | test.go:339:12:339:36 | call to NewReader | test.go:341:18:341:24 | tarRead | provenance | | -| test.go:339:26:339:35 | zlibReader | test.go:339:12:339:36 | call to NewReader | provenance | | +| test.go:339:26:339:35 | zlibReader | test.go:339:12:339:36 | call to NewReader | provenance | MaD:1 | | test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:358:13:358:16 | definition of file | test.go:361:35:361:38 | file | provenance | | | test.go:361:18:361:39 | call to NewReader | test.go:363:2:363:13 | snappyReader | provenance | | @@ -103,7 +103,7 @@ edges | test.go:361:18:361:39 | call to NewReader | test.go:365:26:365:37 | snappyReader | provenance | | | test.go:361:35:361:38 | file | test.go:361:18:361:39 | call to NewReader | provenance | | | test.go:365:12:365:38 | call to NewReader | test.go:367:18:367:24 | tarRead | provenance | | -| test.go:365:26:365:37 | snappyReader | test.go:365:12:365:38 | call to NewReader | provenance | | +| test.go:365:26:365:37 | snappyReader | test.go:365:12:365:38 | call to NewReader | provenance | MaD:1 | | test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:384:22:384:25 | definition of file | test.go:387:44:387:47 | file | provenance | | | test.go:387:18:387:48 | call to NewReader | test.go:389:2:389:13 | snappyReader | provenance | | @@ -112,7 +112,7 @@ edges | test.go:387:18:387:48 | call to NewReader | test.go:393:26:393:37 | snappyReader | provenance | | | test.go:387:44:387:47 | file | test.go:387:18:387:48 | call to NewReader | provenance | | | test.go:393:12:393:38 | call to NewReader | test.go:395:18:395:24 | tarRead | provenance | | -| test.go:393:26:393:37 | snappyReader | test.go:393:12:393:38 | call to NewReader | provenance | | +| test.go:393:26:393:37 | snappyReader | test.go:393:12:393:38 | call to NewReader | provenance | MaD:1 | | test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:412:9:412:12 | definition of file | test.go:415:27:415:30 | file | provenance | | | test.go:415:14:415:31 | call to NewReader | test.go:417:2:417:9 | s2Reader | provenance | | @@ -121,7 +121,7 @@ edges | test.go:415:14:415:31 | call to NewReader | test.go:421:26:421:33 | s2Reader | provenance | | | test.go:415:27:415:30 | file | test.go:415:14:415:31 | call to NewReader | provenance | | | test.go:421:12:421:34 | call to NewReader | test.go:423:18:423:24 | tarRead | provenance | | -| test.go:421:26:421:33 | s2Reader | test.go:421:12:421:34 | call to NewReader | provenance | | +| test.go:421:26:421:33 | s2Reader | test.go:421:12:421:34 | call to NewReader | provenance | MaD:1 | | test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:440:19:440:21 | definition of src | test.go:441:34:441:36 | src | provenance | | | test.go:441:2:441:37 | ... := ...[0] | test.go:444:12:444:32 | type conversion | provenance | | @@ -132,7 +132,7 @@ edges | test.go:450:2:450:38 | ... := ...[0] | test.go:453:26:453:35 | gzipReader | provenance | | | test.go:450:34:450:37 | file | test.go:450:2:450:38 | ... := ...[0] | provenance | | | test.go:453:12:453:36 | call to NewReader | test.go:455:18:455:24 | tarRead | provenance | | -| test.go:453:26:453:35 | gzipReader | test.go:453:12:453:36 | call to NewReader | provenance | | +| test.go:453:26:453:35 | gzipReader | test.go:453:12:453:36 | call to NewReader | provenance | MaD:1 | | test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:472:20:472:23 | definition of file | test.go:475:43:475:46 | file | provenance | | | test.go:475:2:475:47 | ... := ...[0] | test.go:477:2:477:11 | gzipReader | provenance | | @@ -140,7 +140,7 @@ edges | test.go:475:2:475:47 | ... := ...[0] | test.go:480:26:480:35 | gzipReader | provenance | | | test.go:475:43:475:46 | file | test.go:475:2:475:47 | ... := ...[0] | provenance | | | test.go:480:12:480:36 | call to NewReader | test.go:482:18:482:24 | tarRead | provenance | | -| test.go:480:26:480:35 | gzipReader | test.go:480:12:480:36 | call to NewReader | provenance | | +| test.go:480:26:480:35 | gzipReader | test.go:480:12:480:36 | call to NewReader | provenance | MaD:1 | | test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:499:20:499:23 | definition of file | test.go:502:45:502:48 | file | provenance | | | test.go:502:2:502:49 | ... := ...[0] | test.go:504:2:504:12 | pgzipReader | provenance | | @@ -148,7 +148,7 @@ edges | test.go:502:2:502:49 | ... := ...[0] | test.go:507:26:507:36 | pgzipReader | provenance | | | test.go:502:45:502:48 | file | test.go:502:2:502:49 | ... := ...[0] | provenance | | | test.go:507:12:507:37 | call to NewReader | test.go:509:18:509:24 | tarRead | provenance | | -| test.go:507:26:507:36 | pgzipReader | test.go:507:12:507:37 | call to NewReader | provenance | | +| test.go:507:26:507:36 | pgzipReader | test.go:507:12:507:37 | call to NewReader | provenance | MaD:1 | | test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:526:21:526:24 | definition of file | test.go:529:43:529:46 | file | provenance | | | test.go:529:2:529:47 | ... := ...[0] | test.go:531:2:531:11 | zstdReader | provenance | | @@ -157,14 +157,14 @@ edges | test.go:529:2:529:47 | ... := ...[0] | test.go:536:26:536:35 | zstdReader | provenance | | | test.go:529:43:529:46 | file | test.go:529:2:529:47 | ... := ...[0] | provenance | | | test.go:536:12:536:36 | call to NewReader | test.go:538:18:538:24 | tarRead | provenance | | -| test.go:536:26:536:35 | zstdReader | test.go:536:12:536:36 | call to NewReader | provenance | | +| test.go:536:26:536:35 | zstdReader | test.go:536:12:536:36 | call to NewReader | provenance | MaD:1 | | test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:555:19:555:22 | definition of file | test.go:558:38:558:41 | file | provenance | | | test.go:558:16:558:42 | call to NewReader | test.go:560:2:560:11 | zstdReader | provenance | | | test.go:558:16:558:42 | call to NewReader | test.go:561:26:561:35 | zstdReader | provenance | | | test.go:558:38:558:41 | file | test.go:558:16:558:42 | call to NewReader | provenance | | | test.go:561:12:561:36 | call to NewReader | test.go:563:18:563:24 | tarRead | provenance | | -| test.go:561:26:561:35 | zstdReader | test.go:561:12:561:36 | call to NewReader | provenance | | +| test.go:561:26:561:35 | zstdReader | test.go:561:12:561:36 | call to NewReader | provenance | MaD:1 | | test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:580:9:580:12 | definition of file | test.go:583:30:583:33 | file | provenance | | | test.go:583:2:583:34 | ... := ...[0] | test.go:585:2:585:9 | xzReader | provenance | | @@ -172,7 +172,7 @@ edges | test.go:583:30:583:33 | file | test.go:583:2:583:34 | ... := ...[0] | provenance | | | test.go:586:12:586:34 | call to NewReader | test.go:589:18:589:24 | tarRead | provenance | | | test.go:586:12:586:34 | call to NewReader | test.go:590:19:590:25 | tarRead | provenance | | -| test.go:586:26:586:33 | xzReader | test.go:586:12:586:34 | call to NewReader | provenance | | +| test.go:586:26:586:33 | xzReader | test.go:586:12:586:34 | call to NewReader | provenance | MaD:1 | | test.go:589:18:589:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | | | test.go:590:19:590:25 | tarRead | test.go:627:23:627:29 | definition of tarRead | provenance | | | test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance | | diff --git a/go/ql/test/experimental/CWE-74/DsnInjection.expected b/go/ql/test/experimental/CWE-74/DsnInjection.expected index 2788c186d006..fe3300c6dd45 100644 --- a/go/ql/test/experimental/CWE-74/DsnInjection.expected +++ b/go/ql/test/experimental/CWE-74/DsnInjection.expected @@ -1,9 +1,9 @@ edges -| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:49:102:49:105 | name | provenance | | -| Dsn.go:49:11:49:106 | []type{args} [array] | Dsn.go:49:11:49:106 | call to Sprintf | provenance | | +| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:49:102:49:105 | name | provenance | Src:MaD:667 | +| Dsn.go:49:11:49:106 | []type{args} [array] | Dsn.go:49:11:49:106 | call to Sprintf | provenance | MaD:242 | | Dsn.go:49:11:49:106 | call to Sprintf | Dsn.go:50:29:50:33 | dbDSN | provenance | | | Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | []type{args} [array] | provenance | | -| Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | call to Sprintf | provenance | | +| Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | call to Sprintf | provenance | FunctionModel | nodes | Dsn.go:47:10:47:30 | call to FormValue | semmle.label | call to FormValue | | Dsn.go:49:11:49:106 | []type{args} [array] | semmle.label | []type{args} [array] | diff --git a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected index ffe20d053f7a..45fe5766a705 100644 --- a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected +++ b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected @@ -1,9 +1,9 @@ edges | Dsn.go:26:11:26:17 | selection of Args | Dsn.go:28:102:28:109 | index expression | provenance | | -| Dsn.go:28:11:28:110 | []type{args} [array] | Dsn.go:28:11:28:110 | call to Sprintf | provenance | | +| Dsn.go:28:11:28:110 | []type{args} [array] | Dsn.go:28:11:28:110 | call to Sprintf | provenance | MaD:242 | | Dsn.go:28:11:28:110 | call to Sprintf | Dsn.go:29:29:29:33 | dbDSN | provenance | | | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | []type{args} [array] | provenance | | -| Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | call to Sprintf | provenance | | +| Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | call to Sprintf | provenance | FunctionModel | | Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:63:9:63:11 | cfg [pointer] | provenance | | | Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance | | | Dsn.go:63:9:63:11 | cfg [pointer] | Dsn.go:63:9:63:11 | implicit dereference | provenance | | @@ -11,14 +11,14 @@ edges | Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | provenance | | | Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | | | Dsn.go:63:19:63:25 | selection of Args | Dsn.go:63:19:63:29 | slice expression | provenance | | -| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference | provenance | | -| Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | | +| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference | provenance | FunctionModel | +| Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | MaD:242 | | Dsn.go:67:11:67:109 | call to Sprintf | Dsn.go:68:29:68:33 | dbDSN | provenance | | | Dsn.go:67:102:67:104 | cfg [pointer] | Dsn.go:67:102:67:104 | implicit dereference | provenance | | | Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | provenance | | | Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | | | Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | []type{args} [array] | provenance | | -| Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | call to Sprintf | provenance | | +| Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | call to Sprintf | provenance | FunctionModel | nodes | Dsn.go:26:11:26:17 | selection of Args | semmle.label | selection of Args | | Dsn.go:28:11:28:110 | []type{args} [array] | semmle.label | []type{args} [array] | diff --git a/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected b/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected index 1d0f5facd038..b99e5cd58751 100644 --- a/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected +++ b/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected @@ -1,28 +1,28 @@ edges | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | HTMLTemplateEscapingPassthrough.go:30:39:30:39 | a | provenance | | -| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | provenance | | +| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | provenance | Src:MaD:671 | | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | HTMLTemplateEscapingPassthrough.go:36:40:36:40 | a | provenance | | -| HTMLTemplateEscapingPassthrough.go:35:23:35:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | provenance | | +| HTMLTemplateEscapingPassthrough.go:35:23:35:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | provenance | Src:MaD:671 | | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | HTMLTemplateEscapingPassthrough.go:41:40:41:40 | a | provenance | | -| HTMLTemplateEscapingPassthrough.go:40:19:40:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | provenance | | +| HTMLTemplateEscapingPassthrough.go:40:19:40:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | provenance | Src:MaD:671 | | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | HTMLTemplateEscapingPassthrough.go:47:41:47:41 | c | provenance | | -| HTMLTemplateEscapingPassthrough.go:46:29:46:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | provenance | | +| HTMLTemplateEscapingPassthrough.go:46:29:46:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | provenance | Src:MaD:671 | | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | HTMLTemplateEscapingPassthrough.go:51:44:51:44 | d | provenance | | -| HTMLTemplateEscapingPassthrough.go:50:23:50:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | provenance | | +| HTMLTemplateEscapingPassthrough.go:50:23:50:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | provenance | Src:MaD:671 | | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | HTMLTemplateEscapingPassthrough.go:55:44:55:44 | e | provenance | | -| HTMLTemplateEscapingPassthrough.go:54:26:54:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | provenance | | +| HTMLTemplateEscapingPassthrough.go:54:26:54:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | provenance | Src:MaD:671 | | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | HTMLTemplateEscapingPassthrough.go:59:38:59:38 | b | provenance | | -| HTMLTemplateEscapingPassthrough.go:58:24:58:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | provenance | | +| HTMLTemplateEscapingPassthrough.go:58:24:58:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | provenance | Src:MaD:671 | | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | HTMLTemplateEscapingPassthrough.go:63:44:63:44 | f | provenance | | -| HTMLTemplateEscapingPassthrough.go:62:27:62:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | provenance | | +| HTMLTemplateEscapingPassthrough.go:62:27:62:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | provenance | Src:MaD:671 | | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | HTMLTemplateEscapingPassthrough.go:67:38:67:38 | g | provenance | | -| HTMLTemplateEscapingPassthrough.go:66:24:66:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | provenance | | -| HTMLTemplateEscapingPassthrough.go:75:17:75:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:76:38:76:44 | escaped | provenance | | -| HTMLTemplateEscapingPassthrough.go:81:10:81:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:84:38:84:40 | src | provenance | | -| HTMLTemplateEscapingPassthrough.go:89:10:89:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | provenance | | +| HTMLTemplateEscapingPassthrough.go:66:24:66:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:75:17:75:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:76:38:76:44 | escaped | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:81:10:81:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:84:38:84:40 | src | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:89:10:89:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | provenance | Src:MaD:671 | | HTMLTemplateEscapingPassthrough.go:91:16:91:77 | type conversion | HTMLTemplateEscapingPassthrough.go:92:38:92:46 | converted | provenance | | | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | HTMLTemplateEscapingPassthrough.go:91:16:91:77 | type conversion | provenance | | -| HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | provenance | | +| HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | provenance | MaD:519 | nodes | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | semmle.label | type conversion | | HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | semmle.label | call to UserAgent | diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected index 0e5bdee9671d..3eff488162ec 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.expected +++ b/go/ql/test/experimental/CWE-918/SSRF.expected @@ -1,44 +1,44 @@ edges -| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | | -| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | | -| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | | -| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | | -| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | | +| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:667 | +| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:670 | +| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:670 | +| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:670 | +| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:670 | | new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word | provenance | | | new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe | provenance | | | new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | | -| new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | | +| new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:242 | | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | []type{args} [array] | provenance | | -| new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | | -| new-tests.go:32:11:32:57 | []type{args} [array] | new-tests.go:32:11:32:57 | call to Sprintf | provenance | | +| new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | FunctionModel | +| new-tests.go:32:11:32:57 | []type{args} [array] | new-tests.go:32:11:32:57 | call to Sprintf | provenance | MaD:242 | | new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | []type{args} [array] | provenance | | -| new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | call to Sprintf | provenance | | -| new-tests.go:35:12:35:58 | []type{args} [array] | new-tests.go:35:12:35:58 | call to Sprintf | provenance | | +| new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | call to Sprintf | provenance | FunctionModel | +| new-tests.go:35:12:35:58 | []type{args} [array] | new-tests.go:35:12:35:58 | call to Sprintf | provenance | MaD:242 | | new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | []type{args} [array] | provenance | | -| new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf | provenance | | +| new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf | provenance | FunctionModel | | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | | | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | | | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance | | -| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | | -| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | | +| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | MaD:537 | +| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:181 | | new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word | provenance | | | new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe | provenance | | | new-tests.go:63:26:63:30 | &... | new-tests.go:74:49:74:57 | selection of word | provenance | | -| new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | | +| new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:242 | | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | []type{args} [array] | provenance | | -| new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf | provenance | | -| new-tests.go:69:11:69:57 | []type{args} [array] | new-tests.go:69:11:69:57 | call to Sprintf | provenance | | +| new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf | provenance | FunctionModel | +| new-tests.go:69:11:69:57 | []type{args} [array] | new-tests.go:69:11:69:57 | call to Sprintf | provenance | MaD:242 | | new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | []type{args} [array] | provenance | | -| new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | call to Sprintf | provenance | | -| new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | | +| new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | call to Sprintf | provenance | FunctionModel | +| new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:242 | | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | []type{args} [array] | provenance | | -| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | | -| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | | -| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | | +| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | FunctionModel | +| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | MaD:732 | +| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:739 | | new-tests.go:78:18:78:46 | call to Get | new-tests.go:79:11:79:46 | ...+... | provenance | | | new-tests.go:81:18:81:67 | call to TrimPrefix | new-tests.go:82:11:82:46 | ...+... | provenance | | | new-tests.go:81:37:81:43 | selection of URL | new-tests.go:81:37:81:48 | selection of Path | provenance | | -| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | | +| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:855 | | new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | provenance | | | new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | provenance | | nodes diff --git a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected index c126e70195b3..e33725ab78ab 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected @@ -1,6 +1,6 @@ edges | Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance | | -| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | | +| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | MaD:550 | nodes | Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b | | Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/HiddenNodes/test.expected b/go/ql/test/library-tests/semmle/go/dataflow/HiddenNodes/test.expected index 1bd17817463b..12ce400b1dd4 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/HiddenNodes/test.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/HiddenNodes/test.expected @@ -1,7 +1,7 @@ edges | test.go:14:8:14:15 | call to source | test.go:15:34:15:35 | fi | provenance | | | test.go:15:2:15:44 | ... := ...[0] | test.go:16:7:16:12 | header | provenance | | -| test.go:15:34:15:35 | fi | test.go:15:2:15:44 | ... := ...[0] | provenance | | +| test.go:15:34:15:35 | fi | test.go:15:2:15:44 | ... := ...[0] | provenance | MaD:0 | nodes | test.go:14:8:14:15 | call to source | semmle.label | call to source | | test.go:15:2:15:44 | ... := ...[0] | semmle.label | ... := ...[0] | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected index 5825fcdfcd69..575045cc46ed 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected @@ -24,21 +24,21 @@ edges | test.go:199:15:199:26 | call to Data | test.go:204:36:204:53 | type assertion | provenance | | | test.go:199:15:199:26 | call to Data | test.go:205:34:205:51 | type assertion | provenance | | | test.go:200:21:200:54 | call to HTML2str | test.go:200:14:200:55 | type conversion | provenance | | -| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | | +| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:246 | | test.go:201:21:201:57 | call to Htmlunquote | test.go:201:14:201:58 | type conversion | provenance | | -| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | | +| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:248 | | test.go:202:2:202:68 | ... := ...[0] | test.go:203:14:203:28 | type assertion | provenance | | -| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | | +| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:249 | | test.go:204:21:204:54 | call to Str2html | test.go:204:14:204:55 | type conversion | provenance | | -| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | | +| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:251 | | test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | provenance | | -| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | | +| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:252 | | test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | provenance | | -| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | | +| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | MaD:250 | | test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | | | test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | | | test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | provenance | | -| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | | +| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:537 | | test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | provenance | | | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | | | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | | @@ -64,41 +64,41 @@ edges | test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | | | test.go:276:2:276:13 | definition of genericFiles [array] | test.go:297:51:297:62 | genericFiles [array] | provenance | | | test.go:278:21:278:28 | index expression | test.go:276:2:276:13 | definition of genericFiles [array] | provenance | | -| test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | | +| test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | FunctionModel | | test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | provenance | | -| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | | +| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:260 | | test.go:285:21:285:60 | call to SliceDiff | test.go:285:21:285:96 | selection of Filename | provenance | | -| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | | +| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:261 | | test.go:290:3:292:44 | call to SliceFilter | test.go:290:3:292:80 | selection of Filename | provenance | | -| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | | +| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:262 | | test.go:293:21:293:65 | call to SliceIntersect | test.go:293:21:293:101 | selection of Filename | provenance | | -| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | | +| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:263 | | test.go:294:21:294:65 | call to SliceIntersect | test.go:294:21:294:101 | selection of Filename | provenance | | -| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | | +| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:263 | | test.go:295:21:295:61 | call to SliceMerge | test.go:295:21:295:97 | selection of Filename | provenance | | -| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | | +| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:264 | | test.go:296:21:296:61 | call to SliceMerge | test.go:296:21:296:97 | selection of Filename | provenance | | -| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | | +| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:264 | | test.go:297:21:297:66 | call to SlicePad | test.go:297:21:297:102 | selection of Filename | provenance | | | test.go:297:51:297:62 | genericFiles [array] | test.go:297:51:297:65 | index expression | provenance | | -| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | | +| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:265 | | test.go:298:21:298:66 | call to SlicePad | test.go:298:21:298:102 | selection of Filename | provenance | | -| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | | +| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:265 | | test.go:299:21:299:49 | call to SliceRand | test.go:299:21:299:82 | selection of Filename | provenance | | -| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | | +| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:266 | | test.go:301:21:301:97 | call to SliceReduce | test.go:301:21:301:133 | selection of Filename | provenance | | -| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | | +| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:267 | | test.go:302:21:302:52 | call to SliceShuffle | test.go:302:21:302:88 | selection of Filename | provenance | | -| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | | +| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:268 | | test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | provenance | | -| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | | +| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:269 | | test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | provenance | | | test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | provenance | | | test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | | -| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | | -| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | | +| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:272 | +| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:270 | | test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | provenance | | -| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | | +| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:271 | | test.go:312:21:312:32 | call to Items | test.go:312:21:312:52 | type assertion | provenance | | nodes | test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected index c0deba242e08..94a3262d41eb 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected @@ -2,7 +2,7 @@ edges | test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | | | test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | | | test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | | -| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | | +| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | MaD:181 | | test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | provenance | | | test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | | | test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected index ccaac4425ff5..88df7efaf181 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected @@ -1,36 +1,36 @@ edges -| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | provenance | | -| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | provenance | | -| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | provenance | | -| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | provenance | | -| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | provenance | | -| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | provenance | | -| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | provenance | | -| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | provenance | | -| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | provenance | | -| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | provenance | | -| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | provenance | | -| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | provenance | | +| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | provenance | Src:MaD:671 | +| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | provenance | Src:MaD:671 | +| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | provenance | Src:MaD:671 | +| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | provenance | Src:MaD:671 | +| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | provenance | Src:MaD:671 | +| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | provenance | Src:MaD:671 | +| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | provenance | Src:MaD:671 | +| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | provenance | Src:MaD:671 | +| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | provenance | Src:MaD:671 | +| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | provenance | Src:MaD:671 | +| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | provenance | Src:MaD:671 | +| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | provenance | Src:MaD:671 | nodes | test.go:10:15:10:41 | call to UserAgent | semmle.label | call to UserAgent | | test.go:12:11:12:19 | untrusted | semmle.label | untrusted | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected index f76e5fb42cdf..c29c8d4d888b 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected @@ -8,28 +8,28 @@ edges | test.go:51:2:51:30 | ... := ...[0] | test.go:52:16:52:37 | index expression | provenance | | | test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | | | test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | provenance | | -| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | | +| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:624 | | test.go:59:2:59:7 | definition of buffer | test.go:61:20:61:25 | buffer | provenance | | -| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | | +| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:550 | | test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | | | test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | | | test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | provenance | | -| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | | +| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:624 | | test.go:75:2:75:7 | definition of buffer | test.go:77:20:77:25 | buffer | provenance | | -| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | | +| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:550 | | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | | | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | | | test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | provenance | | | test.go:112:17:112:19 | definition of ctx | test.go:114:16:114:18 | ctx | provenance | | -| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | | -| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | | +| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | MaD:355 | +| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:354 | | test.go:114:16:114:33 | call to Get | test.go:114:16:114:42 | type assertion | provenance | | | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | provenance | | | test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | provenance | | | test.go:136:11:136:32 | call to Param | test.go:137:29:137:41 | type conversion | provenance | | | test.go:148:11:148:32 | call to Param | test.go:149:30:149:34 | param | provenance | | | test.go:149:12:149:35 | call to NewReader | test.go:150:31:150:36 | reader | provenance | | -| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | provenance | | +| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | provenance | MaD:833 | | test.go:164:11:164:32 | call to Param | test.go:165:23:165:35 | type conversion | provenance | | nodes | test.go:15:11:15:32 | call to Param | semmle.label | call to Param | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected index ffbde6355cbc..fc1b0f4ec46b 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected @@ -3,13 +3,13 @@ edges | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:31:21:31:34 | untrustedInput | provenance | | | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:35:27:35:41 | untrustedString | provenance | | | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:39:31:39:45 | untrustedString | provenance | | -| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | | +| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:346 | | jsoniter.go:27:33:27:37 | &... | jsoniter.go:28:15:28:24 | selection of field | provenance | | -| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | | +| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:344 | | jsoniter.go:31:37:31:42 | &... | jsoniter.go:32:15:32:25 | selection of field | provenance | | -| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | | +| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:347 | | jsoniter.go:35:44:35:49 | &... | jsoniter.go:36:15:36:25 | selection of field | provenance | | -| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | | +| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:345 | | jsoniter.go:39:48:39:53 | &... | jsoniter.go:40:15:40:25 | selection of field | provenance | | nodes | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | semmle.label | call to getUntrustedBytes | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected index b9725fae820d..23abbdd54b20 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected @@ -1,10 +1,10 @@ edges | EndToEnd.go:35:2:35:4 | definition of buf | EndToEnd.go:37:24:37:26 | buf | provenance | | | EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | | -| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | | -| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | | +| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:739 | +| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:553 | | EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | | -| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | | +| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:739 | | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | | | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | | | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected index ad3ca2e44dcb..dc85069dcba6 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected @@ -1,8 +1,8 @@ edges | EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:30 | selection of Form | provenance | | -| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | | +| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:739 | | EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | | -| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | | +| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:739 | nodes | EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params | | EndToEnd.go:58:18:58:30 | selection of Form | semmle.label | selection of Form | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected index 90e6b42ec51d..2290d6d6c408 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected @@ -6,9 +6,9 @@ edges | rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance | | | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | | | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance | | -| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | | +| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | MaD:544 | | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | provenance | | -| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | | +| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:429 | | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | provenance | | | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | | | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected index 341e2cf46abf..7e9932e143dc 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected @@ -1,40 +1,40 @@ edges -| test.go:12:12:12:22 | selection of URL | test.go:12:12:12:30 | call to Query | provenance | | -| test.go:12:12:12:30 | call to Query | test.go:12:12:12:44 | call to Get | provenance | | +| test.go:12:12:12:22 | selection of URL | test.go:12:12:12:30 | call to Query | provenance | MaD:732 | +| test.go:12:12:12:30 | call to Query | test.go:12:12:12:44 | call to Get | provenance | MaD:739 | | test.go:12:12:12:44 | call to Get | test.go:15:42:15:47 | param1 | provenance | | | test.go:15:22:15:48 | call to UnescapeString | test.go:15:15:15:49 | type conversion | provenance | | -| test.go:15:42:15:47 | param1 | test.go:15:22:15:48 | call to UnescapeString | provenance | | +| test.go:15:42:15:47 | param1 | test.go:15:22:15:48 | call to UnescapeString | provenance | MaD:411 | | test.go:17:2:17:36 | ... := ...[0] | test.go:18:15:18:31 | type conversion | provenance | | | test.go:17:2:17:36 | ... := ...[0] | test.go:29:22:29:25 | node | provenance | | -| test.go:17:24:17:35 | selection of Body | test.go:17:2:17:36 | ... := ...[0] | provenance | | +| test.go:17:24:17:35 | selection of Body | test.go:17:2:17:36 | ... := ...[0] | provenance | MaD:406 | | test.go:20:2:20:48 | ... := ...[0] | test.go:21:15:21:32 | type conversion | provenance | | -| test.go:20:36:20:47 | selection of Body | test.go:20:2:20:48 | ... := ...[0] | provenance | | +| test.go:20:36:20:47 | selection of Body | test.go:20:2:20:48 | ... := ...[0] | provenance | MaD:409 | | test.go:23:2:23:50 | ... := ...[0] | test.go:24:15:24:35 | type conversion | provenance | | -| test.go:23:33:23:44 | selection of Body | test.go:23:2:23:50 | ... := ...[0] | provenance | | +| test.go:23:33:23:44 | selection of Body | test.go:23:2:23:50 | ... := ...[0] | provenance | MaD:407 | | test.go:26:2:26:62 | ... := ...[0] | test.go:27:15:27:36 | type conversion | provenance | | -| test.go:26:45:26:56 | selection of Body | test.go:26:2:26:62 | ... := ...[0] | provenance | | +| test.go:26:45:26:56 | selection of Body | test.go:26:2:26:62 | ... := ...[0] | provenance | MaD:408 | | test.go:31:15:31:45 | call to NewTokenizer | test.go:32:15:32:23 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:33:15:33:23 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:34:17:34:25 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:36:15:36:23 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:37:22:37:30 | tokenizer | provenance | | -| test.go:31:33:31:44 | selection of Body | test.go:31:15:31:45 | call to NewTokenizer | provenance | | -| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:34 | call to Buffered | provenance | | -| test.go:33:15:33:23 | tokenizer | test.go:33:15:33:29 | call to Raw | provenance | | +| test.go:31:33:31:44 | selection of Body | test.go:31:15:31:45 | call to NewTokenizer | provenance | MaD:404 | +| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:34 | call to Buffered | provenance | MaD:414 | +| test.go:33:15:33:23 | tokenizer | test.go:33:15:33:29 | call to Raw | provenance | MaD:415 | | test.go:34:2:34:35 | ... := ...[1] | test.go:35:15:35:19 | value | provenance | | -| test.go:34:17:34:25 | tokenizer | test.go:34:2:34:35 | ... := ...[1] | provenance | | -| test.go:36:15:36:23 | tokenizer | test.go:36:15:36:30 | call to Text | provenance | | -| test.go:37:22:37:30 | tokenizer | test.go:37:22:37:38 | call to Token | provenance | | +| test.go:34:17:34:25 | tokenizer | test.go:34:2:34:35 | ... := ...[1] | provenance | MaD:416 | +| test.go:36:15:36:23 | tokenizer | test.go:36:15:36:30 | call to Text | provenance | MaD:417 | +| test.go:37:22:37:30 | tokenizer | test.go:37:22:37:38 | call to Token | provenance | MaD:418 | | test.go:37:22:37:38 | call to Token | test.go:37:15:37:44 | type conversion | provenance | | | test.go:39:23:39:77 | call to NewTokenizerFragment | test.go:40:15:40:31 | tokenizerFragment | provenance | | -| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | | -| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | | +| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | MaD:405 | +| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:414 | | test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | | | test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | | | test.go:42:6:42:14 | definition of cleanNode | test.go:45:23:45:31 | cleanNode | provenance | | | test.go:43:2:43:43 | ... := ...[0] | test.go:44:24:44:34 | taintedNode | provenance | | -| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | | -| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | | +| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | MaD:406 | +| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:412 | | test.go:45:22:45:31 | &... | test.go:45:22:45:31 | &... | provenance | | | test.go:45:22:45:31 | &... | test.go:45:22:45:31 | &... | provenance | | | test.go:45:22:45:31 | &... | test.go:45:23:45:31 | cleanNode | provenance | | @@ -46,8 +46,8 @@ edges | test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance | | | test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:23:50:32 | cleanNode2 | provenance | | | test.go:48:2:48:44 | ... := ...[0] | test.go:49:26:49:37 | taintedNode2 | provenance | | -| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | | -| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | | +| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | MaD:406 | +| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:413 | | test.go:50:22:50:32 | &... | test.go:50:22:50:32 | &... | provenance | | | test.go:50:22:50:32 | &... | test.go:50:22:50:32 | &... | provenance | | | test.go:50:22:50:32 | &... | test.go:50:23:50:32 | cleanNode2 | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected index 9171f32e84db..8b3a16cd35ce 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected @@ -1,6 +1,6 @@ edges -| test.go:56:2:56:42 | ... := ...[0] | test.go:57:29:57:40 | selection of Value | provenance | | -| test.go:57:29:57:40 | selection of Value | test.go:57:11:57:41 | call to EscapeString | provenance | | +| test.go:56:2:56:42 | ... := ...[0] | test.go:57:29:57:40 | selection of Value | provenance | Src:MaD:664 | +| test.go:57:29:57:40 | selection of Value | test.go:57:11:57:41 | call to EscapeString | provenance | MaD:403 | nodes | test.go:56:2:56:42 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:57:11:57:41 | call to EscapeString | semmle.label | call to EscapeString | diff --git a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected index dd923eb1e935..f8c551ea7501 100644 --- a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected +++ b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected @@ -1,10 +1,10 @@ edges -| TaintedPath.go:14:18:14:22 | selection of URL | TaintedPath.go:14:18:14:30 | call to Query | provenance | | +| TaintedPath.go:14:18:14:22 | selection of URL | TaintedPath.go:14:18:14:30 | call to Query | provenance | MaD:732 | | TaintedPath.go:14:18:14:30 | call to Query | TaintedPath.go:17:29:17:40 | tainted_path | provenance | | | TaintedPath.go:14:18:14:30 | call to Query | TaintedPath.go:21:57:21:68 | tainted_path | provenance | | | TaintedPath.go:14:18:14:30 | call to Query | TaintedPath.go:68:39:68:56 | ...+... | provenance | | -| TaintedPath.go:21:57:21:68 | tainted_path | TaintedPath.go:21:28:21:69 | call to Join | provenance | | -| TaintedPath.go:68:39:68:56 | ...+... | TaintedPath.go:68:28:68:57 | call to Clean | provenance | | +| TaintedPath.go:21:57:21:68 | tainted_path | TaintedPath.go:21:28:21:69 | call to Join | provenance | FunctionModel | +| TaintedPath.go:68:39:68:56 | ...+... | TaintedPath.go:68:28:68:57 | call to Clean | provenance | MaD:758 | nodes | TaintedPath.go:14:18:14:22 | selection of URL | semmle.label | selection of URL | | TaintedPath.go:14:18:14:30 | call to Query | semmle.label | call to Query | diff --git a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected index 5ff0ca886c2f..14b42a974821 100644 --- a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected +++ b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected @@ -1,15 +1,15 @@ edges | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | provenance | | -| UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | provenance | | +| UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | provenance | FunctionModel | | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | provenance | | | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | provenance | | | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | provenance | | | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | provenance | | | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:12:24:12:29 | selection of Name | provenance | | | ZipSlip.go:12:3:12:30 | ... := ...[0] | ZipSlip.go:14:20:14:20 | p | provenance | | -| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | | +| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | MaD:744 | | tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:23:16:33 | selection of Name | provenance | | -| tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir | provenance | | +| tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir | provenance | MaD:759 | | tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path | provenance | | nodes | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | semmle.label | definition of candidate | diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index 06df5262ca20..afe35f92dc65 100644 --- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -1,15 +1,15 @@ edges -| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query | provenance | | +| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query | provenance | MaD:732 | | ArgumentInjection.go:9:10:9:24 | call to Query | ArgumentInjection.go:10:31:10:34 | path | provenance | | -| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | | +| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | MaD:732 | | CommandInjection.go:9:13:9:27 | call to Query | CommandInjection.go:10:22:10:28 | cmdName | provenance | | -| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:10:13:10:27 | call to Query | provenance | | +| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:10:13:10:27 | call to Query | provenance | MaD:732 | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:12:31:12:37 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:13:31:13:37 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:14:30:14:36 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:15:35:15:41 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:16:36:16:42 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | | +| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | MaD:732 | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | | @@ -22,14 +22,14 @@ edges | SanitizingDoubleDash.go:14:23:14:33 | slice element node | SanitizingDoubleDash.go:14:23:14:33 | slice expression [array] | provenance | | | SanitizingDoubleDash.go:14:23:14:33 | slice expression [array] | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | | SanitizingDoubleDash.go:39:14:39:44 | call to append | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance | | -| SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | call to append | provenance | | +| SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | -| SanitizingDoubleDash.go:53:21:53:28 | arrayLit | SanitizingDoubleDash.go:53:14:53:35 | call to append | provenance | | +| SanitizingDoubleDash.go:53:21:53:28 | arrayLit | SanitizingDoubleDash.go:53:14:53:35 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:68:14:68:38 | call to append | SanitizingDoubleDash.go:69:21:69:28 | arrayLit | provenance | | -| SanitizingDoubleDash.go:68:31:68:37 | tainted | SanitizingDoubleDash.go:68:14:68:38 | call to append | provenance | | +| SanitizingDoubleDash.go:68:31:68:37 | tainted | SanitizingDoubleDash.go:68:14:68:38 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:69:14:69:35 | call to append | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | provenance | | -| SanitizingDoubleDash.go:69:21:69:28 | arrayLit | SanitizingDoubleDash.go:69:14:69:35 | call to append | provenance | | -| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | | +| SanitizingDoubleDash.go:69:21:69:28 | arrayLit | SanitizingDoubleDash.go:69:14:69:35 | call to append | provenance | FunctionModel | +| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | MaD:732 | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:95:25:95:31 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:96:24:96:34 | slice expression | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:100:31:100:37 | tainted | provenance | | @@ -57,19 +57,19 @@ edges | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | provenance | | | SanitizingDoubleDash.go:111:14:111:44 | call to append | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:111:37:111:43 | tainted | SanitizingDoubleDash.go:111:14:111:44 | call to append | provenance | | +| SanitizingDoubleDash.go:111:37:111:43 | tainted | SanitizingDoubleDash.go:111:14:111:44 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:117:14:117:44 | call to append | SanitizingDoubleDash.go:118:24:118:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:117:31:117:37 | tainted | SanitizingDoubleDash.go:117:14:117:44 | call to append | provenance | | +| SanitizingDoubleDash.go:117:31:117:37 | tainted | SanitizingDoubleDash.go:117:14:117:44 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:123:14:123:38 | call to append | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:123:14:123:38 | call to append | provenance | | +| SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:123:14:123:38 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:129:14:129:35 | call to append | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:129:21:129:28 | arrayLit | SanitizingDoubleDash.go:129:14:129:35 | call to append | provenance | | +| SanitizingDoubleDash.go:129:21:129:28 | arrayLit | SanitizingDoubleDash.go:129:14:129:35 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:136:14:136:38 | call to append | SanitizingDoubleDash.go:137:24:137:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:136:31:136:37 | tainted | SanitizingDoubleDash.go:136:14:136:38 | call to append | provenance | | +| SanitizingDoubleDash.go:136:31:136:37 | tainted | SanitizingDoubleDash.go:136:14:136:38 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:142:14:142:38 | call to append | SanitizingDoubleDash.go:143:21:143:28 | arrayLit | provenance | | -| SanitizingDoubleDash.go:142:31:142:37 | tainted | SanitizingDoubleDash.go:142:14:142:38 | call to append | provenance | | +| SanitizingDoubleDash.go:142:31:142:37 | tainted | SanitizingDoubleDash.go:142:14:142:38 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:143:14:143:35 | call to append | SanitizingDoubleDash.go:144:24:144:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:143:21:143:28 | arrayLit | SanitizingDoubleDash.go:143:14:143:35 | call to append | provenance | | +| SanitizingDoubleDash.go:143:21:143:28 | arrayLit | SanitizingDoubleDash.go:143:14:143:35 | call to append | provenance | FunctionModel | nodes | ArgumentInjection.go:9:10:9:16 | selection of URL | semmle.label | selection of URL | | ArgumentInjection.go:9:10:9:24 | call to Query | semmle.label | call to Query | diff --git a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected index 4bdeaa67be01..fa97b5b423e9 100644 --- a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected +++ b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected @@ -1,6 +1,6 @@ edges | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows | provenance | | -| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... | provenance | | +| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... | provenance | FunctionModel | | StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:13:12:13:19 | &... | provenance | | | StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName | provenance | | nodes diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected index 634c21befb31..8f4467cf2f8e 100644 --- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected @@ -1,45 +1,45 @@ edges -| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | | +| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | MaD:739 | | ReflectedXss.go:11:15:11:36 | call to Get | ReflectedXss.go:14:44:14:51 | username | provenance | | -| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get | provenance | | +| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get | provenance | MaD:739 | | contenttype.go:11:11:11:28 | call to Get | contenttype.go:17:11:17:22 | type conversion | provenance | | -| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get | provenance | | +| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get | provenance | MaD:739 | | contenttype.go:49:11:49:28 | call to Get | contenttype.go:53:34:53:37 | data | provenance | | -| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | provenance | | -| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | provenance | | -| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | provenance | | -| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | | -| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | | -| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | | +| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | provenance | Src:MaD:667 | +| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | provenance | Src:MaD:667 | +| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | provenance | Src:MaD:667 | +| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:667 | +| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:666 | +| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:666 | | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content | provenance | | -| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | | -| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | | +| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:537 | +| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:242 | | reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion | provenance | | | reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | provenance | | -| reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | | -| reflectedxsstest.go:34:17:34:61 | []type{args} [array] | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | | +| reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | FunctionModel | +| reflectedxsstest.go:34:17:34:61 | []type{args} [array] | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | MaD:242 | | reflectedxsstest.go:34:17:34:61 | call to Sprintf | reflectedxsstest.go:34:10:34:62 | type conversion | provenance | | | reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | []type{args} [array] | provenance | | -| reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | | -| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | | +| reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | FunctionModel | +| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | Src:MaD:668 | | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:40:14:40:17 | part | provenance | | | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:42:2:42:5 | part | provenance | | -| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | | -| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | | +| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:627 | +| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:625 | | reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName | provenance | | | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance | | -| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | | -| reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | | +| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:550 | +| reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:242 | | reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion | provenance | | | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | provenance | | -| reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | | -| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | | +| reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | FunctionModel | +| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | MaD:732 | | reflectedxsstest.go:51:14:51:26 | call to Query | reflectedxsstest.go:54:11:54:21 | type conversion | provenance | | -| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | | +| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | MaD:739 | | tst.go:14:15:14:36 | call to Get | tst.go:18:32:18:32 | a | provenance | | | tst.go:18:19:18:38 | call to Join | tst.go:18:12:18:39 | type conversion | provenance | | -| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | | -| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | | +| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:831 | +| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | MaD:739 | | tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance | | | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | | | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected index c399840db9ac..dfbfac29d867 100644 --- a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected @@ -1,7 +1,7 @@ edges | StoredXss.go:13:21:13:31 | call to Name | StoredXss.go:13:21:13:36 | ...+... | provenance | | | stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance | | -| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... | provenance | | +| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... | provenance | FunctionModel | | stored.go:25:29:25:33 | &... | stored.go:25:29:25:33 | &... | provenance | | | stored.go:25:29:25:33 | &... | stored.go:30:22:30:25 | name | provenance | | | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected index 066f4a272f0d..1f46a8f43ba4 100644 --- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected @@ -1,95 +1,95 @@ edges -| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | | +| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:242 | | SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q | provenance | | -| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | | +| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | MaD:732 | | SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance | | | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | []type{args} [array] | provenance | | -| SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | | +| SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | FunctionModel | | issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b | provenance | | -| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | | -| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | | +| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | MaD:537 | +| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:181 | | issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance | | -| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | | +| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:242 | | issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance | | -| issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | | +| issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel | | issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 | provenance | | -| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | | -| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | | +| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | MaD:537 | +| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:181 | | issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance | | -| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | | +| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:242 | | issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 | provenance | | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance | | -| issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | | -| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | | -| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | | +| issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel | +| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | MaD:181 | +| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | MaD:732 | | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance | | | issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance | | -| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | | +| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:242 | | issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance | | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance | | -| issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | | +| issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | FunctionModel | | main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | | -| main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | | -| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | | +| main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:242 | +| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | MaD:732 | | main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression | provenance | | | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | []type{args} [array] | provenance | | -| main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | call to Sprintf | provenance | | -| main.go:16:11:16:85 | []type{args} [array] | main.go:16:11:16:85 | call to Sprintf | provenance | | -| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | | +| main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | call to Sprintf | provenance | FunctionModel | +| main.go:16:11:16:85 | []type{args} [array] | main.go:16:11:16:85 | call to Sprintf | provenance | MaD:242 | +| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | MaD:652 | | main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | []type{args} [array] | provenance | | -| main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | call to Sprintf | provenance | | +| main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | call to Sprintf | provenance | FunctionModel | | main.go:28:17:31:2 | &... [pointer, Category] | main.go:34:3:34:13 | RequestData [pointer, Category] | provenance | | | main.go:28:18:31:2 | struct literal [Category] | main.go:28:17:31:2 | &... [pointer, Category] | provenance | | -| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | | +| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | MaD:732 | | main.go:30:13:30:27 | call to Query | main.go:30:13:30:39 | index expression | provenance | | | main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] | provenance | | -| main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | | +| main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:242 | | main.go:33:7:34:23 | call to Sprintf | main.go:35:11:35:11 | q | provenance | | | main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit dereference [Category] | provenance | | | main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance | | | main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | []type{args} [array] | provenance | | -| main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | call to Sprintf | provenance | | +| main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | call to Sprintf | provenance | FunctionModel | | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:40:2:40:12 | RequestData [pointer, Category] | provenance | | | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance | | | main.go:40:2:40:12 | RequestData [pointer, Category] | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | | main.go:40:2:40:12 | implicit dereference [Category] | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | provenance | | -| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | | +| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | MaD:732 | | main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance | | | main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | -| main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | | +| main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:242 | | main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q | provenance | | | main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance | | | main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance | | | main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | []type{args} [array] | provenance | | -| main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | call to Sprintf | provenance | | +| main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | call to Sprintf | provenance | FunctionModel | | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:49:4:49:14 | RequestData [pointer, Category] | provenance | | | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance | | | main.go:49:3:49:14 | star expression [Category] | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | provenance | | | main.go:49:4:49:14 | RequestData [pointer, Category] | main.go:49:3:49:14 | star expression [Category] | provenance | | -| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | | +| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | MaD:732 | | main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance | | | main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance | | -| main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | | +| main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:242 | | main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | | | main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance | | | main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance | | | main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | []type{args} [array] | provenance | | -| main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | call to Sprintf | provenance | | +| main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | call to Sprintf | provenance | FunctionModel | | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:58:4:58:14 | RequestData [pointer, Category] | provenance | | | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance | | | main.go:58:3:58:14 | star expression [Category] | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | provenance | | | main.go:58:4:58:14 | RequestData [pointer, Category] | main.go:58:3:58:14 | star expression [Category] | provenance | | -| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | | +| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | MaD:732 | | main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance | | | main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance | | -| main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | | +| main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:242 | | main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance | | -| main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | | +| main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel | | main.go:61:4:61:15 | star expression [Category] | main.go:61:3:61:25 | selection of Category | provenance | | | main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] | provenance | | -| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | | +| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:670 | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter | provenance | | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:61:27:61:32 | filter | provenance | | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:63:23:63:28 | filter | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected index 05147badb067..a356d8697be2 100644 --- a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected +++ b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected @@ -2,10 +2,10 @@ edges | StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance | | | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:13:29:13:47 | type conversion | provenance | | | StringBreakMismatched.go:13:13:13:62 | call to Replace | StringBreakMismatched.go:17:26:17:32 | escaped | provenance | | -| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | | +| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:835 | | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:25:29:25:47 | type conversion | provenance | | | StringBreakMismatched.go:25:13:25:61 | call to Replace | StringBreakMismatched.go:29:27:29:33 | escaped | provenance | | -| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace | provenance | | +| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace | provenance | MaD:835 | nodes | StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] | | StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON | diff --git a/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected b/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected index c0dc967a16f1..b518d306322d 100644 --- a/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected +++ b/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected @@ -13,19 +13,19 @@ edges | UnsafeTLS.go:297:5:297:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA | UnsafeTLS.go:296:18:298:4 | slice literal | provenance | | | UnsafeTLS.go:305:5:305:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:304:18:306:4 | slice literal | provenance | | | UnsafeTLS.go:313:5:313:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:312:18:314:4 | slice literal | provenance | | -| UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:329:25:329:94 | call to append | provenance | | +| UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:329:25:329:94 | call to append | provenance | FunctionModel | | UnsafeTLS.go:334:13:334:38 | call to InsecureCipherSuites | UnsafeTLS.go:336:54:336:57 | selection of ID | provenance | | -| UnsafeTLS.go:336:54:336:57 | selection of ID | UnsafeTLS.go:336:26:336:58 | call to append | provenance | | +| UnsafeTLS.go:336:54:336:57 | selection of ID | UnsafeTLS.go:336:26:336:58 | call to append | provenance | FunctionModel | | UnsafeTLS.go:342:13:342:38 | call to InsecureCipherSuites | UnsafeTLS.go:344:40:344:43 | selection of ID | provenance | | | UnsafeTLS.go:344:19:344:44 | call to append | UnsafeTLS.go:344:26:344:37 | cipherSuites | provenance | | | UnsafeTLS.go:344:19:344:44 | call to append | UnsafeTLS.go:346:25:346:36 | cipherSuites | provenance | | -| UnsafeTLS.go:344:26:344:37 | cipherSuites | UnsafeTLS.go:344:19:344:44 | call to append | provenance | | -| UnsafeTLS.go:344:40:344:43 | selection of ID | UnsafeTLS.go:344:19:344:44 | call to append | provenance | | +| UnsafeTLS.go:344:26:344:37 | cipherSuites | UnsafeTLS.go:344:19:344:44 | call to append | provenance | FunctionModel | +| UnsafeTLS.go:344:40:344:43 | selection of ID | UnsafeTLS.go:344:19:344:44 | call to append | provenance | FunctionModel | | UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites | UnsafeTLS.go:353:40:353:51 | selection of ID | provenance | | | UnsafeTLS.go:353:19:353:52 | call to append | UnsafeTLS.go:353:26:353:37 | cipherSuites | provenance | | | UnsafeTLS.go:353:19:353:52 | call to append | UnsafeTLS.go:355:25:355:36 | cipherSuites | provenance | | -| UnsafeTLS.go:353:26:353:37 | cipherSuites | UnsafeTLS.go:353:19:353:52 | call to append | provenance | | -| UnsafeTLS.go:353:40:353:51 | selection of ID | UnsafeTLS.go:353:19:353:52 | call to append | provenance | | +| UnsafeTLS.go:353:26:353:37 | cipherSuites | UnsafeTLS.go:353:19:353:52 | call to append | provenance | FunctionModel | +| UnsafeTLS.go:353:40:353:51 | selection of ID | UnsafeTLS.go:353:19:353:52 | call to append | provenance | FunctionModel | | UnsafeTLS.go:363:5:363:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:362:18:364:4 | slice literal | provenance | | | UnsafeTLS.go:371:5:371:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:370:18:372:4 | slice literal | provenance | | | UnsafeTLS.go:379:5:379:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:378:18:380:4 | slice literal | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected index 2e92d105daae..7faf95dfde53 100644 --- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected +++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected @@ -1,15 +1,15 @@ edges | sample.go:15:10:15:64 | call to Sum256 | sample.go:16:9:16:15 | slice expression | provenance | | -| sample.go:15:24:15:63 | type conversion | sample.go:15:10:15:64 | call to Sum256 | provenance | | -| sample.go:15:31:15:62 | []type{args} [array] | sample.go:15:31:15:62 | call to Sprintf | provenance | | +| sample.go:15:24:15:63 | type conversion | sample.go:15:10:15:64 | call to Sum256 | provenance | FunctionModel | +| sample.go:15:31:15:62 | []type{args} [array] | sample.go:15:31:15:62 | call to Sprintf | provenance | MaD:242 | | sample.go:15:31:15:62 | call to Sprintf | sample.go:15:24:15:63 | type conversion | provenance | | | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | []type{args} [array] | provenance | | -| sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | call to Sprintf | provenance | | +| sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | call to Sprintf | provenance | FunctionModel | | sample.go:16:9:16:15 | slice expression | sample.go:26:25:26:30 | call to Guid | provenance | | | sample.go:33:2:33:6 | definition of nonce | sample.go:37:25:37:29 | nonce | provenance | | | sample.go:33:2:33:6 | definition of nonce | sample.go:37:32:37:36 | nonce | provenance | | | sample.go:34:12:34:40 | call to New | sample.go:35:14:35:19 | random | provenance | | -| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | | +| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:546 | | sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance | | | sample.go:56:11:56:40 | type conversion | sample.go:58:32:58:43 | type conversion | provenance | | | sample.go:56:18:56:39 | index expression | sample.go:56:11:56:40 | type conversion | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected index d067b5eb83dc..e4d826db287f 100644 --- a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected +++ b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected @@ -1,16 +1,16 @@ edges -| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | | -| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | | +| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | MaD:732 | +| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:739 | | go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | provenance | | | go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken | provenance | | | go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken | provenance | | -| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | | -| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | | -| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | | -| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | | +| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:318 | +| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:320 | +| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | MaD:732 | +| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:739 | | golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | provenance | | | golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance | | -| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | | +| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:332 | nodes | go-jose.v3.go:25:16:25:20 | selection of URL | semmle.label | selection of URL | | go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query | diff --git a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected index 20569426bfac..9fafce7a9c73 100644 --- a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected +++ b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected @@ -12,8 +12,8 @@ edges | main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:20:73:27 | redirect | provenance | | | main.go:68:17:68:24 | definition of redirect | main.go:73:20:73:27 | redirect | provenance | | | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | provenance | | -| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | | -| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | | +| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:758 | +| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:758 | | main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url | provenance | | | main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | provenance | | | main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected index edbdc8b6e8db..10af2ea535ce 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected @@ -54,11 +54,11 @@ edges | stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | | | stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | | | stdlib.go:182:3:182:8 | definition of target | stdlib.go:184:23:184:28 | target | provenance | | -| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:182:3:182:8 | definition of target | provenance | | +| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:182:3:182:8 | definition of target | provenance | Src:MaD:667 | | stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance | | | stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance | | | stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance | | -| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | | +| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:667 | | stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | | | stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | | | stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected index fa8adec48fee..104d4837c57e 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected @@ -1,23 +1,23 @@ edges -| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | | +| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | MaD:652 | | EmailBad.go:9:10:9:29 | call to Get | EmailBad.go:12:56:12:67 | type conversion | provenance | | -| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | | -| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | | -| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | | -| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | | -| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | | -| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | | +| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:670 | +| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:670 | +| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:549 | +| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:670 | +| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:670 | +| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:670 | | main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | | -| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | | -| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | | +| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:381 | +| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:670 | | main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | | -| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | | -| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | | -| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | | +| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:381 | +| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:670 | +| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:670 | | main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | | -| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | | +| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:381 | nodes | EmailBad.go:9:10:9:17 | selection of Header | semmle.label | selection of Header | | EmailBad.go:9:10:9:29 | call to Get | semmle.label | call to Get | diff --git a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected index 753444333d9c..ac7f8b44ef39 100644 --- a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected @@ -1,16 +1,16 @@ edges -| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get | provenance | | +| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get | provenance | MaD:739 | | XPathInjection.go:13:14:13:35 | call to Get | XPathInjection.go:16:29:16:91 | ...+... | provenance | | -| tst.go:34:14:34:19 | selection of Form | tst.go:34:14:34:35 | call to Get | provenance | | +| tst.go:34:14:34:19 | selection of Form | tst.go:34:14:34:35 | call to Get | provenance | MaD:739 | | tst.go:34:14:34:35 | call to Get | tst.go:37:23:37:85 | ...+... | provenance | | | tst.go:34:14:34:35 | call to Get | tst.go:40:24:40:86 | ...+... | provenance | | | tst.go:34:14:34:35 | call to Get | tst.go:43:24:43:82 | ...+... | provenance | | -| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:35 | call to Get | provenance | | +| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:35 | call to Get | provenance | MaD:739 | | tst.go:48:14:48:35 | call to Get | tst.go:51:26:51:84 | ...+... | provenance | | | tst.go:48:14:48:35 | call to Get | tst.go:54:29:54:87 | ...+... | provenance | | | tst.go:48:14:48:35 | call to Get | tst.go:57:33:57:91 | ...+... | provenance | | | tst.go:48:14:48:35 | call to Get | tst.go:60:30:60:88 | ...+... | provenance | | -| tst.go:65:14:65:19 | selection of Form | tst.go:65:14:65:35 | call to Get | provenance | | +| tst.go:65:14:65:19 | selection of Form | tst.go:65:14:65:35 | call to Get | provenance | MaD:739 | | tst.go:65:14:65:35 | call to Get | tst.go:68:25:68:83 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:71:28:71:86 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:74:25:74:83 | ...+... | provenance | | @@ -19,38 +19,38 @@ edges | tst.go:65:14:65:35 | call to Get | tst.go:83:29:83:87 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:86:23:86:85 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:89:22:89:84 | ...+... | provenance | | -| tst.go:94:14:94:19 | selection of Form | tst.go:94:14:94:35 | call to Get | provenance | | +| tst.go:94:14:94:19 | selection of Form | tst.go:94:14:94:35 | call to Get | provenance | MaD:739 | | tst.go:94:14:94:35 | call to Get | tst.go:97:26:97:84 | ...+... | provenance | | | tst.go:94:14:94:35 | call to Get | tst.go:100:29:100:87 | ...+... | provenance | | | tst.go:94:14:94:35 | call to Get | tst.go:103:33:103:91 | ...+... | provenance | | | tst.go:94:14:94:35 | call to Get | tst.go:106:30:106:88 | ...+... | provenance | | -| tst.go:111:14:111:19 | selection of Form | tst.go:111:14:111:35 | call to Get | provenance | | +| tst.go:111:14:111:19 | selection of Form | tst.go:111:14:111:35 | call to Get | provenance | MaD:739 | | tst.go:111:14:111:35 | call to Get | tst.go:114:25:114:87 | ...+... | provenance | | | tst.go:111:14:111:35 | call to Get | tst.go:117:26:117:88 | ...+... | provenance | | -| tst.go:122:14:122:19 | selection of Form | tst.go:122:14:122:35 | call to Get | provenance | | +| tst.go:122:14:122:19 | selection of Form | tst.go:122:14:122:35 | call to Get | provenance | MaD:739 | | tst.go:122:14:122:35 | call to Get | tst.go:126:23:126:126 | ...+... | provenance | | | tst.go:122:14:122:35 | call to Get | tst.go:129:24:129:127 | ...+... | provenance | | | tst.go:122:14:122:35 | call to Get | tst.go:132:27:132:122 | ...+... | provenance | | -| tst.go:123:14:123:19 | selection of Form | tst.go:123:14:123:35 | call to Get | provenance | | +| tst.go:123:14:123:19 | selection of Form | tst.go:123:14:123:35 | call to Get | provenance | MaD:739 | | tst.go:123:14:123:35 | call to Get | tst.go:126:23:126:126 | ...+... | provenance | | | tst.go:123:14:123:35 | call to Get | tst.go:129:24:129:127 | ...+... | provenance | | | tst.go:123:14:123:35 | call to Get | tst.go:132:27:132:122 | ...+... | provenance | | -| tst.go:140:14:140:19 | selection of Form | tst.go:140:14:140:35 | call to Get | provenance | | +| tst.go:140:14:140:19 | selection of Form | tst.go:140:14:140:35 | call to Get | provenance | MaD:739 | | tst.go:140:14:140:35 | call to Get | tst.go:143:27:143:89 | ...+... | provenance | | | tst.go:140:14:140:35 | call to Get | tst.go:146:28:146:90 | ...+... | provenance | | -| tst.go:151:14:151:19 | selection of Form | tst.go:151:14:151:35 | call to Get | provenance | | +| tst.go:151:14:151:19 | selection of Form | tst.go:151:14:151:35 | call to Get | provenance | MaD:739 | | tst.go:151:14:151:35 | call to Get | tst.go:155:33:155:136 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:158:18:158:121 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:164:31:164:126 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:173:21:173:116 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:182:27:182:122 | ...+... | provenance | | -| tst.go:152:14:152:19 | selection of Form | tst.go:152:14:152:35 | call to Get | provenance | | +| tst.go:152:14:152:19 | selection of Form | tst.go:152:14:152:35 | call to Get | provenance | MaD:739 | | tst.go:152:14:152:35 | call to Get | tst.go:155:33:155:136 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:158:18:158:121 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:164:31:164:126 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:173:21:173:116 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:182:27:182:122 | ...+... | provenance | | -| tst.go:193:14:193:19 | selection of Form | tst.go:193:14:193:35 | call to Get | provenance | | +| tst.go:193:14:193:19 | selection of Form | tst.go:193:14:193:35 | call to Get | provenance | MaD:739 | | tst.go:193:14:193:35 | call to Get | tst.go:198:23:198:85 | ...+... | provenance | | nodes | XPathInjection.go:13:14:13:19 | selection of Form | semmle.label | selection of Form | diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index c3d6015d7484..48bc45d7499f 100644 --- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,12 +1,12 @@ edges -| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | | -| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | | -| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | | -| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | provenance | | -| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | provenance | | -| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | provenance | | -| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | provenance | | -| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:17 | tainted | provenance | | +| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:667 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:667 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:667 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | provenance | Src:MaD:667 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | provenance | Src:MaD:667 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | provenance | Src:MaD:667 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | provenance | Src:MaD:667 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:17 | tainted | provenance | Src:MaD:667 | | tst.go:35:2:35:2 | definition of u [pointer] | tst.go:36:2:36:2 | u [pointer] | provenance | | | tst.go:36:2:36:2 | implicit dereference | tst.go:35:2:35:2 | definition of u [pointer] | provenance | | | tst.go:36:2:36:2 | implicit dereference | tst.go:36:2:36:2 | u | provenance | | @@ -17,16 +17,16 @@ edges | tst.go:36:2:36:2 | u [pointer] | tst.go:36:2:36:2 | implicit dereference | provenance | | | tst.go:36:11:36:17 | tainted | tst.go:36:2:36:2 | u | provenance | | | tst.go:36:11:36:17 | tainted | tst.go:37:11:37:11 | u | provenance | | -| tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String | provenance | | -| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | | -| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | | -| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | | -| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | | -| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | | -| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | | -| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | | -| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | | -| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | | +| tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String | provenance | MaD:232 | +| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:670 | +| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:670 | +| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:670 | +| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:670 | +| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:670 | +| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:670 | +| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:670 | +| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:670 | +| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:670 | nodes | RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue | | RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... | diff --git a/java/ql/automodel/src/AutomodelAlertSinkUtil.qll b/java/ql/automodel/src/AutomodelAlertSinkUtil.qll index f32d46c71d64..8b0b19d1388f 100644 --- a/java/ql/automodel/src/AutomodelAlertSinkUtil.qll +++ b/java/ql/automodel/src/AutomodelAlertSinkUtil.qll @@ -15,7 +15,8 @@ private newtype TSinkModel = string package, string type, boolean subtypes, string name, string signature, string ext, string input, string kind, string provenance ) { - ExternalFlow::sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) + ExternalFlow::sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, + _) } class SinkModel extends TSinkModel { diff --git a/java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll b/java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll index 3023677ece80..13fbbe5d36f1 100644 --- a/java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll +++ b/java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll @@ -259,7 +259,7 @@ module ApplicationCandidatesImpl implements SharedCharacteristics::CandidateSig | sinkSpec(e, package, type, subtypes, name, signature, ext, input) and ExternalFlow::sinkModel(package, type, subtypes, name, [signature, ""], ext, input, kind, - provenance) + provenance, _) ) or isCustomSink(e, kind) and provenance = "custom-sink" @@ -272,7 +272,7 @@ module ApplicationCandidatesImpl implements SharedCharacteristics::CandidateSig | sourceSpec(e, package, type, subtypes, name, signature, ext, output) and ExternalFlow::sourceModel(package, type, subtypes, name, [signature, ""], ext, output, kind, - provenance) + provenance, _) ) } diff --git a/java/ql/automodel/src/AutomodelFrameworkModeCharacteristics.qll b/java/ql/automodel/src/AutomodelFrameworkModeCharacteristics.qll index 96f886e302d3..357b3a7573cb 100644 --- a/java/ql/automodel/src/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/automodel/src/AutomodelFrameworkModeCharacteristics.qll @@ -215,7 +215,7 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { | sinkSpec(e, package, type, subtypes, name, signature, ext, input) and ExternalFlow::sinkModel(package, type, subtypes, name, [signature, ""], ext, input, kind, - provenance) + provenance, _) ) } @@ -226,7 +226,7 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { | sourceSpec(e, package, type, subtypes, name, signature, ext, output) and ExternalFlow::sourceModel(package, type, subtypes, name, [signature, ""], ext, output, kind, - provenance) + provenance, _) ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index ded0606956f2..68b43a6a14ae 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -113,10 +113,10 @@ abstract class ActiveExperimentalModels extends string { */ predicate sourceModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string output, string kind, string provenance + string output, string kind, string provenance, QlBuiltins::ExtensionId madId ) { Extensions::experimentalSourceModel(package, type, subtypes, name, signature, ext, output, kind, - provenance, this) + provenance, this, madId) } /** @@ -124,10 +124,10 @@ abstract class ActiveExperimentalModels extends string { */ predicate sinkModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string output, string kind, string provenance + string output, string kind, string provenance, QlBuiltins::ExtensionId madId ) { Extensions::experimentalSinkModel(package, type, subtypes, name, signature, ext, output, kind, - provenance, this) + provenance, this, madId) } /** @@ -135,54 +135,63 @@ abstract class ActiveExperimentalModels extends string { */ predicate summaryModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string input, string output, string kind, string provenance + string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId ) { Extensions::experimentalSummaryModel(package, type, subtypes, name, signature, ext, input, - output, kind, provenance, this) + output, kind, provenance, this, madId) } } /** Holds if a source model exists for the given parameters. */ predicate sourceModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string output, string kind, string provenance + string output, string kind, string provenance, QlBuiltins::ExtensionId madId ) { - Extensions::sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance) - or - any(ActiveExperimentalModels q) - .sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance) + ( + Extensions::sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance, + madId) + or + any(ActiveExperimentalModels q) + .sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance, madId) + ) } /** Holds if a sink model exists for the given parameters. */ predicate sinkModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string input, string kind, string provenance + string input, string kind, string provenance, QlBuiltins::ExtensionId madId ) { - Extensions::sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) - or - any(ActiveExperimentalModels q) - .sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) + ( + Extensions::sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, + madId) + or + any(ActiveExperimentalModels q) + .sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, madId) + ) } /** Holds if a summary model exists for the given parameters. */ predicate summaryModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string input, string output, string kind, string provenance + string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId ) { - Extensions::summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, - provenance) - or - any(ActiveExperimentalModels q) - .summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance) + ( + Extensions::summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, + provenance, madId) + or + any(ActiveExperimentalModels q) + .summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, + provenance, madId) + ) } /** Holds if a neutral model exists for the given parameters. */ predicate neutralModel = Extensions::neutralModel/6; private predicate relevantPackage(string package) { - sourceModel(package, _, _, _, _, _, _, _, _) or - sinkModel(package, _, _, _, _, _, _, _, _) or - summaryModel(package, _, _, _, _, _, _, _, _, _) + sourceModel(package, _, _, _, _, _, _, _, _, _) or + sinkModel(package, _, _, _, _, _, _, _, _, _) or + summaryModel(package, _, _, _, _, _, _, _, _, _, _) } private predicate packageLink(string shortpkg, string longpkg) { @@ -212,7 +221,7 @@ predicate modelCoverage(string package, int pkgs, string kind, string part, int strictcount(string subpkg, string type, boolean subtypes, string name, string signature, string ext, string output, string provenance | canonicalPkgLink(package, subpkg) and - sourceModel(subpkg, type, subtypes, name, signature, ext, output, kind, provenance) + sourceModel(subpkg, type, subtypes, name, signature, ext, output, kind, provenance, _) ) or part = "sink" and @@ -220,7 +229,7 @@ predicate modelCoverage(string package, int pkgs, string kind, string part, int strictcount(string subpkg, string type, boolean subtypes, string name, string signature, string ext, string input, string provenance | canonicalPkgLink(package, subpkg) and - sinkModel(subpkg, type, subtypes, name, signature, ext, input, kind, provenance) + sinkModel(subpkg, type, subtypes, name, signature, ext, input, kind, provenance, _) ) or part = "summary" and @@ -228,7 +237,8 @@ predicate modelCoverage(string package, int pkgs, string kind, string part, int strictcount(string subpkg, string type, boolean subtypes, string name, string signature, string ext, string input, string output, string provenance | canonicalPkgLink(package, subpkg) and - summaryModel(subpkg, type, subtypes, name, signature, ext, input, output, kind, provenance) + summaryModel(subpkg, type, subtypes, name, signature, ext, input, output, kind, provenance, + _) ) ) } @@ -238,10 +248,10 @@ module ModelValidation { private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax private predicate getRelevantAccessPath(string path) { - summaryModel(_, _, _, _, _, _, path, _, _, _) or - summaryModel(_, _, _, _, _, _, _, path, _, _) or - sinkModel(_, _, _, _, _, _, path, _, _) or - sourceModel(_, _, _, _, _, _, path, _, _) + summaryModel(_, _, _, _, _, _, path, _, _, _, _) or + summaryModel(_, _, _, _, _, _, _, path, _, _, _) or + sinkModel(_, _, _, _, _, _, path, _, _, _) or + sourceModel(_, _, _, _, _, _, path, _, _, _) } private module MkAccessPath = AccessPathSyntax::AccessPath; @@ -252,9 +262,9 @@ module ModelValidation { private string getInvalidModelInput() { exists(string pred, AccessPath input, AccessPathToken part | - sinkModel(_, _, _, _, _, _, input, _, _) and pred = "sink" + sinkModel(_, _, _, _, _, _, input, _, _, _) and pred = "sink" or - summaryModel(_, _, _, _, _, _, input, _, _, _) and pred = "summary" + summaryModel(_, _, _, _, _, _, input, _, _, _, _) and pred = "summary" | ( invalidSpecComponent(input, part) and @@ -274,9 +284,9 @@ module ModelValidation { private string getInvalidModelOutput() { exists(string pred, AccessPath output, AccessPathToken part | - sourceModel(_, _, _, _, _, _, output, _, _) and pred = "source" + sourceModel(_, _, _, _, _, _, output, _, _, _) and pred = "source" or - summaryModel(_, _, _, _, _, _, _, output, _, _) and pred = "summary" + summaryModel(_, _, _, _, _, _, _, output, _, _, _) and pred = "summary" | ( invalidSpecComponent(output, part) and @@ -291,11 +301,11 @@ module ModelValidation { } private module KindValConfig implements SharedModelVal::KindValidationConfigSig { - predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _) } + predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _, _) } - predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _) } + predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _, _) } - predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _) } + predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _, _) } predicate neutralKind(string kind) { neutralModel(_, _, _, _, kind, _) } } @@ -307,11 +317,11 @@ module ModelValidation { string pred, string package, string type, string name, string signature, string ext, string provenance | - sourceModel(package, type, _, name, signature, ext, _, _, provenance) and pred = "source" + sourceModel(package, type, _, name, signature, ext, _, _, provenance, _) and pred = "source" or - sinkModel(package, type, _, name, signature, ext, _, _, provenance) and pred = "sink" + sinkModel(package, type, _, name, signature, ext, _, _, provenance, _) and pred = "sink" or - summaryModel(package, type, _, name, signature, ext, _, _, _, provenance) and + summaryModel(package, type, _, name, signature, ext, _, _, _, provenance, _) and pred = "summary" or neutralModel(package, type, name, signature, _, provenance) and @@ -352,11 +362,11 @@ pragma[nomagic] private predicate elementSpec( string package, string type, boolean subtypes, string name, string signature, string ext ) { - sourceModel(package, type, subtypes, name, signature, ext, _, _, _) + sourceModel(package, type, subtypes, name, signature, ext, _, _, _, _) or - sinkModel(package, type, subtypes, name, signature, ext, _, _, _) + sinkModel(package, type, subtypes, name, signature, ext, _, _, _, _) or - summaryModel(package, type, subtypes, name, signature, ext, _, _, _, _) + summaryModel(package, type, subtypes, name, signature, ext, _, _, _, _, _) or neutralModel(package, type, name, signature, _, _) and ext = "" and subtypes = false } @@ -494,9 +504,9 @@ private module Cached { * model. */ cached - predicate sourceNode(Node node, string kind) { + predicate sourceNode(Node node, string kind, string model) { exists(SourceSinkInterpretationInput::InterpretNode n | - isSourceNode(n, kind) and n.asNode() = node + isSourceNode(n, kind, model) and n.asNode() = node ) } @@ -505,29 +515,45 @@ private module Cached { * model. */ cached - predicate sinkNode(Node node, string kind) { + predicate sinkNode(Node node, string kind, string model) { exists(SourceSinkInterpretationInput::InterpretNode n | - isSinkNode(n, kind) and n.asNode() = node + isSinkNode(n, kind, model) and n.asNode() = node ) } } import Cached +/** + * Holds if `node` is specified as a source with the given kind in a MaD flow + * model. + */ +predicate sourceNode(Node node, string kind) { sourceNode(node, kind, _) } + +/** + * Holds if `node` is specified as a sink with the given kind in a MaD flow + * model. + */ +predicate sinkNode(Node node, string kind) { sinkNode(node, kind, _) } + // adapter class for converting Mad summaries to `SummarizedCallable`s private class SummarizedCallableAdapter extends SummarizedCallable { - SummarizedCallableAdapter() { summaryElement(this, _, _, _, _) } + SummarizedCallableAdapter() { summaryElement(this, _, _, _, _, _) } - private predicate relevantSummaryElementManual(string input, string output, string kind) { + private predicate relevantSummaryElementManual( + string input, string output, string kind, string model + ) { exists(Provenance provenance | - summaryElement(this, input, output, kind, provenance) and + summaryElement(this, input, output, kind, provenance, model) and provenance.isManual() ) } - private predicate relevantSummaryElementGenerated(string input, string output, string kind) { + private predicate relevantSummaryElementGenerated( + string input, string output, string kind, string model + ) { exists(Provenance provenance | - summaryElement(this, input, output, kind, provenance) and + summaryElement(this, input, output, kind, provenance, model) and provenance.isGenerated() ) and not exists(Provenance provenance | @@ -536,19 +562,21 @@ private class SummarizedCallableAdapter extends SummarizedCallable { ) } - override predicate propagatesFlow(string input, string output, boolean preservesValue) { + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { exists(string kind | - this.relevantSummaryElementManual(input, output, kind) + this.relevantSummaryElementManual(input, output, kind, model) or - not this.relevantSummaryElementManual(_, _, _) and - this.relevantSummaryElementGenerated(input, output, kind) + not this.relevantSummaryElementManual(_, _, _, _) and + this.relevantSummaryElementGenerated(input, output, kind, model) | if kind = "value" then preservesValue = true else preservesValue = false ) } override predicate hasProvenance(Provenance provenance) { - summaryElement(this, _, _, _, provenance) + summaryElement(this, _, _, _, provenance, _) } } diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll index 1dd0c2c11fa8..51055e562129 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll @@ -126,8 +126,14 @@ class SummarizedCallable = Impl::Public::SummarizedCallable; * to `SummarizedCallable`. */ private class SummarizedSyntheticCallableAdapter extends SummarizedCallable, TSyntheticCallable { - override predicate propagatesFlow(string input, string output, boolean preservesValue) { - this.asSyntheticCallable().propagatesFlow(input, output, preservesValue) + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { + exists(SyntheticCallable sc | + sc = this.asSyntheticCallable() and + sc.propagatesFlow(input, output, preservesValue) and + model = sc + ) } } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll index b14bbb0ab9be..7b151c8b13e6 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll @@ -7,6 +7,7 @@ private import semmle.code.java.dataflow.SSA private import ContainerFlow private import semmle.code.java.dataflow.FlowSteps private import semmle.code.java.dataflow.FlowSummary +private import semmle.code.java.dataflow.ExternalFlow private import FlowSummaryImpl as FlowSummaryImpl private import DataFlowNodes private import codeql.dataflow.VariableCapture as VariableCapture @@ -576,6 +577,10 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { /** Extra data-flow steps needed for lambda flow analysis. */ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } +predicate knownSourceModel(Node source, string model) { sourceNode(source, _, model) } + +predicate knownSinkModel(Node sink, string model) { sinkNode(sink, _, model) } + /** * Holds if flow is allowed to pass from parameter `p` and back to itself as a * side-effect, resulting in a summary from `p` to itself. diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll index c40520c3500e..ee82eca492dc 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll @@ -106,7 +106,7 @@ private module Cached { */ cached predicate localFlowStep(Node node1, Node node2) { - simpleLocalFlowStep0(node1, node2) + simpleLocalFlowStep0(node1, node2, _) or adjacentUseUse(node1.asExpr(), node2.asExpr()) or @@ -122,12 +122,13 @@ private module Cached { * data flow. It may have less flow than the `localFlowStep` predicate. */ cached - predicate simpleLocalFlowStep(Node node1, Node node2) { - simpleLocalFlowStep0(node1, node2) + predicate simpleLocalFlowStep(Node node1, Node node2, string model) { + simpleLocalFlowStep0(node1, node2, model) or any(AdditionalValueStep a).step(node1, node2) and pragma[only_bind_out](node1.getEnclosingCallable()) = pragma[only_bind_out](node2.getEnclosingCallable()) and + model = "AdditionalValueStep" and // prevent recursive call (any(AdditionalValueStep a).step(_, _) implies any()) } @@ -162,7 +163,7 @@ predicate localMustFlowStep(Node node1, Node node2) { node1 = unique(FlowSummaryNode n1 | FlowSummaryImpl::Private::Steps::summaryLocalStep(n1.getSummaryNode(), - node2.(FlowSummaryNode).getSummaryNode(), true) + node2.(FlowSummaryNode).getSummaryNode(), true, _) ) } @@ -210,51 +211,55 @@ predicate simpleAstFlowStep(Expr e1, Expr e2) { exists(InstanceOfExpr ioe | e1 = ioe.getExpr() and e2 = ioe.getPattern().asRecordPattern()) } -private predicate simpleLocalFlowStep0(Node node1, Node node2) { - TaintTrackingUtil::forceCachingInSameStage() and - // Variable flow steps through adjacent def-use and use-use pairs. - exists(SsaExplicitUpdate upd | - upd.getDefiningExpr().(VariableAssign).getSource() = node1.asExpr() or - upd.getDefiningExpr().(AssignOp) = node1.asExpr() or - upd.getDefiningExpr().(RecordBindingVariableExpr) = node1.asExpr() - | - node2.asExpr() = upd.getAFirstUse() and +private predicate simpleLocalFlowStep0(Node node1, Node node2, string model) { + ( + TaintTrackingUtil::forceCachingInSameStage() and + // Variable flow steps through adjacent def-use and use-use pairs. + exists(SsaExplicitUpdate upd | + upd.getDefiningExpr().(VariableAssign).getSource() = node1.asExpr() or + upd.getDefiningExpr().(AssignOp) = node1.asExpr() or + upd.getDefiningExpr().(RecordBindingVariableExpr) = node1.asExpr() + | + node2.asExpr() = upd.getAFirstUse() and + not capturedVariableRead(node2) + ) + or + exists(SsaImplicitInit init | + init.isParameterDefinition(node1.asParameter()) and + node2.asExpr() = init.getAFirstUse() and + not capturedVariableRead(node2) + ) + or + adjacentUseUse(node1.asExpr(), node2.asExpr()) and + not exists(FieldRead fr | + hasNonlocalValue(fr) and fr.getField().isStatic() and fr = node1.asExpr() + ) and + not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(node1, _) and not capturedVariableRead(node2) - ) - or - exists(SsaImplicitInit init | - init.isParameterDefinition(node1.asParameter()) and - node2.asExpr() = init.getAFirstUse() and + or + ThisFlow::adjacentThisRefs(node1, node2) + or + adjacentUseUse(node1.(PostUpdateNode).getPreUpdateNode().asExpr(), node2.asExpr()) and not capturedVariableRead(node2) - ) - or - adjacentUseUse(node1.asExpr(), node2.asExpr()) and - not exists(FieldRead fr | - hasNonlocalValue(fr) and fr.getField().isStatic() and fr = node1.asExpr() + or + ThisFlow::adjacentThisRefs(node1.(PostUpdateNode).getPreUpdateNode(), node2) + or + simpleAstFlowStep(node1.asExpr(), node2.asExpr()) + or + captureValueStep(node1, node2) ) and - not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(node1, _) and - not capturedVariableRead(node2) - or - ThisFlow::adjacentThisRefs(node1, node2) - or - adjacentUseUse(node1.(PostUpdateNode).getPreUpdateNode().asExpr(), node2.asExpr()) and - not capturedVariableRead(node2) - or - ThisFlow::adjacentThisRefs(node1.(PostUpdateNode).getPreUpdateNode(), node2) - or - simpleAstFlowStep(node1.asExpr(), node2.asExpr()) + model = "" or exists(MethodCall ma, ValuePreservingMethod m, int argNo | ma.getCallee().getSourceDeclaration() = m and m.returnsValue(argNo) | node2.asExpr() = ma and - node1.(ArgumentNode).argumentOf(any(DataFlowCall c | c.asCall() = ma), argNo) + node1.(ArgumentNode).argumentOf(any(DataFlowCall c | c.asCall() = ma), argNo) and + model = "ValuePreservingMethod" ) or FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), - node2.(FlowSummaryNode).getSummaryNode(), true) - or - captureValueStep(node1, node2) + node2.(FlowSummaryNode).getSummaryNode(), true, model) } /** diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll b/java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll index d057c58a1279..50e74372f5c2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll @@ -7,7 +7,7 @@ */ extensible predicate sourceModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string output, string kind, string provenance + string output, string kind, string provenance, QlBuiltins::ExtensionId madId ); /** @@ -15,7 +15,7 @@ extensible predicate sourceModel( */ extensible predicate sinkModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string input, string kind, string provenance + string input, string kind, string provenance, QlBuiltins::ExtensionId madId ); /** @@ -23,7 +23,7 @@ extensible predicate sinkModel( */ extensible predicate summaryModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string input, string output, string kind, string provenance + string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId ); /** @@ -39,7 +39,7 @@ extensible predicate neutralModel( */ extensible predicate experimentalSourceModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string output, string kind, string provenance, string filter + string output, string kind, string provenance, string filter, QlBuiltins::ExtensionId madId ); /** @@ -48,7 +48,7 @@ extensible predicate experimentalSourceModel( */ extensible predicate experimentalSinkModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string input, string kind, string provenance, string filter + string input, string kind, string provenance, string filter, QlBuiltins::ExtensionId madId ); /** @@ -57,5 +57,6 @@ extensible predicate experimentalSinkModel( */ extensible predicate experimentalSummaryModel( string package, string type, boolean subtypes, string name, string signature, string ext, - string input, string output, string kind, string provenance, string filter + string input, string output, string kind, string provenance, string filter, + QlBuiltins::ExtensionId madId ); diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index 5c77ab2c09a9..5698d3f3477b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -126,10 +126,10 @@ private predicate relatedArgSpec(Callable c, string spec) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext | - summaryModel(namespace, type, subtypes, name, signature, ext, spec, _, _, _) or - summaryModel(namespace, type, subtypes, name, signature, ext, _, spec, _, _) or - sourceModel(namespace, type, subtypes, name, signature, ext, spec, _, _) or - sinkModel(namespace, type, subtypes, name, signature, ext, spec, _, _) + summaryModel(namespace, type, subtypes, name, signature, ext, spec, _, _, _, _) or + summaryModel(namespace, type, subtypes, name, signature, ext, _, spec, _, _, _) or + sourceModel(namespace, type, subtypes, name, signature, ext, spec, _, _, _) or + sinkModel(namespace, type, subtypes, name, signature, ext, spec, _, _, _) | c = interpretElement(namespace, type, subtypes, name, signature, ext) ) @@ -192,12 +192,16 @@ module SourceSinkInterpretationInput implements class Element = J::Element; - predicate sourceElement(Element e, string output, string kind, Public::Provenance provenance) { + predicate sourceElement( + Element e, string output, string kind, Public::Provenance provenance, string model + ) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, - SourceOrSinkElement baseSource, string originalOutput + SourceOrSinkElement baseSource, string originalOutput, QlBuiltins::ExtensionId madId | - sourceModel(namespace, type, subtypes, name, signature, ext, originalOutput, kind, provenance) and + sourceModel(namespace, type, subtypes, name, signature, ext, originalOutput, kind, provenance, + madId) and + model = "MaD:" + madId.toString() and baseSource = interpretElement(namespace, type, subtypes, name, signature, ext) and ( e = baseSource and output = originalOutput @@ -207,12 +211,16 @@ module SourceSinkInterpretationInput implements ) } - predicate sinkElement(Element e, string input, string kind, Public::Provenance provenance) { + predicate sinkElement( + Element e, string input, string kind, Public::Provenance provenance, string model + ) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, - SourceOrSinkElement baseSink, string originalInput + SourceOrSinkElement baseSink, string originalInput, QlBuiltins::ExtensionId madId | - sinkModel(namespace, type, subtypes, name, signature, ext, originalInput, kind, provenance) and + sinkModel(namespace, type, subtypes, name, signature, ext, originalInput, kind, provenance, + madId) and + model = "MaD:" + madId.toString() and baseSink = interpretElement(namespace, type, subtypes, name, signature, ext) and ( e = baseSink and originalInput = input @@ -301,14 +309,17 @@ module Private { * `input`, output specification `output`, kind `kind`, and provenance `provenance`. */ predicate summaryElement( - Input::SummarizedCallableBase c, string input, string output, string kind, string provenance + Input::SummarizedCallableBase c, string input, string output, string kind, string provenance, + string model ) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, - string originalInput, string originalOutput, Callable baseCallable + string originalInput, string originalOutput, Callable baseCallable, + QlBuiltins::ExtensionId madId | summaryModel(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput, - kind, provenance) and + kind, provenance, madId) and + model = "MaD:" + madId.toString() and baseCallable = interpretElement(namespace, type, subtypes, name, signature, ext) and ( c.asCallable() = baseCallable and input = originalInput and output = originalOutput diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 00415e93d534..8c731f144633 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -98,7 +98,7 @@ private module Cached { predicate localTaintStep(DataFlow::Node src, DataFlow::Node sink) { DataFlow::localFlowStep(src, sink) or - localAdditionalTaintStep(src, sink) + localAdditionalTaintStep(src, sink, _) or // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural @@ -119,14 +119,15 @@ private module Cached { * different objects. */ cached - predicate localAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { - localAdditionalTaintExprStep(src.asExpr(), sink.asExpr()) + predicate localAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink, string model) { + localAdditionalTaintExprStep(src.asExpr(), sink.asExpr(), model) or localAdditionalTaintUpdateStep(src.asExpr(), - sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr()) + sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr(), model) or exists(DataFlow::Content f | readStep(src, f, sink) and + model = "" and not sink.getTypeBound() instanceof PrimitiveType and not sink.getTypeBound() instanceof BoxedType and not sink.getTypeBound() instanceof NumberType and @@ -138,7 +139,7 @@ private module Cached { ) or FlowSummaryImpl::Private::Steps::summaryLocalStep(src.(DataFlowPrivate::FlowSummaryNode) - .getSummaryNode(), sink.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false) + .getSummaryNode(), sink.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false, model) } /** @@ -146,10 +147,12 @@ private module Cached { * global taint flow configurations. */ cached - predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { - localAdditionalTaintStep(src, sink) or - entrypointFieldStep(src, sink) or - any(AdditionalTaintStep a).step(src, sink) + predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink, string model) { + localAdditionalTaintStep(src, sink, model) + or + entrypointFieldStep(src, sink) and model = "entrypointFieldStep" + or + any(AdditionalTaintStep a).step(src, sink) and model = "AdditionalTaintStep" } /** @@ -198,26 +201,29 @@ predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) * local data flow steps. That is, `src` and `sink` are likely to represent * different objects. */ -private predicate localAdditionalTaintExprStep(Expr src, Expr sink) { - sink.(AddExpr).getAnOperand() = src and sink.getType() instanceof TypeString - or - sink.(AssignAddExpr).getSource() = src and sink.getType() instanceof TypeString - or - sink.(StringTemplateExpr).getComponent(_) = src - or - sink.(LogicExpr).getAnOperand() = src +private predicate localAdditionalTaintExprStep(Expr src, Expr sink, string model) { + ( + sink.(AddExpr).getAnOperand() = src and sink.getType() instanceof TypeString + or + sink.(AssignAddExpr).getSource() = src and sink.getType() instanceof TypeString + or + sink.(StringTemplateExpr).getComponent(_) = src + or + sink.(LogicExpr).getAnOperand() = src + ) and + model = "" or - constructorStep(src, sink) + constructorStep(src, sink, model) or - qualifierToMethodStep(src, sink) + qualifierToMethodStep(src, sink, model) or - argToMethodStep(src, sink) + argToMethodStep(src, sink, model) or - comparisonStep(src, sink) + comparisonStep(src, sink) and model = "" or - serializationStep(src, sink) + serializationStep(src, sink) and model = "serializationStep" or - formatStep(src, sink) + formatStep(src, sink) and model = "formatStep" } /** @@ -226,12 +232,12 @@ private predicate localAdditionalTaintExprStep(Expr src, Expr sink) { * different objects. * This is restricted to cases where the step updates the value of `sink`. */ -private predicate localAdditionalTaintUpdateStep(Expr src, Expr sink) { - qualifierToArgumentStep(src, sink) +private predicate localAdditionalTaintUpdateStep(Expr src, Expr sink, string model) { + qualifierToArgumentStep(src, sink, model) or - argToArgStep(src, sink) + argToArgStep(src, sink, model) or - argToQualifierStep(src, sink) + argToQualifierStep(src, sink, model) } private class BulkData extends RefType { @@ -263,19 +269,21 @@ private predicate inputStreamWrapper(Constructor c, int argi) { } /** An object construction that preserves the data flow status of any of its arguments. */ -private predicate constructorStep(Expr tracked, ConstructorCall sink) { +private predicate constructorStep(Expr tracked, ConstructorCall sink, string model) { exists(int argi | sink.getArgument(argi) = tracked | // wrappers constructed by extension exists(Constructor c, Parameter p, SuperConstructorInvocationStmt sup | c = sink.getConstructor() and p = c.getParameter(argi) and sup.getEnclosingCallable() = c and - constructorStep(p.getAnAccess(), sup) + constructorStep(p.getAnAccess(), sup, model) ) or // a custom InputStream that wraps a tainted data source is tainted + model = "inputStreamWrapper" and inputStreamWrapper(sink.getConstructor(), argi) or + model = "TaintPreservingCallable" and sink.getConstructor().(TaintPreservingCallable).returnsTaintFrom(argToParam(sink, argi)) ) } @@ -289,8 +297,9 @@ private int argToParam(Call call, int argIdx) { } /** Access to a method that passes taint from qualifier to argument. */ -private predicate qualifierToArgumentStep(Expr tracked, Expr sink) { +private predicate qualifierToArgumentStep(Expr tracked, Expr sink, string model) { exists(MethodCall ma, int arg | + model = "TaintPreservingCallable" and ma.getMethod().(TaintPreservingCallable).transfersTaint(-1, argToParam(ma, arg)) and tracked = ma.getQualifier() and sink = ma.getArgument(arg) @@ -298,17 +307,19 @@ private predicate qualifierToArgumentStep(Expr tracked, Expr sink) { } /** Access to a method that passes taint from the qualifier. */ -private predicate qualifierToMethodStep(Expr tracked, MethodCall sink) { - taintPreservingQualifierToMethod(sink.getMethod()) and +private predicate qualifierToMethodStep(Expr tracked, MethodCall sink, string model) { + taintPreservingQualifierToMethod(sink.getMethod(), model) and tracked = sink.getQualifier() } /** * Methods that return tainted data when called on tainted data. */ -private predicate taintPreservingQualifierToMethod(Method m) { +private predicate taintPreservingQualifierToMethod(Method m, string model) { + model = "" and m instanceof CloneMethod or + model = "%StringWriter" and m.getDeclaringType().getQualifiedName().matches("%StringWriter") and ( m.getName() = "getBuffer" @@ -316,29 +327,34 @@ private predicate taintPreservingQualifierToMethod(Method m) { m.getName() = "toString" ) or + model = "TypeObjectInputStream.read%" and m.getDeclaringType() instanceof TypeObjectInputStream and m.getName().matches("read%") or + model = "SpringUntrustedDataType.getter" and m instanceof GetterMethod and m.getDeclaringType().getADescendant() instanceof SpringUntrustedDataType and not m.getDeclaringType() instanceof TypeObject or + model = "TaintPreservingCallable" and m.(TaintPreservingCallable).returnsTaintFrom(-1) or + model = "JaxRsResourceMethod" and exists(JaxRsResourceMethod resourceMethod | m.(GetterMethod).getDeclaringType() = resourceMethod.getAParameter().getType() ) } /** Access to a method that passes taint from an argument. */ -private predicate argToMethodStep(Expr tracked, MethodCall sink) { +private predicate argToMethodStep(Expr tracked, MethodCall sink, string model) { exists(Method m, int i | m = sink.getMethod() and - taintPreservingArgumentToMethod(m, argToParam(sink, i)) and + taintPreservingArgumentToMethod(m, argToParam(sink, i), model) and tracked = sink.getArgument(i) ) or exists(Method springResponseEntityOfOk | + model = "SpringResponseEntity" and sink.getMethod() = springResponseEntityOfOk and springResponseEntityOfOk.getDeclaringType() instanceof SpringResponseEntity and springResponseEntityOfOk.hasName(["ok", "of"]) and @@ -347,6 +363,7 @@ private predicate argToMethodStep(Expr tracked, MethodCall sink) { ) or exists(Method springResponseEntityBody | + model = "SpringResponseEntityBodyBuilder" and sink.getMethod() = springResponseEntityBody and springResponseEntityBody.getDeclaringType() instanceof SpringResponseEntityBodyBuilder and springResponseEntityBody.hasName("body") and @@ -359,7 +376,8 @@ private predicate argToMethodStep(Expr tracked, MethodCall sink) { * Holds if `method` is a library method that returns tainted data if its * `arg`th argument is tainted. */ -private predicate taintPreservingArgumentToMethod(Method method, int arg) { +private predicate taintPreservingArgumentToMethod(Method method, int arg, string model) { + model = "org.apache.commons.codec.binary.Base64" and method.getDeclaringType().hasQualifiedName("org.apache.commons.codec.binary", "Base64") and ( method.getName() = "decodeBase64" and arg = 0 @@ -367,6 +385,7 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) { method.getName().matches("encodeBase64%") and arg = 0 ) or + model = "TaintPreservingCallable" and method.(TaintPreservingCallable).returnsTaintFrom(arg) } @@ -374,8 +393,9 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) { * Holds if `tracked` and `sink` are arguments to a method that transfers taint * between arguments. */ -private predicate argToArgStep(Expr tracked, Expr sink) { +private predicate argToArgStep(Expr tracked, Expr sink, string model) { exists(MethodCall ma, Method method, int input, int output | + model = "TaintPreservingCallable" and method.(TaintPreservingCallable).transfersTaint(argToParam(ma, input), argToParam(ma, output)) and ma.getMethod() = method and ma.getArgument(input) = tracked and @@ -387,8 +407,9 @@ private predicate argToArgStep(Expr tracked, Expr sink) { * Holds if `tracked` is the argument of a method that transfers taint * from the argument to the qualifier and `sink` is the qualifier. */ -private predicate argToQualifierStep(Expr tracked, Expr sink) { +private predicate argToQualifierStep(Expr tracked, Expr sink, string model) { exists(Method m, int i, MethodCall ma | + model = "TaintPreservingCallable" and taintPreservingArgumentToQualifier(m, argToParam(ma, i)) and ma.getMethod() = m and tracked = ma.getArgument(i) and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll b/java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll index 97e49812ae45..f7840f197853 100644 --- a/java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll +++ b/java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll @@ -71,10 +71,13 @@ private class SummarizedCallableWithCallback extends SummarizedCallable { SummarizedCallableWithCallback() { mayInvokeCallback(this.asCallable(), pos) } - override predicate propagatesFlow(string input, string output, boolean preservesValue) { + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { input = "Argument[" + pos + "]" and output = "Argument[" + pos + "].Parameter[-1]" and - preservesValue = true + preservesValue = true and + model = "heuristic-callback" } override predicate hasProvenance(Provenance provenance) { provenance = "hq-generated" } diff --git a/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll b/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll index 4d896c2140f2..b5a195e748a6 100644 --- a/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll +++ b/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll @@ -18,7 +18,7 @@ private class ExploitableStringLiteral extends StringLiteral { * where -1 is the qualifier; or -2 if no such argument exists. */ private predicate regexSinkKindInfo(string kind, boolean full, int strArg) { - sinkModel(_, _, _, _, _, _, _, kind, _) and + sinkModel(_, _, _, _, _, _, _, kind, _, _) and exists(string fullStr, string strArgStr | ( full = true and fullStr = "f" diff --git a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll index f0127176cd96..f27b677722f0 100644 --- a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll +++ b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll @@ -77,7 +77,7 @@ class ExternalApiDataNode extends DataFlow::Node { ) and // Not already modeled as a taint step (we need both of these to handle `AdditionalTaintStep` subclasses as well) not TaintTracking::localTaintStep(this, _) and - not TaintTracking::defaultAdditionalTaintStep(this, _) and + not TaintTracking::defaultAdditionalTaintStep(this, _, _) and // Not a call to a known safe external API not call.getCallee() instanceof SafeExternalApiMethod } diff --git a/java/ql/src/Telemetry/ExternalApi.qll b/java/ql/src/Telemetry/ExternalApi.qll index 388908a26a9d..47527dfbb46a 100644 --- a/java/ql/src/Telemetry/ExternalApi.qll +++ b/java/ql/src/Telemetry/ExternalApi.qll @@ -65,7 +65,7 @@ class ExternalApi extends Callable { pragma[nomagic] predicate hasSummary() { this = any(SummarizedCallable sc).asCallable() or - TaintTracking::localAdditionalTaintStep(this.getAnInput(), _) + TaintTracking::localAdditionalTaintStep(this.getAnInput(), _, _) } pragma[nomagic] diff --git a/java/ql/src/utils/flowtestcasegenerator/FlowTestCase.qll b/java/ql/src/utils/flowtestcasegenerator/FlowTestCase.qll index f90bbf2c9082..af0f501621a1 100644 --- a/java/ql/src/utils/flowtestcasegenerator/FlowTestCase.qll +++ b/java/ql/src/utils/flowtestcasegenerator/FlowTestCase.qll @@ -27,7 +27,7 @@ predicate summaryModelRow( string package, string type, boolean subtypes, string name, string signature, string ext, string input, string output, string kind, string provenance, string row ) { - summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance) and + summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance, _) and row = package + ";" // + type + ";" // @@ -61,7 +61,7 @@ private class CallableToTest extends Callable { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext | - summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _) and + summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, _) and this = interpretElement(namespace, type, subtypes, name, signature, ext) and this.isPublic() and getRootType(this.getDeclaringType()).(RefType).isPublic() diff --git a/java/ql/src/utils/modelconverter/ExtractSinks.ql b/java/ql/src/utils/modelconverter/ExtractSinks.ql index 8528108cf8ae..4439f3ef0087 100644 --- a/java/ql/src/utils/modelconverter/ExtractSinks.ql +++ b/java/ql/src/utils/modelconverter/ExtractSinks.ql @@ -11,7 +11,7 @@ from string package, string type, boolean subtypes, string name, string signature, string ext, string input, string kind, string provenance where - sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) and + sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, _) and not provenance.matches("%generated") select package, type, subtypes, name, signature, ext, input, kind, provenance order by package, type, name, signature, input, kind diff --git a/java/ql/src/utils/modelconverter/ExtractSources.ql b/java/ql/src/utils/modelconverter/ExtractSources.ql index 8fb5aba64b81..cc0faca73d68 100644 --- a/java/ql/src/utils/modelconverter/ExtractSources.ql +++ b/java/ql/src/utils/modelconverter/ExtractSources.ql @@ -11,7 +11,7 @@ from string package, string type, boolean subtypes, string name, string signature, string ext, string output, string kind, string provenance where - sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance) and + sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance, _) and not provenance.matches("%generated") select package, type, subtypes, name, signature, ext, output, kind, provenance order by package, type, name, signature, output, kind diff --git a/java/ql/src/utils/modelconverter/ExtractSummaries.ql b/java/ql/src/utils/modelconverter/ExtractSummaries.ql index 72cffc3b2b34..6fbed049fd6c 100644 --- a/java/ql/src/utils/modelconverter/ExtractSummaries.ql +++ b/java/ql/src/utils/modelconverter/ExtractSummaries.ql @@ -11,7 +11,7 @@ from string package, string type, boolean subtypes, string name, string signature, string ext, string input, string output, string kind, string provenance where - summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance) and + summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance, _) and not provenance.matches("%generated") select package, type, subtypes, name, signature, ext, input, output, kind, provenance order by package, type, name, signature, input, output, kind diff --git a/java/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll b/java/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll index 1b26eba5685c..b875c7edf44f 100644 --- a/java/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll +++ b/java/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll @@ -29,7 +29,7 @@ class ExternalEndpoint extends Endpoint { override predicate hasSummary() { Endpoint.super.hasSummary() or - TaintTracking::localAdditionalTaintStep(this.getAnInput(), _) + TaintTracking::localAdditionalTaintStep(this.getAnInput(), _, _) } override predicate isSource() { diff --git a/java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll b/java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll index 76c727a4bf5a..1853e54eef05 100644 --- a/java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll +++ b/java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll @@ -8,7 +8,7 @@ private import ModelEditor * A class of effectively public callables from source code. */ class PublicEndpointFromSource extends Endpoint, ModelApi { - override predicate isSource() { SourceSinkInterpretationInput::sourceElement(this, _, _, _) } + override predicate isSource() { SourceSinkInterpretationInput::sourceElement(this, _, _, _, _) } - override predicate isSink() { SourceSinkInterpretationInput::sinkElement(this, _, _, _) } + override predicate isSink() { SourceSinkInterpretationInput::sinkElement(this, _, _, _, _) } } diff --git a/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected b/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected index c88d2e2284c2..efd422d4d4a9 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected @@ -1,2102 +1,3141 @@ edges -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:31:41:31:48 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:32:41:32:48 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:33:56:33:63 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:34:56:34:63 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:35:51:35:58 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:36:59:36:66 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:37:59:37:66 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:38:41:38:48 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:39:50:39:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:40:50:40:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:41:70:41:77 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:42:65:42:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:43:50:43:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:44:80:44:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:45:65:45:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:46:50:46:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:47:95:47:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:48:80:48:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:49:65:49:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:50:50:50:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:51:110:51:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:52:95:52:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:53:80:53:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:54:65:54:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:55:50:55:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:56:125:56:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:57:110:57:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:58:95:58:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:59:80:59:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:60:65:60:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:61:50:61:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:62:140:62:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:63:125:63:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:64:110:64:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:65:95:65:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:66:80:66:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:67:65:67:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:68:50:68:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:69:155:69:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:70:140:70:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:71:125:71:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:72:110:72:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:73:95:73:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:74:80:74:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:75:65:75:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:76:50:76:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:77:170:77:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:78:155:78:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:79:140:79:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:80:125:80:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:81:110:81:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:82:95:82:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:83:80:83:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:84:65:84:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:85:50:85:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:86:185:86:192 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:87:170:87:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:88:155:88:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:89:140:89:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:90:125:90:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:91:110:91:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:92:95:92:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:93:80:93:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:94:65:94:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:95:50:95:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:96:50:96:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:97:70:97:77 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:98:50:98:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:99:55:99:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:100:55:100:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:101:44:101:51 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:102:44:102:51 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:103:36:103:43 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:104:36:104:43 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:105:26:105:33 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:106:26:106:33 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:107:35:107:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:108:35:108:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:109:55:109:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:110:50:110:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:111:35:111:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:112:65:112:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:113:50:113:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:114:35:114:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:115:80:115:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:116:65:116:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:117:50:117:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:118:35:118:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:119:95:119:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:120:80:120:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:121:65:121:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:122:50:122:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:123:35:123:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:124:110:124:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:125:95:125:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:126:80:126:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:127:65:127:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:128:50:128:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:129:35:129:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:130:125:130:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:131:110:131:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:132:95:132:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:133:80:133:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:134:65:134:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:135:50:135:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:136:35:136:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:137:140:137:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:138:125:138:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:139:110:139:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:140:95:140:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:141:80:141:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:142:65:142:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:143:50:143:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:144:35:144:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:145:155:145:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:146:140:146:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:147:125:147:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:148:110:148:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:149:95:149:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:150:80:150:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:151:65:151:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:152:50:152:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:153:35:153:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:154:170:154:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:155:155:155:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:156:140:156:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:157:125:157:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:158:110:158:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:159:95:159:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:160:80:160:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:161:65:161:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:162:50:162:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:163:35:163:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:164:35:164:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:165:55:165:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:166:35:166:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:167:40:167:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:168:40:168:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:169:41:169:48 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:170:41:170:48 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:171:56:171:63 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:172:56:172:63 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:173:51:173:58 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:174:59:174:66 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:175:59:175:66 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:176:41:176:48 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:177:50:177:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:178:50:178:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:179:70:179:77 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:180:65:180:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:181:50:181:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:182:80:182:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:183:65:183:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:184:50:184:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:185:95:185:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:186:80:186:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:187:65:187:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:188:50:188:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:189:110:189:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:190:95:190:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:191:80:191:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:192:65:192:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:193:50:193:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:194:125:194:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:195:110:195:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:196:95:196:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:197:80:197:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:198:65:198:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:199:50:199:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:200:140:200:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:201:125:201:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:202:110:202:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:203:95:203:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:204:80:204:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:205:65:205:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:206:50:206:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:207:155:207:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:208:140:208:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:209:125:209:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:210:110:210:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:211:95:211:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:212:80:212:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:213:65:213:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:214:50:214:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:215:170:215:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:216:155:216:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:217:140:217:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:218:125:218:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:219:110:219:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:220:95:220:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:221:80:221:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:222:65:222:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:223:50:223:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:224:185:224:192 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:225:170:225:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:226:155:226:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:227:140:227:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:228:125:228:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:229:110:229:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:230:95:230:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:231:80:231:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:232:65:232:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:233:50:233:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:234:50:234:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:235:70:235:77 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:236:50:236:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:237:55:237:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:238:55:238:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:239:44:239:51 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:240:44:240:51 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:241:36:241:43 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:242:36:242:43 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:243:26:243:33 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:244:26:244:33 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:245:35:245:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:246:35:246:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:247:55:247:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:248:50:248:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:249:35:249:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:250:65:250:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:251:50:251:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:252:35:252:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:253:80:253:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:254:65:254:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:255:50:255:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:256:35:256:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:257:95:257:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:258:80:258:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:259:65:259:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:260:50:260:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:261:35:261:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:262:110:262:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:263:95:263:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:264:80:264:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:265:65:265:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:266:50:266:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:267:35:267:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:268:125:268:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:269:110:269:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:270:95:270:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:271:80:271:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:272:65:272:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:273:50:273:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:274:35:274:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:275:140:275:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:276:125:276:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:277:110:277:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:278:95:278:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:279:80:279:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:280:65:280:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:281:50:281:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:282:35:282:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:283:155:283:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:284:140:284:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:285:125:285:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:286:110:286:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:287:95:287:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:288:80:288:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:289:65:289:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:290:50:290:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:291:35:291:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:292:170:292:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:293:155:293:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:294:140:294:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:295:125:295:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:296:110:296:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:297:95:297:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:298:80:298:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:299:65:299:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:300:50:300:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:301:35:301:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:302:35:302:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:303:55:303:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:304:35:304:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:305:40:305:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:306:40:306:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:307:41:307:48 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:308:41:308:48 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:309:56:309:63 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:310:56:310:63 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:311:51:311:58 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:312:59:312:66 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:313:59:313:66 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:314:41:314:48 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:315:50:315:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:316:50:316:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:317:70:317:77 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:318:65:318:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:319:50:319:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:320:80:320:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:321:65:321:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:322:50:322:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:323:95:323:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:324:80:324:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:325:65:325:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:326:50:326:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:327:110:327:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:328:95:328:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:329:80:329:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:330:65:330:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:331:50:331:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:332:125:332:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:333:110:333:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:334:95:334:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:335:80:335:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:336:65:336:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:337:50:337:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:338:140:338:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:339:125:339:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:340:110:340:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:341:95:341:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:342:80:342:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:343:65:343:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:344:50:344:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:345:155:345:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:346:140:346:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:347:125:347:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:348:110:348:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:349:95:349:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:350:80:350:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:351:65:351:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:352:50:352:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:353:170:353:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:354:155:354:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:355:140:355:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:356:125:356:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:357:110:357:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:358:95:358:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:359:80:359:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:360:65:360:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:361:50:361:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:362:185:362:192 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:363:170:363:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:364:155:364:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:365:140:365:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:366:125:366:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:367:110:367:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:368:95:368:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:369:80:369:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:370:65:370:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:371:50:371:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:372:50:372:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:373:70:373:77 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:374:50:374:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:375:55:375:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:376:55:376:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:377:44:377:51 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:378:44:378:51 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:379:36:379:43 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:380:36:380:43 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:381:26:381:33 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:382:26:382:33 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:383:35:383:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:384:35:384:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:385:55:385:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:386:50:386:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:387:35:387:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:388:65:388:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:389:50:389:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:390:35:390:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:391:80:391:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:392:65:392:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:393:50:393:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:394:35:394:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:395:95:395:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:396:80:396:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:397:65:397:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:398:50:398:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:399:35:399:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:400:110:400:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:401:95:401:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:402:80:402:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:403:65:403:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:404:50:404:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:405:35:405:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:406:125:406:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:407:110:407:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:408:95:408:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:409:80:409:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:410:65:410:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:411:50:411:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:412:35:412:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:413:140:413:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:414:125:414:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:415:110:415:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:416:95:416:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:417:80:417:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:418:65:418:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:419:50:419:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:420:35:420:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:421:155:421:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:422:140:422:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:423:125:423:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:424:110:424:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:425:95:425:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:426:80:426:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:427:65:427:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:428:50:428:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:429:35:429:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:430:170:430:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:431:155:431:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:432:140:432:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:433:125:433:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:434:110:434:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:435:95:435:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:436:80:436:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:437:65:437:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:438:50:438:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:439:35:439:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:440:35:440:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:441:55:441:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:442:35:442:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:443:40:443:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:444:40:444:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:445:40:445:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:446:40:446:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:447:55:447:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:448:55:448:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:449:50:449:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:450:58:450:65 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:451:58:451:65 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:452:40:452:47 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:453:49:453:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:454:49:454:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:455:69:455:76 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:456:64:456:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:457:49:457:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:458:79:458:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:459:64:459:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:460:49:460:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:461:94:461:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:462:79:462:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:463:64:463:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:464:49:464:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:465:109:465:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:466:94:466:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:467:79:467:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:468:64:468:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:469:49:469:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:470:124:470:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:471:109:471:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:472:94:472:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:473:79:473:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:474:64:474:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:475:49:475:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:476:139:476:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:477:124:477:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:478:109:478:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:479:94:479:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:480:79:480:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:481:64:481:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:482:49:482:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:483:154:483:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:484:139:484:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:485:124:485:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:486:109:486:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:487:94:487:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:488:79:488:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:489:64:489:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:490:49:490:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:491:169:491:176 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:492:154:492:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:493:139:493:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:494:124:494:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:495:109:495:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:496:94:496:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:497:79:497:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:498:64:498:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:499:49:499:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:500:184:500:191 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:501:169:501:176 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:502:154:502:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:503:139:503:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:504:124:504:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:505:109:505:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:506:94:506:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:507:79:507:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:508:64:508:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:509:49:509:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:510:49:510:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:511:69:511:76 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:512:49:512:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:513:54:513:61 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:514:54:514:61 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:515:43:515:50 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:516:43:516:50 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:517:35:517:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:518:35:518:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:519:25:519:32 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:520:25:520:32 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:521:34:521:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:522:34:522:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:523:54:523:61 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:524:49:524:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:525:34:525:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:526:64:526:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:527:49:527:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:528:34:528:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:529:79:529:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:530:64:530:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:531:49:531:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:532:34:532:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:533:94:533:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:534:79:534:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:535:64:535:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:536:49:536:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:537:34:537:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:538:109:538:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:539:94:539:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:540:79:540:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:541:64:541:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:542:49:542:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:543:34:543:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:544:124:544:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:545:109:545:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:546:94:546:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:547:79:547:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:548:64:548:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:549:49:549:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:550:34:550:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:551:139:551:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:552:124:552:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:553:109:553:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:554:94:554:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:555:79:555:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:556:64:556:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:557:49:557:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:558:34:558:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:559:154:559:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:560:139:560:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:561:124:561:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:562:109:562:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:563:94:563:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:564:79:564:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:565:64:565:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:566:49:566:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:567:34:567:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:568:169:568:176 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:569:154:569:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:570:139:570:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:571:124:571:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:572:109:572:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:573:94:573:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:574:79:574:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:575:64:575:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:576:49:576:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:577:34:577:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:578:34:578:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:579:54:579:61 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:580:34:580:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:581:39:581:46 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:582:39:582:46 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:583:53:583:60 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:584:53:584:60 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:585:68:585:75 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:586:68:586:75 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:587:63:587:70 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:588:71:588:78 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:589:71:589:78 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:590:53:590:60 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:591:62:591:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:592:62:592:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:593:82:593:89 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:594:77:594:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:595:62:595:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:596:92:596:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:597:77:597:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:598:62:598:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:599:107:599:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:600:92:600:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:601:77:601:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:602:62:602:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:603:122:603:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:604:107:604:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:605:92:605:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:606:77:606:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:607:62:607:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:608:137:608:144 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:609:122:609:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:610:107:610:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:611:92:611:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:612:77:612:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:613:62:613:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:614:152:614:159 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:615:137:615:144 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:616:122:616:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:617:107:617:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:618:92:618:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:619:77:619:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:620:62:620:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:621:167:621:174 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:622:152:622:159 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:623:137:623:144 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:624:122:624:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:625:107:625:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:626:92:626:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:627:77:627:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:628:62:628:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:629:182:629:189 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:630:167:630:174 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:631:152:631:159 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:632:137:632:144 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:633:122:633:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:634:107:634:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:635:92:635:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:636:77:636:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:637:62:637:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:638:197:638:204 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:639:182:639:189 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:640:167:640:174 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:641:152:641:159 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:642:137:642:144 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:643:122:643:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:644:107:644:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:645:92:645:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:646:77:646:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:647:62:647:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:648:62:648:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:649:82:649:89 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:650:62:650:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:651:67:651:74 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:652:67:652:74 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:653:56:653:63 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:654:56:654:63 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:655:48:655:55 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:656:48:656:55 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:657:38:657:45 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:658:38:658:45 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:659:47:659:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:660:47:660:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:661:67:661:74 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:662:62:662:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:663:47:663:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:664:77:664:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:665:62:665:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:666:47:666:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:667:92:667:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:668:77:668:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:669:62:669:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:670:47:670:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:671:107:671:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:672:92:672:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:673:77:673:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:674:62:674:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:675:47:675:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:676:122:676:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:677:107:677:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:678:92:678:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:679:77:679:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:680:62:680:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:681:47:681:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:682:137:682:144 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:683:122:683:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:684:107:684:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:685:92:685:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:686:77:686:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:687:62:687:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:688:47:688:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:689:152:689:159 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:690:137:690:144 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:691:122:691:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:692:107:692:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:693:92:693:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:694:77:694:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:695:62:695:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:696:47:696:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:697:167:697:174 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:698:152:698:159 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:699:137:699:144 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:700:122:700:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:701:107:701:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:702:92:702:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:703:77:703:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:704:62:704:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:705:47:705:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:706:182:706:189 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:707:167:707:174 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:708:152:708:159 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:709:137:709:144 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:710:122:710:129 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:711:107:711:114 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:712:92:712:99 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:713:77:713:84 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:714:62:714:69 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:715:47:715:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:716:47:716:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:717:67:717:74 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:718:47:718:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:719:52:719:59 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:720:52:720:59 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:721:41:721:48 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:722:41:722:48 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:723:56:723:63 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:724:56:724:63 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:725:51:725:58 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:726:59:726:66 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:727:59:727:66 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:728:41:728:48 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:729:50:729:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:730:50:730:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:731:70:731:77 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:732:65:732:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:733:50:733:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:734:80:734:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:735:65:735:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:736:50:736:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:737:95:737:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:738:80:738:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:739:65:739:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:740:50:740:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:741:110:741:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:742:95:742:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:743:80:743:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:744:65:744:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:745:50:745:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:746:125:746:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:747:110:747:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:748:95:748:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:749:80:749:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:750:65:750:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:751:50:751:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:752:140:752:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:753:125:753:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:754:110:754:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:755:95:755:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:756:80:756:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:757:65:757:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:758:50:758:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:759:155:759:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:760:140:760:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:761:125:761:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:762:110:762:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:763:95:763:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:764:80:764:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:765:65:765:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:766:50:766:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:767:170:767:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:768:155:768:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:769:140:769:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:770:125:770:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:771:110:771:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:772:95:772:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:773:80:773:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:774:65:774:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:775:50:775:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:776:185:776:192 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:777:170:777:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:778:155:778:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:779:140:779:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:780:125:780:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:781:110:781:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:782:95:782:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:783:80:783:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:784:65:784:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:785:50:785:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:786:50:786:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:787:70:787:77 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:788:50:788:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:789:55:789:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:790:55:790:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:791:44:791:51 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:792:44:792:51 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:793:36:793:43 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:794:36:794:43 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:795:26:795:33 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:796:26:796:33 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:797:35:797:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:798:35:798:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:799:55:799:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:800:50:800:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:801:35:801:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:802:65:802:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:803:50:803:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:804:35:804:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:805:80:805:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:806:65:806:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:807:50:807:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:808:35:808:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:809:95:809:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:810:80:810:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:811:65:811:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:812:50:812:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:813:35:813:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:814:110:814:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:815:95:815:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:816:80:816:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:817:65:817:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:818:50:818:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:819:35:819:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:820:125:820:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:821:110:821:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:822:95:822:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:823:80:823:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:824:65:824:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:825:50:825:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:826:35:826:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:827:140:827:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:828:125:828:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:829:110:829:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:830:95:830:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:831:80:831:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:832:65:832:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:833:50:833:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:834:35:834:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:835:155:835:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:836:140:836:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:837:125:837:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:838:110:838:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:839:95:839:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:840:80:840:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:841:65:841:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:842:50:842:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:843:35:843:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:844:170:844:177 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:845:155:845:162 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:846:140:846:147 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:847:125:847:132 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:848:110:848:117 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:849:95:849:102 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:850:80:850:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:851:65:851:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:852:50:852:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:853:35:853:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:854:35:854:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:855:55:855:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:856:35:856:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:857:40:857:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:858:40:858:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:859:40:859:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:860:40:860:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:861:55:861:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:862:55:862:62 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:863:50:863:57 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:864:58:864:65 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:865:58:865:65 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:866:40:866:47 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:867:49:867:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:868:49:868:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:869:69:869:76 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:870:64:870:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:871:49:871:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:872:79:872:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:873:64:873:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:874:49:874:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:875:94:875:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:876:79:876:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:877:64:877:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:878:49:878:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:879:109:879:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:880:94:880:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:881:79:881:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:882:64:882:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:883:49:883:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:884:124:884:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:885:109:885:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:886:94:886:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:887:79:887:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:888:64:888:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:889:49:889:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:890:139:890:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:891:124:891:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:892:109:892:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:893:94:893:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:894:79:894:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:895:64:895:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:896:49:896:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:897:154:897:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:898:139:898:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:899:124:899:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:900:109:900:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:901:94:901:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:902:79:902:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:903:64:903:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:904:49:904:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:905:169:905:176 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:906:154:906:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:907:139:907:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:908:124:908:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:909:109:909:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:910:94:910:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:911:79:911:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:912:64:912:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:913:49:913:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:914:184:914:191 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:915:169:915:176 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:916:154:916:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:917:139:917:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:918:124:918:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:919:109:919:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:920:94:920:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:921:79:921:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:922:64:922:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:923:49:923:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:924:49:924:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:925:69:925:76 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:926:49:926:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:927:54:927:61 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:928:54:928:61 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:929:43:929:50 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:930:43:930:50 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:931:35:931:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:932:35:932:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:933:25:933:32 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:934:25:934:32 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:935:34:935:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:936:34:936:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:937:54:937:61 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:938:49:938:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:939:34:939:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:940:64:940:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:941:49:941:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:942:34:942:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:943:79:943:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:944:64:944:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:945:49:945:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:946:34:946:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:947:94:947:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:948:79:948:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:949:64:949:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:950:49:950:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:951:34:951:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:952:109:952:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:953:94:953:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:954:79:954:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:955:64:955:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:956:49:956:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:957:34:957:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:958:124:958:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:959:109:959:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:960:94:960:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:961:79:961:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:962:64:962:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:963:49:963:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:964:34:964:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:965:139:965:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:966:124:966:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:967:109:967:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:968:94:968:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:969:79:969:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:970:64:970:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:971:49:971:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:972:34:972:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:973:154:973:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:974:139:974:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:975:124:975:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:976:109:976:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:977:94:977:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:978:79:978:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:979:64:979:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:980:49:980:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:981:34:981:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:982:169:982:176 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:983:154:983:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:984:139:984:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:985:124:985:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:986:109:986:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:987:94:987:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:988:79:988:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:989:64:989:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:990:49:990:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:991:34:991:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:992:34:992:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:993:54:993:61 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:994:34:994:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:995:39:995:46 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:996:39:996:46 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:998:65:998:72 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:999:48:999:55 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1000:59:1000:66 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1001:42:1001:49 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1002:53:1002:60 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1020:40:1020:47 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1021:35:1021:42 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1022:25:1022:32 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1023:34:1023:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1024:34:1024:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1025:54:1025:61 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1026:40:1026:47 | source(...) | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1028:49:1028:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1029:34:1029:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1030:64:1030:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1031:49:1031:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1032:34:1032:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1033:79:1033:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1034:64:1034:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1035:49:1035:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1036:34:1036:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1037:94:1037:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1038:79:1038:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1039:64:1039:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1040:49:1040:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1041:34:1041:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1042:109:1042:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1043:94:1043:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1044:79:1044:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1045:64:1045:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1046:49:1046:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1047:34:1047:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1048:124:1048:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1049:109:1049:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1050:94:1050:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1051:79:1051:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1052:64:1052:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1053:49:1053:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1054:34:1054:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1055:139:1055:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1056:124:1056:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1057:109:1057:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1058:94:1058:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1059:79:1059:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1060:64:1060:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1061:49:1061:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1062:34:1062:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1063:154:1063:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1064:139:1064:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1065:124:1065:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1066:109:1066:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1067:94:1067:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1068:79:1068:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1069:64:1069:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1070:49:1070:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1071:34:1071:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1072:169:1072:176 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1073:154:1073:161 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1074:139:1074:146 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1075:124:1075:131 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1076:109:1076:116 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1077:94:1077:101 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1078:79:1078:86 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1079:64:1079:71 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1080:49:1080:56 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1081:34:1081:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1083:34:1083:41 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1084:54:1084:61 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1085:39:1085:46 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1088:47:1088:54 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1089:53:1089:60 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1091:37:1091:44 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1095:80:1095:87 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1100:44:1100:51 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1105:43:1105:50 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1111:42:1111:49 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1116:61:1116:68 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1117:81:1117:88 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1119:42:1119:49 | source(...) : String | provenance | | -| Log4jJndiInjectionTest.java:31:41:31:48 | source(...) : String | Log4jJndiInjectionTest.java:31:26:31:48 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:32:41:32:48 | source(...) : String | Log4jJndiInjectionTest.java:32:26:32:48 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:33:56:33:63 | source(...) : String | Log4jJndiInjectionTest.java:33:41:33:63 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:34:56:34:63 | source(...) : String | Log4jJndiInjectionTest.java:34:41:34:63 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:35:51:35:58 | source(...) : String | Log4jJndiInjectionTest.java:35:41:35:58 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:36:59:36:66 | source(...) : String | Log4jJndiInjectionTest.java:36:41:36:66 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:37:59:37:66 | source(...) : String | Log4jJndiInjectionTest.java:37:41:37:66 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:39:50:39:57 | source(...) : String | Log4jJndiInjectionTest.java:39:41:39:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:40:50:40:57 | source(...) : String | Log4jJndiInjectionTest.java:40:41:40:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:41:56:41:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:41:56:41:78 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:31:41:31:48 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:32:41:32:48 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:33:56:33:63 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:34:56:34:63 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:35:51:35:58 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:36:59:36:66 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:37:59:37:66 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:38:41:38:48 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2023 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:38:41:38:48 | source(...) | provenance | Src:MaD:44662 Sink:MaD:47997 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:39:50:39:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:40:50:40:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:41:70:41:77 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:42:65:42:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:43:50:43:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:44:80:44:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:45:65:45:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:46:50:46:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:47:95:47:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:48:80:48:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:49:65:49:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:50:50:50:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:51:110:51:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:52:95:52:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:53:80:53:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:54:65:54:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:55:50:55:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:56:125:56:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:57:110:57:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:58:95:58:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:59:80:59:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:60:65:60:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:61:50:61:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:62:140:62:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:63:125:63:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:64:110:64:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:65:95:65:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:66:80:66:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:67:65:67:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:68:50:68:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:69:155:69:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:70:140:70:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:71:125:71:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:72:110:72:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:73:95:73:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:74:80:74:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:75:65:75:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:76:50:76:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:77:170:77:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:78:155:78:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:79:140:79:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:80:125:80:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:81:110:81:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:82:95:82:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:83:80:83:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:84:65:84:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:85:50:85:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:86:185:86:192 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:87:170:87:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:88:155:88:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:89:140:89:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:90:125:90:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:91:110:91:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:92:95:92:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:93:80:93:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:94:65:94:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:95:50:95:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:96:50:96:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:97:70:97:77 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:98:50:98:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:99:55:99:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:100:55:100:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:101:44:101:51 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:102:44:102:51 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:103:36:103:43 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:104:36:104:43 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:105:26:105:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2045 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:105:26:105:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48019 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:106:26:106:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2046 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:106:26:106:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48020 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:107:35:107:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:108:35:108:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:109:55:109:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:110:50:110:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:111:35:111:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:112:65:112:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:113:50:113:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:114:35:114:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:115:80:115:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:116:65:116:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:117:50:117:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:118:35:118:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:119:95:119:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:120:80:120:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:121:65:121:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:122:50:122:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:123:35:123:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:124:110:124:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:125:95:125:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:126:80:126:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:127:65:127:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:128:50:128:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:129:35:129:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:130:125:130:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:131:110:131:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:132:95:132:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:133:80:133:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:134:65:134:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:135:50:135:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:136:35:136:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:137:140:137:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:138:125:138:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:139:110:139:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:140:95:140:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:141:80:141:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:142:65:142:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:143:50:143:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:144:35:144:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:145:155:145:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:146:140:146:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:147:125:147:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:148:110:148:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:149:95:149:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:150:80:150:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:151:65:151:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:152:50:152:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:153:35:153:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:154:170:154:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:155:155:155:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:156:140:156:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:157:125:157:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:158:110:158:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:159:95:159:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:160:80:160:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:161:65:161:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:162:50:162:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:163:35:163:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:164:35:164:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:165:55:165:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:166:35:166:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:167:40:167:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:168:40:168:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:169:41:169:48 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:170:41:170:48 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:171:56:171:63 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:172:56:172:63 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:173:51:173:58 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:174:59:174:66 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:175:59:175:66 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:176:41:176:48 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2071 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:176:41:176:48 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48045 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:177:50:177:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:178:50:178:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:179:70:179:77 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:180:65:180:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:181:50:181:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:182:80:182:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:183:65:183:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:184:50:184:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:185:95:185:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:186:80:186:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:187:65:187:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:188:50:188:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:189:110:189:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:190:95:190:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:191:80:191:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:192:65:192:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:193:50:193:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:194:125:194:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:195:110:195:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:196:95:196:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:197:80:197:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:198:65:198:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:199:50:199:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:200:140:200:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:201:125:201:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:202:110:202:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:203:95:203:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:204:80:204:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:205:65:205:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:206:50:206:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:207:155:207:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:208:140:208:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:209:125:209:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:210:110:210:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:211:95:211:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:212:80:212:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:213:65:213:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:214:50:214:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:215:170:215:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:216:155:216:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:217:140:217:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:218:125:218:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:219:110:219:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:220:95:220:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:221:80:221:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:222:65:222:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:223:50:223:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:224:185:224:192 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:225:170:225:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:226:155:226:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:227:140:227:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:228:125:228:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:229:110:229:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:230:95:230:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:231:80:231:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:232:65:232:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:233:50:233:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:234:50:234:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:235:70:235:77 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:236:50:236:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:237:55:237:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:238:55:238:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:239:44:239:51 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:240:44:240:51 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:241:36:241:43 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:242:36:242:43 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:243:26:243:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2093 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:243:26:243:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48067 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:244:26:244:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2094 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:244:26:244:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48068 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:245:35:245:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:246:35:246:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:247:55:247:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:248:50:248:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:249:35:249:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:250:65:250:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:251:50:251:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:252:35:252:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:253:80:253:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:254:65:254:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:255:50:255:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:256:35:256:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:257:95:257:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:258:80:258:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:259:65:259:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:260:50:260:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:261:35:261:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:262:110:262:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:263:95:263:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:264:80:264:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:265:65:265:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:266:50:266:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:267:35:267:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:268:125:268:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:269:110:269:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:270:95:270:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:271:80:271:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:272:65:272:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:273:50:273:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:274:35:274:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:275:140:275:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:276:125:276:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:277:110:277:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:278:95:278:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:279:80:279:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:280:65:280:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:281:50:281:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:282:35:282:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:283:155:283:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:284:140:284:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:285:125:285:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:286:110:286:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:287:95:287:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:288:80:288:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:289:65:289:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:290:50:290:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:291:35:291:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:292:170:292:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:293:155:293:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:294:140:294:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:295:125:295:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:296:110:296:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:297:95:297:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:298:80:298:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:299:65:299:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:300:50:300:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:301:35:301:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:302:35:302:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:303:55:303:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:304:35:304:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:305:40:305:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:306:40:306:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:307:41:307:48 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:308:41:308:48 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:309:56:309:63 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:310:56:310:63 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:311:51:311:58 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:312:59:312:66 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:313:59:313:66 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:314:41:314:48 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2118 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:314:41:314:48 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48092 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:315:50:315:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:316:50:316:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:317:70:317:77 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:318:65:318:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:319:50:319:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:320:80:320:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:321:65:321:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:322:50:322:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:323:95:323:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:324:80:324:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:325:65:325:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:326:50:326:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:327:110:327:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:328:95:328:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:329:80:329:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:330:65:330:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:331:50:331:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:332:125:332:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:333:110:333:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:334:95:334:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:335:80:335:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:336:65:336:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:337:50:337:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:338:140:338:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:339:125:339:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:340:110:340:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:341:95:341:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:342:80:342:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:343:65:343:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:344:50:344:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:345:155:345:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:346:140:346:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:347:125:347:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:348:110:348:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:349:95:349:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:350:80:350:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:351:65:351:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:352:50:352:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:353:170:353:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:354:155:354:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:355:140:355:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:356:125:356:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:357:110:357:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:358:95:358:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:359:80:359:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:360:65:360:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:361:50:361:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:362:185:362:192 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:363:170:363:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:364:155:364:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:365:140:365:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:366:125:366:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:367:110:367:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:368:95:368:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:369:80:369:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:370:65:370:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:371:50:371:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:372:50:372:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:373:70:373:77 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:374:50:374:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:375:55:375:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:376:55:376:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:377:44:377:51 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:378:44:378:51 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:379:36:379:43 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:380:36:380:43 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:381:26:381:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2140 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:381:26:381:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48114 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:382:26:382:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2141 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:382:26:382:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48115 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:383:35:383:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:384:35:384:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:385:55:385:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:386:50:386:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:387:35:387:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:388:65:388:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:389:50:389:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:390:35:390:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:391:80:391:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:392:65:392:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:393:50:393:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:394:35:394:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:395:95:395:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:396:80:396:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:397:65:397:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:398:50:398:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:399:35:399:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:400:110:400:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:401:95:401:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:402:80:402:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:403:65:403:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:404:50:404:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:405:35:405:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:406:125:406:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:407:110:407:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:408:95:408:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:409:80:409:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:410:65:410:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:411:50:411:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:412:35:412:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:413:140:413:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:414:125:414:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:415:110:415:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:416:95:416:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:417:80:417:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:418:65:418:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:419:50:419:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:420:35:420:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:421:155:421:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:422:140:422:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:423:125:423:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:424:110:424:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:425:95:425:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:426:80:426:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:427:65:427:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:428:50:428:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:429:35:429:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:430:170:430:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:431:155:431:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:432:140:432:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:433:125:433:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:434:110:434:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:435:95:435:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:436:80:436:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:437:65:437:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:438:50:438:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:439:35:439:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:440:35:440:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:441:55:441:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:442:35:442:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:443:40:443:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:444:40:444:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:445:40:445:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:446:40:446:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:447:55:447:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:448:55:448:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:449:50:449:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:450:58:450:65 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:451:58:451:65 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:452:40:452:47 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2165 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:452:40:452:47 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48139 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:453:49:453:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:454:49:454:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:455:69:455:76 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:456:64:456:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:457:49:457:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:458:79:458:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:459:64:459:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:460:49:460:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:461:94:461:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:462:79:462:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:463:64:463:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:464:49:464:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:465:109:465:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:466:94:466:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:467:79:467:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:468:64:468:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:469:49:469:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:470:124:470:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:471:109:471:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:472:94:472:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:473:79:473:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:474:64:474:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:475:49:475:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:476:139:476:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:477:124:477:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:478:109:478:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:479:94:479:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:480:79:480:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:481:64:481:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:482:49:482:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:483:154:483:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:484:139:484:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:485:124:485:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:486:109:486:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:487:94:487:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:488:79:488:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:489:64:489:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:490:49:490:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:491:169:491:176 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:492:154:492:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:493:139:493:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:494:124:494:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:495:109:495:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:496:94:496:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:497:79:497:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:498:64:498:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:499:49:499:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:500:184:500:191 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:501:169:501:176 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:502:154:502:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:503:139:503:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:504:124:504:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:505:109:505:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:506:94:506:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:507:79:507:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:508:64:508:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:509:49:509:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:510:49:510:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:511:69:511:76 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:512:49:512:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:513:54:513:61 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:514:54:514:61 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:515:43:515:50 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:516:43:516:50 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:517:35:517:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:518:35:518:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:519:25:519:32 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2187 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:519:25:519:32 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48161 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:520:25:520:32 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2188 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:520:25:520:32 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48162 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:521:34:521:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:522:34:522:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:523:54:523:61 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:524:49:524:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:525:34:525:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:526:64:526:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:527:49:527:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:528:34:528:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:529:79:529:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:530:64:530:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:531:49:531:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:532:34:532:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:533:94:533:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:534:79:534:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:535:64:535:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:536:49:536:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:537:34:537:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:538:109:538:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:539:94:539:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:540:79:540:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:541:64:541:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:542:49:542:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:543:34:543:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:544:124:544:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:545:109:545:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:546:94:546:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:547:79:547:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:548:64:548:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:549:49:549:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:550:34:550:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:551:139:551:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:552:124:552:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:553:109:553:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:554:94:554:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:555:79:555:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:556:64:556:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:557:49:557:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:558:34:558:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:559:154:559:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:560:139:560:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:561:124:561:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:562:109:562:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:563:94:563:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:564:79:564:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:565:64:565:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:566:49:566:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:567:34:567:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:568:169:568:176 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:569:154:569:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:570:139:570:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:571:124:571:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:572:109:572:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:573:94:573:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:574:79:574:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:575:64:575:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:576:49:576:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:577:34:577:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:578:34:578:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:579:54:579:61 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:580:34:580:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:581:39:581:46 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:582:39:582:46 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:583:53:583:60 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:584:53:584:60 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:585:68:585:75 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:586:68:586:75 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:587:63:587:70 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:588:71:588:78 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:589:71:589:78 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:590:53:590:60 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2212 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:590:53:590:60 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48186 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:591:62:591:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:592:62:592:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:593:82:593:89 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:594:77:594:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:595:62:595:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:596:92:596:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:597:77:597:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:598:62:598:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:599:107:599:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:600:92:600:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:601:77:601:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:602:62:602:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:603:122:603:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:604:107:604:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:605:92:605:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:606:77:606:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:607:62:607:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:608:137:608:144 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:609:122:609:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:610:107:610:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:611:92:611:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:612:77:612:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:613:62:613:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:614:152:614:159 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:615:137:615:144 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:616:122:616:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:617:107:617:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:618:92:618:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:619:77:619:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:620:62:620:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:621:167:621:174 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:622:152:622:159 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:623:137:623:144 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:624:122:624:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:625:107:625:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:626:92:626:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:627:77:627:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:628:62:628:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:629:182:629:189 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:630:167:630:174 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:631:152:631:159 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:632:137:632:144 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:633:122:633:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:634:107:634:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:635:92:635:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:636:77:636:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:637:62:637:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:638:197:638:204 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:639:182:639:189 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:640:167:640:174 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:641:152:641:159 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:642:137:642:144 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:643:122:643:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:644:107:644:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:645:92:645:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:646:77:646:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:647:62:647:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:648:62:648:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:649:82:649:89 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:650:62:650:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:651:67:651:74 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:652:67:652:74 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:653:56:653:63 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:654:56:654:63 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:655:48:655:55 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:656:48:656:55 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:657:38:657:45 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2234 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:657:38:657:45 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48208 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:658:38:658:45 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2235 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:658:38:658:45 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48209 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:659:47:659:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:660:47:660:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:661:67:661:74 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:662:62:662:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:663:47:663:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:664:77:664:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:665:62:665:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:666:47:666:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:667:92:667:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:668:77:668:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:669:62:669:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:670:47:670:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:671:107:671:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:672:92:672:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:673:77:673:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:674:62:674:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:675:47:675:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:676:122:676:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:677:107:677:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:678:92:678:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:679:77:679:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:680:62:680:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:681:47:681:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:682:137:682:144 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:683:122:683:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:684:107:684:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:685:92:685:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:686:77:686:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:687:62:687:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:688:47:688:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:689:152:689:159 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:690:137:690:144 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:691:122:691:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:692:107:692:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:693:92:693:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:694:77:694:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:695:62:695:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:696:47:696:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:697:167:697:174 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:698:152:698:159 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:699:137:699:144 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:700:122:700:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:701:107:701:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:702:92:702:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:703:77:703:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:704:62:704:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:705:47:705:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:706:182:706:189 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:707:167:707:174 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:708:152:708:159 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:709:137:709:144 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:710:122:710:129 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:711:107:711:114 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:712:92:712:99 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:713:77:713:84 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:714:62:714:69 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:715:47:715:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:716:47:716:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:717:67:717:74 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:718:47:718:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:719:52:719:59 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:720:52:720:59 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:721:41:721:48 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:722:41:722:48 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:723:56:723:63 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:724:56:724:63 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:725:51:725:58 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:726:59:726:66 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:727:59:727:66 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:728:41:728:48 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2262 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:728:41:728:48 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48236 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:729:50:729:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:730:50:730:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:731:70:731:77 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:732:65:732:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:733:50:733:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:734:80:734:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:735:65:735:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:736:50:736:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:737:95:737:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:738:80:738:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:739:65:739:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:740:50:740:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:741:110:741:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:742:95:742:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:743:80:743:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:744:65:744:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:745:50:745:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:746:125:746:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:747:110:747:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:748:95:748:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:749:80:749:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:750:65:750:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:751:50:751:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:752:140:752:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:753:125:753:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:754:110:754:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:755:95:755:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:756:80:756:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:757:65:757:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:758:50:758:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:759:155:759:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:760:140:760:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:761:125:761:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:762:110:762:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:763:95:763:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:764:80:764:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:765:65:765:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:766:50:766:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:767:170:767:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:768:155:768:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:769:140:769:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:770:125:770:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:771:110:771:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:772:95:772:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:773:80:773:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:774:65:774:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:775:50:775:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:776:185:776:192 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:777:170:777:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:778:155:778:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:779:140:779:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:780:125:780:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:781:110:781:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:782:95:782:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:783:80:783:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:784:65:784:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:785:50:785:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:786:50:786:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:787:70:787:77 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:788:50:788:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:789:55:789:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:790:55:790:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:791:44:791:51 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:792:44:792:51 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:793:36:793:43 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:794:36:794:43 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:795:26:795:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2284 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:795:26:795:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48258 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:796:26:796:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2285 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:796:26:796:33 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48259 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:797:35:797:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:798:35:798:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:799:55:799:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:800:50:800:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:801:35:801:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:802:65:802:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:803:50:803:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:804:35:804:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:805:80:805:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:806:65:806:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:807:50:807:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:808:35:808:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:809:95:809:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:810:80:810:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:811:65:811:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:812:50:812:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:813:35:813:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:814:110:814:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:815:95:815:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:816:80:816:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:817:65:817:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:818:50:818:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:819:35:819:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:820:125:820:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:821:110:821:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:822:95:822:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:823:80:823:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:824:65:824:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:825:50:825:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:826:35:826:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:827:140:827:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:828:125:828:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:829:110:829:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:830:95:830:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:831:80:831:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:832:65:832:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:833:50:833:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:834:35:834:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:835:155:835:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:836:140:836:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:837:125:837:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:838:110:838:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:839:95:839:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:840:80:840:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:841:65:841:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:842:50:842:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:843:35:843:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:844:170:844:177 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:845:155:845:162 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:846:140:846:147 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:847:125:847:132 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:848:110:848:117 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:849:95:849:102 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:850:80:850:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:851:65:851:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:852:50:852:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:853:35:853:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:854:35:854:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:855:55:855:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:856:35:856:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:857:40:857:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:858:40:858:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:859:40:859:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:860:40:860:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:861:55:861:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:862:55:862:62 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:863:50:863:57 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:864:58:864:65 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:865:58:865:65 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:866:40:866:47 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2309 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:866:40:866:47 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48292 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:867:49:867:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:868:49:868:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:869:69:869:76 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:870:64:870:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:871:49:871:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:872:79:872:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:873:64:873:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:874:49:874:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:875:94:875:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:876:79:876:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:877:64:877:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:878:49:878:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:879:109:879:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:880:94:880:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:881:79:881:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:882:64:882:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:883:49:883:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:884:124:884:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:885:109:885:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:886:94:886:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:887:79:887:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:888:64:888:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:889:49:889:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:890:139:890:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:891:124:891:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:892:109:892:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:893:94:893:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:894:79:894:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:895:64:895:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:896:49:896:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:897:154:897:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:898:139:898:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:899:124:899:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:900:109:900:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:901:94:901:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:902:79:902:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:903:64:903:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:904:49:904:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:905:169:905:176 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:906:154:906:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:907:139:907:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:908:124:908:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:909:109:909:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:910:94:910:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:911:79:911:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:912:64:912:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:913:49:913:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:914:184:914:191 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:915:169:915:176 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:916:154:916:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:917:139:917:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:918:124:918:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:919:109:919:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:920:94:920:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:921:79:921:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:922:64:922:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:923:49:923:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:924:49:924:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:925:69:925:76 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:926:49:926:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:927:54:927:61 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:928:54:928:61 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:929:43:929:50 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:930:43:930:50 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:931:35:931:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:932:35:932:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:933:25:933:32 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2331 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:933:25:933:32 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48314 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:934:25:934:32 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2332 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:934:25:934:32 | source(...) | provenance | Src:MaD:44662 Sink:MaD:48315 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:935:34:935:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:936:34:936:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:937:54:937:61 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:938:49:938:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:939:34:939:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:940:64:940:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:941:49:941:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:942:34:942:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:943:79:943:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:944:64:944:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:945:49:945:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:946:34:946:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:947:94:947:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:948:79:948:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:949:64:949:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:950:49:950:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:951:34:951:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:952:109:952:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:953:94:953:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:954:79:954:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:955:64:955:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:956:49:956:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:957:34:957:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:958:124:958:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:959:109:959:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:960:94:960:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:961:79:961:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:962:64:962:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:963:49:963:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:964:34:964:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:965:139:965:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:966:124:966:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:967:109:967:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:968:94:968:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:969:79:969:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:970:64:970:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:971:49:971:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:972:34:972:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:973:154:973:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:974:139:974:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:975:124:975:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:976:109:976:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:977:94:977:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:978:79:978:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:979:64:979:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:980:49:980:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:981:34:981:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:982:169:982:176 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:983:154:983:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:984:139:984:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:985:124:985:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:986:109:986:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:987:94:987:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:988:79:988:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:989:64:989:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:990:49:990:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:991:34:991:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:992:34:992:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:993:54:993:61 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:994:34:994:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:995:39:995:46 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:996:39:996:46 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:998:65:998:72 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:999:48:999:55 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1000:59:1000:66 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1001:42:1001:49 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1002:53:1002:60 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1020:40:1020:47 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1021:35:1021:42 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1022:25:1022:32 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2001 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1022:25:1022:32 | source(...) | provenance | Src:MaD:44662 Sink:MaD:47975 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1023:34:1023:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1024:34:1024:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1025:54:1025:61 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1026:40:1026:47 | source(...) | provenance | Src:MaD:44662 Sink:MaD:2003 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1026:40:1026:47 | source(...) | provenance | Src:MaD:44662 Sink:MaD:47977 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1028:49:1028:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1029:34:1029:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1030:64:1030:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1031:49:1031:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1032:34:1032:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1033:79:1033:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1034:64:1034:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1035:49:1035:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1036:34:1036:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1037:94:1037:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1038:79:1038:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1039:64:1039:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1040:49:1040:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1041:34:1041:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1042:109:1042:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1043:94:1043:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1044:79:1044:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1045:64:1045:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1046:49:1046:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1047:34:1047:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1048:124:1048:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1049:109:1049:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1050:94:1050:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1051:79:1051:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1052:64:1052:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1053:49:1053:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1054:34:1054:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1055:139:1055:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1056:124:1056:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1057:109:1057:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1058:94:1058:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1059:79:1059:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1060:64:1060:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1061:49:1061:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1062:34:1062:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1063:154:1063:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1064:139:1064:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1065:124:1065:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1066:109:1066:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1067:94:1067:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1068:79:1068:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1069:64:1069:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1070:49:1070:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1071:34:1071:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1072:169:1072:176 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1073:154:1073:161 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1074:139:1074:146 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1075:124:1075:131 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1076:109:1076:116 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1077:94:1077:101 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1078:79:1078:86 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1079:64:1079:71 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1080:49:1080:56 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1081:34:1081:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1083:34:1083:41 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1084:54:1084:61 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1085:39:1085:46 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1088:47:1088:54 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1089:53:1089:60 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1091:37:1091:44 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1095:80:1095:87 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1100:44:1100:51 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1105:43:1105:50 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1111:42:1111:49 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1116:61:1116:68 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1117:81:1117:88 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | Log4jJndiInjectionTest.java:1119:42:1119:49 | source(...) : String | provenance | Src:MaD:44662 | +| Log4jJndiInjectionTest.java:31:41:31:48 | source(...) : String | Log4jJndiInjectionTest.java:31:26:31:48 | (...)... | provenance | Sink:MaD:2016 | +| Log4jJndiInjectionTest.java:31:41:31:48 | source(...) : String | Log4jJndiInjectionTest.java:31:26:31:48 | (...)... | provenance | Sink:MaD:47990 | +| Log4jJndiInjectionTest.java:32:41:32:48 | source(...) : String | Log4jJndiInjectionTest.java:32:26:32:48 | (...)... | provenance | Sink:MaD:2017 | +| Log4jJndiInjectionTest.java:32:41:32:48 | source(...) : String | Log4jJndiInjectionTest.java:32:26:32:48 | (...)... | provenance | Sink:MaD:47991 | +| Log4jJndiInjectionTest.java:33:56:33:63 | source(...) : String | Log4jJndiInjectionTest.java:33:41:33:63 | (...)... | provenance | Sink:MaD:2018 | +| Log4jJndiInjectionTest.java:33:56:33:63 | source(...) : String | Log4jJndiInjectionTest.java:33:41:33:63 | (...)... | provenance | Sink:MaD:47992 | +| Log4jJndiInjectionTest.java:34:56:34:63 | source(...) : String | Log4jJndiInjectionTest.java:34:41:34:63 | (...)... | provenance | Sink:MaD:2019 | +| Log4jJndiInjectionTest.java:34:56:34:63 | source(...) : String | Log4jJndiInjectionTest.java:34:41:34:63 | (...)... | provenance | Sink:MaD:47993 | +| Log4jJndiInjectionTest.java:35:51:35:58 | source(...) : String | Log4jJndiInjectionTest.java:35:41:35:58 | (...)... | provenance | Sink:MaD:2020 | +| Log4jJndiInjectionTest.java:35:51:35:58 | source(...) : String | Log4jJndiInjectionTest.java:35:41:35:58 | (...)... | provenance | Sink:MaD:47994 | +| Log4jJndiInjectionTest.java:36:59:36:66 | source(...) : String | Log4jJndiInjectionTest.java:36:41:36:66 | (...)... | provenance | Sink:MaD:2021 | +| Log4jJndiInjectionTest.java:36:59:36:66 | source(...) : String | Log4jJndiInjectionTest.java:36:41:36:66 | (...)... | provenance | Sink:MaD:47995 | +| Log4jJndiInjectionTest.java:37:59:37:66 | source(...) : String | Log4jJndiInjectionTest.java:37:41:37:66 | (...)... | provenance | Sink:MaD:2022 | +| Log4jJndiInjectionTest.java:37:59:37:66 | source(...) : String | Log4jJndiInjectionTest.java:37:41:37:66 | (...)... | provenance | Sink:MaD:47996 | +| Log4jJndiInjectionTest.java:39:50:39:57 | source(...) : String | Log4jJndiInjectionTest.java:39:41:39:57 | (...)... | provenance | Sink:MaD:2025 | +| Log4jJndiInjectionTest.java:39:50:39:57 | source(...) : String | Log4jJndiInjectionTest.java:39:41:39:57 | (...)... | provenance | Sink:MaD:47999 | +| Log4jJndiInjectionTest.java:40:50:40:57 | source(...) : String | Log4jJndiInjectionTest.java:40:41:40:57 | (...)... | provenance | Sink:MaD:2036 | +| Log4jJndiInjectionTest.java:40:50:40:57 | source(...) : String | Log4jJndiInjectionTest.java:40:41:40:57 | (...)... | provenance | Sink:MaD:48010 | +| Log4jJndiInjectionTest.java:41:56:41:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:41:56:41:78 | new Object[] | provenance | Sink:MaD:2036 | +| Log4jJndiInjectionTest.java:41:56:41:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:41:56:41:78 | new Object[] | provenance | Sink:MaD:48010 | | Log4jJndiInjectionTest.java:41:70:41:77 | source(...) : String | Log4jJndiInjectionTest.java:41:56:41:78 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:42:65:42:72 | source(...) : String | Log4jJndiInjectionTest.java:42:56:42:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:43:50:43:57 | source(...) : String | Log4jJndiInjectionTest.java:43:41:43:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:44:80:44:87 | source(...) : String | Log4jJndiInjectionTest.java:44:71:44:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:45:65:45:72 | source(...) : String | Log4jJndiInjectionTest.java:45:56:45:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:46:50:46:57 | source(...) : String | Log4jJndiInjectionTest.java:46:41:46:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:47:95:47:102 | source(...) : String | Log4jJndiInjectionTest.java:47:86:47:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:48:80:48:87 | source(...) : String | Log4jJndiInjectionTest.java:48:71:48:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:49:65:49:72 | source(...) : String | Log4jJndiInjectionTest.java:49:56:49:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:50:50:50:57 | source(...) : String | Log4jJndiInjectionTest.java:50:41:50:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:51:110:51:117 | source(...) : String | Log4jJndiInjectionTest.java:51:101:51:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:52:95:52:102 | source(...) : String | Log4jJndiInjectionTest.java:52:86:52:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:53:80:53:87 | source(...) : String | Log4jJndiInjectionTest.java:53:71:53:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:54:65:54:72 | source(...) : String | Log4jJndiInjectionTest.java:54:56:54:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:55:50:55:57 | source(...) : String | Log4jJndiInjectionTest.java:55:41:55:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:56:125:56:132 | source(...) : String | Log4jJndiInjectionTest.java:56:116:56:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:57:110:57:117 | source(...) : String | Log4jJndiInjectionTest.java:57:101:57:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:58:95:58:102 | source(...) : String | Log4jJndiInjectionTest.java:58:86:58:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:59:80:59:87 | source(...) : String | Log4jJndiInjectionTest.java:59:71:59:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:60:65:60:72 | source(...) : String | Log4jJndiInjectionTest.java:60:56:60:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:61:50:61:57 | source(...) : String | Log4jJndiInjectionTest.java:61:41:61:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:62:140:62:147 | source(...) : String | Log4jJndiInjectionTest.java:62:131:62:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:63:125:63:132 | source(...) : String | Log4jJndiInjectionTest.java:63:116:63:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:64:110:64:117 | source(...) : String | Log4jJndiInjectionTest.java:64:101:64:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:65:95:65:102 | source(...) : String | Log4jJndiInjectionTest.java:65:86:65:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:66:80:66:87 | source(...) : String | Log4jJndiInjectionTest.java:66:71:66:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:67:65:67:72 | source(...) : String | Log4jJndiInjectionTest.java:67:56:67:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:68:50:68:57 | source(...) : String | Log4jJndiInjectionTest.java:68:41:68:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:69:155:69:162 | source(...) : String | Log4jJndiInjectionTest.java:69:146:69:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:70:140:70:147 | source(...) : String | Log4jJndiInjectionTest.java:70:131:70:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:71:125:71:132 | source(...) : String | Log4jJndiInjectionTest.java:71:116:71:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:72:110:72:117 | source(...) : String | Log4jJndiInjectionTest.java:72:101:72:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:73:95:73:102 | source(...) : String | Log4jJndiInjectionTest.java:73:86:73:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:74:80:74:87 | source(...) : String | Log4jJndiInjectionTest.java:74:71:74:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:75:65:75:72 | source(...) : String | Log4jJndiInjectionTest.java:75:56:75:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:76:50:76:57 | source(...) : String | Log4jJndiInjectionTest.java:76:41:76:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:77:170:77:177 | source(...) : String | Log4jJndiInjectionTest.java:77:161:77:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:78:155:78:162 | source(...) : String | Log4jJndiInjectionTest.java:78:146:78:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:79:140:79:147 | source(...) : String | Log4jJndiInjectionTest.java:79:131:79:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:80:125:80:132 | source(...) : String | Log4jJndiInjectionTest.java:80:116:80:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:81:110:81:117 | source(...) : String | Log4jJndiInjectionTest.java:81:101:81:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:82:95:82:102 | source(...) : String | Log4jJndiInjectionTest.java:82:86:82:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:83:80:83:87 | source(...) : String | Log4jJndiInjectionTest.java:83:71:83:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:84:65:84:72 | source(...) : String | Log4jJndiInjectionTest.java:84:56:84:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:85:50:85:57 | source(...) : String | Log4jJndiInjectionTest.java:85:41:85:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:86:185:86:192 | source(...) : String | Log4jJndiInjectionTest.java:86:176:86:192 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:87:170:87:177 | source(...) : String | Log4jJndiInjectionTest.java:87:161:87:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:88:155:88:162 | source(...) : String | Log4jJndiInjectionTest.java:88:146:88:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:89:140:89:147 | source(...) : String | Log4jJndiInjectionTest.java:89:131:89:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:90:125:90:132 | source(...) : String | Log4jJndiInjectionTest.java:90:116:90:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:91:110:91:117 | source(...) : String | Log4jJndiInjectionTest.java:91:101:91:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:92:95:92:102 | source(...) : String | Log4jJndiInjectionTest.java:92:86:92:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:93:80:93:87 | source(...) : String | Log4jJndiInjectionTest.java:93:71:93:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:94:65:94:72 | source(...) : String | Log4jJndiInjectionTest.java:94:56:94:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:95:50:95:57 | source(...) : String | Log4jJndiInjectionTest.java:95:41:95:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:96:50:96:57 | source(...) : String | Log4jJndiInjectionTest.java:96:41:96:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:97:70:97:77 | source(...) : String | Log4jJndiInjectionTest.java:97:56:97:77 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:98:50:98:57 | source(...) : String | Log4jJndiInjectionTest.java:98:41:98:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:99:55:99:62 | source(...) : String | Log4jJndiInjectionTest.java:99:41:99:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:100:55:100:62 | source(...) : String | Log4jJndiInjectionTest.java:100:41:100:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:101:44:101:51 | source(...) : String | Log4jJndiInjectionTest.java:101:26:101:51 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:102:44:102:51 | source(...) : String | Log4jJndiInjectionTest.java:102:26:102:51 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:103:36:103:43 | source(...) : String | Log4jJndiInjectionTest.java:103:26:103:43 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:104:36:104:43 | source(...) : String | Log4jJndiInjectionTest.java:104:26:104:43 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:107:35:107:42 | source(...) : String | Log4jJndiInjectionTest.java:107:26:107:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:108:35:108:42 | source(...) : String | Log4jJndiInjectionTest.java:108:26:108:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:109:41:109:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:109:41:109:63 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:42:65:42:72 | source(...) : String | Log4jJndiInjectionTest.java:42:56:42:72 | (...)... | provenance | Sink:MaD:2026 | +| Log4jJndiInjectionTest.java:42:65:42:72 | source(...) : String | Log4jJndiInjectionTest.java:42:56:42:72 | (...)... | provenance | Sink:MaD:48000 | +| Log4jJndiInjectionTest.java:43:50:43:57 | source(...) : String | Log4jJndiInjectionTest.java:43:41:43:57 | (...)... | provenance | Sink:MaD:2026 | +| Log4jJndiInjectionTest.java:43:50:43:57 | source(...) : String | Log4jJndiInjectionTest.java:43:41:43:57 | (...)... | provenance | Sink:MaD:48000 | +| Log4jJndiInjectionTest.java:44:80:44:87 | source(...) : String | Log4jJndiInjectionTest.java:44:71:44:87 | (...)... | provenance | Sink:MaD:2027 | +| Log4jJndiInjectionTest.java:44:80:44:87 | source(...) : String | Log4jJndiInjectionTest.java:44:71:44:87 | (...)... | provenance | Sink:MaD:48001 | +| Log4jJndiInjectionTest.java:45:65:45:72 | source(...) : String | Log4jJndiInjectionTest.java:45:56:45:72 | (...)... | provenance | Sink:MaD:2027 | +| Log4jJndiInjectionTest.java:45:65:45:72 | source(...) : String | Log4jJndiInjectionTest.java:45:56:45:72 | (...)... | provenance | Sink:MaD:48001 | +| Log4jJndiInjectionTest.java:46:50:46:57 | source(...) : String | Log4jJndiInjectionTest.java:46:41:46:57 | (...)... | provenance | Sink:MaD:2027 | +| Log4jJndiInjectionTest.java:46:50:46:57 | source(...) : String | Log4jJndiInjectionTest.java:46:41:46:57 | (...)... | provenance | Sink:MaD:48001 | +| Log4jJndiInjectionTest.java:47:95:47:102 | source(...) : String | Log4jJndiInjectionTest.java:47:86:47:102 | (...)... | provenance | Sink:MaD:2028 | +| Log4jJndiInjectionTest.java:47:95:47:102 | source(...) : String | Log4jJndiInjectionTest.java:47:86:47:102 | (...)... | provenance | Sink:MaD:48002 | +| Log4jJndiInjectionTest.java:48:80:48:87 | source(...) : String | Log4jJndiInjectionTest.java:48:71:48:87 | (...)... | provenance | Sink:MaD:2028 | +| Log4jJndiInjectionTest.java:48:80:48:87 | source(...) : String | Log4jJndiInjectionTest.java:48:71:48:87 | (...)... | provenance | Sink:MaD:48002 | +| Log4jJndiInjectionTest.java:49:65:49:72 | source(...) : String | Log4jJndiInjectionTest.java:49:56:49:72 | (...)... | provenance | Sink:MaD:2028 | +| Log4jJndiInjectionTest.java:49:65:49:72 | source(...) : String | Log4jJndiInjectionTest.java:49:56:49:72 | (...)... | provenance | Sink:MaD:48002 | +| Log4jJndiInjectionTest.java:50:50:50:57 | source(...) : String | Log4jJndiInjectionTest.java:50:41:50:57 | (...)... | provenance | Sink:MaD:2028 | +| Log4jJndiInjectionTest.java:50:50:50:57 | source(...) : String | Log4jJndiInjectionTest.java:50:41:50:57 | (...)... | provenance | Sink:MaD:48002 | +| Log4jJndiInjectionTest.java:51:110:51:117 | source(...) : String | Log4jJndiInjectionTest.java:51:101:51:117 | (...)... | provenance | Sink:MaD:2029 | +| Log4jJndiInjectionTest.java:51:110:51:117 | source(...) : String | Log4jJndiInjectionTest.java:51:101:51:117 | (...)... | provenance | Sink:MaD:48003 | +| Log4jJndiInjectionTest.java:52:95:52:102 | source(...) : String | Log4jJndiInjectionTest.java:52:86:52:102 | (...)... | provenance | Sink:MaD:2029 | +| Log4jJndiInjectionTest.java:52:95:52:102 | source(...) : String | Log4jJndiInjectionTest.java:52:86:52:102 | (...)... | provenance | Sink:MaD:48003 | +| Log4jJndiInjectionTest.java:53:80:53:87 | source(...) : String | Log4jJndiInjectionTest.java:53:71:53:87 | (...)... | provenance | Sink:MaD:2029 | +| Log4jJndiInjectionTest.java:53:80:53:87 | source(...) : String | Log4jJndiInjectionTest.java:53:71:53:87 | (...)... | provenance | Sink:MaD:48003 | +| Log4jJndiInjectionTest.java:54:65:54:72 | source(...) : String | Log4jJndiInjectionTest.java:54:56:54:72 | (...)... | provenance | Sink:MaD:2029 | +| Log4jJndiInjectionTest.java:54:65:54:72 | source(...) : String | Log4jJndiInjectionTest.java:54:56:54:72 | (...)... | provenance | Sink:MaD:48003 | +| Log4jJndiInjectionTest.java:55:50:55:57 | source(...) : String | Log4jJndiInjectionTest.java:55:41:55:57 | (...)... | provenance | Sink:MaD:2029 | +| Log4jJndiInjectionTest.java:55:50:55:57 | source(...) : String | Log4jJndiInjectionTest.java:55:41:55:57 | (...)... | provenance | Sink:MaD:48003 | +| Log4jJndiInjectionTest.java:56:125:56:132 | source(...) : String | Log4jJndiInjectionTest.java:56:116:56:132 | (...)... | provenance | Sink:MaD:2030 | +| Log4jJndiInjectionTest.java:56:125:56:132 | source(...) : String | Log4jJndiInjectionTest.java:56:116:56:132 | (...)... | provenance | Sink:MaD:48004 | +| Log4jJndiInjectionTest.java:57:110:57:117 | source(...) : String | Log4jJndiInjectionTest.java:57:101:57:117 | (...)... | provenance | Sink:MaD:2030 | +| Log4jJndiInjectionTest.java:57:110:57:117 | source(...) : String | Log4jJndiInjectionTest.java:57:101:57:117 | (...)... | provenance | Sink:MaD:48004 | +| Log4jJndiInjectionTest.java:58:95:58:102 | source(...) : String | Log4jJndiInjectionTest.java:58:86:58:102 | (...)... | provenance | Sink:MaD:2030 | +| Log4jJndiInjectionTest.java:58:95:58:102 | source(...) : String | Log4jJndiInjectionTest.java:58:86:58:102 | (...)... | provenance | Sink:MaD:48004 | +| Log4jJndiInjectionTest.java:59:80:59:87 | source(...) : String | Log4jJndiInjectionTest.java:59:71:59:87 | (...)... | provenance | Sink:MaD:2030 | +| Log4jJndiInjectionTest.java:59:80:59:87 | source(...) : String | Log4jJndiInjectionTest.java:59:71:59:87 | (...)... | provenance | Sink:MaD:48004 | +| Log4jJndiInjectionTest.java:60:65:60:72 | source(...) : String | Log4jJndiInjectionTest.java:60:56:60:72 | (...)... | provenance | Sink:MaD:2030 | +| Log4jJndiInjectionTest.java:60:65:60:72 | source(...) : String | Log4jJndiInjectionTest.java:60:56:60:72 | (...)... | provenance | Sink:MaD:48004 | +| Log4jJndiInjectionTest.java:61:50:61:57 | source(...) : String | Log4jJndiInjectionTest.java:61:41:61:57 | (...)... | provenance | Sink:MaD:2030 | +| Log4jJndiInjectionTest.java:61:50:61:57 | source(...) : String | Log4jJndiInjectionTest.java:61:41:61:57 | (...)... | provenance | Sink:MaD:48004 | +| Log4jJndiInjectionTest.java:62:140:62:147 | source(...) : String | Log4jJndiInjectionTest.java:62:131:62:147 | (...)... | provenance | Sink:MaD:2031 | +| Log4jJndiInjectionTest.java:62:140:62:147 | source(...) : String | Log4jJndiInjectionTest.java:62:131:62:147 | (...)... | provenance | Sink:MaD:48005 | +| Log4jJndiInjectionTest.java:63:125:63:132 | source(...) : String | Log4jJndiInjectionTest.java:63:116:63:132 | (...)... | provenance | Sink:MaD:2031 | +| Log4jJndiInjectionTest.java:63:125:63:132 | source(...) : String | Log4jJndiInjectionTest.java:63:116:63:132 | (...)... | provenance | Sink:MaD:48005 | +| Log4jJndiInjectionTest.java:64:110:64:117 | source(...) : String | Log4jJndiInjectionTest.java:64:101:64:117 | (...)... | provenance | Sink:MaD:2031 | +| Log4jJndiInjectionTest.java:64:110:64:117 | source(...) : String | Log4jJndiInjectionTest.java:64:101:64:117 | (...)... | provenance | Sink:MaD:48005 | +| Log4jJndiInjectionTest.java:65:95:65:102 | source(...) : String | Log4jJndiInjectionTest.java:65:86:65:102 | (...)... | provenance | Sink:MaD:2031 | +| Log4jJndiInjectionTest.java:65:95:65:102 | source(...) : String | Log4jJndiInjectionTest.java:65:86:65:102 | (...)... | provenance | Sink:MaD:48005 | +| Log4jJndiInjectionTest.java:66:80:66:87 | source(...) : String | Log4jJndiInjectionTest.java:66:71:66:87 | (...)... | provenance | Sink:MaD:2031 | +| Log4jJndiInjectionTest.java:66:80:66:87 | source(...) : String | Log4jJndiInjectionTest.java:66:71:66:87 | (...)... | provenance | Sink:MaD:48005 | +| Log4jJndiInjectionTest.java:67:65:67:72 | source(...) : String | Log4jJndiInjectionTest.java:67:56:67:72 | (...)... | provenance | Sink:MaD:2031 | +| Log4jJndiInjectionTest.java:67:65:67:72 | source(...) : String | Log4jJndiInjectionTest.java:67:56:67:72 | (...)... | provenance | Sink:MaD:48005 | +| Log4jJndiInjectionTest.java:68:50:68:57 | source(...) : String | Log4jJndiInjectionTest.java:68:41:68:57 | (...)... | provenance | Sink:MaD:2031 | +| Log4jJndiInjectionTest.java:68:50:68:57 | source(...) : String | Log4jJndiInjectionTest.java:68:41:68:57 | (...)... | provenance | Sink:MaD:48005 | +| Log4jJndiInjectionTest.java:69:155:69:162 | source(...) : String | Log4jJndiInjectionTest.java:69:146:69:162 | (...)... | provenance | Sink:MaD:2032 | +| Log4jJndiInjectionTest.java:69:155:69:162 | source(...) : String | Log4jJndiInjectionTest.java:69:146:69:162 | (...)... | provenance | Sink:MaD:48006 | +| Log4jJndiInjectionTest.java:70:140:70:147 | source(...) : String | Log4jJndiInjectionTest.java:70:131:70:147 | (...)... | provenance | Sink:MaD:2032 | +| Log4jJndiInjectionTest.java:70:140:70:147 | source(...) : String | Log4jJndiInjectionTest.java:70:131:70:147 | (...)... | provenance | Sink:MaD:48006 | +| Log4jJndiInjectionTest.java:71:125:71:132 | source(...) : String | Log4jJndiInjectionTest.java:71:116:71:132 | (...)... | provenance | Sink:MaD:2032 | +| Log4jJndiInjectionTest.java:71:125:71:132 | source(...) : String | Log4jJndiInjectionTest.java:71:116:71:132 | (...)... | provenance | Sink:MaD:48006 | +| Log4jJndiInjectionTest.java:72:110:72:117 | source(...) : String | Log4jJndiInjectionTest.java:72:101:72:117 | (...)... | provenance | Sink:MaD:2032 | +| Log4jJndiInjectionTest.java:72:110:72:117 | source(...) : String | Log4jJndiInjectionTest.java:72:101:72:117 | (...)... | provenance | Sink:MaD:48006 | +| Log4jJndiInjectionTest.java:73:95:73:102 | source(...) : String | Log4jJndiInjectionTest.java:73:86:73:102 | (...)... | provenance | Sink:MaD:2032 | +| Log4jJndiInjectionTest.java:73:95:73:102 | source(...) : String | Log4jJndiInjectionTest.java:73:86:73:102 | (...)... | provenance | Sink:MaD:48006 | +| Log4jJndiInjectionTest.java:74:80:74:87 | source(...) : String | Log4jJndiInjectionTest.java:74:71:74:87 | (...)... | provenance | Sink:MaD:2032 | +| Log4jJndiInjectionTest.java:74:80:74:87 | source(...) : String | Log4jJndiInjectionTest.java:74:71:74:87 | (...)... | provenance | Sink:MaD:48006 | +| Log4jJndiInjectionTest.java:75:65:75:72 | source(...) : String | Log4jJndiInjectionTest.java:75:56:75:72 | (...)... | provenance | Sink:MaD:2032 | +| Log4jJndiInjectionTest.java:75:65:75:72 | source(...) : String | Log4jJndiInjectionTest.java:75:56:75:72 | (...)... | provenance | Sink:MaD:48006 | +| Log4jJndiInjectionTest.java:76:50:76:57 | source(...) : String | Log4jJndiInjectionTest.java:76:41:76:57 | (...)... | provenance | Sink:MaD:2032 | +| Log4jJndiInjectionTest.java:76:50:76:57 | source(...) : String | Log4jJndiInjectionTest.java:76:41:76:57 | (...)... | provenance | Sink:MaD:48006 | +| Log4jJndiInjectionTest.java:77:170:77:177 | source(...) : String | Log4jJndiInjectionTest.java:77:161:77:177 | (...)... | provenance | Sink:MaD:2033 | +| Log4jJndiInjectionTest.java:77:170:77:177 | source(...) : String | Log4jJndiInjectionTest.java:77:161:77:177 | (...)... | provenance | Sink:MaD:48007 | +| Log4jJndiInjectionTest.java:78:155:78:162 | source(...) : String | Log4jJndiInjectionTest.java:78:146:78:162 | (...)... | provenance | Sink:MaD:2033 | +| Log4jJndiInjectionTest.java:78:155:78:162 | source(...) : String | Log4jJndiInjectionTest.java:78:146:78:162 | (...)... | provenance | Sink:MaD:48007 | +| Log4jJndiInjectionTest.java:79:140:79:147 | source(...) : String | Log4jJndiInjectionTest.java:79:131:79:147 | (...)... | provenance | Sink:MaD:2033 | +| Log4jJndiInjectionTest.java:79:140:79:147 | source(...) : String | Log4jJndiInjectionTest.java:79:131:79:147 | (...)... | provenance | Sink:MaD:48007 | +| Log4jJndiInjectionTest.java:80:125:80:132 | source(...) : String | Log4jJndiInjectionTest.java:80:116:80:132 | (...)... | provenance | Sink:MaD:2033 | +| Log4jJndiInjectionTest.java:80:125:80:132 | source(...) : String | Log4jJndiInjectionTest.java:80:116:80:132 | (...)... | provenance | Sink:MaD:48007 | +| Log4jJndiInjectionTest.java:81:110:81:117 | source(...) : String | Log4jJndiInjectionTest.java:81:101:81:117 | (...)... | provenance | Sink:MaD:2033 | +| Log4jJndiInjectionTest.java:81:110:81:117 | source(...) : String | Log4jJndiInjectionTest.java:81:101:81:117 | (...)... | provenance | Sink:MaD:48007 | +| Log4jJndiInjectionTest.java:82:95:82:102 | source(...) : String | Log4jJndiInjectionTest.java:82:86:82:102 | (...)... | provenance | Sink:MaD:2033 | +| Log4jJndiInjectionTest.java:82:95:82:102 | source(...) : String | Log4jJndiInjectionTest.java:82:86:82:102 | (...)... | provenance | Sink:MaD:48007 | +| Log4jJndiInjectionTest.java:83:80:83:87 | source(...) : String | Log4jJndiInjectionTest.java:83:71:83:87 | (...)... | provenance | Sink:MaD:2033 | +| Log4jJndiInjectionTest.java:83:80:83:87 | source(...) : String | Log4jJndiInjectionTest.java:83:71:83:87 | (...)... | provenance | Sink:MaD:48007 | +| Log4jJndiInjectionTest.java:84:65:84:72 | source(...) : String | Log4jJndiInjectionTest.java:84:56:84:72 | (...)... | provenance | Sink:MaD:2033 | +| Log4jJndiInjectionTest.java:84:65:84:72 | source(...) : String | Log4jJndiInjectionTest.java:84:56:84:72 | (...)... | provenance | Sink:MaD:48007 | +| Log4jJndiInjectionTest.java:85:50:85:57 | source(...) : String | Log4jJndiInjectionTest.java:85:41:85:57 | (...)... | provenance | Sink:MaD:2033 | +| Log4jJndiInjectionTest.java:85:50:85:57 | source(...) : String | Log4jJndiInjectionTest.java:85:41:85:57 | (...)... | provenance | Sink:MaD:48007 | +| Log4jJndiInjectionTest.java:86:185:86:192 | source(...) : String | Log4jJndiInjectionTest.java:86:176:86:192 | (...)... | provenance | Sink:MaD:2034 | +| Log4jJndiInjectionTest.java:86:185:86:192 | source(...) : String | Log4jJndiInjectionTest.java:86:176:86:192 | (...)... | provenance | Sink:MaD:48008 | +| Log4jJndiInjectionTest.java:87:170:87:177 | source(...) : String | Log4jJndiInjectionTest.java:87:161:87:177 | (...)... | provenance | Sink:MaD:2034 | +| Log4jJndiInjectionTest.java:87:170:87:177 | source(...) : String | Log4jJndiInjectionTest.java:87:161:87:177 | (...)... | provenance | Sink:MaD:48008 | +| Log4jJndiInjectionTest.java:88:155:88:162 | source(...) : String | Log4jJndiInjectionTest.java:88:146:88:162 | (...)... | provenance | Sink:MaD:2034 | +| Log4jJndiInjectionTest.java:88:155:88:162 | source(...) : String | Log4jJndiInjectionTest.java:88:146:88:162 | (...)... | provenance | Sink:MaD:48008 | +| Log4jJndiInjectionTest.java:89:140:89:147 | source(...) : String | Log4jJndiInjectionTest.java:89:131:89:147 | (...)... | provenance | Sink:MaD:2034 | +| Log4jJndiInjectionTest.java:89:140:89:147 | source(...) : String | Log4jJndiInjectionTest.java:89:131:89:147 | (...)... | provenance | Sink:MaD:48008 | +| Log4jJndiInjectionTest.java:90:125:90:132 | source(...) : String | Log4jJndiInjectionTest.java:90:116:90:132 | (...)... | provenance | Sink:MaD:2034 | +| Log4jJndiInjectionTest.java:90:125:90:132 | source(...) : String | Log4jJndiInjectionTest.java:90:116:90:132 | (...)... | provenance | Sink:MaD:48008 | +| Log4jJndiInjectionTest.java:91:110:91:117 | source(...) : String | Log4jJndiInjectionTest.java:91:101:91:117 | (...)... | provenance | Sink:MaD:2034 | +| Log4jJndiInjectionTest.java:91:110:91:117 | source(...) : String | Log4jJndiInjectionTest.java:91:101:91:117 | (...)... | provenance | Sink:MaD:48008 | +| Log4jJndiInjectionTest.java:92:95:92:102 | source(...) : String | Log4jJndiInjectionTest.java:92:86:92:102 | (...)... | provenance | Sink:MaD:2034 | +| Log4jJndiInjectionTest.java:92:95:92:102 | source(...) : String | Log4jJndiInjectionTest.java:92:86:92:102 | (...)... | provenance | Sink:MaD:48008 | +| Log4jJndiInjectionTest.java:93:80:93:87 | source(...) : String | Log4jJndiInjectionTest.java:93:71:93:87 | (...)... | provenance | Sink:MaD:2034 | +| Log4jJndiInjectionTest.java:93:80:93:87 | source(...) : String | Log4jJndiInjectionTest.java:93:71:93:87 | (...)... | provenance | Sink:MaD:48008 | +| Log4jJndiInjectionTest.java:94:65:94:72 | source(...) : String | Log4jJndiInjectionTest.java:94:56:94:72 | (...)... | provenance | Sink:MaD:2034 | +| Log4jJndiInjectionTest.java:94:65:94:72 | source(...) : String | Log4jJndiInjectionTest.java:94:56:94:72 | (...)... | provenance | Sink:MaD:48008 | +| Log4jJndiInjectionTest.java:95:50:95:57 | source(...) : String | Log4jJndiInjectionTest.java:95:41:95:57 | (...)... | provenance | Sink:MaD:2034 | +| Log4jJndiInjectionTest.java:95:50:95:57 | source(...) : String | Log4jJndiInjectionTest.java:95:41:95:57 | (...)... | provenance | Sink:MaD:48008 | +| Log4jJndiInjectionTest.java:96:50:96:57 | source(...) : String | Log4jJndiInjectionTest.java:96:41:96:57 | (...)... | provenance | Sink:MaD:2026 | +| Log4jJndiInjectionTest.java:96:50:96:57 | source(...) : String | Log4jJndiInjectionTest.java:96:41:96:57 | (...)... | provenance | Sink:MaD:48000 | +| Log4jJndiInjectionTest.java:97:70:97:77 | source(...) : String | Log4jJndiInjectionTest.java:97:56:97:77 | (...)... | provenance | Sink:MaD:2026 | +| Log4jJndiInjectionTest.java:97:70:97:77 | source(...) : String | Log4jJndiInjectionTest.java:97:56:97:77 | (...)... | provenance | Sink:MaD:48000 | +| Log4jJndiInjectionTest.java:98:50:98:57 | source(...) : String | Log4jJndiInjectionTest.java:98:41:98:57 | (...)... | provenance | Sink:MaD:2038 | +| Log4jJndiInjectionTest.java:98:50:98:57 | source(...) : String | Log4jJndiInjectionTest.java:98:41:98:57 | (...)... | provenance | Sink:MaD:48012 | +| Log4jJndiInjectionTest.java:99:55:99:62 | source(...) : String | Log4jJndiInjectionTest.java:99:41:99:62 | (...)... | provenance | Sink:MaD:2039 | +| Log4jJndiInjectionTest.java:99:55:99:62 | source(...) : String | Log4jJndiInjectionTest.java:99:41:99:62 | (...)... | provenance | Sink:MaD:48013 | +| Log4jJndiInjectionTest.java:100:55:100:62 | source(...) : String | Log4jJndiInjectionTest.java:100:41:100:62 | (...)... | provenance | Sink:MaD:2040 | +| Log4jJndiInjectionTest.java:100:55:100:62 | source(...) : String | Log4jJndiInjectionTest.java:100:41:100:62 | (...)... | provenance | Sink:MaD:48014 | +| Log4jJndiInjectionTest.java:101:44:101:51 | source(...) : String | Log4jJndiInjectionTest.java:101:26:101:51 | (...)... | provenance | Sink:MaD:2043 | +| Log4jJndiInjectionTest.java:101:44:101:51 | source(...) : String | Log4jJndiInjectionTest.java:101:26:101:51 | (...)... | provenance | Sink:MaD:48017 | +| Log4jJndiInjectionTest.java:102:44:102:51 | source(...) : String | Log4jJndiInjectionTest.java:102:26:102:51 | (...)... | provenance | Sink:MaD:2044 | +| Log4jJndiInjectionTest.java:102:44:102:51 | source(...) : String | Log4jJndiInjectionTest.java:102:26:102:51 | (...)... | provenance | Sink:MaD:48018 | +| Log4jJndiInjectionTest.java:103:36:103:43 | source(...) : String | Log4jJndiInjectionTest.java:103:26:103:43 | (...)... | provenance | Sink:MaD:2041 | +| Log4jJndiInjectionTest.java:103:36:103:43 | source(...) : String | Log4jJndiInjectionTest.java:103:26:103:43 | (...)... | provenance | Sink:MaD:48015 | +| Log4jJndiInjectionTest.java:104:36:104:43 | source(...) : String | Log4jJndiInjectionTest.java:104:26:104:43 | (...)... | provenance | Sink:MaD:2042 | +| Log4jJndiInjectionTest.java:104:36:104:43 | source(...) : String | Log4jJndiInjectionTest.java:104:26:104:43 | (...)... | provenance | Sink:MaD:48016 | +| Log4jJndiInjectionTest.java:107:35:107:42 | source(...) : String | Log4jJndiInjectionTest.java:107:26:107:42 | (...)... | provenance | Sink:MaD:2047 | +| Log4jJndiInjectionTest.java:107:35:107:42 | source(...) : String | Log4jJndiInjectionTest.java:107:26:107:42 | (...)... | provenance | Sink:MaD:48021 | +| Log4jJndiInjectionTest.java:108:35:108:42 | source(...) : String | Log4jJndiInjectionTest.java:108:26:108:42 | (...)... | provenance | Sink:MaD:2058 | +| Log4jJndiInjectionTest.java:108:35:108:42 | source(...) : String | Log4jJndiInjectionTest.java:108:26:108:42 | (...)... | provenance | Sink:MaD:48032 | +| Log4jJndiInjectionTest.java:109:41:109:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:109:41:109:63 | new Object[] | provenance | Sink:MaD:2058 | +| Log4jJndiInjectionTest.java:109:41:109:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:109:41:109:63 | new Object[] | provenance | Sink:MaD:48032 | | Log4jJndiInjectionTest.java:109:55:109:62 | source(...) : String | Log4jJndiInjectionTest.java:109:41:109:63 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:110:50:110:57 | source(...) : String | Log4jJndiInjectionTest.java:110:41:110:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:111:35:111:42 | source(...) : String | Log4jJndiInjectionTest.java:111:26:111:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:112:65:112:72 | source(...) : String | Log4jJndiInjectionTest.java:112:56:112:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:113:50:113:57 | source(...) : String | Log4jJndiInjectionTest.java:113:41:113:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:114:35:114:42 | source(...) : String | Log4jJndiInjectionTest.java:114:26:114:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:115:80:115:87 | source(...) : String | Log4jJndiInjectionTest.java:115:71:115:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:116:65:116:72 | source(...) : String | Log4jJndiInjectionTest.java:116:56:116:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:117:50:117:57 | source(...) : String | Log4jJndiInjectionTest.java:117:41:117:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:118:35:118:42 | source(...) : String | Log4jJndiInjectionTest.java:118:26:118:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:119:95:119:102 | source(...) : String | Log4jJndiInjectionTest.java:119:86:119:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:120:80:120:87 | source(...) : String | Log4jJndiInjectionTest.java:120:71:120:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:121:65:121:72 | source(...) : String | Log4jJndiInjectionTest.java:121:56:121:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:122:50:122:57 | source(...) : String | Log4jJndiInjectionTest.java:122:41:122:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:123:35:123:42 | source(...) : String | Log4jJndiInjectionTest.java:123:26:123:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:124:110:124:117 | source(...) : String | Log4jJndiInjectionTest.java:124:101:124:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:125:95:125:102 | source(...) : String | Log4jJndiInjectionTest.java:125:86:125:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:126:80:126:87 | source(...) : String | Log4jJndiInjectionTest.java:126:71:126:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:127:65:127:72 | source(...) : String | Log4jJndiInjectionTest.java:127:56:127:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:128:50:128:57 | source(...) : String | Log4jJndiInjectionTest.java:128:41:128:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:129:35:129:42 | source(...) : String | Log4jJndiInjectionTest.java:129:26:129:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:130:125:130:132 | source(...) : String | Log4jJndiInjectionTest.java:130:116:130:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:131:110:131:117 | source(...) : String | Log4jJndiInjectionTest.java:131:101:131:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:132:95:132:102 | source(...) : String | Log4jJndiInjectionTest.java:132:86:132:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:133:80:133:87 | source(...) : String | Log4jJndiInjectionTest.java:133:71:133:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:134:65:134:72 | source(...) : String | Log4jJndiInjectionTest.java:134:56:134:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:135:50:135:57 | source(...) : String | Log4jJndiInjectionTest.java:135:41:135:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:136:35:136:42 | source(...) : String | Log4jJndiInjectionTest.java:136:26:136:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:137:140:137:147 | source(...) : String | Log4jJndiInjectionTest.java:137:131:137:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:138:125:138:132 | source(...) : String | Log4jJndiInjectionTest.java:138:116:138:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:139:110:139:117 | source(...) : String | Log4jJndiInjectionTest.java:139:101:139:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:140:95:140:102 | source(...) : String | Log4jJndiInjectionTest.java:140:86:140:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:141:80:141:87 | source(...) : String | Log4jJndiInjectionTest.java:141:71:141:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:142:65:142:72 | source(...) : String | Log4jJndiInjectionTest.java:142:56:142:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:143:50:143:57 | source(...) : String | Log4jJndiInjectionTest.java:143:41:143:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:144:35:144:42 | source(...) : String | Log4jJndiInjectionTest.java:144:26:144:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:145:155:145:162 | source(...) : String | Log4jJndiInjectionTest.java:145:146:145:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:146:140:146:147 | source(...) : String | Log4jJndiInjectionTest.java:146:131:146:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:147:125:147:132 | source(...) : String | Log4jJndiInjectionTest.java:147:116:147:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:148:110:148:117 | source(...) : String | Log4jJndiInjectionTest.java:148:101:148:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:149:95:149:102 | source(...) : String | Log4jJndiInjectionTest.java:149:86:149:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:150:80:150:87 | source(...) : String | Log4jJndiInjectionTest.java:150:71:150:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:151:65:151:72 | source(...) : String | Log4jJndiInjectionTest.java:151:56:151:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:152:50:152:57 | source(...) : String | Log4jJndiInjectionTest.java:152:41:152:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:153:35:153:42 | source(...) : String | Log4jJndiInjectionTest.java:153:26:153:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:154:170:154:177 | source(...) : String | Log4jJndiInjectionTest.java:154:161:154:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:155:155:155:162 | source(...) : String | Log4jJndiInjectionTest.java:155:146:155:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:156:140:156:147 | source(...) : String | Log4jJndiInjectionTest.java:156:131:156:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:157:125:157:132 | source(...) : String | Log4jJndiInjectionTest.java:157:116:157:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:158:110:158:117 | source(...) : String | Log4jJndiInjectionTest.java:158:101:158:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:159:95:159:102 | source(...) : String | Log4jJndiInjectionTest.java:159:86:159:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:160:80:160:87 | source(...) : String | Log4jJndiInjectionTest.java:160:71:160:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:161:65:161:72 | source(...) : String | Log4jJndiInjectionTest.java:161:56:161:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:162:50:162:57 | source(...) : String | Log4jJndiInjectionTest.java:162:41:162:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:163:35:163:42 | source(...) : String | Log4jJndiInjectionTest.java:163:26:163:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:164:35:164:42 | source(...) : String | Log4jJndiInjectionTest.java:164:26:164:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:165:55:165:62 | source(...) : String | Log4jJndiInjectionTest.java:165:41:165:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:166:35:166:42 | source(...) : String | Log4jJndiInjectionTest.java:166:26:166:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:167:40:167:47 | source(...) : String | Log4jJndiInjectionTest.java:167:26:167:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:168:40:168:47 | source(...) : String | Log4jJndiInjectionTest.java:168:26:168:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:169:41:169:48 | source(...) : String | Log4jJndiInjectionTest.java:169:26:169:48 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:170:41:170:48 | source(...) : String | Log4jJndiInjectionTest.java:170:26:170:48 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:171:56:171:63 | source(...) : String | Log4jJndiInjectionTest.java:171:41:171:63 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:172:56:172:63 | source(...) : String | Log4jJndiInjectionTest.java:172:41:172:63 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:173:51:173:58 | source(...) : String | Log4jJndiInjectionTest.java:173:41:173:58 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:174:59:174:66 | source(...) : String | Log4jJndiInjectionTest.java:174:41:174:66 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:175:59:175:66 | source(...) : String | Log4jJndiInjectionTest.java:175:41:175:66 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:177:50:177:57 | source(...) : String | Log4jJndiInjectionTest.java:177:41:177:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:178:50:178:57 | source(...) : String | Log4jJndiInjectionTest.java:178:41:178:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:179:56:179:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:179:56:179:78 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:110:50:110:57 | source(...) : String | Log4jJndiInjectionTest.java:110:41:110:57 | (...)... | provenance | Sink:MaD:2048 | +| Log4jJndiInjectionTest.java:110:50:110:57 | source(...) : String | Log4jJndiInjectionTest.java:110:41:110:57 | (...)... | provenance | Sink:MaD:48022 | +| Log4jJndiInjectionTest.java:111:35:111:42 | source(...) : String | Log4jJndiInjectionTest.java:111:26:111:42 | (...)... | provenance | Sink:MaD:2048 | +| Log4jJndiInjectionTest.java:111:35:111:42 | source(...) : String | Log4jJndiInjectionTest.java:111:26:111:42 | (...)... | provenance | Sink:MaD:48022 | +| Log4jJndiInjectionTest.java:112:65:112:72 | source(...) : String | Log4jJndiInjectionTest.java:112:56:112:72 | (...)... | provenance | Sink:MaD:2049 | +| Log4jJndiInjectionTest.java:112:65:112:72 | source(...) : String | Log4jJndiInjectionTest.java:112:56:112:72 | (...)... | provenance | Sink:MaD:48023 | +| Log4jJndiInjectionTest.java:113:50:113:57 | source(...) : String | Log4jJndiInjectionTest.java:113:41:113:57 | (...)... | provenance | Sink:MaD:2049 | +| Log4jJndiInjectionTest.java:113:50:113:57 | source(...) : String | Log4jJndiInjectionTest.java:113:41:113:57 | (...)... | provenance | Sink:MaD:48023 | +| Log4jJndiInjectionTest.java:114:35:114:42 | source(...) : String | Log4jJndiInjectionTest.java:114:26:114:42 | (...)... | provenance | Sink:MaD:2049 | +| Log4jJndiInjectionTest.java:114:35:114:42 | source(...) : String | Log4jJndiInjectionTest.java:114:26:114:42 | (...)... | provenance | Sink:MaD:48023 | +| Log4jJndiInjectionTest.java:115:80:115:87 | source(...) : String | Log4jJndiInjectionTest.java:115:71:115:87 | (...)... | provenance | Sink:MaD:2050 | +| Log4jJndiInjectionTest.java:115:80:115:87 | source(...) : String | Log4jJndiInjectionTest.java:115:71:115:87 | (...)... | provenance | Sink:MaD:48024 | +| Log4jJndiInjectionTest.java:116:65:116:72 | source(...) : String | Log4jJndiInjectionTest.java:116:56:116:72 | (...)... | provenance | Sink:MaD:2050 | +| Log4jJndiInjectionTest.java:116:65:116:72 | source(...) : String | Log4jJndiInjectionTest.java:116:56:116:72 | (...)... | provenance | Sink:MaD:48024 | +| Log4jJndiInjectionTest.java:117:50:117:57 | source(...) : String | Log4jJndiInjectionTest.java:117:41:117:57 | (...)... | provenance | Sink:MaD:2050 | +| Log4jJndiInjectionTest.java:117:50:117:57 | source(...) : String | Log4jJndiInjectionTest.java:117:41:117:57 | (...)... | provenance | Sink:MaD:48024 | +| Log4jJndiInjectionTest.java:118:35:118:42 | source(...) : String | Log4jJndiInjectionTest.java:118:26:118:42 | (...)... | provenance | Sink:MaD:2050 | +| Log4jJndiInjectionTest.java:118:35:118:42 | source(...) : String | Log4jJndiInjectionTest.java:118:26:118:42 | (...)... | provenance | Sink:MaD:48024 | +| Log4jJndiInjectionTest.java:119:95:119:102 | source(...) : String | Log4jJndiInjectionTest.java:119:86:119:102 | (...)... | provenance | Sink:MaD:2051 | +| Log4jJndiInjectionTest.java:119:95:119:102 | source(...) : String | Log4jJndiInjectionTest.java:119:86:119:102 | (...)... | provenance | Sink:MaD:48025 | +| Log4jJndiInjectionTest.java:120:80:120:87 | source(...) : String | Log4jJndiInjectionTest.java:120:71:120:87 | (...)... | provenance | Sink:MaD:2051 | +| Log4jJndiInjectionTest.java:120:80:120:87 | source(...) : String | Log4jJndiInjectionTest.java:120:71:120:87 | (...)... | provenance | Sink:MaD:48025 | +| Log4jJndiInjectionTest.java:121:65:121:72 | source(...) : String | Log4jJndiInjectionTest.java:121:56:121:72 | (...)... | provenance | Sink:MaD:2051 | +| Log4jJndiInjectionTest.java:121:65:121:72 | source(...) : String | Log4jJndiInjectionTest.java:121:56:121:72 | (...)... | provenance | Sink:MaD:48025 | +| Log4jJndiInjectionTest.java:122:50:122:57 | source(...) : String | Log4jJndiInjectionTest.java:122:41:122:57 | (...)... | provenance | Sink:MaD:2051 | +| Log4jJndiInjectionTest.java:122:50:122:57 | source(...) : String | Log4jJndiInjectionTest.java:122:41:122:57 | (...)... | provenance | Sink:MaD:48025 | +| Log4jJndiInjectionTest.java:123:35:123:42 | source(...) : String | Log4jJndiInjectionTest.java:123:26:123:42 | (...)... | provenance | Sink:MaD:2051 | +| Log4jJndiInjectionTest.java:123:35:123:42 | source(...) : String | Log4jJndiInjectionTest.java:123:26:123:42 | (...)... | provenance | Sink:MaD:48025 | +| Log4jJndiInjectionTest.java:124:110:124:117 | source(...) : String | Log4jJndiInjectionTest.java:124:101:124:117 | (...)... | provenance | Sink:MaD:2052 | +| Log4jJndiInjectionTest.java:124:110:124:117 | source(...) : String | Log4jJndiInjectionTest.java:124:101:124:117 | (...)... | provenance | Sink:MaD:48026 | +| Log4jJndiInjectionTest.java:125:95:125:102 | source(...) : String | Log4jJndiInjectionTest.java:125:86:125:102 | (...)... | provenance | Sink:MaD:2052 | +| Log4jJndiInjectionTest.java:125:95:125:102 | source(...) : String | Log4jJndiInjectionTest.java:125:86:125:102 | (...)... | provenance | Sink:MaD:48026 | +| Log4jJndiInjectionTest.java:126:80:126:87 | source(...) : String | Log4jJndiInjectionTest.java:126:71:126:87 | (...)... | provenance | Sink:MaD:2052 | +| Log4jJndiInjectionTest.java:126:80:126:87 | source(...) : String | Log4jJndiInjectionTest.java:126:71:126:87 | (...)... | provenance | Sink:MaD:48026 | +| Log4jJndiInjectionTest.java:127:65:127:72 | source(...) : String | Log4jJndiInjectionTest.java:127:56:127:72 | (...)... | provenance | Sink:MaD:2052 | +| Log4jJndiInjectionTest.java:127:65:127:72 | source(...) : String | Log4jJndiInjectionTest.java:127:56:127:72 | (...)... | provenance | Sink:MaD:48026 | +| Log4jJndiInjectionTest.java:128:50:128:57 | source(...) : String | Log4jJndiInjectionTest.java:128:41:128:57 | (...)... | provenance | Sink:MaD:2052 | +| Log4jJndiInjectionTest.java:128:50:128:57 | source(...) : String | Log4jJndiInjectionTest.java:128:41:128:57 | (...)... | provenance | Sink:MaD:48026 | +| Log4jJndiInjectionTest.java:129:35:129:42 | source(...) : String | Log4jJndiInjectionTest.java:129:26:129:42 | (...)... | provenance | Sink:MaD:2052 | +| Log4jJndiInjectionTest.java:129:35:129:42 | source(...) : String | Log4jJndiInjectionTest.java:129:26:129:42 | (...)... | provenance | Sink:MaD:48026 | +| Log4jJndiInjectionTest.java:130:125:130:132 | source(...) : String | Log4jJndiInjectionTest.java:130:116:130:132 | (...)... | provenance | Sink:MaD:2053 | +| Log4jJndiInjectionTest.java:130:125:130:132 | source(...) : String | Log4jJndiInjectionTest.java:130:116:130:132 | (...)... | provenance | Sink:MaD:48027 | +| Log4jJndiInjectionTest.java:131:110:131:117 | source(...) : String | Log4jJndiInjectionTest.java:131:101:131:117 | (...)... | provenance | Sink:MaD:2053 | +| Log4jJndiInjectionTest.java:131:110:131:117 | source(...) : String | Log4jJndiInjectionTest.java:131:101:131:117 | (...)... | provenance | Sink:MaD:48027 | +| Log4jJndiInjectionTest.java:132:95:132:102 | source(...) : String | Log4jJndiInjectionTest.java:132:86:132:102 | (...)... | provenance | Sink:MaD:2053 | +| Log4jJndiInjectionTest.java:132:95:132:102 | source(...) : String | Log4jJndiInjectionTest.java:132:86:132:102 | (...)... | provenance | Sink:MaD:48027 | +| Log4jJndiInjectionTest.java:133:80:133:87 | source(...) : String | Log4jJndiInjectionTest.java:133:71:133:87 | (...)... | provenance | Sink:MaD:2053 | +| Log4jJndiInjectionTest.java:133:80:133:87 | source(...) : String | Log4jJndiInjectionTest.java:133:71:133:87 | (...)... | provenance | Sink:MaD:48027 | +| Log4jJndiInjectionTest.java:134:65:134:72 | source(...) : String | Log4jJndiInjectionTest.java:134:56:134:72 | (...)... | provenance | Sink:MaD:2053 | +| Log4jJndiInjectionTest.java:134:65:134:72 | source(...) : String | Log4jJndiInjectionTest.java:134:56:134:72 | (...)... | provenance | Sink:MaD:48027 | +| Log4jJndiInjectionTest.java:135:50:135:57 | source(...) : String | Log4jJndiInjectionTest.java:135:41:135:57 | (...)... | provenance | Sink:MaD:2053 | +| Log4jJndiInjectionTest.java:135:50:135:57 | source(...) : String | Log4jJndiInjectionTest.java:135:41:135:57 | (...)... | provenance | Sink:MaD:48027 | +| Log4jJndiInjectionTest.java:136:35:136:42 | source(...) : String | Log4jJndiInjectionTest.java:136:26:136:42 | (...)... | provenance | Sink:MaD:2053 | +| Log4jJndiInjectionTest.java:136:35:136:42 | source(...) : String | Log4jJndiInjectionTest.java:136:26:136:42 | (...)... | provenance | Sink:MaD:48027 | +| Log4jJndiInjectionTest.java:137:140:137:147 | source(...) : String | Log4jJndiInjectionTest.java:137:131:137:147 | (...)... | provenance | Sink:MaD:2054 | +| Log4jJndiInjectionTest.java:137:140:137:147 | source(...) : String | Log4jJndiInjectionTest.java:137:131:137:147 | (...)... | provenance | Sink:MaD:48028 | +| Log4jJndiInjectionTest.java:138:125:138:132 | source(...) : String | Log4jJndiInjectionTest.java:138:116:138:132 | (...)... | provenance | Sink:MaD:2054 | +| Log4jJndiInjectionTest.java:138:125:138:132 | source(...) : String | Log4jJndiInjectionTest.java:138:116:138:132 | (...)... | provenance | Sink:MaD:48028 | +| Log4jJndiInjectionTest.java:139:110:139:117 | source(...) : String | Log4jJndiInjectionTest.java:139:101:139:117 | (...)... | provenance | Sink:MaD:2054 | +| Log4jJndiInjectionTest.java:139:110:139:117 | source(...) : String | Log4jJndiInjectionTest.java:139:101:139:117 | (...)... | provenance | Sink:MaD:48028 | +| Log4jJndiInjectionTest.java:140:95:140:102 | source(...) : String | Log4jJndiInjectionTest.java:140:86:140:102 | (...)... | provenance | Sink:MaD:2054 | +| Log4jJndiInjectionTest.java:140:95:140:102 | source(...) : String | Log4jJndiInjectionTest.java:140:86:140:102 | (...)... | provenance | Sink:MaD:48028 | +| Log4jJndiInjectionTest.java:141:80:141:87 | source(...) : String | Log4jJndiInjectionTest.java:141:71:141:87 | (...)... | provenance | Sink:MaD:2054 | +| Log4jJndiInjectionTest.java:141:80:141:87 | source(...) : String | Log4jJndiInjectionTest.java:141:71:141:87 | (...)... | provenance | Sink:MaD:48028 | +| Log4jJndiInjectionTest.java:142:65:142:72 | source(...) : String | Log4jJndiInjectionTest.java:142:56:142:72 | (...)... | provenance | Sink:MaD:2054 | +| Log4jJndiInjectionTest.java:142:65:142:72 | source(...) : String | Log4jJndiInjectionTest.java:142:56:142:72 | (...)... | provenance | Sink:MaD:48028 | +| Log4jJndiInjectionTest.java:143:50:143:57 | source(...) : String | Log4jJndiInjectionTest.java:143:41:143:57 | (...)... | provenance | Sink:MaD:2054 | +| Log4jJndiInjectionTest.java:143:50:143:57 | source(...) : String | Log4jJndiInjectionTest.java:143:41:143:57 | (...)... | provenance | Sink:MaD:48028 | +| Log4jJndiInjectionTest.java:144:35:144:42 | source(...) : String | Log4jJndiInjectionTest.java:144:26:144:42 | (...)... | provenance | Sink:MaD:2054 | +| Log4jJndiInjectionTest.java:144:35:144:42 | source(...) : String | Log4jJndiInjectionTest.java:144:26:144:42 | (...)... | provenance | Sink:MaD:48028 | +| Log4jJndiInjectionTest.java:145:155:145:162 | source(...) : String | Log4jJndiInjectionTest.java:145:146:145:162 | (...)... | provenance | Sink:MaD:2055 | +| Log4jJndiInjectionTest.java:145:155:145:162 | source(...) : String | Log4jJndiInjectionTest.java:145:146:145:162 | (...)... | provenance | Sink:MaD:48029 | +| Log4jJndiInjectionTest.java:146:140:146:147 | source(...) : String | Log4jJndiInjectionTest.java:146:131:146:147 | (...)... | provenance | Sink:MaD:2055 | +| Log4jJndiInjectionTest.java:146:140:146:147 | source(...) : String | Log4jJndiInjectionTest.java:146:131:146:147 | (...)... | provenance | Sink:MaD:48029 | +| Log4jJndiInjectionTest.java:147:125:147:132 | source(...) : String | Log4jJndiInjectionTest.java:147:116:147:132 | (...)... | provenance | Sink:MaD:2055 | +| Log4jJndiInjectionTest.java:147:125:147:132 | source(...) : String | Log4jJndiInjectionTest.java:147:116:147:132 | (...)... | provenance | Sink:MaD:48029 | +| Log4jJndiInjectionTest.java:148:110:148:117 | source(...) : String | Log4jJndiInjectionTest.java:148:101:148:117 | (...)... | provenance | Sink:MaD:2055 | +| Log4jJndiInjectionTest.java:148:110:148:117 | source(...) : String | Log4jJndiInjectionTest.java:148:101:148:117 | (...)... | provenance | Sink:MaD:48029 | +| Log4jJndiInjectionTest.java:149:95:149:102 | source(...) : String | Log4jJndiInjectionTest.java:149:86:149:102 | (...)... | provenance | Sink:MaD:2055 | +| Log4jJndiInjectionTest.java:149:95:149:102 | source(...) : String | Log4jJndiInjectionTest.java:149:86:149:102 | (...)... | provenance | Sink:MaD:48029 | +| Log4jJndiInjectionTest.java:150:80:150:87 | source(...) : String | Log4jJndiInjectionTest.java:150:71:150:87 | (...)... | provenance | Sink:MaD:2055 | +| Log4jJndiInjectionTest.java:150:80:150:87 | source(...) : String | Log4jJndiInjectionTest.java:150:71:150:87 | (...)... | provenance | Sink:MaD:48029 | +| Log4jJndiInjectionTest.java:151:65:151:72 | source(...) : String | Log4jJndiInjectionTest.java:151:56:151:72 | (...)... | provenance | Sink:MaD:2055 | +| Log4jJndiInjectionTest.java:151:65:151:72 | source(...) : String | Log4jJndiInjectionTest.java:151:56:151:72 | (...)... | provenance | Sink:MaD:48029 | +| Log4jJndiInjectionTest.java:152:50:152:57 | source(...) : String | Log4jJndiInjectionTest.java:152:41:152:57 | (...)... | provenance | Sink:MaD:2055 | +| Log4jJndiInjectionTest.java:152:50:152:57 | source(...) : String | Log4jJndiInjectionTest.java:152:41:152:57 | (...)... | provenance | Sink:MaD:48029 | +| Log4jJndiInjectionTest.java:153:35:153:42 | source(...) : String | Log4jJndiInjectionTest.java:153:26:153:42 | (...)... | provenance | Sink:MaD:2055 | +| Log4jJndiInjectionTest.java:153:35:153:42 | source(...) : String | Log4jJndiInjectionTest.java:153:26:153:42 | (...)... | provenance | Sink:MaD:48029 | +| Log4jJndiInjectionTest.java:154:170:154:177 | source(...) : String | Log4jJndiInjectionTest.java:154:161:154:177 | (...)... | provenance | Sink:MaD:2056 | +| Log4jJndiInjectionTest.java:154:170:154:177 | source(...) : String | Log4jJndiInjectionTest.java:154:161:154:177 | (...)... | provenance | Sink:MaD:48030 | +| Log4jJndiInjectionTest.java:155:155:155:162 | source(...) : String | Log4jJndiInjectionTest.java:155:146:155:162 | (...)... | provenance | Sink:MaD:2056 | +| Log4jJndiInjectionTest.java:155:155:155:162 | source(...) : String | Log4jJndiInjectionTest.java:155:146:155:162 | (...)... | provenance | Sink:MaD:48030 | +| Log4jJndiInjectionTest.java:156:140:156:147 | source(...) : String | Log4jJndiInjectionTest.java:156:131:156:147 | (...)... | provenance | Sink:MaD:2056 | +| Log4jJndiInjectionTest.java:156:140:156:147 | source(...) : String | Log4jJndiInjectionTest.java:156:131:156:147 | (...)... | provenance | Sink:MaD:48030 | +| Log4jJndiInjectionTest.java:157:125:157:132 | source(...) : String | Log4jJndiInjectionTest.java:157:116:157:132 | (...)... | provenance | Sink:MaD:2056 | +| Log4jJndiInjectionTest.java:157:125:157:132 | source(...) : String | Log4jJndiInjectionTest.java:157:116:157:132 | (...)... | provenance | Sink:MaD:48030 | +| Log4jJndiInjectionTest.java:158:110:158:117 | source(...) : String | Log4jJndiInjectionTest.java:158:101:158:117 | (...)... | provenance | Sink:MaD:2056 | +| Log4jJndiInjectionTest.java:158:110:158:117 | source(...) : String | Log4jJndiInjectionTest.java:158:101:158:117 | (...)... | provenance | Sink:MaD:48030 | +| Log4jJndiInjectionTest.java:159:95:159:102 | source(...) : String | Log4jJndiInjectionTest.java:159:86:159:102 | (...)... | provenance | Sink:MaD:2056 | +| Log4jJndiInjectionTest.java:159:95:159:102 | source(...) : String | Log4jJndiInjectionTest.java:159:86:159:102 | (...)... | provenance | Sink:MaD:48030 | +| Log4jJndiInjectionTest.java:160:80:160:87 | source(...) : String | Log4jJndiInjectionTest.java:160:71:160:87 | (...)... | provenance | Sink:MaD:2056 | +| Log4jJndiInjectionTest.java:160:80:160:87 | source(...) : String | Log4jJndiInjectionTest.java:160:71:160:87 | (...)... | provenance | Sink:MaD:48030 | +| Log4jJndiInjectionTest.java:161:65:161:72 | source(...) : String | Log4jJndiInjectionTest.java:161:56:161:72 | (...)... | provenance | Sink:MaD:2056 | +| Log4jJndiInjectionTest.java:161:65:161:72 | source(...) : String | Log4jJndiInjectionTest.java:161:56:161:72 | (...)... | provenance | Sink:MaD:48030 | +| Log4jJndiInjectionTest.java:162:50:162:57 | source(...) : String | Log4jJndiInjectionTest.java:162:41:162:57 | (...)... | provenance | Sink:MaD:2056 | +| Log4jJndiInjectionTest.java:162:50:162:57 | source(...) : String | Log4jJndiInjectionTest.java:162:41:162:57 | (...)... | provenance | Sink:MaD:48030 | +| Log4jJndiInjectionTest.java:163:35:163:42 | source(...) : String | Log4jJndiInjectionTest.java:163:26:163:42 | (...)... | provenance | Sink:MaD:2056 | +| Log4jJndiInjectionTest.java:163:35:163:42 | source(...) : String | Log4jJndiInjectionTest.java:163:26:163:42 | (...)... | provenance | Sink:MaD:48030 | +| Log4jJndiInjectionTest.java:164:35:164:42 | source(...) : String | Log4jJndiInjectionTest.java:164:26:164:42 | (...)... | provenance | Sink:MaD:2048 | +| Log4jJndiInjectionTest.java:164:35:164:42 | source(...) : String | Log4jJndiInjectionTest.java:164:26:164:42 | (...)... | provenance | Sink:MaD:48022 | +| Log4jJndiInjectionTest.java:165:55:165:62 | source(...) : String | Log4jJndiInjectionTest.java:165:41:165:62 | (...)... | provenance | Sink:MaD:2048 | +| Log4jJndiInjectionTest.java:165:55:165:62 | source(...) : String | Log4jJndiInjectionTest.java:165:41:165:62 | (...)... | provenance | Sink:MaD:48022 | +| Log4jJndiInjectionTest.java:166:35:166:42 | source(...) : String | Log4jJndiInjectionTest.java:166:26:166:42 | (...)... | provenance | Sink:MaD:2060 | +| Log4jJndiInjectionTest.java:166:35:166:42 | source(...) : String | Log4jJndiInjectionTest.java:166:26:166:42 | (...)... | provenance | Sink:MaD:48034 | +| Log4jJndiInjectionTest.java:167:40:167:47 | source(...) : String | Log4jJndiInjectionTest.java:167:26:167:47 | (...)... | provenance | Sink:MaD:2061 | +| Log4jJndiInjectionTest.java:167:40:167:47 | source(...) : String | Log4jJndiInjectionTest.java:167:26:167:47 | (...)... | provenance | Sink:MaD:48035 | +| Log4jJndiInjectionTest.java:168:40:168:47 | source(...) : String | Log4jJndiInjectionTest.java:168:26:168:47 | (...)... | provenance | Sink:MaD:2062 | +| Log4jJndiInjectionTest.java:168:40:168:47 | source(...) : String | Log4jJndiInjectionTest.java:168:26:168:47 | (...)... | provenance | Sink:MaD:48036 | +| Log4jJndiInjectionTest.java:169:41:169:48 | source(...) : String | Log4jJndiInjectionTest.java:169:26:169:48 | (...)... | provenance | Sink:MaD:2064 | +| Log4jJndiInjectionTest.java:169:41:169:48 | source(...) : String | Log4jJndiInjectionTest.java:169:26:169:48 | (...)... | provenance | Sink:MaD:48038 | +| Log4jJndiInjectionTest.java:170:41:170:48 | source(...) : String | Log4jJndiInjectionTest.java:170:26:170:48 | (...)... | provenance | Sink:MaD:2065 | +| Log4jJndiInjectionTest.java:170:41:170:48 | source(...) : String | Log4jJndiInjectionTest.java:170:26:170:48 | (...)... | provenance | Sink:MaD:48039 | +| Log4jJndiInjectionTest.java:171:56:171:63 | source(...) : String | Log4jJndiInjectionTest.java:171:41:171:63 | (...)... | provenance | Sink:MaD:2066 | +| Log4jJndiInjectionTest.java:171:56:171:63 | source(...) : String | Log4jJndiInjectionTest.java:171:41:171:63 | (...)... | provenance | Sink:MaD:48040 | +| Log4jJndiInjectionTest.java:172:56:172:63 | source(...) : String | Log4jJndiInjectionTest.java:172:41:172:63 | (...)... | provenance | Sink:MaD:2067 | +| Log4jJndiInjectionTest.java:172:56:172:63 | source(...) : String | Log4jJndiInjectionTest.java:172:41:172:63 | (...)... | provenance | Sink:MaD:48041 | +| Log4jJndiInjectionTest.java:173:51:173:58 | source(...) : String | Log4jJndiInjectionTest.java:173:41:173:58 | (...)... | provenance | Sink:MaD:2068 | +| Log4jJndiInjectionTest.java:173:51:173:58 | source(...) : String | Log4jJndiInjectionTest.java:173:41:173:58 | (...)... | provenance | Sink:MaD:48042 | +| Log4jJndiInjectionTest.java:174:59:174:66 | source(...) : String | Log4jJndiInjectionTest.java:174:41:174:66 | (...)... | provenance | Sink:MaD:2069 | +| Log4jJndiInjectionTest.java:174:59:174:66 | source(...) : String | Log4jJndiInjectionTest.java:174:41:174:66 | (...)... | provenance | Sink:MaD:48043 | +| Log4jJndiInjectionTest.java:175:59:175:66 | source(...) : String | Log4jJndiInjectionTest.java:175:41:175:66 | (...)... | provenance | Sink:MaD:2070 | +| Log4jJndiInjectionTest.java:175:59:175:66 | source(...) : String | Log4jJndiInjectionTest.java:175:41:175:66 | (...)... | provenance | Sink:MaD:48044 | +| Log4jJndiInjectionTest.java:177:50:177:57 | source(...) : String | Log4jJndiInjectionTest.java:177:41:177:57 | (...)... | provenance | Sink:MaD:2073 | +| Log4jJndiInjectionTest.java:177:50:177:57 | source(...) : String | Log4jJndiInjectionTest.java:177:41:177:57 | (...)... | provenance | Sink:MaD:48047 | +| Log4jJndiInjectionTest.java:178:50:178:57 | source(...) : String | Log4jJndiInjectionTest.java:178:41:178:57 | (...)... | provenance | Sink:MaD:2084 | +| Log4jJndiInjectionTest.java:178:50:178:57 | source(...) : String | Log4jJndiInjectionTest.java:178:41:178:57 | (...)... | provenance | Sink:MaD:48058 | +| Log4jJndiInjectionTest.java:179:56:179:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:179:56:179:78 | new Object[] | provenance | Sink:MaD:2084 | +| Log4jJndiInjectionTest.java:179:56:179:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:179:56:179:78 | new Object[] | provenance | Sink:MaD:48058 | | Log4jJndiInjectionTest.java:179:70:179:77 | source(...) : String | Log4jJndiInjectionTest.java:179:56:179:78 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:180:65:180:72 | source(...) : String | Log4jJndiInjectionTest.java:180:56:180:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:181:50:181:57 | source(...) : String | Log4jJndiInjectionTest.java:181:41:181:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:182:80:182:87 | source(...) : String | Log4jJndiInjectionTest.java:182:71:182:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:183:65:183:72 | source(...) : String | Log4jJndiInjectionTest.java:183:56:183:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:184:50:184:57 | source(...) : String | Log4jJndiInjectionTest.java:184:41:184:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:185:95:185:102 | source(...) : String | Log4jJndiInjectionTest.java:185:86:185:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:186:80:186:87 | source(...) : String | Log4jJndiInjectionTest.java:186:71:186:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:187:65:187:72 | source(...) : String | Log4jJndiInjectionTest.java:187:56:187:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:188:50:188:57 | source(...) : String | Log4jJndiInjectionTest.java:188:41:188:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:189:110:189:117 | source(...) : String | Log4jJndiInjectionTest.java:189:101:189:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:190:95:190:102 | source(...) : String | Log4jJndiInjectionTest.java:190:86:190:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:191:80:191:87 | source(...) : String | Log4jJndiInjectionTest.java:191:71:191:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:192:65:192:72 | source(...) : String | Log4jJndiInjectionTest.java:192:56:192:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:193:50:193:57 | source(...) : String | Log4jJndiInjectionTest.java:193:41:193:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:194:125:194:132 | source(...) : String | Log4jJndiInjectionTest.java:194:116:194:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:195:110:195:117 | source(...) : String | Log4jJndiInjectionTest.java:195:101:195:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:196:95:196:102 | source(...) : String | Log4jJndiInjectionTest.java:196:86:196:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:197:80:197:87 | source(...) : String | Log4jJndiInjectionTest.java:197:71:197:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:198:65:198:72 | source(...) : String | Log4jJndiInjectionTest.java:198:56:198:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:199:50:199:57 | source(...) : String | Log4jJndiInjectionTest.java:199:41:199:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:200:140:200:147 | source(...) : String | Log4jJndiInjectionTest.java:200:131:200:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:201:125:201:132 | source(...) : String | Log4jJndiInjectionTest.java:201:116:201:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:202:110:202:117 | source(...) : String | Log4jJndiInjectionTest.java:202:101:202:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:203:95:203:102 | source(...) : String | Log4jJndiInjectionTest.java:203:86:203:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:204:80:204:87 | source(...) : String | Log4jJndiInjectionTest.java:204:71:204:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:205:65:205:72 | source(...) : String | Log4jJndiInjectionTest.java:205:56:205:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:206:50:206:57 | source(...) : String | Log4jJndiInjectionTest.java:206:41:206:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:207:155:207:162 | source(...) : String | Log4jJndiInjectionTest.java:207:146:207:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:208:140:208:147 | source(...) : String | Log4jJndiInjectionTest.java:208:131:208:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:209:125:209:132 | source(...) : String | Log4jJndiInjectionTest.java:209:116:209:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:210:110:210:117 | source(...) : String | Log4jJndiInjectionTest.java:210:101:210:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:211:95:211:102 | source(...) : String | Log4jJndiInjectionTest.java:211:86:211:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:212:80:212:87 | source(...) : String | Log4jJndiInjectionTest.java:212:71:212:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:213:65:213:72 | source(...) : String | Log4jJndiInjectionTest.java:213:56:213:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:214:50:214:57 | source(...) : String | Log4jJndiInjectionTest.java:214:41:214:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:215:170:215:177 | source(...) : String | Log4jJndiInjectionTest.java:215:161:215:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:216:155:216:162 | source(...) : String | Log4jJndiInjectionTest.java:216:146:216:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:217:140:217:147 | source(...) : String | Log4jJndiInjectionTest.java:217:131:217:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:218:125:218:132 | source(...) : String | Log4jJndiInjectionTest.java:218:116:218:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:219:110:219:117 | source(...) : String | Log4jJndiInjectionTest.java:219:101:219:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:220:95:220:102 | source(...) : String | Log4jJndiInjectionTest.java:220:86:220:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:221:80:221:87 | source(...) : String | Log4jJndiInjectionTest.java:221:71:221:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:222:65:222:72 | source(...) : String | Log4jJndiInjectionTest.java:222:56:222:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:223:50:223:57 | source(...) : String | Log4jJndiInjectionTest.java:223:41:223:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:224:185:224:192 | source(...) : String | Log4jJndiInjectionTest.java:224:176:224:192 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:225:170:225:177 | source(...) : String | Log4jJndiInjectionTest.java:225:161:225:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:226:155:226:162 | source(...) : String | Log4jJndiInjectionTest.java:226:146:226:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:227:140:227:147 | source(...) : String | Log4jJndiInjectionTest.java:227:131:227:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:228:125:228:132 | source(...) : String | Log4jJndiInjectionTest.java:228:116:228:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:229:110:229:117 | source(...) : String | Log4jJndiInjectionTest.java:229:101:229:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:230:95:230:102 | source(...) : String | Log4jJndiInjectionTest.java:230:86:230:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:231:80:231:87 | source(...) : String | Log4jJndiInjectionTest.java:231:71:231:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:232:65:232:72 | source(...) : String | Log4jJndiInjectionTest.java:232:56:232:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:233:50:233:57 | source(...) : String | Log4jJndiInjectionTest.java:233:41:233:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:234:50:234:57 | source(...) : String | Log4jJndiInjectionTest.java:234:41:234:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:235:70:235:77 | source(...) : String | Log4jJndiInjectionTest.java:235:56:235:77 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:236:50:236:57 | source(...) : String | Log4jJndiInjectionTest.java:236:41:236:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:237:55:237:62 | source(...) : String | Log4jJndiInjectionTest.java:237:41:237:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:238:55:238:62 | source(...) : String | Log4jJndiInjectionTest.java:238:41:238:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:239:44:239:51 | source(...) : String | Log4jJndiInjectionTest.java:239:26:239:51 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:240:44:240:51 | source(...) : String | Log4jJndiInjectionTest.java:240:26:240:51 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:241:36:241:43 | source(...) : String | Log4jJndiInjectionTest.java:241:26:241:43 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:242:36:242:43 | source(...) : String | Log4jJndiInjectionTest.java:242:26:242:43 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:245:35:245:42 | source(...) : String | Log4jJndiInjectionTest.java:245:26:245:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:246:35:246:42 | source(...) : String | Log4jJndiInjectionTest.java:246:26:246:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:247:41:247:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:247:41:247:63 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:180:65:180:72 | source(...) : String | Log4jJndiInjectionTest.java:180:56:180:72 | (...)... | provenance | Sink:MaD:2074 | +| Log4jJndiInjectionTest.java:180:65:180:72 | source(...) : String | Log4jJndiInjectionTest.java:180:56:180:72 | (...)... | provenance | Sink:MaD:48048 | +| Log4jJndiInjectionTest.java:181:50:181:57 | source(...) : String | Log4jJndiInjectionTest.java:181:41:181:57 | (...)... | provenance | Sink:MaD:2074 | +| Log4jJndiInjectionTest.java:181:50:181:57 | source(...) : String | Log4jJndiInjectionTest.java:181:41:181:57 | (...)... | provenance | Sink:MaD:48048 | +| Log4jJndiInjectionTest.java:182:80:182:87 | source(...) : String | Log4jJndiInjectionTest.java:182:71:182:87 | (...)... | provenance | Sink:MaD:2075 | +| Log4jJndiInjectionTest.java:182:80:182:87 | source(...) : String | Log4jJndiInjectionTest.java:182:71:182:87 | (...)... | provenance | Sink:MaD:48049 | +| Log4jJndiInjectionTest.java:183:65:183:72 | source(...) : String | Log4jJndiInjectionTest.java:183:56:183:72 | (...)... | provenance | Sink:MaD:2075 | +| Log4jJndiInjectionTest.java:183:65:183:72 | source(...) : String | Log4jJndiInjectionTest.java:183:56:183:72 | (...)... | provenance | Sink:MaD:48049 | +| Log4jJndiInjectionTest.java:184:50:184:57 | source(...) : String | Log4jJndiInjectionTest.java:184:41:184:57 | (...)... | provenance | Sink:MaD:2075 | +| Log4jJndiInjectionTest.java:184:50:184:57 | source(...) : String | Log4jJndiInjectionTest.java:184:41:184:57 | (...)... | provenance | Sink:MaD:48049 | +| Log4jJndiInjectionTest.java:185:95:185:102 | source(...) : String | Log4jJndiInjectionTest.java:185:86:185:102 | (...)... | provenance | Sink:MaD:2076 | +| Log4jJndiInjectionTest.java:185:95:185:102 | source(...) : String | Log4jJndiInjectionTest.java:185:86:185:102 | (...)... | provenance | Sink:MaD:48050 | +| Log4jJndiInjectionTest.java:186:80:186:87 | source(...) : String | Log4jJndiInjectionTest.java:186:71:186:87 | (...)... | provenance | Sink:MaD:2076 | +| Log4jJndiInjectionTest.java:186:80:186:87 | source(...) : String | Log4jJndiInjectionTest.java:186:71:186:87 | (...)... | provenance | Sink:MaD:48050 | +| Log4jJndiInjectionTest.java:187:65:187:72 | source(...) : String | Log4jJndiInjectionTest.java:187:56:187:72 | (...)... | provenance | Sink:MaD:2076 | +| Log4jJndiInjectionTest.java:187:65:187:72 | source(...) : String | Log4jJndiInjectionTest.java:187:56:187:72 | (...)... | provenance | Sink:MaD:48050 | +| Log4jJndiInjectionTest.java:188:50:188:57 | source(...) : String | Log4jJndiInjectionTest.java:188:41:188:57 | (...)... | provenance | Sink:MaD:2076 | +| Log4jJndiInjectionTest.java:188:50:188:57 | source(...) : String | Log4jJndiInjectionTest.java:188:41:188:57 | (...)... | provenance | Sink:MaD:48050 | +| Log4jJndiInjectionTest.java:189:110:189:117 | source(...) : String | Log4jJndiInjectionTest.java:189:101:189:117 | (...)... | provenance | Sink:MaD:2077 | +| Log4jJndiInjectionTest.java:189:110:189:117 | source(...) : String | Log4jJndiInjectionTest.java:189:101:189:117 | (...)... | provenance | Sink:MaD:48051 | +| Log4jJndiInjectionTest.java:190:95:190:102 | source(...) : String | Log4jJndiInjectionTest.java:190:86:190:102 | (...)... | provenance | Sink:MaD:2077 | +| Log4jJndiInjectionTest.java:190:95:190:102 | source(...) : String | Log4jJndiInjectionTest.java:190:86:190:102 | (...)... | provenance | Sink:MaD:48051 | +| Log4jJndiInjectionTest.java:191:80:191:87 | source(...) : String | Log4jJndiInjectionTest.java:191:71:191:87 | (...)... | provenance | Sink:MaD:2077 | +| Log4jJndiInjectionTest.java:191:80:191:87 | source(...) : String | Log4jJndiInjectionTest.java:191:71:191:87 | (...)... | provenance | Sink:MaD:48051 | +| Log4jJndiInjectionTest.java:192:65:192:72 | source(...) : String | Log4jJndiInjectionTest.java:192:56:192:72 | (...)... | provenance | Sink:MaD:2077 | +| Log4jJndiInjectionTest.java:192:65:192:72 | source(...) : String | Log4jJndiInjectionTest.java:192:56:192:72 | (...)... | provenance | Sink:MaD:48051 | +| Log4jJndiInjectionTest.java:193:50:193:57 | source(...) : String | Log4jJndiInjectionTest.java:193:41:193:57 | (...)... | provenance | Sink:MaD:2077 | +| Log4jJndiInjectionTest.java:193:50:193:57 | source(...) : String | Log4jJndiInjectionTest.java:193:41:193:57 | (...)... | provenance | Sink:MaD:48051 | +| Log4jJndiInjectionTest.java:194:125:194:132 | source(...) : String | Log4jJndiInjectionTest.java:194:116:194:132 | (...)... | provenance | Sink:MaD:2078 | +| Log4jJndiInjectionTest.java:194:125:194:132 | source(...) : String | Log4jJndiInjectionTest.java:194:116:194:132 | (...)... | provenance | Sink:MaD:48052 | +| Log4jJndiInjectionTest.java:195:110:195:117 | source(...) : String | Log4jJndiInjectionTest.java:195:101:195:117 | (...)... | provenance | Sink:MaD:2078 | +| Log4jJndiInjectionTest.java:195:110:195:117 | source(...) : String | Log4jJndiInjectionTest.java:195:101:195:117 | (...)... | provenance | Sink:MaD:48052 | +| Log4jJndiInjectionTest.java:196:95:196:102 | source(...) : String | Log4jJndiInjectionTest.java:196:86:196:102 | (...)... | provenance | Sink:MaD:2078 | +| Log4jJndiInjectionTest.java:196:95:196:102 | source(...) : String | Log4jJndiInjectionTest.java:196:86:196:102 | (...)... | provenance | Sink:MaD:48052 | +| Log4jJndiInjectionTest.java:197:80:197:87 | source(...) : String | Log4jJndiInjectionTest.java:197:71:197:87 | (...)... | provenance | Sink:MaD:2078 | +| Log4jJndiInjectionTest.java:197:80:197:87 | source(...) : String | Log4jJndiInjectionTest.java:197:71:197:87 | (...)... | provenance | Sink:MaD:48052 | +| Log4jJndiInjectionTest.java:198:65:198:72 | source(...) : String | Log4jJndiInjectionTest.java:198:56:198:72 | (...)... | provenance | Sink:MaD:2078 | +| Log4jJndiInjectionTest.java:198:65:198:72 | source(...) : String | Log4jJndiInjectionTest.java:198:56:198:72 | (...)... | provenance | Sink:MaD:48052 | +| Log4jJndiInjectionTest.java:199:50:199:57 | source(...) : String | Log4jJndiInjectionTest.java:199:41:199:57 | (...)... | provenance | Sink:MaD:2078 | +| Log4jJndiInjectionTest.java:199:50:199:57 | source(...) : String | Log4jJndiInjectionTest.java:199:41:199:57 | (...)... | provenance | Sink:MaD:48052 | +| Log4jJndiInjectionTest.java:200:140:200:147 | source(...) : String | Log4jJndiInjectionTest.java:200:131:200:147 | (...)... | provenance | Sink:MaD:2079 | +| Log4jJndiInjectionTest.java:200:140:200:147 | source(...) : String | Log4jJndiInjectionTest.java:200:131:200:147 | (...)... | provenance | Sink:MaD:48053 | +| Log4jJndiInjectionTest.java:201:125:201:132 | source(...) : String | Log4jJndiInjectionTest.java:201:116:201:132 | (...)... | provenance | Sink:MaD:2079 | +| Log4jJndiInjectionTest.java:201:125:201:132 | source(...) : String | Log4jJndiInjectionTest.java:201:116:201:132 | (...)... | provenance | Sink:MaD:48053 | +| Log4jJndiInjectionTest.java:202:110:202:117 | source(...) : String | Log4jJndiInjectionTest.java:202:101:202:117 | (...)... | provenance | Sink:MaD:2079 | +| Log4jJndiInjectionTest.java:202:110:202:117 | source(...) : String | Log4jJndiInjectionTest.java:202:101:202:117 | (...)... | provenance | Sink:MaD:48053 | +| Log4jJndiInjectionTest.java:203:95:203:102 | source(...) : String | Log4jJndiInjectionTest.java:203:86:203:102 | (...)... | provenance | Sink:MaD:2079 | +| Log4jJndiInjectionTest.java:203:95:203:102 | source(...) : String | Log4jJndiInjectionTest.java:203:86:203:102 | (...)... | provenance | Sink:MaD:48053 | +| Log4jJndiInjectionTest.java:204:80:204:87 | source(...) : String | Log4jJndiInjectionTest.java:204:71:204:87 | (...)... | provenance | Sink:MaD:2079 | +| Log4jJndiInjectionTest.java:204:80:204:87 | source(...) : String | Log4jJndiInjectionTest.java:204:71:204:87 | (...)... | provenance | Sink:MaD:48053 | +| Log4jJndiInjectionTest.java:205:65:205:72 | source(...) : String | Log4jJndiInjectionTest.java:205:56:205:72 | (...)... | provenance | Sink:MaD:2079 | +| Log4jJndiInjectionTest.java:205:65:205:72 | source(...) : String | Log4jJndiInjectionTest.java:205:56:205:72 | (...)... | provenance | Sink:MaD:48053 | +| Log4jJndiInjectionTest.java:206:50:206:57 | source(...) : String | Log4jJndiInjectionTest.java:206:41:206:57 | (...)... | provenance | Sink:MaD:2079 | +| Log4jJndiInjectionTest.java:206:50:206:57 | source(...) : String | Log4jJndiInjectionTest.java:206:41:206:57 | (...)... | provenance | Sink:MaD:48053 | +| Log4jJndiInjectionTest.java:207:155:207:162 | source(...) : String | Log4jJndiInjectionTest.java:207:146:207:162 | (...)... | provenance | Sink:MaD:2080 | +| Log4jJndiInjectionTest.java:207:155:207:162 | source(...) : String | Log4jJndiInjectionTest.java:207:146:207:162 | (...)... | provenance | Sink:MaD:48054 | +| Log4jJndiInjectionTest.java:208:140:208:147 | source(...) : String | Log4jJndiInjectionTest.java:208:131:208:147 | (...)... | provenance | Sink:MaD:2080 | +| Log4jJndiInjectionTest.java:208:140:208:147 | source(...) : String | Log4jJndiInjectionTest.java:208:131:208:147 | (...)... | provenance | Sink:MaD:48054 | +| Log4jJndiInjectionTest.java:209:125:209:132 | source(...) : String | Log4jJndiInjectionTest.java:209:116:209:132 | (...)... | provenance | Sink:MaD:2080 | +| Log4jJndiInjectionTest.java:209:125:209:132 | source(...) : String | Log4jJndiInjectionTest.java:209:116:209:132 | (...)... | provenance | Sink:MaD:48054 | +| Log4jJndiInjectionTest.java:210:110:210:117 | source(...) : String | Log4jJndiInjectionTest.java:210:101:210:117 | (...)... | provenance | Sink:MaD:2080 | +| Log4jJndiInjectionTest.java:210:110:210:117 | source(...) : String | Log4jJndiInjectionTest.java:210:101:210:117 | (...)... | provenance | Sink:MaD:48054 | +| Log4jJndiInjectionTest.java:211:95:211:102 | source(...) : String | Log4jJndiInjectionTest.java:211:86:211:102 | (...)... | provenance | Sink:MaD:2080 | +| Log4jJndiInjectionTest.java:211:95:211:102 | source(...) : String | Log4jJndiInjectionTest.java:211:86:211:102 | (...)... | provenance | Sink:MaD:48054 | +| Log4jJndiInjectionTest.java:212:80:212:87 | source(...) : String | Log4jJndiInjectionTest.java:212:71:212:87 | (...)... | provenance | Sink:MaD:2080 | +| Log4jJndiInjectionTest.java:212:80:212:87 | source(...) : String | Log4jJndiInjectionTest.java:212:71:212:87 | (...)... | provenance | Sink:MaD:48054 | +| Log4jJndiInjectionTest.java:213:65:213:72 | source(...) : String | Log4jJndiInjectionTest.java:213:56:213:72 | (...)... | provenance | Sink:MaD:2080 | +| Log4jJndiInjectionTest.java:213:65:213:72 | source(...) : String | Log4jJndiInjectionTest.java:213:56:213:72 | (...)... | provenance | Sink:MaD:48054 | +| Log4jJndiInjectionTest.java:214:50:214:57 | source(...) : String | Log4jJndiInjectionTest.java:214:41:214:57 | (...)... | provenance | Sink:MaD:2080 | +| Log4jJndiInjectionTest.java:214:50:214:57 | source(...) : String | Log4jJndiInjectionTest.java:214:41:214:57 | (...)... | provenance | Sink:MaD:48054 | +| Log4jJndiInjectionTest.java:215:170:215:177 | source(...) : String | Log4jJndiInjectionTest.java:215:161:215:177 | (...)... | provenance | Sink:MaD:2081 | +| Log4jJndiInjectionTest.java:215:170:215:177 | source(...) : String | Log4jJndiInjectionTest.java:215:161:215:177 | (...)... | provenance | Sink:MaD:48055 | +| Log4jJndiInjectionTest.java:216:155:216:162 | source(...) : String | Log4jJndiInjectionTest.java:216:146:216:162 | (...)... | provenance | Sink:MaD:2081 | +| Log4jJndiInjectionTest.java:216:155:216:162 | source(...) : String | Log4jJndiInjectionTest.java:216:146:216:162 | (...)... | provenance | Sink:MaD:48055 | +| Log4jJndiInjectionTest.java:217:140:217:147 | source(...) : String | Log4jJndiInjectionTest.java:217:131:217:147 | (...)... | provenance | Sink:MaD:2081 | +| Log4jJndiInjectionTest.java:217:140:217:147 | source(...) : String | Log4jJndiInjectionTest.java:217:131:217:147 | (...)... | provenance | Sink:MaD:48055 | +| Log4jJndiInjectionTest.java:218:125:218:132 | source(...) : String | Log4jJndiInjectionTest.java:218:116:218:132 | (...)... | provenance | Sink:MaD:2081 | +| Log4jJndiInjectionTest.java:218:125:218:132 | source(...) : String | Log4jJndiInjectionTest.java:218:116:218:132 | (...)... | provenance | Sink:MaD:48055 | +| Log4jJndiInjectionTest.java:219:110:219:117 | source(...) : String | Log4jJndiInjectionTest.java:219:101:219:117 | (...)... | provenance | Sink:MaD:2081 | +| Log4jJndiInjectionTest.java:219:110:219:117 | source(...) : String | Log4jJndiInjectionTest.java:219:101:219:117 | (...)... | provenance | Sink:MaD:48055 | +| Log4jJndiInjectionTest.java:220:95:220:102 | source(...) : String | Log4jJndiInjectionTest.java:220:86:220:102 | (...)... | provenance | Sink:MaD:2081 | +| Log4jJndiInjectionTest.java:220:95:220:102 | source(...) : String | Log4jJndiInjectionTest.java:220:86:220:102 | (...)... | provenance | Sink:MaD:48055 | +| Log4jJndiInjectionTest.java:221:80:221:87 | source(...) : String | Log4jJndiInjectionTest.java:221:71:221:87 | (...)... | provenance | Sink:MaD:2081 | +| Log4jJndiInjectionTest.java:221:80:221:87 | source(...) : String | Log4jJndiInjectionTest.java:221:71:221:87 | (...)... | provenance | Sink:MaD:48055 | +| Log4jJndiInjectionTest.java:222:65:222:72 | source(...) : String | Log4jJndiInjectionTest.java:222:56:222:72 | (...)... | provenance | Sink:MaD:2081 | +| Log4jJndiInjectionTest.java:222:65:222:72 | source(...) : String | Log4jJndiInjectionTest.java:222:56:222:72 | (...)... | provenance | Sink:MaD:48055 | +| Log4jJndiInjectionTest.java:223:50:223:57 | source(...) : String | Log4jJndiInjectionTest.java:223:41:223:57 | (...)... | provenance | Sink:MaD:2081 | +| Log4jJndiInjectionTest.java:223:50:223:57 | source(...) : String | Log4jJndiInjectionTest.java:223:41:223:57 | (...)... | provenance | Sink:MaD:48055 | +| Log4jJndiInjectionTest.java:224:185:224:192 | source(...) : String | Log4jJndiInjectionTest.java:224:176:224:192 | (...)... | provenance | Sink:MaD:2082 | +| Log4jJndiInjectionTest.java:224:185:224:192 | source(...) : String | Log4jJndiInjectionTest.java:224:176:224:192 | (...)... | provenance | Sink:MaD:48056 | +| Log4jJndiInjectionTest.java:225:170:225:177 | source(...) : String | Log4jJndiInjectionTest.java:225:161:225:177 | (...)... | provenance | Sink:MaD:2082 | +| Log4jJndiInjectionTest.java:225:170:225:177 | source(...) : String | Log4jJndiInjectionTest.java:225:161:225:177 | (...)... | provenance | Sink:MaD:48056 | +| Log4jJndiInjectionTest.java:226:155:226:162 | source(...) : String | Log4jJndiInjectionTest.java:226:146:226:162 | (...)... | provenance | Sink:MaD:2082 | +| Log4jJndiInjectionTest.java:226:155:226:162 | source(...) : String | Log4jJndiInjectionTest.java:226:146:226:162 | (...)... | provenance | Sink:MaD:48056 | +| Log4jJndiInjectionTest.java:227:140:227:147 | source(...) : String | Log4jJndiInjectionTest.java:227:131:227:147 | (...)... | provenance | Sink:MaD:2082 | +| Log4jJndiInjectionTest.java:227:140:227:147 | source(...) : String | Log4jJndiInjectionTest.java:227:131:227:147 | (...)... | provenance | Sink:MaD:48056 | +| Log4jJndiInjectionTest.java:228:125:228:132 | source(...) : String | Log4jJndiInjectionTest.java:228:116:228:132 | (...)... | provenance | Sink:MaD:2082 | +| Log4jJndiInjectionTest.java:228:125:228:132 | source(...) : String | Log4jJndiInjectionTest.java:228:116:228:132 | (...)... | provenance | Sink:MaD:48056 | +| Log4jJndiInjectionTest.java:229:110:229:117 | source(...) : String | Log4jJndiInjectionTest.java:229:101:229:117 | (...)... | provenance | Sink:MaD:2082 | +| Log4jJndiInjectionTest.java:229:110:229:117 | source(...) : String | Log4jJndiInjectionTest.java:229:101:229:117 | (...)... | provenance | Sink:MaD:48056 | +| Log4jJndiInjectionTest.java:230:95:230:102 | source(...) : String | Log4jJndiInjectionTest.java:230:86:230:102 | (...)... | provenance | Sink:MaD:2082 | +| Log4jJndiInjectionTest.java:230:95:230:102 | source(...) : String | Log4jJndiInjectionTest.java:230:86:230:102 | (...)... | provenance | Sink:MaD:48056 | +| Log4jJndiInjectionTest.java:231:80:231:87 | source(...) : String | Log4jJndiInjectionTest.java:231:71:231:87 | (...)... | provenance | Sink:MaD:2082 | +| Log4jJndiInjectionTest.java:231:80:231:87 | source(...) : String | Log4jJndiInjectionTest.java:231:71:231:87 | (...)... | provenance | Sink:MaD:48056 | +| Log4jJndiInjectionTest.java:232:65:232:72 | source(...) : String | Log4jJndiInjectionTest.java:232:56:232:72 | (...)... | provenance | Sink:MaD:2082 | +| Log4jJndiInjectionTest.java:232:65:232:72 | source(...) : String | Log4jJndiInjectionTest.java:232:56:232:72 | (...)... | provenance | Sink:MaD:48056 | +| Log4jJndiInjectionTest.java:233:50:233:57 | source(...) : String | Log4jJndiInjectionTest.java:233:41:233:57 | (...)... | provenance | Sink:MaD:2082 | +| Log4jJndiInjectionTest.java:233:50:233:57 | source(...) : String | Log4jJndiInjectionTest.java:233:41:233:57 | (...)... | provenance | Sink:MaD:48056 | +| Log4jJndiInjectionTest.java:234:50:234:57 | source(...) : String | Log4jJndiInjectionTest.java:234:41:234:57 | (...)... | provenance | Sink:MaD:2074 | +| Log4jJndiInjectionTest.java:234:50:234:57 | source(...) : String | Log4jJndiInjectionTest.java:234:41:234:57 | (...)... | provenance | Sink:MaD:48048 | +| Log4jJndiInjectionTest.java:235:70:235:77 | source(...) : String | Log4jJndiInjectionTest.java:235:56:235:77 | (...)... | provenance | Sink:MaD:2074 | +| Log4jJndiInjectionTest.java:235:70:235:77 | source(...) : String | Log4jJndiInjectionTest.java:235:56:235:77 | (...)... | provenance | Sink:MaD:48048 | +| Log4jJndiInjectionTest.java:236:50:236:57 | source(...) : String | Log4jJndiInjectionTest.java:236:41:236:57 | (...)... | provenance | Sink:MaD:2086 | +| Log4jJndiInjectionTest.java:236:50:236:57 | source(...) : String | Log4jJndiInjectionTest.java:236:41:236:57 | (...)... | provenance | Sink:MaD:48060 | +| Log4jJndiInjectionTest.java:237:55:237:62 | source(...) : String | Log4jJndiInjectionTest.java:237:41:237:62 | (...)... | provenance | Sink:MaD:2087 | +| Log4jJndiInjectionTest.java:237:55:237:62 | source(...) : String | Log4jJndiInjectionTest.java:237:41:237:62 | (...)... | provenance | Sink:MaD:48061 | +| Log4jJndiInjectionTest.java:238:55:238:62 | source(...) : String | Log4jJndiInjectionTest.java:238:41:238:62 | (...)... | provenance | Sink:MaD:2088 | +| Log4jJndiInjectionTest.java:238:55:238:62 | source(...) : String | Log4jJndiInjectionTest.java:238:41:238:62 | (...)... | provenance | Sink:MaD:48062 | +| Log4jJndiInjectionTest.java:239:44:239:51 | source(...) : String | Log4jJndiInjectionTest.java:239:26:239:51 | (...)... | provenance | Sink:MaD:2091 | +| Log4jJndiInjectionTest.java:239:44:239:51 | source(...) : String | Log4jJndiInjectionTest.java:239:26:239:51 | (...)... | provenance | Sink:MaD:48065 | +| Log4jJndiInjectionTest.java:240:44:240:51 | source(...) : String | Log4jJndiInjectionTest.java:240:26:240:51 | (...)... | provenance | Sink:MaD:2092 | +| Log4jJndiInjectionTest.java:240:44:240:51 | source(...) : String | Log4jJndiInjectionTest.java:240:26:240:51 | (...)... | provenance | Sink:MaD:48066 | +| Log4jJndiInjectionTest.java:241:36:241:43 | source(...) : String | Log4jJndiInjectionTest.java:241:26:241:43 | (...)... | provenance | Sink:MaD:2089 | +| Log4jJndiInjectionTest.java:241:36:241:43 | source(...) : String | Log4jJndiInjectionTest.java:241:26:241:43 | (...)... | provenance | Sink:MaD:48063 | +| Log4jJndiInjectionTest.java:242:36:242:43 | source(...) : String | Log4jJndiInjectionTest.java:242:26:242:43 | (...)... | provenance | Sink:MaD:2090 | +| Log4jJndiInjectionTest.java:242:36:242:43 | source(...) : String | Log4jJndiInjectionTest.java:242:26:242:43 | (...)... | provenance | Sink:MaD:48064 | +| Log4jJndiInjectionTest.java:245:35:245:42 | source(...) : String | Log4jJndiInjectionTest.java:245:26:245:42 | (...)... | provenance | Sink:MaD:2095 | +| Log4jJndiInjectionTest.java:245:35:245:42 | source(...) : String | Log4jJndiInjectionTest.java:245:26:245:42 | (...)... | provenance | Sink:MaD:48069 | +| Log4jJndiInjectionTest.java:246:35:246:42 | source(...) : String | Log4jJndiInjectionTest.java:246:26:246:42 | (...)... | provenance | Sink:MaD:2106 | +| Log4jJndiInjectionTest.java:246:35:246:42 | source(...) : String | Log4jJndiInjectionTest.java:246:26:246:42 | (...)... | provenance | Sink:MaD:48080 | +| Log4jJndiInjectionTest.java:247:41:247:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:247:41:247:63 | new Object[] | provenance | Sink:MaD:2106 | +| Log4jJndiInjectionTest.java:247:41:247:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:247:41:247:63 | new Object[] | provenance | Sink:MaD:48080 | | Log4jJndiInjectionTest.java:247:55:247:62 | source(...) : String | Log4jJndiInjectionTest.java:247:41:247:63 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:248:50:248:57 | source(...) : String | Log4jJndiInjectionTest.java:248:41:248:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:249:35:249:42 | source(...) : String | Log4jJndiInjectionTest.java:249:26:249:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:250:65:250:72 | source(...) : String | Log4jJndiInjectionTest.java:250:56:250:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:251:50:251:57 | source(...) : String | Log4jJndiInjectionTest.java:251:41:251:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:252:35:252:42 | source(...) : String | Log4jJndiInjectionTest.java:252:26:252:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:253:80:253:87 | source(...) : String | Log4jJndiInjectionTest.java:253:71:253:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:254:65:254:72 | source(...) : String | Log4jJndiInjectionTest.java:254:56:254:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:255:50:255:57 | source(...) : String | Log4jJndiInjectionTest.java:255:41:255:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:256:35:256:42 | source(...) : String | Log4jJndiInjectionTest.java:256:26:256:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:257:95:257:102 | source(...) : String | Log4jJndiInjectionTest.java:257:86:257:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:258:80:258:87 | source(...) : String | Log4jJndiInjectionTest.java:258:71:258:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:259:65:259:72 | source(...) : String | Log4jJndiInjectionTest.java:259:56:259:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:260:50:260:57 | source(...) : String | Log4jJndiInjectionTest.java:260:41:260:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:261:35:261:42 | source(...) : String | Log4jJndiInjectionTest.java:261:26:261:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:262:110:262:117 | source(...) : String | Log4jJndiInjectionTest.java:262:101:262:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:263:95:263:102 | source(...) : String | Log4jJndiInjectionTest.java:263:86:263:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:264:80:264:87 | source(...) : String | Log4jJndiInjectionTest.java:264:71:264:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:265:65:265:72 | source(...) : String | Log4jJndiInjectionTest.java:265:56:265:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:266:50:266:57 | source(...) : String | Log4jJndiInjectionTest.java:266:41:266:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:267:35:267:42 | source(...) : String | Log4jJndiInjectionTest.java:267:26:267:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:268:125:268:132 | source(...) : String | Log4jJndiInjectionTest.java:268:116:268:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:269:110:269:117 | source(...) : String | Log4jJndiInjectionTest.java:269:101:269:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:270:95:270:102 | source(...) : String | Log4jJndiInjectionTest.java:270:86:270:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:271:80:271:87 | source(...) : String | Log4jJndiInjectionTest.java:271:71:271:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:272:65:272:72 | source(...) : String | Log4jJndiInjectionTest.java:272:56:272:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:273:50:273:57 | source(...) : String | Log4jJndiInjectionTest.java:273:41:273:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:274:35:274:42 | source(...) : String | Log4jJndiInjectionTest.java:274:26:274:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:275:140:275:147 | source(...) : String | Log4jJndiInjectionTest.java:275:131:275:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:276:125:276:132 | source(...) : String | Log4jJndiInjectionTest.java:276:116:276:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:277:110:277:117 | source(...) : String | Log4jJndiInjectionTest.java:277:101:277:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:278:95:278:102 | source(...) : String | Log4jJndiInjectionTest.java:278:86:278:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:279:80:279:87 | source(...) : String | Log4jJndiInjectionTest.java:279:71:279:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:280:65:280:72 | source(...) : String | Log4jJndiInjectionTest.java:280:56:280:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:281:50:281:57 | source(...) : String | Log4jJndiInjectionTest.java:281:41:281:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:282:35:282:42 | source(...) : String | Log4jJndiInjectionTest.java:282:26:282:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:283:155:283:162 | source(...) : String | Log4jJndiInjectionTest.java:283:146:283:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:284:140:284:147 | source(...) : String | Log4jJndiInjectionTest.java:284:131:284:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:285:125:285:132 | source(...) : String | Log4jJndiInjectionTest.java:285:116:285:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:286:110:286:117 | source(...) : String | Log4jJndiInjectionTest.java:286:101:286:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:287:95:287:102 | source(...) : String | Log4jJndiInjectionTest.java:287:86:287:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:288:80:288:87 | source(...) : String | Log4jJndiInjectionTest.java:288:71:288:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:289:65:289:72 | source(...) : String | Log4jJndiInjectionTest.java:289:56:289:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:290:50:290:57 | source(...) : String | Log4jJndiInjectionTest.java:290:41:290:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:291:35:291:42 | source(...) : String | Log4jJndiInjectionTest.java:291:26:291:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:292:170:292:177 | source(...) : String | Log4jJndiInjectionTest.java:292:161:292:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:293:155:293:162 | source(...) : String | Log4jJndiInjectionTest.java:293:146:293:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:294:140:294:147 | source(...) : String | Log4jJndiInjectionTest.java:294:131:294:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:295:125:295:132 | source(...) : String | Log4jJndiInjectionTest.java:295:116:295:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:296:110:296:117 | source(...) : String | Log4jJndiInjectionTest.java:296:101:296:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:297:95:297:102 | source(...) : String | Log4jJndiInjectionTest.java:297:86:297:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:298:80:298:87 | source(...) : String | Log4jJndiInjectionTest.java:298:71:298:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:299:65:299:72 | source(...) : String | Log4jJndiInjectionTest.java:299:56:299:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:300:50:300:57 | source(...) : String | Log4jJndiInjectionTest.java:300:41:300:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:301:35:301:42 | source(...) : String | Log4jJndiInjectionTest.java:301:26:301:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:302:35:302:42 | source(...) : String | Log4jJndiInjectionTest.java:302:26:302:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:303:55:303:62 | source(...) : String | Log4jJndiInjectionTest.java:303:41:303:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:304:35:304:42 | source(...) : String | Log4jJndiInjectionTest.java:304:26:304:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:305:40:305:47 | source(...) : String | Log4jJndiInjectionTest.java:305:26:305:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:306:40:306:47 | source(...) : String | Log4jJndiInjectionTest.java:306:26:306:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:307:41:307:48 | source(...) : String | Log4jJndiInjectionTest.java:307:26:307:48 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:308:41:308:48 | source(...) : String | Log4jJndiInjectionTest.java:308:26:308:48 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:309:56:309:63 | source(...) : String | Log4jJndiInjectionTest.java:309:41:309:63 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:310:56:310:63 | source(...) : String | Log4jJndiInjectionTest.java:310:41:310:63 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:311:51:311:58 | source(...) : String | Log4jJndiInjectionTest.java:311:41:311:58 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:312:59:312:66 | source(...) : String | Log4jJndiInjectionTest.java:312:41:312:66 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:313:59:313:66 | source(...) : String | Log4jJndiInjectionTest.java:313:41:313:66 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:315:50:315:57 | source(...) : String | Log4jJndiInjectionTest.java:315:41:315:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:316:50:316:57 | source(...) : String | Log4jJndiInjectionTest.java:316:41:316:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:317:56:317:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:317:56:317:78 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:248:50:248:57 | source(...) : String | Log4jJndiInjectionTest.java:248:41:248:57 | (...)... | provenance | Sink:MaD:2096 | +| Log4jJndiInjectionTest.java:248:50:248:57 | source(...) : String | Log4jJndiInjectionTest.java:248:41:248:57 | (...)... | provenance | Sink:MaD:48070 | +| Log4jJndiInjectionTest.java:249:35:249:42 | source(...) : String | Log4jJndiInjectionTest.java:249:26:249:42 | (...)... | provenance | Sink:MaD:2096 | +| Log4jJndiInjectionTest.java:249:35:249:42 | source(...) : String | Log4jJndiInjectionTest.java:249:26:249:42 | (...)... | provenance | Sink:MaD:48070 | +| Log4jJndiInjectionTest.java:250:65:250:72 | source(...) : String | Log4jJndiInjectionTest.java:250:56:250:72 | (...)... | provenance | Sink:MaD:2097 | +| Log4jJndiInjectionTest.java:250:65:250:72 | source(...) : String | Log4jJndiInjectionTest.java:250:56:250:72 | (...)... | provenance | Sink:MaD:48071 | +| Log4jJndiInjectionTest.java:251:50:251:57 | source(...) : String | Log4jJndiInjectionTest.java:251:41:251:57 | (...)... | provenance | Sink:MaD:2097 | +| Log4jJndiInjectionTest.java:251:50:251:57 | source(...) : String | Log4jJndiInjectionTest.java:251:41:251:57 | (...)... | provenance | Sink:MaD:48071 | +| Log4jJndiInjectionTest.java:252:35:252:42 | source(...) : String | Log4jJndiInjectionTest.java:252:26:252:42 | (...)... | provenance | Sink:MaD:2097 | +| Log4jJndiInjectionTest.java:252:35:252:42 | source(...) : String | Log4jJndiInjectionTest.java:252:26:252:42 | (...)... | provenance | Sink:MaD:48071 | +| Log4jJndiInjectionTest.java:253:80:253:87 | source(...) : String | Log4jJndiInjectionTest.java:253:71:253:87 | (...)... | provenance | Sink:MaD:2098 | +| Log4jJndiInjectionTest.java:253:80:253:87 | source(...) : String | Log4jJndiInjectionTest.java:253:71:253:87 | (...)... | provenance | Sink:MaD:48072 | +| Log4jJndiInjectionTest.java:254:65:254:72 | source(...) : String | Log4jJndiInjectionTest.java:254:56:254:72 | (...)... | provenance | Sink:MaD:2098 | +| Log4jJndiInjectionTest.java:254:65:254:72 | source(...) : String | Log4jJndiInjectionTest.java:254:56:254:72 | (...)... | provenance | Sink:MaD:48072 | +| Log4jJndiInjectionTest.java:255:50:255:57 | source(...) : String | Log4jJndiInjectionTest.java:255:41:255:57 | (...)... | provenance | Sink:MaD:2098 | +| Log4jJndiInjectionTest.java:255:50:255:57 | source(...) : String | Log4jJndiInjectionTest.java:255:41:255:57 | (...)... | provenance | Sink:MaD:48072 | +| Log4jJndiInjectionTest.java:256:35:256:42 | source(...) : String | Log4jJndiInjectionTest.java:256:26:256:42 | (...)... | provenance | Sink:MaD:2098 | +| Log4jJndiInjectionTest.java:256:35:256:42 | source(...) : String | Log4jJndiInjectionTest.java:256:26:256:42 | (...)... | provenance | Sink:MaD:48072 | +| Log4jJndiInjectionTest.java:257:95:257:102 | source(...) : String | Log4jJndiInjectionTest.java:257:86:257:102 | (...)... | provenance | Sink:MaD:2099 | +| Log4jJndiInjectionTest.java:257:95:257:102 | source(...) : String | Log4jJndiInjectionTest.java:257:86:257:102 | (...)... | provenance | Sink:MaD:48073 | +| Log4jJndiInjectionTest.java:258:80:258:87 | source(...) : String | Log4jJndiInjectionTest.java:258:71:258:87 | (...)... | provenance | Sink:MaD:2099 | +| Log4jJndiInjectionTest.java:258:80:258:87 | source(...) : String | Log4jJndiInjectionTest.java:258:71:258:87 | (...)... | provenance | Sink:MaD:48073 | +| Log4jJndiInjectionTest.java:259:65:259:72 | source(...) : String | Log4jJndiInjectionTest.java:259:56:259:72 | (...)... | provenance | Sink:MaD:2099 | +| Log4jJndiInjectionTest.java:259:65:259:72 | source(...) : String | Log4jJndiInjectionTest.java:259:56:259:72 | (...)... | provenance | Sink:MaD:48073 | +| Log4jJndiInjectionTest.java:260:50:260:57 | source(...) : String | Log4jJndiInjectionTest.java:260:41:260:57 | (...)... | provenance | Sink:MaD:2099 | +| Log4jJndiInjectionTest.java:260:50:260:57 | source(...) : String | Log4jJndiInjectionTest.java:260:41:260:57 | (...)... | provenance | Sink:MaD:48073 | +| Log4jJndiInjectionTest.java:261:35:261:42 | source(...) : String | Log4jJndiInjectionTest.java:261:26:261:42 | (...)... | provenance | Sink:MaD:2099 | +| Log4jJndiInjectionTest.java:261:35:261:42 | source(...) : String | Log4jJndiInjectionTest.java:261:26:261:42 | (...)... | provenance | Sink:MaD:48073 | +| Log4jJndiInjectionTest.java:262:110:262:117 | source(...) : String | Log4jJndiInjectionTest.java:262:101:262:117 | (...)... | provenance | Sink:MaD:2100 | +| Log4jJndiInjectionTest.java:262:110:262:117 | source(...) : String | Log4jJndiInjectionTest.java:262:101:262:117 | (...)... | provenance | Sink:MaD:48074 | +| Log4jJndiInjectionTest.java:263:95:263:102 | source(...) : String | Log4jJndiInjectionTest.java:263:86:263:102 | (...)... | provenance | Sink:MaD:2100 | +| Log4jJndiInjectionTest.java:263:95:263:102 | source(...) : String | Log4jJndiInjectionTest.java:263:86:263:102 | (...)... | provenance | Sink:MaD:48074 | +| Log4jJndiInjectionTest.java:264:80:264:87 | source(...) : String | Log4jJndiInjectionTest.java:264:71:264:87 | (...)... | provenance | Sink:MaD:2100 | +| Log4jJndiInjectionTest.java:264:80:264:87 | source(...) : String | Log4jJndiInjectionTest.java:264:71:264:87 | (...)... | provenance | Sink:MaD:48074 | +| Log4jJndiInjectionTest.java:265:65:265:72 | source(...) : String | Log4jJndiInjectionTest.java:265:56:265:72 | (...)... | provenance | Sink:MaD:2100 | +| Log4jJndiInjectionTest.java:265:65:265:72 | source(...) : String | Log4jJndiInjectionTest.java:265:56:265:72 | (...)... | provenance | Sink:MaD:48074 | +| Log4jJndiInjectionTest.java:266:50:266:57 | source(...) : String | Log4jJndiInjectionTest.java:266:41:266:57 | (...)... | provenance | Sink:MaD:2100 | +| Log4jJndiInjectionTest.java:266:50:266:57 | source(...) : String | Log4jJndiInjectionTest.java:266:41:266:57 | (...)... | provenance | Sink:MaD:48074 | +| Log4jJndiInjectionTest.java:267:35:267:42 | source(...) : String | Log4jJndiInjectionTest.java:267:26:267:42 | (...)... | provenance | Sink:MaD:2100 | +| Log4jJndiInjectionTest.java:267:35:267:42 | source(...) : String | Log4jJndiInjectionTest.java:267:26:267:42 | (...)... | provenance | Sink:MaD:48074 | +| Log4jJndiInjectionTest.java:268:125:268:132 | source(...) : String | Log4jJndiInjectionTest.java:268:116:268:132 | (...)... | provenance | Sink:MaD:2101 | +| Log4jJndiInjectionTest.java:268:125:268:132 | source(...) : String | Log4jJndiInjectionTest.java:268:116:268:132 | (...)... | provenance | Sink:MaD:48075 | +| Log4jJndiInjectionTest.java:269:110:269:117 | source(...) : String | Log4jJndiInjectionTest.java:269:101:269:117 | (...)... | provenance | Sink:MaD:2101 | +| Log4jJndiInjectionTest.java:269:110:269:117 | source(...) : String | Log4jJndiInjectionTest.java:269:101:269:117 | (...)... | provenance | Sink:MaD:48075 | +| Log4jJndiInjectionTest.java:270:95:270:102 | source(...) : String | Log4jJndiInjectionTest.java:270:86:270:102 | (...)... | provenance | Sink:MaD:2101 | +| Log4jJndiInjectionTest.java:270:95:270:102 | source(...) : String | Log4jJndiInjectionTest.java:270:86:270:102 | (...)... | provenance | Sink:MaD:48075 | +| Log4jJndiInjectionTest.java:271:80:271:87 | source(...) : String | Log4jJndiInjectionTest.java:271:71:271:87 | (...)... | provenance | Sink:MaD:2101 | +| Log4jJndiInjectionTest.java:271:80:271:87 | source(...) : String | Log4jJndiInjectionTest.java:271:71:271:87 | (...)... | provenance | Sink:MaD:48075 | +| Log4jJndiInjectionTest.java:272:65:272:72 | source(...) : String | Log4jJndiInjectionTest.java:272:56:272:72 | (...)... | provenance | Sink:MaD:2101 | +| Log4jJndiInjectionTest.java:272:65:272:72 | source(...) : String | Log4jJndiInjectionTest.java:272:56:272:72 | (...)... | provenance | Sink:MaD:48075 | +| Log4jJndiInjectionTest.java:273:50:273:57 | source(...) : String | Log4jJndiInjectionTest.java:273:41:273:57 | (...)... | provenance | Sink:MaD:2101 | +| Log4jJndiInjectionTest.java:273:50:273:57 | source(...) : String | Log4jJndiInjectionTest.java:273:41:273:57 | (...)... | provenance | Sink:MaD:48075 | +| Log4jJndiInjectionTest.java:274:35:274:42 | source(...) : String | Log4jJndiInjectionTest.java:274:26:274:42 | (...)... | provenance | Sink:MaD:2101 | +| Log4jJndiInjectionTest.java:274:35:274:42 | source(...) : String | Log4jJndiInjectionTest.java:274:26:274:42 | (...)... | provenance | Sink:MaD:48075 | +| Log4jJndiInjectionTest.java:275:140:275:147 | source(...) : String | Log4jJndiInjectionTest.java:275:131:275:147 | (...)... | provenance | Sink:MaD:2102 | +| Log4jJndiInjectionTest.java:275:140:275:147 | source(...) : String | Log4jJndiInjectionTest.java:275:131:275:147 | (...)... | provenance | Sink:MaD:48076 | +| Log4jJndiInjectionTest.java:276:125:276:132 | source(...) : String | Log4jJndiInjectionTest.java:276:116:276:132 | (...)... | provenance | Sink:MaD:2102 | +| Log4jJndiInjectionTest.java:276:125:276:132 | source(...) : String | Log4jJndiInjectionTest.java:276:116:276:132 | (...)... | provenance | Sink:MaD:48076 | +| Log4jJndiInjectionTest.java:277:110:277:117 | source(...) : String | Log4jJndiInjectionTest.java:277:101:277:117 | (...)... | provenance | Sink:MaD:2102 | +| Log4jJndiInjectionTest.java:277:110:277:117 | source(...) : String | Log4jJndiInjectionTest.java:277:101:277:117 | (...)... | provenance | Sink:MaD:48076 | +| Log4jJndiInjectionTest.java:278:95:278:102 | source(...) : String | Log4jJndiInjectionTest.java:278:86:278:102 | (...)... | provenance | Sink:MaD:2102 | +| Log4jJndiInjectionTest.java:278:95:278:102 | source(...) : String | Log4jJndiInjectionTest.java:278:86:278:102 | (...)... | provenance | Sink:MaD:48076 | +| Log4jJndiInjectionTest.java:279:80:279:87 | source(...) : String | Log4jJndiInjectionTest.java:279:71:279:87 | (...)... | provenance | Sink:MaD:2102 | +| Log4jJndiInjectionTest.java:279:80:279:87 | source(...) : String | Log4jJndiInjectionTest.java:279:71:279:87 | (...)... | provenance | Sink:MaD:48076 | +| Log4jJndiInjectionTest.java:280:65:280:72 | source(...) : String | Log4jJndiInjectionTest.java:280:56:280:72 | (...)... | provenance | Sink:MaD:2102 | +| Log4jJndiInjectionTest.java:280:65:280:72 | source(...) : String | Log4jJndiInjectionTest.java:280:56:280:72 | (...)... | provenance | Sink:MaD:48076 | +| Log4jJndiInjectionTest.java:281:50:281:57 | source(...) : String | Log4jJndiInjectionTest.java:281:41:281:57 | (...)... | provenance | Sink:MaD:2102 | +| Log4jJndiInjectionTest.java:281:50:281:57 | source(...) : String | Log4jJndiInjectionTest.java:281:41:281:57 | (...)... | provenance | Sink:MaD:48076 | +| Log4jJndiInjectionTest.java:282:35:282:42 | source(...) : String | Log4jJndiInjectionTest.java:282:26:282:42 | (...)... | provenance | Sink:MaD:2102 | +| Log4jJndiInjectionTest.java:282:35:282:42 | source(...) : String | Log4jJndiInjectionTest.java:282:26:282:42 | (...)... | provenance | Sink:MaD:48076 | +| Log4jJndiInjectionTest.java:283:155:283:162 | source(...) : String | Log4jJndiInjectionTest.java:283:146:283:162 | (...)... | provenance | Sink:MaD:2103 | +| Log4jJndiInjectionTest.java:283:155:283:162 | source(...) : String | Log4jJndiInjectionTest.java:283:146:283:162 | (...)... | provenance | Sink:MaD:48077 | +| Log4jJndiInjectionTest.java:284:140:284:147 | source(...) : String | Log4jJndiInjectionTest.java:284:131:284:147 | (...)... | provenance | Sink:MaD:2103 | +| Log4jJndiInjectionTest.java:284:140:284:147 | source(...) : String | Log4jJndiInjectionTest.java:284:131:284:147 | (...)... | provenance | Sink:MaD:48077 | +| Log4jJndiInjectionTest.java:285:125:285:132 | source(...) : String | Log4jJndiInjectionTest.java:285:116:285:132 | (...)... | provenance | Sink:MaD:2103 | +| Log4jJndiInjectionTest.java:285:125:285:132 | source(...) : String | Log4jJndiInjectionTest.java:285:116:285:132 | (...)... | provenance | Sink:MaD:48077 | +| Log4jJndiInjectionTest.java:286:110:286:117 | source(...) : String | Log4jJndiInjectionTest.java:286:101:286:117 | (...)... | provenance | Sink:MaD:2103 | +| Log4jJndiInjectionTest.java:286:110:286:117 | source(...) : String | Log4jJndiInjectionTest.java:286:101:286:117 | (...)... | provenance | Sink:MaD:48077 | +| Log4jJndiInjectionTest.java:287:95:287:102 | source(...) : String | Log4jJndiInjectionTest.java:287:86:287:102 | (...)... | provenance | Sink:MaD:2103 | +| Log4jJndiInjectionTest.java:287:95:287:102 | source(...) : String | Log4jJndiInjectionTest.java:287:86:287:102 | (...)... | provenance | Sink:MaD:48077 | +| Log4jJndiInjectionTest.java:288:80:288:87 | source(...) : String | Log4jJndiInjectionTest.java:288:71:288:87 | (...)... | provenance | Sink:MaD:2103 | +| Log4jJndiInjectionTest.java:288:80:288:87 | source(...) : String | Log4jJndiInjectionTest.java:288:71:288:87 | (...)... | provenance | Sink:MaD:48077 | +| Log4jJndiInjectionTest.java:289:65:289:72 | source(...) : String | Log4jJndiInjectionTest.java:289:56:289:72 | (...)... | provenance | Sink:MaD:2103 | +| Log4jJndiInjectionTest.java:289:65:289:72 | source(...) : String | Log4jJndiInjectionTest.java:289:56:289:72 | (...)... | provenance | Sink:MaD:48077 | +| Log4jJndiInjectionTest.java:290:50:290:57 | source(...) : String | Log4jJndiInjectionTest.java:290:41:290:57 | (...)... | provenance | Sink:MaD:2103 | +| Log4jJndiInjectionTest.java:290:50:290:57 | source(...) : String | Log4jJndiInjectionTest.java:290:41:290:57 | (...)... | provenance | Sink:MaD:48077 | +| Log4jJndiInjectionTest.java:291:35:291:42 | source(...) : String | Log4jJndiInjectionTest.java:291:26:291:42 | (...)... | provenance | Sink:MaD:2103 | +| Log4jJndiInjectionTest.java:291:35:291:42 | source(...) : String | Log4jJndiInjectionTest.java:291:26:291:42 | (...)... | provenance | Sink:MaD:48077 | +| Log4jJndiInjectionTest.java:292:170:292:177 | source(...) : String | Log4jJndiInjectionTest.java:292:161:292:177 | (...)... | provenance | Sink:MaD:2104 | +| Log4jJndiInjectionTest.java:292:170:292:177 | source(...) : String | Log4jJndiInjectionTest.java:292:161:292:177 | (...)... | provenance | Sink:MaD:48078 | +| Log4jJndiInjectionTest.java:293:155:293:162 | source(...) : String | Log4jJndiInjectionTest.java:293:146:293:162 | (...)... | provenance | Sink:MaD:2104 | +| Log4jJndiInjectionTest.java:293:155:293:162 | source(...) : String | Log4jJndiInjectionTest.java:293:146:293:162 | (...)... | provenance | Sink:MaD:48078 | +| Log4jJndiInjectionTest.java:294:140:294:147 | source(...) : String | Log4jJndiInjectionTest.java:294:131:294:147 | (...)... | provenance | Sink:MaD:2104 | +| Log4jJndiInjectionTest.java:294:140:294:147 | source(...) : String | Log4jJndiInjectionTest.java:294:131:294:147 | (...)... | provenance | Sink:MaD:48078 | +| Log4jJndiInjectionTest.java:295:125:295:132 | source(...) : String | Log4jJndiInjectionTest.java:295:116:295:132 | (...)... | provenance | Sink:MaD:2104 | +| Log4jJndiInjectionTest.java:295:125:295:132 | source(...) : String | Log4jJndiInjectionTest.java:295:116:295:132 | (...)... | provenance | Sink:MaD:48078 | +| Log4jJndiInjectionTest.java:296:110:296:117 | source(...) : String | Log4jJndiInjectionTest.java:296:101:296:117 | (...)... | provenance | Sink:MaD:2104 | +| Log4jJndiInjectionTest.java:296:110:296:117 | source(...) : String | Log4jJndiInjectionTest.java:296:101:296:117 | (...)... | provenance | Sink:MaD:48078 | +| Log4jJndiInjectionTest.java:297:95:297:102 | source(...) : String | Log4jJndiInjectionTest.java:297:86:297:102 | (...)... | provenance | Sink:MaD:2104 | +| Log4jJndiInjectionTest.java:297:95:297:102 | source(...) : String | Log4jJndiInjectionTest.java:297:86:297:102 | (...)... | provenance | Sink:MaD:48078 | +| Log4jJndiInjectionTest.java:298:80:298:87 | source(...) : String | Log4jJndiInjectionTest.java:298:71:298:87 | (...)... | provenance | Sink:MaD:2104 | +| Log4jJndiInjectionTest.java:298:80:298:87 | source(...) : String | Log4jJndiInjectionTest.java:298:71:298:87 | (...)... | provenance | Sink:MaD:48078 | +| Log4jJndiInjectionTest.java:299:65:299:72 | source(...) : String | Log4jJndiInjectionTest.java:299:56:299:72 | (...)... | provenance | Sink:MaD:2104 | +| Log4jJndiInjectionTest.java:299:65:299:72 | source(...) : String | Log4jJndiInjectionTest.java:299:56:299:72 | (...)... | provenance | Sink:MaD:48078 | +| Log4jJndiInjectionTest.java:300:50:300:57 | source(...) : String | Log4jJndiInjectionTest.java:300:41:300:57 | (...)... | provenance | Sink:MaD:2104 | +| Log4jJndiInjectionTest.java:300:50:300:57 | source(...) : String | Log4jJndiInjectionTest.java:300:41:300:57 | (...)... | provenance | Sink:MaD:48078 | +| Log4jJndiInjectionTest.java:301:35:301:42 | source(...) : String | Log4jJndiInjectionTest.java:301:26:301:42 | (...)... | provenance | Sink:MaD:2104 | +| Log4jJndiInjectionTest.java:301:35:301:42 | source(...) : String | Log4jJndiInjectionTest.java:301:26:301:42 | (...)... | provenance | Sink:MaD:48078 | +| Log4jJndiInjectionTest.java:302:35:302:42 | source(...) : String | Log4jJndiInjectionTest.java:302:26:302:42 | (...)... | provenance | Sink:MaD:2096 | +| Log4jJndiInjectionTest.java:302:35:302:42 | source(...) : String | Log4jJndiInjectionTest.java:302:26:302:42 | (...)... | provenance | Sink:MaD:48070 | +| Log4jJndiInjectionTest.java:303:55:303:62 | source(...) : String | Log4jJndiInjectionTest.java:303:41:303:62 | (...)... | provenance | Sink:MaD:2096 | +| Log4jJndiInjectionTest.java:303:55:303:62 | source(...) : String | Log4jJndiInjectionTest.java:303:41:303:62 | (...)... | provenance | Sink:MaD:48070 | +| Log4jJndiInjectionTest.java:304:35:304:42 | source(...) : String | Log4jJndiInjectionTest.java:304:26:304:42 | (...)... | provenance | Sink:MaD:2108 | +| Log4jJndiInjectionTest.java:304:35:304:42 | source(...) : String | Log4jJndiInjectionTest.java:304:26:304:42 | (...)... | provenance | Sink:MaD:48082 | +| Log4jJndiInjectionTest.java:305:40:305:47 | source(...) : String | Log4jJndiInjectionTest.java:305:26:305:47 | (...)... | provenance | Sink:MaD:2109 | +| Log4jJndiInjectionTest.java:305:40:305:47 | source(...) : String | Log4jJndiInjectionTest.java:305:26:305:47 | (...)... | provenance | Sink:MaD:48083 | +| Log4jJndiInjectionTest.java:306:40:306:47 | source(...) : String | Log4jJndiInjectionTest.java:306:26:306:47 | (...)... | provenance | Sink:MaD:2110 | +| Log4jJndiInjectionTest.java:306:40:306:47 | source(...) : String | Log4jJndiInjectionTest.java:306:26:306:47 | (...)... | provenance | Sink:MaD:48084 | +| Log4jJndiInjectionTest.java:307:41:307:48 | source(...) : String | Log4jJndiInjectionTest.java:307:26:307:48 | (...)... | provenance | Sink:MaD:2111 | +| Log4jJndiInjectionTest.java:307:41:307:48 | source(...) : String | Log4jJndiInjectionTest.java:307:26:307:48 | (...)... | provenance | Sink:MaD:48085 | +| Log4jJndiInjectionTest.java:308:41:308:48 | source(...) : String | Log4jJndiInjectionTest.java:308:26:308:48 | (...)... | provenance | Sink:MaD:2112 | +| Log4jJndiInjectionTest.java:308:41:308:48 | source(...) : String | Log4jJndiInjectionTest.java:308:26:308:48 | (...)... | provenance | Sink:MaD:48086 | +| Log4jJndiInjectionTest.java:309:56:309:63 | source(...) : String | Log4jJndiInjectionTest.java:309:41:309:63 | (...)... | provenance | Sink:MaD:2113 | +| Log4jJndiInjectionTest.java:309:56:309:63 | source(...) : String | Log4jJndiInjectionTest.java:309:41:309:63 | (...)... | provenance | Sink:MaD:48087 | +| Log4jJndiInjectionTest.java:310:56:310:63 | source(...) : String | Log4jJndiInjectionTest.java:310:41:310:63 | (...)... | provenance | Sink:MaD:2114 | +| Log4jJndiInjectionTest.java:310:56:310:63 | source(...) : String | Log4jJndiInjectionTest.java:310:41:310:63 | (...)... | provenance | Sink:MaD:48088 | +| Log4jJndiInjectionTest.java:311:51:311:58 | source(...) : String | Log4jJndiInjectionTest.java:311:41:311:58 | (...)... | provenance | Sink:MaD:2115 | +| Log4jJndiInjectionTest.java:311:51:311:58 | source(...) : String | Log4jJndiInjectionTest.java:311:41:311:58 | (...)... | provenance | Sink:MaD:48089 | +| Log4jJndiInjectionTest.java:312:59:312:66 | source(...) : String | Log4jJndiInjectionTest.java:312:41:312:66 | (...)... | provenance | Sink:MaD:2116 | +| Log4jJndiInjectionTest.java:312:59:312:66 | source(...) : String | Log4jJndiInjectionTest.java:312:41:312:66 | (...)... | provenance | Sink:MaD:48090 | +| Log4jJndiInjectionTest.java:313:59:313:66 | source(...) : String | Log4jJndiInjectionTest.java:313:41:313:66 | (...)... | provenance | Sink:MaD:2117 | +| Log4jJndiInjectionTest.java:313:59:313:66 | source(...) : String | Log4jJndiInjectionTest.java:313:41:313:66 | (...)... | provenance | Sink:MaD:48091 | +| Log4jJndiInjectionTest.java:315:50:315:57 | source(...) : String | Log4jJndiInjectionTest.java:315:41:315:57 | (...)... | provenance | Sink:MaD:2120 | +| Log4jJndiInjectionTest.java:315:50:315:57 | source(...) : String | Log4jJndiInjectionTest.java:315:41:315:57 | (...)... | provenance | Sink:MaD:48094 | +| Log4jJndiInjectionTest.java:316:50:316:57 | source(...) : String | Log4jJndiInjectionTest.java:316:41:316:57 | (...)... | provenance | Sink:MaD:2131 | +| Log4jJndiInjectionTest.java:316:50:316:57 | source(...) : String | Log4jJndiInjectionTest.java:316:41:316:57 | (...)... | provenance | Sink:MaD:48105 | +| Log4jJndiInjectionTest.java:317:56:317:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:317:56:317:78 | new Object[] | provenance | Sink:MaD:2131 | +| Log4jJndiInjectionTest.java:317:56:317:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:317:56:317:78 | new Object[] | provenance | Sink:MaD:48105 | | Log4jJndiInjectionTest.java:317:70:317:77 | source(...) : String | Log4jJndiInjectionTest.java:317:56:317:78 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:318:65:318:72 | source(...) : String | Log4jJndiInjectionTest.java:318:56:318:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:319:50:319:57 | source(...) : String | Log4jJndiInjectionTest.java:319:41:319:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:320:80:320:87 | source(...) : String | Log4jJndiInjectionTest.java:320:71:320:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:321:65:321:72 | source(...) : String | Log4jJndiInjectionTest.java:321:56:321:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:322:50:322:57 | source(...) : String | Log4jJndiInjectionTest.java:322:41:322:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:323:95:323:102 | source(...) : String | Log4jJndiInjectionTest.java:323:86:323:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:324:80:324:87 | source(...) : String | Log4jJndiInjectionTest.java:324:71:324:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:325:65:325:72 | source(...) : String | Log4jJndiInjectionTest.java:325:56:325:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:326:50:326:57 | source(...) : String | Log4jJndiInjectionTest.java:326:41:326:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:327:110:327:117 | source(...) : String | Log4jJndiInjectionTest.java:327:101:327:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:328:95:328:102 | source(...) : String | Log4jJndiInjectionTest.java:328:86:328:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:329:80:329:87 | source(...) : String | Log4jJndiInjectionTest.java:329:71:329:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:330:65:330:72 | source(...) : String | Log4jJndiInjectionTest.java:330:56:330:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:331:50:331:57 | source(...) : String | Log4jJndiInjectionTest.java:331:41:331:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:332:125:332:132 | source(...) : String | Log4jJndiInjectionTest.java:332:116:332:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:333:110:333:117 | source(...) : String | Log4jJndiInjectionTest.java:333:101:333:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:334:95:334:102 | source(...) : String | Log4jJndiInjectionTest.java:334:86:334:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:335:80:335:87 | source(...) : String | Log4jJndiInjectionTest.java:335:71:335:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:336:65:336:72 | source(...) : String | Log4jJndiInjectionTest.java:336:56:336:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:337:50:337:57 | source(...) : String | Log4jJndiInjectionTest.java:337:41:337:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:338:140:338:147 | source(...) : String | Log4jJndiInjectionTest.java:338:131:338:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:339:125:339:132 | source(...) : String | Log4jJndiInjectionTest.java:339:116:339:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:340:110:340:117 | source(...) : String | Log4jJndiInjectionTest.java:340:101:340:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:341:95:341:102 | source(...) : String | Log4jJndiInjectionTest.java:341:86:341:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:342:80:342:87 | source(...) : String | Log4jJndiInjectionTest.java:342:71:342:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:343:65:343:72 | source(...) : String | Log4jJndiInjectionTest.java:343:56:343:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:344:50:344:57 | source(...) : String | Log4jJndiInjectionTest.java:344:41:344:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:345:155:345:162 | source(...) : String | Log4jJndiInjectionTest.java:345:146:345:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:346:140:346:147 | source(...) : String | Log4jJndiInjectionTest.java:346:131:346:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:347:125:347:132 | source(...) : String | Log4jJndiInjectionTest.java:347:116:347:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:348:110:348:117 | source(...) : String | Log4jJndiInjectionTest.java:348:101:348:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:349:95:349:102 | source(...) : String | Log4jJndiInjectionTest.java:349:86:349:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:350:80:350:87 | source(...) : String | Log4jJndiInjectionTest.java:350:71:350:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:351:65:351:72 | source(...) : String | Log4jJndiInjectionTest.java:351:56:351:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:352:50:352:57 | source(...) : String | Log4jJndiInjectionTest.java:352:41:352:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:353:170:353:177 | source(...) : String | Log4jJndiInjectionTest.java:353:161:353:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:354:155:354:162 | source(...) : String | Log4jJndiInjectionTest.java:354:146:354:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:355:140:355:147 | source(...) : String | Log4jJndiInjectionTest.java:355:131:355:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:356:125:356:132 | source(...) : String | Log4jJndiInjectionTest.java:356:116:356:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:357:110:357:117 | source(...) : String | Log4jJndiInjectionTest.java:357:101:357:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:358:95:358:102 | source(...) : String | Log4jJndiInjectionTest.java:358:86:358:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:359:80:359:87 | source(...) : String | Log4jJndiInjectionTest.java:359:71:359:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:360:65:360:72 | source(...) : String | Log4jJndiInjectionTest.java:360:56:360:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:361:50:361:57 | source(...) : String | Log4jJndiInjectionTest.java:361:41:361:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:362:185:362:192 | source(...) : String | Log4jJndiInjectionTest.java:362:176:362:192 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:363:170:363:177 | source(...) : String | Log4jJndiInjectionTest.java:363:161:363:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:364:155:364:162 | source(...) : String | Log4jJndiInjectionTest.java:364:146:364:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:365:140:365:147 | source(...) : String | Log4jJndiInjectionTest.java:365:131:365:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:366:125:366:132 | source(...) : String | Log4jJndiInjectionTest.java:366:116:366:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:367:110:367:117 | source(...) : String | Log4jJndiInjectionTest.java:367:101:367:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:368:95:368:102 | source(...) : String | Log4jJndiInjectionTest.java:368:86:368:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:369:80:369:87 | source(...) : String | Log4jJndiInjectionTest.java:369:71:369:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:370:65:370:72 | source(...) : String | Log4jJndiInjectionTest.java:370:56:370:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:371:50:371:57 | source(...) : String | Log4jJndiInjectionTest.java:371:41:371:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:372:50:372:57 | source(...) : String | Log4jJndiInjectionTest.java:372:41:372:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:373:70:373:77 | source(...) : String | Log4jJndiInjectionTest.java:373:56:373:77 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:374:50:374:57 | source(...) : String | Log4jJndiInjectionTest.java:374:41:374:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:375:55:375:62 | source(...) : String | Log4jJndiInjectionTest.java:375:41:375:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:376:55:376:62 | source(...) : String | Log4jJndiInjectionTest.java:376:41:376:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:377:44:377:51 | source(...) : String | Log4jJndiInjectionTest.java:377:26:377:51 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:378:44:378:51 | source(...) : String | Log4jJndiInjectionTest.java:378:26:378:51 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:379:36:379:43 | source(...) : String | Log4jJndiInjectionTest.java:379:26:379:43 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:380:36:380:43 | source(...) : String | Log4jJndiInjectionTest.java:380:26:380:43 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:383:35:383:42 | source(...) : String | Log4jJndiInjectionTest.java:383:26:383:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:384:35:384:42 | source(...) : String | Log4jJndiInjectionTest.java:384:26:384:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:385:41:385:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:385:41:385:63 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:318:65:318:72 | source(...) : String | Log4jJndiInjectionTest.java:318:56:318:72 | (...)... | provenance | Sink:MaD:2121 | +| Log4jJndiInjectionTest.java:318:65:318:72 | source(...) : String | Log4jJndiInjectionTest.java:318:56:318:72 | (...)... | provenance | Sink:MaD:48095 | +| Log4jJndiInjectionTest.java:319:50:319:57 | source(...) : String | Log4jJndiInjectionTest.java:319:41:319:57 | (...)... | provenance | Sink:MaD:2121 | +| Log4jJndiInjectionTest.java:319:50:319:57 | source(...) : String | Log4jJndiInjectionTest.java:319:41:319:57 | (...)... | provenance | Sink:MaD:48095 | +| Log4jJndiInjectionTest.java:320:80:320:87 | source(...) : String | Log4jJndiInjectionTest.java:320:71:320:87 | (...)... | provenance | Sink:MaD:2122 | +| Log4jJndiInjectionTest.java:320:80:320:87 | source(...) : String | Log4jJndiInjectionTest.java:320:71:320:87 | (...)... | provenance | Sink:MaD:48096 | +| Log4jJndiInjectionTest.java:321:65:321:72 | source(...) : String | Log4jJndiInjectionTest.java:321:56:321:72 | (...)... | provenance | Sink:MaD:2122 | +| Log4jJndiInjectionTest.java:321:65:321:72 | source(...) : String | Log4jJndiInjectionTest.java:321:56:321:72 | (...)... | provenance | Sink:MaD:48096 | +| Log4jJndiInjectionTest.java:322:50:322:57 | source(...) : String | Log4jJndiInjectionTest.java:322:41:322:57 | (...)... | provenance | Sink:MaD:2122 | +| Log4jJndiInjectionTest.java:322:50:322:57 | source(...) : String | Log4jJndiInjectionTest.java:322:41:322:57 | (...)... | provenance | Sink:MaD:48096 | +| Log4jJndiInjectionTest.java:323:95:323:102 | source(...) : String | Log4jJndiInjectionTest.java:323:86:323:102 | (...)... | provenance | Sink:MaD:2123 | +| Log4jJndiInjectionTest.java:323:95:323:102 | source(...) : String | Log4jJndiInjectionTest.java:323:86:323:102 | (...)... | provenance | Sink:MaD:48097 | +| Log4jJndiInjectionTest.java:324:80:324:87 | source(...) : String | Log4jJndiInjectionTest.java:324:71:324:87 | (...)... | provenance | Sink:MaD:2123 | +| Log4jJndiInjectionTest.java:324:80:324:87 | source(...) : String | Log4jJndiInjectionTest.java:324:71:324:87 | (...)... | provenance | Sink:MaD:48097 | +| Log4jJndiInjectionTest.java:325:65:325:72 | source(...) : String | Log4jJndiInjectionTest.java:325:56:325:72 | (...)... | provenance | Sink:MaD:2123 | +| Log4jJndiInjectionTest.java:325:65:325:72 | source(...) : String | Log4jJndiInjectionTest.java:325:56:325:72 | (...)... | provenance | Sink:MaD:48097 | +| Log4jJndiInjectionTest.java:326:50:326:57 | source(...) : String | Log4jJndiInjectionTest.java:326:41:326:57 | (...)... | provenance | Sink:MaD:2123 | +| Log4jJndiInjectionTest.java:326:50:326:57 | source(...) : String | Log4jJndiInjectionTest.java:326:41:326:57 | (...)... | provenance | Sink:MaD:48097 | +| Log4jJndiInjectionTest.java:327:110:327:117 | source(...) : String | Log4jJndiInjectionTest.java:327:101:327:117 | (...)... | provenance | Sink:MaD:2124 | +| Log4jJndiInjectionTest.java:327:110:327:117 | source(...) : String | Log4jJndiInjectionTest.java:327:101:327:117 | (...)... | provenance | Sink:MaD:48098 | +| Log4jJndiInjectionTest.java:328:95:328:102 | source(...) : String | Log4jJndiInjectionTest.java:328:86:328:102 | (...)... | provenance | Sink:MaD:2124 | +| Log4jJndiInjectionTest.java:328:95:328:102 | source(...) : String | Log4jJndiInjectionTest.java:328:86:328:102 | (...)... | provenance | Sink:MaD:48098 | +| Log4jJndiInjectionTest.java:329:80:329:87 | source(...) : String | Log4jJndiInjectionTest.java:329:71:329:87 | (...)... | provenance | Sink:MaD:2124 | +| Log4jJndiInjectionTest.java:329:80:329:87 | source(...) : String | Log4jJndiInjectionTest.java:329:71:329:87 | (...)... | provenance | Sink:MaD:48098 | +| Log4jJndiInjectionTest.java:330:65:330:72 | source(...) : String | Log4jJndiInjectionTest.java:330:56:330:72 | (...)... | provenance | Sink:MaD:2124 | +| Log4jJndiInjectionTest.java:330:65:330:72 | source(...) : String | Log4jJndiInjectionTest.java:330:56:330:72 | (...)... | provenance | Sink:MaD:48098 | +| Log4jJndiInjectionTest.java:331:50:331:57 | source(...) : String | Log4jJndiInjectionTest.java:331:41:331:57 | (...)... | provenance | Sink:MaD:2124 | +| Log4jJndiInjectionTest.java:331:50:331:57 | source(...) : String | Log4jJndiInjectionTest.java:331:41:331:57 | (...)... | provenance | Sink:MaD:48098 | +| Log4jJndiInjectionTest.java:332:125:332:132 | source(...) : String | Log4jJndiInjectionTest.java:332:116:332:132 | (...)... | provenance | Sink:MaD:2125 | +| Log4jJndiInjectionTest.java:332:125:332:132 | source(...) : String | Log4jJndiInjectionTest.java:332:116:332:132 | (...)... | provenance | Sink:MaD:48099 | +| Log4jJndiInjectionTest.java:333:110:333:117 | source(...) : String | Log4jJndiInjectionTest.java:333:101:333:117 | (...)... | provenance | Sink:MaD:2125 | +| Log4jJndiInjectionTest.java:333:110:333:117 | source(...) : String | Log4jJndiInjectionTest.java:333:101:333:117 | (...)... | provenance | Sink:MaD:48099 | +| Log4jJndiInjectionTest.java:334:95:334:102 | source(...) : String | Log4jJndiInjectionTest.java:334:86:334:102 | (...)... | provenance | Sink:MaD:2125 | +| Log4jJndiInjectionTest.java:334:95:334:102 | source(...) : String | Log4jJndiInjectionTest.java:334:86:334:102 | (...)... | provenance | Sink:MaD:48099 | +| Log4jJndiInjectionTest.java:335:80:335:87 | source(...) : String | Log4jJndiInjectionTest.java:335:71:335:87 | (...)... | provenance | Sink:MaD:2125 | +| Log4jJndiInjectionTest.java:335:80:335:87 | source(...) : String | Log4jJndiInjectionTest.java:335:71:335:87 | (...)... | provenance | Sink:MaD:48099 | +| Log4jJndiInjectionTest.java:336:65:336:72 | source(...) : String | Log4jJndiInjectionTest.java:336:56:336:72 | (...)... | provenance | Sink:MaD:2125 | +| Log4jJndiInjectionTest.java:336:65:336:72 | source(...) : String | Log4jJndiInjectionTest.java:336:56:336:72 | (...)... | provenance | Sink:MaD:48099 | +| Log4jJndiInjectionTest.java:337:50:337:57 | source(...) : String | Log4jJndiInjectionTest.java:337:41:337:57 | (...)... | provenance | Sink:MaD:2125 | +| Log4jJndiInjectionTest.java:337:50:337:57 | source(...) : String | Log4jJndiInjectionTest.java:337:41:337:57 | (...)... | provenance | Sink:MaD:48099 | +| Log4jJndiInjectionTest.java:338:140:338:147 | source(...) : String | Log4jJndiInjectionTest.java:338:131:338:147 | (...)... | provenance | Sink:MaD:2126 | +| Log4jJndiInjectionTest.java:338:140:338:147 | source(...) : String | Log4jJndiInjectionTest.java:338:131:338:147 | (...)... | provenance | Sink:MaD:48100 | +| Log4jJndiInjectionTest.java:339:125:339:132 | source(...) : String | Log4jJndiInjectionTest.java:339:116:339:132 | (...)... | provenance | Sink:MaD:2126 | +| Log4jJndiInjectionTest.java:339:125:339:132 | source(...) : String | Log4jJndiInjectionTest.java:339:116:339:132 | (...)... | provenance | Sink:MaD:48100 | +| Log4jJndiInjectionTest.java:340:110:340:117 | source(...) : String | Log4jJndiInjectionTest.java:340:101:340:117 | (...)... | provenance | Sink:MaD:2126 | +| Log4jJndiInjectionTest.java:340:110:340:117 | source(...) : String | Log4jJndiInjectionTest.java:340:101:340:117 | (...)... | provenance | Sink:MaD:48100 | +| Log4jJndiInjectionTest.java:341:95:341:102 | source(...) : String | Log4jJndiInjectionTest.java:341:86:341:102 | (...)... | provenance | Sink:MaD:2126 | +| Log4jJndiInjectionTest.java:341:95:341:102 | source(...) : String | Log4jJndiInjectionTest.java:341:86:341:102 | (...)... | provenance | Sink:MaD:48100 | +| Log4jJndiInjectionTest.java:342:80:342:87 | source(...) : String | Log4jJndiInjectionTest.java:342:71:342:87 | (...)... | provenance | Sink:MaD:2126 | +| Log4jJndiInjectionTest.java:342:80:342:87 | source(...) : String | Log4jJndiInjectionTest.java:342:71:342:87 | (...)... | provenance | Sink:MaD:48100 | +| Log4jJndiInjectionTest.java:343:65:343:72 | source(...) : String | Log4jJndiInjectionTest.java:343:56:343:72 | (...)... | provenance | Sink:MaD:2126 | +| Log4jJndiInjectionTest.java:343:65:343:72 | source(...) : String | Log4jJndiInjectionTest.java:343:56:343:72 | (...)... | provenance | Sink:MaD:48100 | +| Log4jJndiInjectionTest.java:344:50:344:57 | source(...) : String | Log4jJndiInjectionTest.java:344:41:344:57 | (...)... | provenance | Sink:MaD:2126 | +| Log4jJndiInjectionTest.java:344:50:344:57 | source(...) : String | Log4jJndiInjectionTest.java:344:41:344:57 | (...)... | provenance | Sink:MaD:48100 | +| Log4jJndiInjectionTest.java:345:155:345:162 | source(...) : String | Log4jJndiInjectionTest.java:345:146:345:162 | (...)... | provenance | Sink:MaD:2127 | +| Log4jJndiInjectionTest.java:345:155:345:162 | source(...) : String | Log4jJndiInjectionTest.java:345:146:345:162 | (...)... | provenance | Sink:MaD:48101 | +| Log4jJndiInjectionTest.java:346:140:346:147 | source(...) : String | Log4jJndiInjectionTest.java:346:131:346:147 | (...)... | provenance | Sink:MaD:2127 | +| Log4jJndiInjectionTest.java:346:140:346:147 | source(...) : String | Log4jJndiInjectionTest.java:346:131:346:147 | (...)... | provenance | Sink:MaD:48101 | +| Log4jJndiInjectionTest.java:347:125:347:132 | source(...) : String | Log4jJndiInjectionTest.java:347:116:347:132 | (...)... | provenance | Sink:MaD:2127 | +| Log4jJndiInjectionTest.java:347:125:347:132 | source(...) : String | Log4jJndiInjectionTest.java:347:116:347:132 | (...)... | provenance | Sink:MaD:48101 | +| Log4jJndiInjectionTest.java:348:110:348:117 | source(...) : String | Log4jJndiInjectionTest.java:348:101:348:117 | (...)... | provenance | Sink:MaD:2127 | +| Log4jJndiInjectionTest.java:348:110:348:117 | source(...) : String | Log4jJndiInjectionTest.java:348:101:348:117 | (...)... | provenance | Sink:MaD:48101 | +| Log4jJndiInjectionTest.java:349:95:349:102 | source(...) : String | Log4jJndiInjectionTest.java:349:86:349:102 | (...)... | provenance | Sink:MaD:2127 | +| Log4jJndiInjectionTest.java:349:95:349:102 | source(...) : String | Log4jJndiInjectionTest.java:349:86:349:102 | (...)... | provenance | Sink:MaD:48101 | +| Log4jJndiInjectionTest.java:350:80:350:87 | source(...) : String | Log4jJndiInjectionTest.java:350:71:350:87 | (...)... | provenance | Sink:MaD:2127 | +| Log4jJndiInjectionTest.java:350:80:350:87 | source(...) : String | Log4jJndiInjectionTest.java:350:71:350:87 | (...)... | provenance | Sink:MaD:48101 | +| Log4jJndiInjectionTest.java:351:65:351:72 | source(...) : String | Log4jJndiInjectionTest.java:351:56:351:72 | (...)... | provenance | Sink:MaD:2127 | +| Log4jJndiInjectionTest.java:351:65:351:72 | source(...) : String | Log4jJndiInjectionTest.java:351:56:351:72 | (...)... | provenance | Sink:MaD:48101 | +| Log4jJndiInjectionTest.java:352:50:352:57 | source(...) : String | Log4jJndiInjectionTest.java:352:41:352:57 | (...)... | provenance | Sink:MaD:2127 | +| Log4jJndiInjectionTest.java:352:50:352:57 | source(...) : String | Log4jJndiInjectionTest.java:352:41:352:57 | (...)... | provenance | Sink:MaD:48101 | +| Log4jJndiInjectionTest.java:353:170:353:177 | source(...) : String | Log4jJndiInjectionTest.java:353:161:353:177 | (...)... | provenance | Sink:MaD:2128 | +| Log4jJndiInjectionTest.java:353:170:353:177 | source(...) : String | Log4jJndiInjectionTest.java:353:161:353:177 | (...)... | provenance | Sink:MaD:48102 | +| Log4jJndiInjectionTest.java:354:155:354:162 | source(...) : String | Log4jJndiInjectionTest.java:354:146:354:162 | (...)... | provenance | Sink:MaD:2128 | +| Log4jJndiInjectionTest.java:354:155:354:162 | source(...) : String | Log4jJndiInjectionTest.java:354:146:354:162 | (...)... | provenance | Sink:MaD:48102 | +| Log4jJndiInjectionTest.java:355:140:355:147 | source(...) : String | Log4jJndiInjectionTest.java:355:131:355:147 | (...)... | provenance | Sink:MaD:2128 | +| Log4jJndiInjectionTest.java:355:140:355:147 | source(...) : String | Log4jJndiInjectionTest.java:355:131:355:147 | (...)... | provenance | Sink:MaD:48102 | +| Log4jJndiInjectionTest.java:356:125:356:132 | source(...) : String | Log4jJndiInjectionTest.java:356:116:356:132 | (...)... | provenance | Sink:MaD:2128 | +| Log4jJndiInjectionTest.java:356:125:356:132 | source(...) : String | Log4jJndiInjectionTest.java:356:116:356:132 | (...)... | provenance | Sink:MaD:48102 | +| Log4jJndiInjectionTest.java:357:110:357:117 | source(...) : String | Log4jJndiInjectionTest.java:357:101:357:117 | (...)... | provenance | Sink:MaD:2128 | +| Log4jJndiInjectionTest.java:357:110:357:117 | source(...) : String | Log4jJndiInjectionTest.java:357:101:357:117 | (...)... | provenance | Sink:MaD:48102 | +| Log4jJndiInjectionTest.java:358:95:358:102 | source(...) : String | Log4jJndiInjectionTest.java:358:86:358:102 | (...)... | provenance | Sink:MaD:2128 | +| Log4jJndiInjectionTest.java:358:95:358:102 | source(...) : String | Log4jJndiInjectionTest.java:358:86:358:102 | (...)... | provenance | Sink:MaD:48102 | +| Log4jJndiInjectionTest.java:359:80:359:87 | source(...) : String | Log4jJndiInjectionTest.java:359:71:359:87 | (...)... | provenance | Sink:MaD:2128 | +| Log4jJndiInjectionTest.java:359:80:359:87 | source(...) : String | Log4jJndiInjectionTest.java:359:71:359:87 | (...)... | provenance | Sink:MaD:48102 | +| Log4jJndiInjectionTest.java:360:65:360:72 | source(...) : String | Log4jJndiInjectionTest.java:360:56:360:72 | (...)... | provenance | Sink:MaD:2128 | +| Log4jJndiInjectionTest.java:360:65:360:72 | source(...) : String | Log4jJndiInjectionTest.java:360:56:360:72 | (...)... | provenance | Sink:MaD:48102 | +| Log4jJndiInjectionTest.java:361:50:361:57 | source(...) : String | Log4jJndiInjectionTest.java:361:41:361:57 | (...)... | provenance | Sink:MaD:2128 | +| Log4jJndiInjectionTest.java:361:50:361:57 | source(...) : String | Log4jJndiInjectionTest.java:361:41:361:57 | (...)... | provenance | Sink:MaD:48102 | +| Log4jJndiInjectionTest.java:362:185:362:192 | source(...) : String | Log4jJndiInjectionTest.java:362:176:362:192 | (...)... | provenance | Sink:MaD:2129 | +| Log4jJndiInjectionTest.java:362:185:362:192 | source(...) : String | Log4jJndiInjectionTest.java:362:176:362:192 | (...)... | provenance | Sink:MaD:48103 | +| Log4jJndiInjectionTest.java:363:170:363:177 | source(...) : String | Log4jJndiInjectionTest.java:363:161:363:177 | (...)... | provenance | Sink:MaD:2129 | +| Log4jJndiInjectionTest.java:363:170:363:177 | source(...) : String | Log4jJndiInjectionTest.java:363:161:363:177 | (...)... | provenance | Sink:MaD:48103 | +| Log4jJndiInjectionTest.java:364:155:364:162 | source(...) : String | Log4jJndiInjectionTest.java:364:146:364:162 | (...)... | provenance | Sink:MaD:2129 | +| Log4jJndiInjectionTest.java:364:155:364:162 | source(...) : String | Log4jJndiInjectionTest.java:364:146:364:162 | (...)... | provenance | Sink:MaD:48103 | +| Log4jJndiInjectionTest.java:365:140:365:147 | source(...) : String | Log4jJndiInjectionTest.java:365:131:365:147 | (...)... | provenance | Sink:MaD:2129 | +| Log4jJndiInjectionTest.java:365:140:365:147 | source(...) : String | Log4jJndiInjectionTest.java:365:131:365:147 | (...)... | provenance | Sink:MaD:48103 | +| Log4jJndiInjectionTest.java:366:125:366:132 | source(...) : String | Log4jJndiInjectionTest.java:366:116:366:132 | (...)... | provenance | Sink:MaD:2129 | +| Log4jJndiInjectionTest.java:366:125:366:132 | source(...) : String | Log4jJndiInjectionTest.java:366:116:366:132 | (...)... | provenance | Sink:MaD:48103 | +| Log4jJndiInjectionTest.java:367:110:367:117 | source(...) : String | Log4jJndiInjectionTest.java:367:101:367:117 | (...)... | provenance | Sink:MaD:2129 | +| Log4jJndiInjectionTest.java:367:110:367:117 | source(...) : String | Log4jJndiInjectionTest.java:367:101:367:117 | (...)... | provenance | Sink:MaD:48103 | +| Log4jJndiInjectionTest.java:368:95:368:102 | source(...) : String | Log4jJndiInjectionTest.java:368:86:368:102 | (...)... | provenance | Sink:MaD:2129 | +| Log4jJndiInjectionTest.java:368:95:368:102 | source(...) : String | Log4jJndiInjectionTest.java:368:86:368:102 | (...)... | provenance | Sink:MaD:48103 | +| Log4jJndiInjectionTest.java:369:80:369:87 | source(...) : String | Log4jJndiInjectionTest.java:369:71:369:87 | (...)... | provenance | Sink:MaD:2129 | +| Log4jJndiInjectionTest.java:369:80:369:87 | source(...) : String | Log4jJndiInjectionTest.java:369:71:369:87 | (...)... | provenance | Sink:MaD:48103 | +| Log4jJndiInjectionTest.java:370:65:370:72 | source(...) : String | Log4jJndiInjectionTest.java:370:56:370:72 | (...)... | provenance | Sink:MaD:2129 | +| Log4jJndiInjectionTest.java:370:65:370:72 | source(...) : String | Log4jJndiInjectionTest.java:370:56:370:72 | (...)... | provenance | Sink:MaD:48103 | +| Log4jJndiInjectionTest.java:371:50:371:57 | source(...) : String | Log4jJndiInjectionTest.java:371:41:371:57 | (...)... | provenance | Sink:MaD:2129 | +| Log4jJndiInjectionTest.java:371:50:371:57 | source(...) : String | Log4jJndiInjectionTest.java:371:41:371:57 | (...)... | provenance | Sink:MaD:48103 | +| Log4jJndiInjectionTest.java:372:50:372:57 | source(...) : String | Log4jJndiInjectionTest.java:372:41:372:57 | (...)... | provenance | Sink:MaD:2121 | +| Log4jJndiInjectionTest.java:372:50:372:57 | source(...) : String | Log4jJndiInjectionTest.java:372:41:372:57 | (...)... | provenance | Sink:MaD:48095 | +| Log4jJndiInjectionTest.java:373:70:373:77 | source(...) : String | Log4jJndiInjectionTest.java:373:56:373:77 | (...)... | provenance | Sink:MaD:2121 | +| Log4jJndiInjectionTest.java:373:70:373:77 | source(...) : String | Log4jJndiInjectionTest.java:373:56:373:77 | (...)... | provenance | Sink:MaD:48095 | +| Log4jJndiInjectionTest.java:374:50:374:57 | source(...) : String | Log4jJndiInjectionTest.java:374:41:374:57 | (...)... | provenance | Sink:MaD:2133 | +| Log4jJndiInjectionTest.java:374:50:374:57 | source(...) : String | Log4jJndiInjectionTest.java:374:41:374:57 | (...)... | provenance | Sink:MaD:48107 | +| Log4jJndiInjectionTest.java:375:55:375:62 | source(...) : String | Log4jJndiInjectionTest.java:375:41:375:62 | (...)... | provenance | Sink:MaD:2134 | +| Log4jJndiInjectionTest.java:375:55:375:62 | source(...) : String | Log4jJndiInjectionTest.java:375:41:375:62 | (...)... | provenance | Sink:MaD:48108 | +| Log4jJndiInjectionTest.java:376:55:376:62 | source(...) : String | Log4jJndiInjectionTest.java:376:41:376:62 | (...)... | provenance | Sink:MaD:2135 | +| Log4jJndiInjectionTest.java:376:55:376:62 | source(...) : String | Log4jJndiInjectionTest.java:376:41:376:62 | (...)... | provenance | Sink:MaD:48109 | +| Log4jJndiInjectionTest.java:377:44:377:51 | source(...) : String | Log4jJndiInjectionTest.java:377:26:377:51 | (...)... | provenance | Sink:MaD:2138 | +| Log4jJndiInjectionTest.java:377:44:377:51 | source(...) : String | Log4jJndiInjectionTest.java:377:26:377:51 | (...)... | provenance | Sink:MaD:48112 | +| Log4jJndiInjectionTest.java:378:44:378:51 | source(...) : String | Log4jJndiInjectionTest.java:378:26:378:51 | (...)... | provenance | Sink:MaD:2139 | +| Log4jJndiInjectionTest.java:378:44:378:51 | source(...) : String | Log4jJndiInjectionTest.java:378:26:378:51 | (...)... | provenance | Sink:MaD:48113 | +| Log4jJndiInjectionTest.java:379:36:379:43 | source(...) : String | Log4jJndiInjectionTest.java:379:26:379:43 | (...)... | provenance | Sink:MaD:2136 | +| Log4jJndiInjectionTest.java:379:36:379:43 | source(...) : String | Log4jJndiInjectionTest.java:379:26:379:43 | (...)... | provenance | Sink:MaD:48110 | +| Log4jJndiInjectionTest.java:380:36:380:43 | source(...) : String | Log4jJndiInjectionTest.java:380:26:380:43 | (...)... | provenance | Sink:MaD:2137 | +| Log4jJndiInjectionTest.java:380:36:380:43 | source(...) : String | Log4jJndiInjectionTest.java:380:26:380:43 | (...)... | provenance | Sink:MaD:48111 | +| Log4jJndiInjectionTest.java:383:35:383:42 | source(...) : String | Log4jJndiInjectionTest.java:383:26:383:42 | (...)... | provenance | Sink:MaD:2142 | +| Log4jJndiInjectionTest.java:383:35:383:42 | source(...) : String | Log4jJndiInjectionTest.java:383:26:383:42 | (...)... | provenance | Sink:MaD:48116 | +| Log4jJndiInjectionTest.java:384:35:384:42 | source(...) : String | Log4jJndiInjectionTest.java:384:26:384:42 | (...)... | provenance | Sink:MaD:2153 | +| Log4jJndiInjectionTest.java:384:35:384:42 | source(...) : String | Log4jJndiInjectionTest.java:384:26:384:42 | (...)... | provenance | Sink:MaD:48127 | +| Log4jJndiInjectionTest.java:385:41:385:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:385:41:385:63 | new Object[] | provenance | Sink:MaD:2153 | +| Log4jJndiInjectionTest.java:385:41:385:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:385:41:385:63 | new Object[] | provenance | Sink:MaD:48127 | | Log4jJndiInjectionTest.java:385:55:385:62 | source(...) : String | Log4jJndiInjectionTest.java:385:41:385:63 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:386:50:386:57 | source(...) : String | Log4jJndiInjectionTest.java:386:41:386:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:387:35:387:42 | source(...) : String | Log4jJndiInjectionTest.java:387:26:387:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:388:65:388:72 | source(...) : String | Log4jJndiInjectionTest.java:388:56:388:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:389:50:389:57 | source(...) : String | Log4jJndiInjectionTest.java:389:41:389:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:390:35:390:42 | source(...) : String | Log4jJndiInjectionTest.java:390:26:390:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:391:80:391:87 | source(...) : String | Log4jJndiInjectionTest.java:391:71:391:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:392:65:392:72 | source(...) : String | Log4jJndiInjectionTest.java:392:56:392:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:393:50:393:57 | source(...) : String | Log4jJndiInjectionTest.java:393:41:393:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:394:35:394:42 | source(...) : String | Log4jJndiInjectionTest.java:394:26:394:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:395:95:395:102 | source(...) : String | Log4jJndiInjectionTest.java:395:86:395:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:396:80:396:87 | source(...) : String | Log4jJndiInjectionTest.java:396:71:396:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:397:65:397:72 | source(...) : String | Log4jJndiInjectionTest.java:397:56:397:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:398:50:398:57 | source(...) : String | Log4jJndiInjectionTest.java:398:41:398:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:399:35:399:42 | source(...) : String | Log4jJndiInjectionTest.java:399:26:399:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:400:110:400:117 | source(...) : String | Log4jJndiInjectionTest.java:400:101:400:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:401:95:401:102 | source(...) : String | Log4jJndiInjectionTest.java:401:86:401:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:402:80:402:87 | source(...) : String | Log4jJndiInjectionTest.java:402:71:402:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:403:65:403:72 | source(...) : String | Log4jJndiInjectionTest.java:403:56:403:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:404:50:404:57 | source(...) : String | Log4jJndiInjectionTest.java:404:41:404:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:405:35:405:42 | source(...) : String | Log4jJndiInjectionTest.java:405:26:405:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:406:125:406:132 | source(...) : String | Log4jJndiInjectionTest.java:406:116:406:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:407:110:407:117 | source(...) : String | Log4jJndiInjectionTest.java:407:101:407:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:408:95:408:102 | source(...) : String | Log4jJndiInjectionTest.java:408:86:408:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:409:80:409:87 | source(...) : String | Log4jJndiInjectionTest.java:409:71:409:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:410:65:410:72 | source(...) : String | Log4jJndiInjectionTest.java:410:56:410:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:411:50:411:57 | source(...) : String | Log4jJndiInjectionTest.java:411:41:411:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:412:35:412:42 | source(...) : String | Log4jJndiInjectionTest.java:412:26:412:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:413:140:413:147 | source(...) : String | Log4jJndiInjectionTest.java:413:131:413:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:414:125:414:132 | source(...) : String | Log4jJndiInjectionTest.java:414:116:414:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:415:110:415:117 | source(...) : String | Log4jJndiInjectionTest.java:415:101:415:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:416:95:416:102 | source(...) : String | Log4jJndiInjectionTest.java:416:86:416:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:417:80:417:87 | source(...) : String | Log4jJndiInjectionTest.java:417:71:417:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:418:65:418:72 | source(...) : String | Log4jJndiInjectionTest.java:418:56:418:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:419:50:419:57 | source(...) : String | Log4jJndiInjectionTest.java:419:41:419:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:420:35:420:42 | source(...) : String | Log4jJndiInjectionTest.java:420:26:420:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:421:155:421:162 | source(...) : String | Log4jJndiInjectionTest.java:421:146:421:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:422:140:422:147 | source(...) : String | Log4jJndiInjectionTest.java:422:131:422:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:423:125:423:132 | source(...) : String | Log4jJndiInjectionTest.java:423:116:423:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:424:110:424:117 | source(...) : String | Log4jJndiInjectionTest.java:424:101:424:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:425:95:425:102 | source(...) : String | Log4jJndiInjectionTest.java:425:86:425:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:426:80:426:87 | source(...) : String | Log4jJndiInjectionTest.java:426:71:426:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:427:65:427:72 | source(...) : String | Log4jJndiInjectionTest.java:427:56:427:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:428:50:428:57 | source(...) : String | Log4jJndiInjectionTest.java:428:41:428:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:429:35:429:42 | source(...) : String | Log4jJndiInjectionTest.java:429:26:429:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:430:170:430:177 | source(...) : String | Log4jJndiInjectionTest.java:430:161:430:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:431:155:431:162 | source(...) : String | Log4jJndiInjectionTest.java:431:146:431:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:432:140:432:147 | source(...) : String | Log4jJndiInjectionTest.java:432:131:432:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:433:125:433:132 | source(...) : String | Log4jJndiInjectionTest.java:433:116:433:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:434:110:434:117 | source(...) : String | Log4jJndiInjectionTest.java:434:101:434:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:435:95:435:102 | source(...) : String | Log4jJndiInjectionTest.java:435:86:435:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:436:80:436:87 | source(...) : String | Log4jJndiInjectionTest.java:436:71:436:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:437:65:437:72 | source(...) : String | Log4jJndiInjectionTest.java:437:56:437:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:438:50:438:57 | source(...) : String | Log4jJndiInjectionTest.java:438:41:438:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:439:35:439:42 | source(...) : String | Log4jJndiInjectionTest.java:439:26:439:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:440:35:440:42 | source(...) : String | Log4jJndiInjectionTest.java:440:26:440:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:441:55:441:62 | source(...) : String | Log4jJndiInjectionTest.java:441:41:441:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:442:35:442:42 | source(...) : String | Log4jJndiInjectionTest.java:442:26:442:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:443:40:443:47 | source(...) : String | Log4jJndiInjectionTest.java:443:26:443:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:444:40:444:47 | source(...) : String | Log4jJndiInjectionTest.java:444:26:444:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:445:40:445:47 | source(...) : String | Log4jJndiInjectionTest.java:445:25:445:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:446:40:446:47 | source(...) : String | Log4jJndiInjectionTest.java:446:25:446:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:447:55:447:62 | source(...) : String | Log4jJndiInjectionTest.java:447:40:447:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:448:55:448:62 | source(...) : String | Log4jJndiInjectionTest.java:448:40:448:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:449:50:449:57 | source(...) : String | Log4jJndiInjectionTest.java:449:40:449:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:450:58:450:65 | source(...) : String | Log4jJndiInjectionTest.java:450:40:450:65 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:451:58:451:65 | source(...) : String | Log4jJndiInjectionTest.java:451:40:451:65 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:453:49:453:56 | source(...) : String | Log4jJndiInjectionTest.java:453:40:453:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:454:49:454:56 | source(...) : String | Log4jJndiInjectionTest.java:454:40:454:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:455:55:455:77 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:455:55:455:77 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:386:50:386:57 | source(...) : String | Log4jJndiInjectionTest.java:386:41:386:57 | (...)... | provenance | Sink:MaD:2143 | +| Log4jJndiInjectionTest.java:386:50:386:57 | source(...) : String | Log4jJndiInjectionTest.java:386:41:386:57 | (...)... | provenance | Sink:MaD:48117 | +| Log4jJndiInjectionTest.java:387:35:387:42 | source(...) : String | Log4jJndiInjectionTest.java:387:26:387:42 | (...)... | provenance | Sink:MaD:2143 | +| Log4jJndiInjectionTest.java:387:35:387:42 | source(...) : String | Log4jJndiInjectionTest.java:387:26:387:42 | (...)... | provenance | Sink:MaD:48117 | +| Log4jJndiInjectionTest.java:388:65:388:72 | source(...) : String | Log4jJndiInjectionTest.java:388:56:388:72 | (...)... | provenance | Sink:MaD:2144 | +| Log4jJndiInjectionTest.java:388:65:388:72 | source(...) : String | Log4jJndiInjectionTest.java:388:56:388:72 | (...)... | provenance | Sink:MaD:48118 | +| Log4jJndiInjectionTest.java:389:50:389:57 | source(...) : String | Log4jJndiInjectionTest.java:389:41:389:57 | (...)... | provenance | Sink:MaD:2144 | +| Log4jJndiInjectionTest.java:389:50:389:57 | source(...) : String | Log4jJndiInjectionTest.java:389:41:389:57 | (...)... | provenance | Sink:MaD:48118 | +| Log4jJndiInjectionTest.java:390:35:390:42 | source(...) : String | Log4jJndiInjectionTest.java:390:26:390:42 | (...)... | provenance | Sink:MaD:2144 | +| Log4jJndiInjectionTest.java:390:35:390:42 | source(...) : String | Log4jJndiInjectionTest.java:390:26:390:42 | (...)... | provenance | Sink:MaD:48118 | +| Log4jJndiInjectionTest.java:391:80:391:87 | source(...) : String | Log4jJndiInjectionTest.java:391:71:391:87 | (...)... | provenance | Sink:MaD:2145 | +| Log4jJndiInjectionTest.java:391:80:391:87 | source(...) : String | Log4jJndiInjectionTest.java:391:71:391:87 | (...)... | provenance | Sink:MaD:48119 | +| Log4jJndiInjectionTest.java:392:65:392:72 | source(...) : String | Log4jJndiInjectionTest.java:392:56:392:72 | (...)... | provenance | Sink:MaD:2145 | +| Log4jJndiInjectionTest.java:392:65:392:72 | source(...) : String | Log4jJndiInjectionTest.java:392:56:392:72 | (...)... | provenance | Sink:MaD:48119 | +| Log4jJndiInjectionTest.java:393:50:393:57 | source(...) : String | Log4jJndiInjectionTest.java:393:41:393:57 | (...)... | provenance | Sink:MaD:2145 | +| Log4jJndiInjectionTest.java:393:50:393:57 | source(...) : String | Log4jJndiInjectionTest.java:393:41:393:57 | (...)... | provenance | Sink:MaD:48119 | +| Log4jJndiInjectionTest.java:394:35:394:42 | source(...) : String | Log4jJndiInjectionTest.java:394:26:394:42 | (...)... | provenance | Sink:MaD:2145 | +| Log4jJndiInjectionTest.java:394:35:394:42 | source(...) : String | Log4jJndiInjectionTest.java:394:26:394:42 | (...)... | provenance | Sink:MaD:48119 | +| Log4jJndiInjectionTest.java:395:95:395:102 | source(...) : String | Log4jJndiInjectionTest.java:395:86:395:102 | (...)... | provenance | Sink:MaD:2146 | +| Log4jJndiInjectionTest.java:395:95:395:102 | source(...) : String | Log4jJndiInjectionTest.java:395:86:395:102 | (...)... | provenance | Sink:MaD:48120 | +| Log4jJndiInjectionTest.java:396:80:396:87 | source(...) : String | Log4jJndiInjectionTest.java:396:71:396:87 | (...)... | provenance | Sink:MaD:2146 | +| Log4jJndiInjectionTest.java:396:80:396:87 | source(...) : String | Log4jJndiInjectionTest.java:396:71:396:87 | (...)... | provenance | Sink:MaD:48120 | +| Log4jJndiInjectionTest.java:397:65:397:72 | source(...) : String | Log4jJndiInjectionTest.java:397:56:397:72 | (...)... | provenance | Sink:MaD:2146 | +| Log4jJndiInjectionTest.java:397:65:397:72 | source(...) : String | Log4jJndiInjectionTest.java:397:56:397:72 | (...)... | provenance | Sink:MaD:48120 | +| Log4jJndiInjectionTest.java:398:50:398:57 | source(...) : String | Log4jJndiInjectionTest.java:398:41:398:57 | (...)... | provenance | Sink:MaD:2146 | +| Log4jJndiInjectionTest.java:398:50:398:57 | source(...) : String | Log4jJndiInjectionTest.java:398:41:398:57 | (...)... | provenance | Sink:MaD:48120 | +| Log4jJndiInjectionTest.java:399:35:399:42 | source(...) : String | Log4jJndiInjectionTest.java:399:26:399:42 | (...)... | provenance | Sink:MaD:2146 | +| Log4jJndiInjectionTest.java:399:35:399:42 | source(...) : String | Log4jJndiInjectionTest.java:399:26:399:42 | (...)... | provenance | Sink:MaD:48120 | +| Log4jJndiInjectionTest.java:400:110:400:117 | source(...) : String | Log4jJndiInjectionTest.java:400:101:400:117 | (...)... | provenance | Sink:MaD:2147 | +| Log4jJndiInjectionTest.java:400:110:400:117 | source(...) : String | Log4jJndiInjectionTest.java:400:101:400:117 | (...)... | provenance | Sink:MaD:48121 | +| Log4jJndiInjectionTest.java:401:95:401:102 | source(...) : String | Log4jJndiInjectionTest.java:401:86:401:102 | (...)... | provenance | Sink:MaD:2147 | +| Log4jJndiInjectionTest.java:401:95:401:102 | source(...) : String | Log4jJndiInjectionTest.java:401:86:401:102 | (...)... | provenance | Sink:MaD:48121 | +| Log4jJndiInjectionTest.java:402:80:402:87 | source(...) : String | Log4jJndiInjectionTest.java:402:71:402:87 | (...)... | provenance | Sink:MaD:2147 | +| Log4jJndiInjectionTest.java:402:80:402:87 | source(...) : String | Log4jJndiInjectionTest.java:402:71:402:87 | (...)... | provenance | Sink:MaD:48121 | +| Log4jJndiInjectionTest.java:403:65:403:72 | source(...) : String | Log4jJndiInjectionTest.java:403:56:403:72 | (...)... | provenance | Sink:MaD:2147 | +| Log4jJndiInjectionTest.java:403:65:403:72 | source(...) : String | Log4jJndiInjectionTest.java:403:56:403:72 | (...)... | provenance | Sink:MaD:48121 | +| Log4jJndiInjectionTest.java:404:50:404:57 | source(...) : String | Log4jJndiInjectionTest.java:404:41:404:57 | (...)... | provenance | Sink:MaD:2147 | +| Log4jJndiInjectionTest.java:404:50:404:57 | source(...) : String | Log4jJndiInjectionTest.java:404:41:404:57 | (...)... | provenance | Sink:MaD:48121 | +| Log4jJndiInjectionTest.java:405:35:405:42 | source(...) : String | Log4jJndiInjectionTest.java:405:26:405:42 | (...)... | provenance | Sink:MaD:2147 | +| Log4jJndiInjectionTest.java:405:35:405:42 | source(...) : String | Log4jJndiInjectionTest.java:405:26:405:42 | (...)... | provenance | Sink:MaD:48121 | +| Log4jJndiInjectionTest.java:406:125:406:132 | source(...) : String | Log4jJndiInjectionTest.java:406:116:406:132 | (...)... | provenance | Sink:MaD:2148 | +| Log4jJndiInjectionTest.java:406:125:406:132 | source(...) : String | Log4jJndiInjectionTest.java:406:116:406:132 | (...)... | provenance | Sink:MaD:48122 | +| Log4jJndiInjectionTest.java:407:110:407:117 | source(...) : String | Log4jJndiInjectionTest.java:407:101:407:117 | (...)... | provenance | Sink:MaD:2148 | +| Log4jJndiInjectionTest.java:407:110:407:117 | source(...) : String | Log4jJndiInjectionTest.java:407:101:407:117 | (...)... | provenance | Sink:MaD:48122 | +| Log4jJndiInjectionTest.java:408:95:408:102 | source(...) : String | Log4jJndiInjectionTest.java:408:86:408:102 | (...)... | provenance | Sink:MaD:2148 | +| Log4jJndiInjectionTest.java:408:95:408:102 | source(...) : String | Log4jJndiInjectionTest.java:408:86:408:102 | (...)... | provenance | Sink:MaD:48122 | +| Log4jJndiInjectionTest.java:409:80:409:87 | source(...) : String | Log4jJndiInjectionTest.java:409:71:409:87 | (...)... | provenance | Sink:MaD:2148 | +| Log4jJndiInjectionTest.java:409:80:409:87 | source(...) : String | Log4jJndiInjectionTest.java:409:71:409:87 | (...)... | provenance | Sink:MaD:48122 | +| Log4jJndiInjectionTest.java:410:65:410:72 | source(...) : String | Log4jJndiInjectionTest.java:410:56:410:72 | (...)... | provenance | Sink:MaD:2148 | +| Log4jJndiInjectionTest.java:410:65:410:72 | source(...) : String | Log4jJndiInjectionTest.java:410:56:410:72 | (...)... | provenance | Sink:MaD:48122 | +| Log4jJndiInjectionTest.java:411:50:411:57 | source(...) : String | Log4jJndiInjectionTest.java:411:41:411:57 | (...)... | provenance | Sink:MaD:2148 | +| Log4jJndiInjectionTest.java:411:50:411:57 | source(...) : String | Log4jJndiInjectionTest.java:411:41:411:57 | (...)... | provenance | Sink:MaD:48122 | +| Log4jJndiInjectionTest.java:412:35:412:42 | source(...) : String | Log4jJndiInjectionTest.java:412:26:412:42 | (...)... | provenance | Sink:MaD:2148 | +| Log4jJndiInjectionTest.java:412:35:412:42 | source(...) : String | Log4jJndiInjectionTest.java:412:26:412:42 | (...)... | provenance | Sink:MaD:48122 | +| Log4jJndiInjectionTest.java:413:140:413:147 | source(...) : String | Log4jJndiInjectionTest.java:413:131:413:147 | (...)... | provenance | Sink:MaD:2149 | +| Log4jJndiInjectionTest.java:413:140:413:147 | source(...) : String | Log4jJndiInjectionTest.java:413:131:413:147 | (...)... | provenance | Sink:MaD:48123 | +| Log4jJndiInjectionTest.java:414:125:414:132 | source(...) : String | Log4jJndiInjectionTest.java:414:116:414:132 | (...)... | provenance | Sink:MaD:2149 | +| Log4jJndiInjectionTest.java:414:125:414:132 | source(...) : String | Log4jJndiInjectionTest.java:414:116:414:132 | (...)... | provenance | Sink:MaD:48123 | +| Log4jJndiInjectionTest.java:415:110:415:117 | source(...) : String | Log4jJndiInjectionTest.java:415:101:415:117 | (...)... | provenance | Sink:MaD:2149 | +| Log4jJndiInjectionTest.java:415:110:415:117 | source(...) : String | Log4jJndiInjectionTest.java:415:101:415:117 | (...)... | provenance | Sink:MaD:48123 | +| Log4jJndiInjectionTest.java:416:95:416:102 | source(...) : String | Log4jJndiInjectionTest.java:416:86:416:102 | (...)... | provenance | Sink:MaD:2149 | +| Log4jJndiInjectionTest.java:416:95:416:102 | source(...) : String | Log4jJndiInjectionTest.java:416:86:416:102 | (...)... | provenance | Sink:MaD:48123 | +| Log4jJndiInjectionTest.java:417:80:417:87 | source(...) : String | Log4jJndiInjectionTest.java:417:71:417:87 | (...)... | provenance | Sink:MaD:2149 | +| Log4jJndiInjectionTest.java:417:80:417:87 | source(...) : String | Log4jJndiInjectionTest.java:417:71:417:87 | (...)... | provenance | Sink:MaD:48123 | +| Log4jJndiInjectionTest.java:418:65:418:72 | source(...) : String | Log4jJndiInjectionTest.java:418:56:418:72 | (...)... | provenance | Sink:MaD:2149 | +| Log4jJndiInjectionTest.java:418:65:418:72 | source(...) : String | Log4jJndiInjectionTest.java:418:56:418:72 | (...)... | provenance | Sink:MaD:48123 | +| Log4jJndiInjectionTest.java:419:50:419:57 | source(...) : String | Log4jJndiInjectionTest.java:419:41:419:57 | (...)... | provenance | Sink:MaD:2149 | +| Log4jJndiInjectionTest.java:419:50:419:57 | source(...) : String | Log4jJndiInjectionTest.java:419:41:419:57 | (...)... | provenance | Sink:MaD:48123 | +| Log4jJndiInjectionTest.java:420:35:420:42 | source(...) : String | Log4jJndiInjectionTest.java:420:26:420:42 | (...)... | provenance | Sink:MaD:2149 | +| Log4jJndiInjectionTest.java:420:35:420:42 | source(...) : String | Log4jJndiInjectionTest.java:420:26:420:42 | (...)... | provenance | Sink:MaD:48123 | +| Log4jJndiInjectionTest.java:421:155:421:162 | source(...) : String | Log4jJndiInjectionTest.java:421:146:421:162 | (...)... | provenance | Sink:MaD:2150 | +| Log4jJndiInjectionTest.java:421:155:421:162 | source(...) : String | Log4jJndiInjectionTest.java:421:146:421:162 | (...)... | provenance | Sink:MaD:48124 | +| Log4jJndiInjectionTest.java:422:140:422:147 | source(...) : String | Log4jJndiInjectionTest.java:422:131:422:147 | (...)... | provenance | Sink:MaD:2150 | +| Log4jJndiInjectionTest.java:422:140:422:147 | source(...) : String | Log4jJndiInjectionTest.java:422:131:422:147 | (...)... | provenance | Sink:MaD:48124 | +| Log4jJndiInjectionTest.java:423:125:423:132 | source(...) : String | Log4jJndiInjectionTest.java:423:116:423:132 | (...)... | provenance | Sink:MaD:2150 | +| Log4jJndiInjectionTest.java:423:125:423:132 | source(...) : String | Log4jJndiInjectionTest.java:423:116:423:132 | (...)... | provenance | Sink:MaD:48124 | +| Log4jJndiInjectionTest.java:424:110:424:117 | source(...) : String | Log4jJndiInjectionTest.java:424:101:424:117 | (...)... | provenance | Sink:MaD:2150 | +| Log4jJndiInjectionTest.java:424:110:424:117 | source(...) : String | Log4jJndiInjectionTest.java:424:101:424:117 | (...)... | provenance | Sink:MaD:48124 | +| Log4jJndiInjectionTest.java:425:95:425:102 | source(...) : String | Log4jJndiInjectionTest.java:425:86:425:102 | (...)... | provenance | Sink:MaD:2150 | +| Log4jJndiInjectionTest.java:425:95:425:102 | source(...) : String | Log4jJndiInjectionTest.java:425:86:425:102 | (...)... | provenance | Sink:MaD:48124 | +| Log4jJndiInjectionTest.java:426:80:426:87 | source(...) : String | Log4jJndiInjectionTest.java:426:71:426:87 | (...)... | provenance | Sink:MaD:2150 | +| Log4jJndiInjectionTest.java:426:80:426:87 | source(...) : String | Log4jJndiInjectionTest.java:426:71:426:87 | (...)... | provenance | Sink:MaD:48124 | +| Log4jJndiInjectionTest.java:427:65:427:72 | source(...) : String | Log4jJndiInjectionTest.java:427:56:427:72 | (...)... | provenance | Sink:MaD:2150 | +| Log4jJndiInjectionTest.java:427:65:427:72 | source(...) : String | Log4jJndiInjectionTest.java:427:56:427:72 | (...)... | provenance | Sink:MaD:48124 | +| Log4jJndiInjectionTest.java:428:50:428:57 | source(...) : String | Log4jJndiInjectionTest.java:428:41:428:57 | (...)... | provenance | Sink:MaD:2150 | +| Log4jJndiInjectionTest.java:428:50:428:57 | source(...) : String | Log4jJndiInjectionTest.java:428:41:428:57 | (...)... | provenance | Sink:MaD:48124 | +| Log4jJndiInjectionTest.java:429:35:429:42 | source(...) : String | Log4jJndiInjectionTest.java:429:26:429:42 | (...)... | provenance | Sink:MaD:2150 | +| Log4jJndiInjectionTest.java:429:35:429:42 | source(...) : String | Log4jJndiInjectionTest.java:429:26:429:42 | (...)... | provenance | Sink:MaD:48124 | +| Log4jJndiInjectionTest.java:430:170:430:177 | source(...) : String | Log4jJndiInjectionTest.java:430:161:430:177 | (...)... | provenance | Sink:MaD:2151 | +| Log4jJndiInjectionTest.java:430:170:430:177 | source(...) : String | Log4jJndiInjectionTest.java:430:161:430:177 | (...)... | provenance | Sink:MaD:48125 | +| Log4jJndiInjectionTest.java:431:155:431:162 | source(...) : String | Log4jJndiInjectionTest.java:431:146:431:162 | (...)... | provenance | Sink:MaD:2151 | +| Log4jJndiInjectionTest.java:431:155:431:162 | source(...) : String | Log4jJndiInjectionTest.java:431:146:431:162 | (...)... | provenance | Sink:MaD:48125 | +| Log4jJndiInjectionTest.java:432:140:432:147 | source(...) : String | Log4jJndiInjectionTest.java:432:131:432:147 | (...)... | provenance | Sink:MaD:2151 | +| Log4jJndiInjectionTest.java:432:140:432:147 | source(...) : String | Log4jJndiInjectionTest.java:432:131:432:147 | (...)... | provenance | Sink:MaD:48125 | +| Log4jJndiInjectionTest.java:433:125:433:132 | source(...) : String | Log4jJndiInjectionTest.java:433:116:433:132 | (...)... | provenance | Sink:MaD:2151 | +| Log4jJndiInjectionTest.java:433:125:433:132 | source(...) : String | Log4jJndiInjectionTest.java:433:116:433:132 | (...)... | provenance | Sink:MaD:48125 | +| Log4jJndiInjectionTest.java:434:110:434:117 | source(...) : String | Log4jJndiInjectionTest.java:434:101:434:117 | (...)... | provenance | Sink:MaD:2151 | +| Log4jJndiInjectionTest.java:434:110:434:117 | source(...) : String | Log4jJndiInjectionTest.java:434:101:434:117 | (...)... | provenance | Sink:MaD:48125 | +| Log4jJndiInjectionTest.java:435:95:435:102 | source(...) : String | Log4jJndiInjectionTest.java:435:86:435:102 | (...)... | provenance | Sink:MaD:2151 | +| Log4jJndiInjectionTest.java:435:95:435:102 | source(...) : String | Log4jJndiInjectionTest.java:435:86:435:102 | (...)... | provenance | Sink:MaD:48125 | +| Log4jJndiInjectionTest.java:436:80:436:87 | source(...) : String | Log4jJndiInjectionTest.java:436:71:436:87 | (...)... | provenance | Sink:MaD:2151 | +| Log4jJndiInjectionTest.java:436:80:436:87 | source(...) : String | Log4jJndiInjectionTest.java:436:71:436:87 | (...)... | provenance | Sink:MaD:48125 | +| Log4jJndiInjectionTest.java:437:65:437:72 | source(...) : String | Log4jJndiInjectionTest.java:437:56:437:72 | (...)... | provenance | Sink:MaD:2151 | +| Log4jJndiInjectionTest.java:437:65:437:72 | source(...) : String | Log4jJndiInjectionTest.java:437:56:437:72 | (...)... | provenance | Sink:MaD:48125 | +| Log4jJndiInjectionTest.java:438:50:438:57 | source(...) : String | Log4jJndiInjectionTest.java:438:41:438:57 | (...)... | provenance | Sink:MaD:2151 | +| Log4jJndiInjectionTest.java:438:50:438:57 | source(...) : String | Log4jJndiInjectionTest.java:438:41:438:57 | (...)... | provenance | Sink:MaD:48125 | +| Log4jJndiInjectionTest.java:439:35:439:42 | source(...) : String | Log4jJndiInjectionTest.java:439:26:439:42 | (...)... | provenance | Sink:MaD:2151 | +| Log4jJndiInjectionTest.java:439:35:439:42 | source(...) : String | Log4jJndiInjectionTest.java:439:26:439:42 | (...)... | provenance | Sink:MaD:48125 | +| Log4jJndiInjectionTest.java:440:35:440:42 | source(...) : String | Log4jJndiInjectionTest.java:440:26:440:42 | (...)... | provenance | Sink:MaD:2143 | +| Log4jJndiInjectionTest.java:440:35:440:42 | source(...) : String | Log4jJndiInjectionTest.java:440:26:440:42 | (...)... | provenance | Sink:MaD:48117 | +| Log4jJndiInjectionTest.java:441:55:441:62 | source(...) : String | Log4jJndiInjectionTest.java:441:41:441:62 | (...)... | provenance | Sink:MaD:2143 | +| Log4jJndiInjectionTest.java:441:55:441:62 | source(...) : String | Log4jJndiInjectionTest.java:441:41:441:62 | (...)... | provenance | Sink:MaD:48117 | +| Log4jJndiInjectionTest.java:442:35:442:42 | source(...) : String | Log4jJndiInjectionTest.java:442:26:442:42 | (...)... | provenance | Sink:MaD:2155 | +| Log4jJndiInjectionTest.java:442:35:442:42 | source(...) : String | Log4jJndiInjectionTest.java:442:26:442:42 | (...)... | provenance | Sink:MaD:48129 | +| Log4jJndiInjectionTest.java:443:40:443:47 | source(...) : String | Log4jJndiInjectionTest.java:443:26:443:47 | (...)... | provenance | Sink:MaD:2156 | +| Log4jJndiInjectionTest.java:443:40:443:47 | source(...) : String | Log4jJndiInjectionTest.java:443:26:443:47 | (...)... | provenance | Sink:MaD:48130 | +| Log4jJndiInjectionTest.java:444:40:444:47 | source(...) : String | Log4jJndiInjectionTest.java:444:26:444:47 | (...)... | provenance | Sink:MaD:2157 | +| Log4jJndiInjectionTest.java:444:40:444:47 | source(...) : String | Log4jJndiInjectionTest.java:444:26:444:47 | (...)... | provenance | Sink:MaD:48131 | +| Log4jJndiInjectionTest.java:445:40:445:47 | source(...) : String | Log4jJndiInjectionTest.java:445:25:445:47 | (...)... | provenance | Sink:MaD:2158 | +| Log4jJndiInjectionTest.java:445:40:445:47 | source(...) : String | Log4jJndiInjectionTest.java:445:25:445:47 | (...)... | provenance | Sink:MaD:48132 | +| Log4jJndiInjectionTest.java:446:40:446:47 | source(...) : String | Log4jJndiInjectionTest.java:446:25:446:47 | (...)... | provenance | Sink:MaD:2159 | +| Log4jJndiInjectionTest.java:446:40:446:47 | source(...) : String | Log4jJndiInjectionTest.java:446:25:446:47 | (...)... | provenance | Sink:MaD:48133 | +| Log4jJndiInjectionTest.java:447:55:447:62 | source(...) : String | Log4jJndiInjectionTest.java:447:40:447:62 | (...)... | provenance | Sink:MaD:2160 | +| Log4jJndiInjectionTest.java:447:55:447:62 | source(...) : String | Log4jJndiInjectionTest.java:447:40:447:62 | (...)... | provenance | Sink:MaD:48134 | +| Log4jJndiInjectionTest.java:448:55:448:62 | source(...) : String | Log4jJndiInjectionTest.java:448:40:448:62 | (...)... | provenance | Sink:MaD:2161 | +| Log4jJndiInjectionTest.java:448:55:448:62 | source(...) : String | Log4jJndiInjectionTest.java:448:40:448:62 | (...)... | provenance | Sink:MaD:48135 | +| Log4jJndiInjectionTest.java:449:50:449:57 | source(...) : String | Log4jJndiInjectionTest.java:449:40:449:57 | (...)... | provenance | Sink:MaD:2162 | +| Log4jJndiInjectionTest.java:449:50:449:57 | source(...) : String | Log4jJndiInjectionTest.java:449:40:449:57 | (...)... | provenance | Sink:MaD:48136 | +| Log4jJndiInjectionTest.java:450:58:450:65 | source(...) : String | Log4jJndiInjectionTest.java:450:40:450:65 | (...)... | provenance | Sink:MaD:2163 | +| Log4jJndiInjectionTest.java:450:58:450:65 | source(...) : String | Log4jJndiInjectionTest.java:450:40:450:65 | (...)... | provenance | Sink:MaD:48137 | +| Log4jJndiInjectionTest.java:451:58:451:65 | source(...) : String | Log4jJndiInjectionTest.java:451:40:451:65 | (...)... | provenance | Sink:MaD:2164 | +| Log4jJndiInjectionTest.java:451:58:451:65 | source(...) : String | Log4jJndiInjectionTest.java:451:40:451:65 | (...)... | provenance | Sink:MaD:48138 | +| Log4jJndiInjectionTest.java:453:49:453:56 | source(...) : String | Log4jJndiInjectionTest.java:453:40:453:56 | (...)... | provenance | Sink:MaD:2167 | +| Log4jJndiInjectionTest.java:453:49:453:56 | source(...) : String | Log4jJndiInjectionTest.java:453:40:453:56 | (...)... | provenance | Sink:MaD:48141 | +| Log4jJndiInjectionTest.java:454:49:454:56 | source(...) : String | Log4jJndiInjectionTest.java:454:40:454:56 | (...)... | provenance | Sink:MaD:2178 | +| Log4jJndiInjectionTest.java:454:49:454:56 | source(...) : String | Log4jJndiInjectionTest.java:454:40:454:56 | (...)... | provenance | Sink:MaD:48152 | +| Log4jJndiInjectionTest.java:455:55:455:77 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:455:55:455:77 | new Object[] | provenance | Sink:MaD:2178 | +| Log4jJndiInjectionTest.java:455:55:455:77 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:455:55:455:77 | new Object[] | provenance | Sink:MaD:48152 | | Log4jJndiInjectionTest.java:455:69:455:76 | source(...) : String | Log4jJndiInjectionTest.java:455:55:455:77 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:456:64:456:71 | source(...) : String | Log4jJndiInjectionTest.java:456:55:456:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:457:49:457:56 | source(...) : String | Log4jJndiInjectionTest.java:457:40:457:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:458:79:458:86 | source(...) : String | Log4jJndiInjectionTest.java:458:70:458:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:459:64:459:71 | source(...) : String | Log4jJndiInjectionTest.java:459:55:459:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:460:49:460:56 | source(...) : String | Log4jJndiInjectionTest.java:460:40:460:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:461:94:461:101 | source(...) : String | Log4jJndiInjectionTest.java:461:85:461:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:462:79:462:86 | source(...) : String | Log4jJndiInjectionTest.java:462:70:462:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:463:64:463:71 | source(...) : String | Log4jJndiInjectionTest.java:463:55:463:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:464:49:464:56 | source(...) : String | Log4jJndiInjectionTest.java:464:40:464:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:465:109:465:116 | source(...) : String | Log4jJndiInjectionTest.java:465:100:465:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:466:94:466:101 | source(...) : String | Log4jJndiInjectionTest.java:466:85:466:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:467:79:467:86 | source(...) : String | Log4jJndiInjectionTest.java:467:70:467:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:468:64:468:71 | source(...) : String | Log4jJndiInjectionTest.java:468:55:468:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:469:49:469:56 | source(...) : String | Log4jJndiInjectionTest.java:469:40:469:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:470:124:470:131 | source(...) : String | Log4jJndiInjectionTest.java:470:115:470:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:471:109:471:116 | source(...) : String | Log4jJndiInjectionTest.java:471:100:471:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:472:94:472:101 | source(...) : String | Log4jJndiInjectionTest.java:472:85:472:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:473:79:473:86 | source(...) : String | Log4jJndiInjectionTest.java:473:70:473:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:474:64:474:71 | source(...) : String | Log4jJndiInjectionTest.java:474:55:474:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:475:49:475:56 | source(...) : String | Log4jJndiInjectionTest.java:475:40:475:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:476:139:476:146 | source(...) : String | Log4jJndiInjectionTest.java:476:130:476:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:477:124:477:131 | source(...) : String | Log4jJndiInjectionTest.java:477:115:477:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:478:109:478:116 | source(...) : String | Log4jJndiInjectionTest.java:478:100:478:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:479:94:479:101 | source(...) : String | Log4jJndiInjectionTest.java:479:85:479:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:480:79:480:86 | source(...) : String | Log4jJndiInjectionTest.java:480:70:480:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:481:64:481:71 | source(...) : String | Log4jJndiInjectionTest.java:481:55:481:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:482:49:482:56 | source(...) : String | Log4jJndiInjectionTest.java:482:40:482:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:483:154:483:161 | source(...) : String | Log4jJndiInjectionTest.java:483:145:483:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:484:139:484:146 | source(...) : String | Log4jJndiInjectionTest.java:484:130:484:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:485:124:485:131 | source(...) : String | Log4jJndiInjectionTest.java:485:115:485:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:486:109:486:116 | source(...) : String | Log4jJndiInjectionTest.java:486:100:486:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:487:94:487:101 | source(...) : String | Log4jJndiInjectionTest.java:487:85:487:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:488:79:488:86 | source(...) : String | Log4jJndiInjectionTest.java:488:70:488:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:489:64:489:71 | source(...) : String | Log4jJndiInjectionTest.java:489:55:489:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:490:49:490:56 | source(...) : String | Log4jJndiInjectionTest.java:490:40:490:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:491:169:491:176 | source(...) : String | Log4jJndiInjectionTest.java:491:160:491:176 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:492:154:492:161 | source(...) : String | Log4jJndiInjectionTest.java:492:145:492:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:493:139:493:146 | source(...) : String | Log4jJndiInjectionTest.java:493:130:493:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:494:124:494:131 | source(...) : String | Log4jJndiInjectionTest.java:494:115:494:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:495:109:495:116 | source(...) : String | Log4jJndiInjectionTest.java:495:100:495:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:496:94:496:101 | source(...) : String | Log4jJndiInjectionTest.java:496:85:496:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:497:79:497:86 | source(...) : String | Log4jJndiInjectionTest.java:497:70:497:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:498:64:498:71 | source(...) : String | Log4jJndiInjectionTest.java:498:55:498:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:499:49:499:56 | source(...) : String | Log4jJndiInjectionTest.java:499:40:499:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:500:184:500:191 | source(...) : String | Log4jJndiInjectionTest.java:500:175:500:191 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:501:169:501:176 | source(...) : String | Log4jJndiInjectionTest.java:501:160:501:176 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:502:154:502:161 | source(...) : String | Log4jJndiInjectionTest.java:502:145:502:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:503:139:503:146 | source(...) : String | Log4jJndiInjectionTest.java:503:130:503:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:504:124:504:131 | source(...) : String | Log4jJndiInjectionTest.java:504:115:504:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:505:109:505:116 | source(...) : String | Log4jJndiInjectionTest.java:505:100:505:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:506:94:506:101 | source(...) : String | Log4jJndiInjectionTest.java:506:85:506:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:507:79:507:86 | source(...) : String | Log4jJndiInjectionTest.java:507:70:507:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:508:64:508:71 | source(...) : String | Log4jJndiInjectionTest.java:508:55:508:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:509:49:509:56 | source(...) : String | Log4jJndiInjectionTest.java:509:40:509:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:510:49:510:56 | source(...) : String | Log4jJndiInjectionTest.java:510:40:510:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:511:69:511:76 | source(...) : String | Log4jJndiInjectionTest.java:511:55:511:76 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:512:49:512:56 | source(...) : String | Log4jJndiInjectionTest.java:512:40:512:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:513:54:513:61 | source(...) : String | Log4jJndiInjectionTest.java:513:40:513:61 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:514:54:514:61 | source(...) : String | Log4jJndiInjectionTest.java:514:40:514:61 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:515:43:515:50 | source(...) : String | Log4jJndiInjectionTest.java:515:25:515:50 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:516:43:516:50 | source(...) : String | Log4jJndiInjectionTest.java:516:25:516:50 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:517:35:517:42 | source(...) : String | Log4jJndiInjectionTest.java:517:25:517:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:518:35:518:42 | source(...) : String | Log4jJndiInjectionTest.java:518:25:518:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:521:34:521:41 | source(...) : String | Log4jJndiInjectionTest.java:521:25:521:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:522:34:522:41 | source(...) : String | Log4jJndiInjectionTest.java:522:25:522:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:523:40:523:62 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:523:40:523:62 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:456:64:456:71 | source(...) : String | Log4jJndiInjectionTest.java:456:55:456:71 | (...)... | provenance | Sink:MaD:2168 | +| Log4jJndiInjectionTest.java:456:64:456:71 | source(...) : String | Log4jJndiInjectionTest.java:456:55:456:71 | (...)... | provenance | Sink:MaD:48142 | +| Log4jJndiInjectionTest.java:457:49:457:56 | source(...) : String | Log4jJndiInjectionTest.java:457:40:457:56 | (...)... | provenance | Sink:MaD:2168 | +| Log4jJndiInjectionTest.java:457:49:457:56 | source(...) : String | Log4jJndiInjectionTest.java:457:40:457:56 | (...)... | provenance | Sink:MaD:48142 | +| Log4jJndiInjectionTest.java:458:79:458:86 | source(...) : String | Log4jJndiInjectionTest.java:458:70:458:86 | (...)... | provenance | Sink:MaD:2169 | +| Log4jJndiInjectionTest.java:458:79:458:86 | source(...) : String | Log4jJndiInjectionTest.java:458:70:458:86 | (...)... | provenance | Sink:MaD:48143 | +| Log4jJndiInjectionTest.java:459:64:459:71 | source(...) : String | Log4jJndiInjectionTest.java:459:55:459:71 | (...)... | provenance | Sink:MaD:2169 | +| Log4jJndiInjectionTest.java:459:64:459:71 | source(...) : String | Log4jJndiInjectionTest.java:459:55:459:71 | (...)... | provenance | Sink:MaD:48143 | +| Log4jJndiInjectionTest.java:460:49:460:56 | source(...) : String | Log4jJndiInjectionTest.java:460:40:460:56 | (...)... | provenance | Sink:MaD:2169 | +| Log4jJndiInjectionTest.java:460:49:460:56 | source(...) : String | Log4jJndiInjectionTest.java:460:40:460:56 | (...)... | provenance | Sink:MaD:48143 | +| Log4jJndiInjectionTest.java:461:94:461:101 | source(...) : String | Log4jJndiInjectionTest.java:461:85:461:101 | (...)... | provenance | Sink:MaD:2170 | +| Log4jJndiInjectionTest.java:461:94:461:101 | source(...) : String | Log4jJndiInjectionTest.java:461:85:461:101 | (...)... | provenance | Sink:MaD:48144 | +| Log4jJndiInjectionTest.java:462:79:462:86 | source(...) : String | Log4jJndiInjectionTest.java:462:70:462:86 | (...)... | provenance | Sink:MaD:2170 | +| Log4jJndiInjectionTest.java:462:79:462:86 | source(...) : String | Log4jJndiInjectionTest.java:462:70:462:86 | (...)... | provenance | Sink:MaD:48144 | +| Log4jJndiInjectionTest.java:463:64:463:71 | source(...) : String | Log4jJndiInjectionTest.java:463:55:463:71 | (...)... | provenance | Sink:MaD:2170 | +| Log4jJndiInjectionTest.java:463:64:463:71 | source(...) : String | Log4jJndiInjectionTest.java:463:55:463:71 | (...)... | provenance | Sink:MaD:48144 | +| Log4jJndiInjectionTest.java:464:49:464:56 | source(...) : String | Log4jJndiInjectionTest.java:464:40:464:56 | (...)... | provenance | Sink:MaD:2170 | +| Log4jJndiInjectionTest.java:464:49:464:56 | source(...) : String | Log4jJndiInjectionTest.java:464:40:464:56 | (...)... | provenance | Sink:MaD:48144 | +| Log4jJndiInjectionTest.java:465:109:465:116 | source(...) : String | Log4jJndiInjectionTest.java:465:100:465:116 | (...)... | provenance | Sink:MaD:2171 | +| Log4jJndiInjectionTest.java:465:109:465:116 | source(...) : String | Log4jJndiInjectionTest.java:465:100:465:116 | (...)... | provenance | Sink:MaD:48145 | +| Log4jJndiInjectionTest.java:466:94:466:101 | source(...) : String | Log4jJndiInjectionTest.java:466:85:466:101 | (...)... | provenance | Sink:MaD:2171 | +| Log4jJndiInjectionTest.java:466:94:466:101 | source(...) : String | Log4jJndiInjectionTest.java:466:85:466:101 | (...)... | provenance | Sink:MaD:48145 | +| Log4jJndiInjectionTest.java:467:79:467:86 | source(...) : String | Log4jJndiInjectionTest.java:467:70:467:86 | (...)... | provenance | Sink:MaD:2171 | +| Log4jJndiInjectionTest.java:467:79:467:86 | source(...) : String | Log4jJndiInjectionTest.java:467:70:467:86 | (...)... | provenance | Sink:MaD:48145 | +| Log4jJndiInjectionTest.java:468:64:468:71 | source(...) : String | Log4jJndiInjectionTest.java:468:55:468:71 | (...)... | provenance | Sink:MaD:2171 | +| Log4jJndiInjectionTest.java:468:64:468:71 | source(...) : String | Log4jJndiInjectionTest.java:468:55:468:71 | (...)... | provenance | Sink:MaD:48145 | +| Log4jJndiInjectionTest.java:469:49:469:56 | source(...) : String | Log4jJndiInjectionTest.java:469:40:469:56 | (...)... | provenance | Sink:MaD:2171 | +| Log4jJndiInjectionTest.java:469:49:469:56 | source(...) : String | Log4jJndiInjectionTest.java:469:40:469:56 | (...)... | provenance | Sink:MaD:48145 | +| Log4jJndiInjectionTest.java:470:124:470:131 | source(...) : String | Log4jJndiInjectionTest.java:470:115:470:131 | (...)... | provenance | Sink:MaD:2172 | +| Log4jJndiInjectionTest.java:470:124:470:131 | source(...) : String | Log4jJndiInjectionTest.java:470:115:470:131 | (...)... | provenance | Sink:MaD:48146 | +| Log4jJndiInjectionTest.java:471:109:471:116 | source(...) : String | Log4jJndiInjectionTest.java:471:100:471:116 | (...)... | provenance | Sink:MaD:2172 | +| Log4jJndiInjectionTest.java:471:109:471:116 | source(...) : String | Log4jJndiInjectionTest.java:471:100:471:116 | (...)... | provenance | Sink:MaD:48146 | +| Log4jJndiInjectionTest.java:472:94:472:101 | source(...) : String | Log4jJndiInjectionTest.java:472:85:472:101 | (...)... | provenance | Sink:MaD:2172 | +| Log4jJndiInjectionTest.java:472:94:472:101 | source(...) : String | Log4jJndiInjectionTest.java:472:85:472:101 | (...)... | provenance | Sink:MaD:48146 | +| Log4jJndiInjectionTest.java:473:79:473:86 | source(...) : String | Log4jJndiInjectionTest.java:473:70:473:86 | (...)... | provenance | Sink:MaD:2172 | +| Log4jJndiInjectionTest.java:473:79:473:86 | source(...) : String | Log4jJndiInjectionTest.java:473:70:473:86 | (...)... | provenance | Sink:MaD:48146 | +| Log4jJndiInjectionTest.java:474:64:474:71 | source(...) : String | Log4jJndiInjectionTest.java:474:55:474:71 | (...)... | provenance | Sink:MaD:2172 | +| Log4jJndiInjectionTest.java:474:64:474:71 | source(...) : String | Log4jJndiInjectionTest.java:474:55:474:71 | (...)... | provenance | Sink:MaD:48146 | +| Log4jJndiInjectionTest.java:475:49:475:56 | source(...) : String | Log4jJndiInjectionTest.java:475:40:475:56 | (...)... | provenance | Sink:MaD:2172 | +| Log4jJndiInjectionTest.java:475:49:475:56 | source(...) : String | Log4jJndiInjectionTest.java:475:40:475:56 | (...)... | provenance | Sink:MaD:48146 | +| Log4jJndiInjectionTest.java:476:139:476:146 | source(...) : String | Log4jJndiInjectionTest.java:476:130:476:146 | (...)... | provenance | Sink:MaD:2173 | +| Log4jJndiInjectionTest.java:476:139:476:146 | source(...) : String | Log4jJndiInjectionTest.java:476:130:476:146 | (...)... | provenance | Sink:MaD:48147 | +| Log4jJndiInjectionTest.java:477:124:477:131 | source(...) : String | Log4jJndiInjectionTest.java:477:115:477:131 | (...)... | provenance | Sink:MaD:2173 | +| Log4jJndiInjectionTest.java:477:124:477:131 | source(...) : String | Log4jJndiInjectionTest.java:477:115:477:131 | (...)... | provenance | Sink:MaD:48147 | +| Log4jJndiInjectionTest.java:478:109:478:116 | source(...) : String | Log4jJndiInjectionTest.java:478:100:478:116 | (...)... | provenance | Sink:MaD:2173 | +| Log4jJndiInjectionTest.java:478:109:478:116 | source(...) : String | Log4jJndiInjectionTest.java:478:100:478:116 | (...)... | provenance | Sink:MaD:48147 | +| Log4jJndiInjectionTest.java:479:94:479:101 | source(...) : String | Log4jJndiInjectionTest.java:479:85:479:101 | (...)... | provenance | Sink:MaD:2173 | +| Log4jJndiInjectionTest.java:479:94:479:101 | source(...) : String | Log4jJndiInjectionTest.java:479:85:479:101 | (...)... | provenance | Sink:MaD:48147 | +| Log4jJndiInjectionTest.java:480:79:480:86 | source(...) : String | Log4jJndiInjectionTest.java:480:70:480:86 | (...)... | provenance | Sink:MaD:2173 | +| Log4jJndiInjectionTest.java:480:79:480:86 | source(...) : String | Log4jJndiInjectionTest.java:480:70:480:86 | (...)... | provenance | Sink:MaD:48147 | +| Log4jJndiInjectionTest.java:481:64:481:71 | source(...) : String | Log4jJndiInjectionTest.java:481:55:481:71 | (...)... | provenance | Sink:MaD:2173 | +| Log4jJndiInjectionTest.java:481:64:481:71 | source(...) : String | Log4jJndiInjectionTest.java:481:55:481:71 | (...)... | provenance | Sink:MaD:48147 | +| Log4jJndiInjectionTest.java:482:49:482:56 | source(...) : String | Log4jJndiInjectionTest.java:482:40:482:56 | (...)... | provenance | Sink:MaD:2173 | +| Log4jJndiInjectionTest.java:482:49:482:56 | source(...) : String | Log4jJndiInjectionTest.java:482:40:482:56 | (...)... | provenance | Sink:MaD:48147 | +| Log4jJndiInjectionTest.java:483:154:483:161 | source(...) : String | Log4jJndiInjectionTest.java:483:145:483:161 | (...)... | provenance | Sink:MaD:2174 | +| Log4jJndiInjectionTest.java:483:154:483:161 | source(...) : String | Log4jJndiInjectionTest.java:483:145:483:161 | (...)... | provenance | Sink:MaD:48148 | +| Log4jJndiInjectionTest.java:484:139:484:146 | source(...) : String | Log4jJndiInjectionTest.java:484:130:484:146 | (...)... | provenance | Sink:MaD:2174 | +| Log4jJndiInjectionTest.java:484:139:484:146 | source(...) : String | Log4jJndiInjectionTest.java:484:130:484:146 | (...)... | provenance | Sink:MaD:48148 | +| Log4jJndiInjectionTest.java:485:124:485:131 | source(...) : String | Log4jJndiInjectionTest.java:485:115:485:131 | (...)... | provenance | Sink:MaD:2174 | +| Log4jJndiInjectionTest.java:485:124:485:131 | source(...) : String | Log4jJndiInjectionTest.java:485:115:485:131 | (...)... | provenance | Sink:MaD:48148 | +| Log4jJndiInjectionTest.java:486:109:486:116 | source(...) : String | Log4jJndiInjectionTest.java:486:100:486:116 | (...)... | provenance | Sink:MaD:2174 | +| Log4jJndiInjectionTest.java:486:109:486:116 | source(...) : String | Log4jJndiInjectionTest.java:486:100:486:116 | (...)... | provenance | Sink:MaD:48148 | +| Log4jJndiInjectionTest.java:487:94:487:101 | source(...) : String | Log4jJndiInjectionTest.java:487:85:487:101 | (...)... | provenance | Sink:MaD:2174 | +| Log4jJndiInjectionTest.java:487:94:487:101 | source(...) : String | Log4jJndiInjectionTest.java:487:85:487:101 | (...)... | provenance | Sink:MaD:48148 | +| Log4jJndiInjectionTest.java:488:79:488:86 | source(...) : String | Log4jJndiInjectionTest.java:488:70:488:86 | (...)... | provenance | Sink:MaD:2174 | +| Log4jJndiInjectionTest.java:488:79:488:86 | source(...) : String | Log4jJndiInjectionTest.java:488:70:488:86 | (...)... | provenance | Sink:MaD:48148 | +| Log4jJndiInjectionTest.java:489:64:489:71 | source(...) : String | Log4jJndiInjectionTest.java:489:55:489:71 | (...)... | provenance | Sink:MaD:2174 | +| Log4jJndiInjectionTest.java:489:64:489:71 | source(...) : String | Log4jJndiInjectionTest.java:489:55:489:71 | (...)... | provenance | Sink:MaD:48148 | +| Log4jJndiInjectionTest.java:490:49:490:56 | source(...) : String | Log4jJndiInjectionTest.java:490:40:490:56 | (...)... | provenance | Sink:MaD:2174 | +| Log4jJndiInjectionTest.java:490:49:490:56 | source(...) : String | Log4jJndiInjectionTest.java:490:40:490:56 | (...)... | provenance | Sink:MaD:48148 | +| Log4jJndiInjectionTest.java:491:169:491:176 | source(...) : String | Log4jJndiInjectionTest.java:491:160:491:176 | (...)... | provenance | Sink:MaD:2175 | +| Log4jJndiInjectionTest.java:491:169:491:176 | source(...) : String | Log4jJndiInjectionTest.java:491:160:491:176 | (...)... | provenance | Sink:MaD:48149 | +| Log4jJndiInjectionTest.java:492:154:492:161 | source(...) : String | Log4jJndiInjectionTest.java:492:145:492:161 | (...)... | provenance | Sink:MaD:2175 | +| Log4jJndiInjectionTest.java:492:154:492:161 | source(...) : String | Log4jJndiInjectionTest.java:492:145:492:161 | (...)... | provenance | Sink:MaD:48149 | +| Log4jJndiInjectionTest.java:493:139:493:146 | source(...) : String | Log4jJndiInjectionTest.java:493:130:493:146 | (...)... | provenance | Sink:MaD:2175 | +| Log4jJndiInjectionTest.java:493:139:493:146 | source(...) : String | Log4jJndiInjectionTest.java:493:130:493:146 | (...)... | provenance | Sink:MaD:48149 | +| Log4jJndiInjectionTest.java:494:124:494:131 | source(...) : String | Log4jJndiInjectionTest.java:494:115:494:131 | (...)... | provenance | Sink:MaD:2175 | +| Log4jJndiInjectionTest.java:494:124:494:131 | source(...) : String | Log4jJndiInjectionTest.java:494:115:494:131 | (...)... | provenance | Sink:MaD:48149 | +| Log4jJndiInjectionTest.java:495:109:495:116 | source(...) : String | Log4jJndiInjectionTest.java:495:100:495:116 | (...)... | provenance | Sink:MaD:2175 | +| Log4jJndiInjectionTest.java:495:109:495:116 | source(...) : String | Log4jJndiInjectionTest.java:495:100:495:116 | (...)... | provenance | Sink:MaD:48149 | +| Log4jJndiInjectionTest.java:496:94:496:101 | source(...) : String | Log4jJndiInjectionTest.java:496:85:496:101 | (...)... | provenance | Sink:MaD:2175 | +| Log4jJndiInjectionTest.java:496:94:496:101 | source(...) : String | Log4jJndiInjectionTest.java:496:85:496:101 | (...)... | provenance | Sink:MaD:48149 | +| Log4jJndiInjectionTest.java:497:79:497:86 | source(...) : String | Log4jJndiInjectionTest.java:497:70:497:86 | (...)... | provenance | Sink:MaD:2175 | +| Log4jJndiInjectionTest.java:497:79:497:86 | source(...) : String | Log4jJndiInjectionTest.java:497:70:497:86 | (...)... | provenance | Sink:MaD:48149 | +| Log4jJndiInjectionTest.java:498:64:498:71 | source(...) : String | Log4jJndiInjectionTest.java:498:55:498:71 | (...)... | provenance | Sink:MaD:2175 | +| Log4jJndiInjectionTest.java:498:64:498:71 | source(...) : String | Log4jJndiInjectionTest.java:498:55:498:71 | (...)... | provenance | Sink:MaD:48149 | +| Log4jJndiInjectionTest.java:499:49:499:56 | source(...) : String | Log4jJndiInjectionTest.java:499:40:499:56 | (...)... | provenance | Sink:MaD:2175 | +| Log4jJndiInjectionTest.java:499:49:499:56 | source(...) : String | Log4jJndiInjectionTest.java:499:40:499:56 | (...)... | provenance | Sink:MaD:48149 | +| Log4jJndiInjectionTest.java:500:184:500:191 | source(...) : String | Log4jJndiInjectionTest.java:500:175:500:191 | (...)... | provenance | Sink:MaD:2176 | +| Log4jJndiInjectionTest.java:500:184:500:191 | source(...) : String | Log4jJndiInjectionTest.java:500:175:500:191 | (...)... | provenance | Sink:MaD:48150 | +| Log4jJndiInjectionTest.java:501:169:501:176 | source(...) : String | Log4jJndiInjectionTest.java:501:160:501:176 | (...)... | provenance | Sink:MaD:2176 | +| Log4jJndiInjectionTest.java:501:169:501:176 | source(...) : String | Log4jJndiInjectionTest.java:501:160:501:176 | (...)... | provenance | Sink:MaD:48150 | +| Log4jJndiInjectionTest.java:502:154:502:161 | source(...) : String | Log4jJndiInjectionTest.java:502:145:502:161 | (...)... | provenance | Sink:MaD:2176 | +| Log4jJndiInjectionTest.java:502:154:502:161 | source(...) : String | Log4jJndiInjectionTest.java:502:145:502:161 | (...)... | provenance | Sink:MaD:48150 | +| Log4jJndiInjectionTest.java:503:139:503:146 | source(...) : String | Log4jJndiInjectionTest.java:503:130:503:146 | (...)... | provenance | Sink:MaD:2176 | +| Log4jJndiInjectionTest.java:503:139:503:146 | source(...) : String | Log4jJndiInjectionTest.java:503:130:503:146 | (...)... | provenance | Sink:MaD:48150 | +| Log4jJndiInjectionTest.java:504:124:504:131 | source(...) : String | Log4jJndiInjectionTest.java:504:115:504:131 | (...)... | provenance | Sink:MaD:2176 | +| Log4jJndiInjectionTest.java:504:124:504:131 | source(...) : String | Log4jJndiInjectionTest.java:504:115:504:131 | (...)... | provenance | Sink:MaD:48150 | +| Log4jJndiInjectionTest.java:505:109:505:116 | source(...) : String | Log4jJndiInjectionTest.java:505:100:505:116 | (...)... | provenance | Sink:MaD:2176 | +| Log4jJndiInjectionTest.java:505:109:505:116 | source(...) : String | Log4jJndiInjectionTest.java:505:100:505:116 | (...)... | provenance | Sink:MaD:48150 | +| Log4jJndiInjectionTest.java:506:94:506:101 | source(...) : String | Log4jJndiInjectionTest.java:506:85:506:101 | (...)... | provenance | Sink:MaD:2176 | +| Log4jJndiInjectionTest.java:506:94:506:101 | source(...) : String | Log4jJndiInjectionTest.java:506:85:506:101 | (...)... | provenance | Sink:MaD:48150 | +| Log4jJndiInjectionTest.java:507:79:507:86 | source(...) : String | Log4jJndiInjectionTest.java:507:70:507:86 | (...)... | provenance | Sink:MaD:2176 | +| Log4jJndiInjectionTest.java:507:79:507:86 | source(...) : String | Log4jJndiInjectionTest.java:507:70:507:86 | (...)... | provenance | Sink:MaD:48150 | +| Log4jJndiInjectionTest.java:508:64:508:71 | source(...) : String | Log4jJndiInjectionTest.java:508:55:508:71 | (...)... | provenance | Sink:MaD:2176 | +| Log4jJndiInjectionTest.java:508:64:508:71 | source(...) : String | Log4jJndiInjectionTest.java:508:55:508:71 | (...)... | provenance | Sink:MaD:48150 | +| Log4jJndiInjectionTest.java:509:49:509:56 | source(...) : String | Log4jJndiInjectionTest.java:509:40:509:56 | (...)... | provenance | Sink:MaD:2176 | +| Log4jJndiInjectionTest.java:509:49:509:56 | source(...) : String | Log4jJndiInjectionTest.java:509:40:509:56 | (...)... | provenance | Sink:MaD:48150 | +| Log4jJndiInjectionTest.java:510:49:510:56 | source(...) : String | Log4jJndiInjectionTest.java:510:40:510:56 | (...)... | provenance | Sink:MaD:2168 | +| Log4jJndiInjectionTest.java:510:49:510:56 | source(...) : String | Log4jJndiInjectionTest.java:510:40:510:56 | (...)... | provenance | Sink:MaD:48142 | +| Log4jJndiInjectionTest.java:511:69:511:76 | source(...) : String | Log4jJndiInjectionTest.java:511:55:511:76 | (...)... | provenance | Sink:MaD:2168 | +| Log4jJndiInjectionTest.java:511:69:511:76 | source(...) : String | Log4jJndiInjectionTest.java:511:55:511:76 | (...)... | provenance | Sink:MaD:48142 | +| Log4jJndiInjectionTest.java:512:49:512:56 | source(...) : String | Log4jJndiInjectionTest.java:512:40:512:56 | (...)... | provenance | Sink:MaD:2180 | +| Log4jJndiInjectionTest.java:512:49:512:56 | source(...) : String | Log4jJndiInjectionTest.java:512:40:512:56 | (...)... | provenance | Sink:MaD:48154 | +| Log4jJndiInjectionTest.java:513:54:513:61 | source(...) : String | Log4jJndiInjectionTest.java:513:40:513:61 | (...)... | provenance | Sink:MaD:2181 | +| Log4jJndiInjectionTest.java:513:54:513:61 | source(...) : String | Log4jJndiInjectionTest.java:513:40:513:61 | (...)... | provenance | Sink:MaD:48155 | +| Log4jJndiInjectionTest.java:514:54:514:61 | source(...) : String | Log4jJndiInjectionTest.java:514:40:514:61 | (...)... | provenance | Sink:MaD:2182 | +| Log4jJndiInjectionTest.java:514:54:514:61 | source(...) : String | Log4jJndiInjectionTest.java:514:40:514:61 | (...)... | provenance | Sink:MaD:48156 | +| Log4jJndiInjectionTest.java:515:43:515:50 | source(...) : String | Log4jJndiInjectionTest.java:515:25:515:50 | (...)... | provenance | Sink:MaD:2185 | +| Log4jJndiInjectionTest.java:515:43:515:50 | source(...) : String | Log4jJndiInjectionTest.java:515:25:515:50 | (...)... | provenance | Sink:MaD:48159 | +| Log4jJndiInjectionTest.java:516:43:516:50 | source(...) : String | Log4jJndiInjectionTest.java:516:25:516:50 | (...)... | provenance | Sink:MaD:2186 | +| Log4jJndiInjectionTest.java:516:43:516:50 | source(...) : String | Log4jJndiInjectionTest.java:516:25:516:50 | (...)... | provenance | Sink:MaD:48160 | +| Log4jJndiInjectionTest.java:517:35:517:42 | source(...) : String | Log4jJndiInjectionTest.java:517:25:517:42 | (...)... | provenance | Sink:MaD:2183 | +| Log4jJndiInjectionTest.java:517:35:517:42 | source(...) : String | Log4jJndiInjectionTest.java:517:25:517:42 | (...)... | provenance | Sink:MaD:48157 | +| Log4jJndiInjectionTest.java:518:35:518:42 | source(...) : String | Log4jJndiInjectionTest.java:518:25:518:42 | (...)... | provenance | Sink:MaD:2184 | +| Log4jJndiInjectionTest.java:518:35:518:42 | source(...) : String | Log4jJndiInjectionTest.java:518:25:518:42 | (...)... | provenance | Sink:MaD:48158 | +| Log4jJndiInjectionTest.java:521:34:521:41 | source(...) : String | Log4jJndiInjectionTest.java:521:25:521:41 | (...)... | provenance | Sink:MaD:2189 | +| Log4jJndiInjectionTest.java:521:34:521:41 | source(...) : String | Log4jJndiInjectionTest.java:521:25:521:41 | (...)... | provenance | Sink:MaD:48163 | +| Log4jJndiInjectionTest.java:522:34:522:41 | source(...) : String | Log4jJndiInjectionTest.java:522:25:522:41 | (...)... | provenance | Sink:MaD:2200 | +| Log4jJndiInjectionTest.java:522:34:522:41 | source(...) : String | Log4jJndiInjectionTest.java:522:25:522:41 | (...)... | provenance | Sink:MaD:48174 | +| Log4jJndiInjectionTest.java:523:40:523:62 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:523:40:523:62 | new Object[] | provenance | Sink:MaD:2200 | +| Log4jJndiInjectionTest.java:523:40:523:62 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:523:40:523:62 | new Object[] | provenance | Sink:MaD:48174 | | Log4jJndiInjectionTest.java:523:54:523:61 | source(...) : String | Log4jJndiInjectionTest.java:523:40:523:62 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:524:49:524:56 | source(...) : String | Log4jJndiInjectionTest.java:524:40:524:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:525:34:525:41 | source(...) : String | Log4jJndiInjectionTest.java:525:25:525:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:526:64:526:71 | source(...) : String | Log4jJndiInjectionTest.java:526:55:526:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:527:49:527:56 | source(...) : String | Log4jJndiInjectionTest.java:527:40:527:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:528:34:528:41 | source(...) : String | Log4jJndiInjectionTest.java:528:25:528:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:529:79:529:86 | source(...) : String | Log4jJndiInjectionTest.java:529:70:529:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:530:64:530:71 | source(...) : String | Log4jJndiInjectionTest.java:530:55:530:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:531:49:531:56 | source(...) : String | Log4jJndiInjectionTest.java:531:40:531:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:532:34:532:41 | source(...) : String | Log4jJndiInjectionTest.java:532:25:532:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:533:94:533:101 | source(...) : String | Log4jJndiInjectionTest.java:533:85:533:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:534:79:534:86 | source(...) : String | Log4jJndiInjectionTest.java:534:70:534:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:535:64:535:71 | source(...) : String | Log4jJndiInjectionTest.java:535:55:535:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:536:49:536:56 | source(...) : String | Log4jJndiInjectionTest.java:536:40:536:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:537:34:537:41 | source(...) : String | Log4jJndiInjectionTest.java:537:25:537:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:538:109:538:116 | source(...) : String | Log4jJndiInjectionTest.java:538:100:538:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:539:94:539:101 | source(...) : String | Log4jJndiInjectionTest.java:539:85:539:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:540:79:540:86 | source(...) : String | Log4jJndiInjectionTest.java:540:70:540:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:541:64:541:71 | source(...) : String | Log4jJndiInjectionTest.java:541:55:541:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:542:49:542:56 | source(...) : String | Log4jJndiInjectionTest.java:542:40:542:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:543:34:543:41 | source(...) : String | Log4jJndiInjectionTest.java:543:25:543:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:544:124:544:131 | source(...) : String | Log4jJndiInjectionTest.java:544:115:544:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:545:109:545:116 | source(...) : String | Log4jJndiInjectionTest.java:545:100:545:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:546:94:546:101 | source(...) : String | Log4jJndiInjectionTest.java:546:85:546:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:547:79:547:86 | source(...) : String | Log4jJndiInjectionTest.java:547:70:547:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:548:64:548:71 | source(...) : String | Log4jJndiInjectionTest.java:548:55:548:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:549:49:549:56 | source(...) : String | Log4jJndiInjectionTest.java:549:40:549:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:550:34:550:41 | source(...) : String | Log4jJndiInjectionTest.java:550:25:550:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:551:139:551:146 | source(...) : String | Log4jJndiInjectionTest.java:551:130:551:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:552:124:552:131 | source(...) : String | Log4jJndiInjectionTest.java:552:115:552:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:553:109:553:116 | source(...) : String | Log4jJndiInjectionTest.java:553:100:553:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:554:94:554:101 | source(...) : String | Log4jJndiInjectionTest.java:554:85:554:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:555:79:555:86 | source(...) : String | Log4jJndiInjectionTest.java:555:70:555:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:556:64:556:71 | source(...) : String | Log4jJndiInjectionTest.java:556:55:556:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:557:49:557:56 | source(...) : String | Log4jJndiInjectionTest.java:557:40:557:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:558:34:558:41 | source(...) : String | Log4jJndiInjectionTest.java:558:25:558:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:559:154:559:161 | source(...) : String | Log4jJndiInjectionTest.java:559:145:559:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:560:139:560:146 | source(...) : String | Log4jJndiInjectionTest.java:560:130:560:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:561:124:561:131 | source(...) : String | Log4jJndiInjectionTest.java:561:115:561:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:562:109:562:116 | source(...) : String | Log4jJndiInjectionTest.java:562:100:562:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:563:94:563:101 | source(...) : String | Log4jJndiInjectionTest.java:563:85:563:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:564:79:564:86 | source(...) : String | Log4jJndiInjectionTest.java:564:70:564:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:565:64:565:71 | source(...) : String | Log4jJndiInjectionTest.java:565:55:565:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:566:49:566:56 | source(...) : String | Log4jJndiInjectionTest.java:566:40:566:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:567:34:567:41 | source(...) : String | Log4jJndiInjectionTest.java:567:25:567:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:568:169:568:176 | source(...) : String | Log4jJndiInjectionTest.java:568:160:568:176 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:569:154:569:161 | source(...) : String | Log4jJndiInjectionTest.java:569:145:569:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:570:139:570:146 | source(...) : String | Log4jJndiInjectionTest.java:570:130:570:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:571:124:571:131 | source(...) : String | Log4jJndiInjectionTest.java:571:115:571:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:572:109:572:116 | source(...) : String | Log4jJndiInjectionTest.java:572:100:572:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:573:94:573:101 | source(...) : String | Log4jJndiInjectionTest.java:573:85:573:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:574:79:574:86 | source(...) : String | Log4jJndiInjectionTest.java:574:70:574:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:575:64:575:71 | source(...) : String | Log4jJndiInjectionTest.java:575:55:575:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:576:49:576:56 | source(...) : String | Log4jJndiInjectionTest.java:576:40:576:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:577:34:577:41 | source(...) : String | Log4jJndiInjectionTest.java:577:25:577:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:578:34:578:41 | source(...) : String | Log4jJndiInjectionTest.java:578:25:578:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:579:54:579:61 | source(...) : String | Log4jJndiInjectionTest.java:579:40:579:61 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:580:34:580:41 | source(...) : String | Log4jJndiInjectionTest.java:580:25:580:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:581:39:581:46 | source(...) : String | Log4jJndiInjectionTest.java:581:25:581:46 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:582:39:582:46 | source(...) : String | Log4jJndiInjectionTest.java:582:25:582:46 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:583:53:583:60 | source(...) : String | Log4jJndiInjectionTest.java:583:38:583:60 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:584:53:584:60 | source(...) : String | Log4jJndiInjectionTest.java:584:38:584:60 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:585:68:585:75 | source(...) : String | Log4jJndiInjectionTest.java:585:53:585:75 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:586:68:586:75 | source(...) : String | Log4jJndiInjectionTest.java:586:53:586:75 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:587:63:587:70 | source(...) : String | Log4jJndiInjectionTest.java:587:53:587:70 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:588:71:588:78 | source(...) : String | Log4jJndiInjectionTest.java:588:53:588:78 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:589:71:589:78 | source(...) : String | Log4jJndiInjectionTest.java:589:53:589:78 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:591:62:591:69 | source(...) : String | Log4jJndiInjectionTest.java:591:53:591:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:592:62:592:69 | source(...) : String | Log4jJndiInjectionTest.java:592:53:592:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:593:68:593:90 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:593:68:593:90 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:524:49:524:56 | source(...) : String | Log4jJndiInjectionTest.java:524:40:524:56 | (...)... | provenance | Sink:MaD:2190 | +| Log4jJndiInjectionTest.java:524:49:524:56 | source(...) : String | Log4jJndiInjectionTest.java:524:40:524:56 | (...)... | provenance | Sink:MaD:48164 | +| Log4jJndiInjectionTest.java:525:34:525:41 | source(...) : String | Log4jJndiInjectionTest.java:525:25:525:41 | (...)... | provenance | Sink:MaD:2190 | +| Log4jJndiInjectionTest.java:525:34:525:41 | source(...) : String | Log4jJndiInjectionTest.java:525:25:525:41 | (...)... | provenance | Sink:MaD:48164 | +| Log4jJndiInjectionTest.java:526:64:526:71 | source(...) : String | Log4jJndiInjectionTest.java:526:55:526:71 | (...)... | provenance | Sink:MaD:2191 | +| Log4jJndiInjectionTest.java:526:64:526:71 | source(...) : String | Log4jJndiInjectionTest.java:526:55:526:71 | (...)... | provenance | Sink:MaD:48165 | +| Log4jJndiInjectionTest.java:527:49:527:56 | source(...) : String | Log4jJndiInjectionTest.java:527:40:527:56 | (...)... | provenance | Sink:MaD:2191 | +| Log4jJndiInjectionTest.java:527:49:527:56 | source(...) : String | Log4jJndiInjectionTest.java:527:40:527:56 | (...)... | provenance | Sink:MaD:48165 | +| Log4jJndiInjectionTest.java:528:34:528:41 | source(...) : String | Log4jJndiInjectionTest.java:528:25:528:41 | (...)... | provenance | Sink:MaD:2191 | +| Log4jJndiInjectionTest.java:528:34:528:41 | source(...) : String | Log4jJndiInjectionTest.java:528:25:528:41 | (...)... | provenance | Sink:MaD:48165 | +| Log4jJndiInjectionTest.java:529:79:529:86 | source(...) : String | Log4jJndiInjectionTest.java:529:70:529:86 | (...)... | provenance | Sink:MaD:2192 | +| Log4jJndiInjectionTest.java:529:79:529:86 | source(...) : String | Log4jJndiInjectionTest.java:529:70:529:86 | (...)... | provenance | Sink:MaD:48166 | +| Log4jJndiInjectionTest.java:530:64:530:71 | source(...) : String | Log4jJndiInjectionTest.java:530:55:530:71 | (...)... | provenance | Sink:MaD:2192 | +| Log4jJndiInjectionTest.java:530:64:530:71 | source(...) : String | Log4jJndiInjectionTest.java:530:55:530:71 | (...)... | provenance | Sink:MaD:48166 | +| Log4jJndiInjectionTest.java:531:49:531:56 | source(...) : String | Log4jJndiInjectionTest.java:531:40:531:56 | (...)... | provenance | Sink:MaD:2192 | +| Log4jJndiInjectionTest.java:531:49:531:56 | source(...) : String | Log4jJndiInjectionTest.java:531:40:531:56 | (...)... | provenance | Sink:MaD:48166 | +| Log4jJndiInjectionTest.java:532:34:532:41 | source(...) : String | Log4jJndiInjectionTest.java:532:25:532:41 | (...)... | provenance | Sink:MaD:2192 | +| Log4jJndiInjectionTest.java:532:34:532:41 | source(...) : String | Log4jJndiInjectionTest.java:532:25:532:41 | (...)... | provenance | Sink:MaD:48166 | +| Log4jJndiInjectionTest.java:533:94:533:101 | source(...) : String | Log4jJndiInjectionTest.java:533:85:533:101 | (...)... | provenance | Sink:MaD:2193 | +| Log4jJndiInjectionTest.java:533:94:533:101 | source(...) : String | Log4jJndiInjectionTest.java:533:85:533:101 | (...)... | provenance | Sink:MaD:48167 | +| Log4jJndiInjectionTest.java:534:79:534:86 | source(...) : String | Log4jJndiInjectionTest.java:534:70:534:86 | (...)... | provenance | Sink:MaD:2193 | +| Log4jJndiInjectionTest.java:534:79:534:86 | source(...) : String | Log4jJndiInjectionTest.java:534:70:534:86 | (...)... | provenance | Sink:MaD:48167 | +| Log4jJndiInjectionTest.java:535:64:535:71 | source(...) : String | Log4jJndiInjectionTest.java:535:55:535:71 | (...)... | provenance | Sink:MaD:2193 | +| Log4jJndiInjectionTest.java:535:64:535:71 | source(...) : String | Log4jJndiInjectionTest.java:535:55:535:71 | (...)... | provenance | Sink:MaD:48167 | +| Log4jJndiInjectionTest.java:536:49:536:56 | source(...) : String | Log4jJndiInjectionTest.java:536:40:536:56 | (...)... | provenance | Sink:MaD:2193 | +| Log4jJndiInjectionTest.java:536:49:536:56 | source(...) : String | Log4jJndiInjectionTest.java:536:40:536:56 | (...)... | provenance | Sink:MaD:48167 | +| Log4jJndiInjectionTest.java:537:34:537:41 | source(...) : String | Log4jJndiInjectionTest.java:537:25:537:41 | (...)... | provenance | Sink:MaD:2193 | +| Log4jJndiInjectionTest.java:537:34:537:41 | source(...) : String | Log4jJndiInjectionTest.java:537:25:537:41 | (...)... | provenance | Sink:MaD:48167 | +| Log4jJndiInjectionTest.java:538:109:538:116 | source(...) : String | Log4jJndiInjectionTest.java:538:100:538:116 | (...)... | provenance | Sink:MaD:2194 | +| Log4jJndiInjectionTest.java:538:109:538:116 | source(...) : String | Log4jJndiInjectionTest.java:538:100:538:116 | (...)... | provenance | Sink:MaD:48168 | +| Log4jJndiInjectionTest.java:539:94:539:101 | source(...) : String | Log4jJndiInjectionTest.java:539:85:539:101 | (...)... | provenance | Sink:MaD:2194 | +| Log4jJndiInjectionTest.java:539:94:539:101 | source(...) : String | Log4jJndiInjectionTest.java:539:85:539:101 | (...)... | provenance | Sink:MaD:48168 | +| Log4jJndiInjectionTest.java:540:79:540:86 | source(...) : String | Log4jJndiInjectionTest.java:540:70:540:86 | (...)... | provenance | Sink:MaD:2194 | +| Log4jJndiInjectionTest.java:540:79:540:86 | source(...) : String | Log4jJndiInjectionTest.java:540:70:540:86 | (...)... | provenance | Sink:MaD:48168 | +| Log4jJndiInjectionTest.java:541:64:541:71 | source(...) : String | Log4jJndiInjectionTest.java:541:55:541:71 | (...)... | provenance | Sink:MaD:2194 | +| Log4jJndiInjectionTest.java:541:64:541:71 | source(...) : String | Log4jJndiInjectionTest.java:541:55:541:71 | (...)... | provenance | Sink:MaD:48168 | +| Log4jJndiInjectionTest.java:542:49:542:56 | source(...) : String | Log4jJndiInjectionTest.java:542:40:542:56 | (...)... | provenance | Sink:MaD:2194 | +| Log4jJndiInjectionTest.java:542:49:542:56 | source(...) : String | Log4jJndiInjectionTest.java:542:40:542:56 | (...)... | provenance | Sink:MaD:48168 | +| Log4jJndiInjectionTest.java:543:34:543:41 | source(...) : String | Log4jJndiInjectionTest.java:543:25:543:41 | (...)... | provenance | Sink:MaD:2194 | +| Log4jJndiInjectionTest.java:543:34:543:41 | source(...) : String | Log4jJndiInjectionTest.java:543:25:543:41 | (...)... | provenance | Sink:MaD:48168 | +| Log4jJndiInjectionTest.java:544:124:544:131 | source(...) : String | Log4jJndiInjectionTest.java:544:115:544:131 | (...)... | provenance | Sink:MaD:2195 | +| Log4jJndiInjectionTest.java:544:124:544:131 | source(...) : String | Log4jJndiInjectionTest.java:544:115:544:131 | (...)... | provenance | Sink:MaD:48169 | +| Log4jJndiInjectionTest.java:545:109:545:116 | source(...) : String | Log4jJndiInjectionTest.java:545:100:545:116 | (...)... | provenance | Sink:MaD:2195 | +| Log4jJndiInjectionTest.java:545:109:545:116 | source(...) : String | Log4jJndiInjectionTest.java:545:100:545:116 | (...)... | provenance | Sink:MaD:48169 | +| Log4jJndiInjectionTest.java:546:94:546:101 | source(...) : String | Log4jJndiInjectionTest.java:546:85:546:101 | (...)... | provenance | Sink:MaD:2195 | +| Log4jJndiInjectionTest.java:546:94:546:101 | source(...) : String | Log4jJndiInjectionTest.java:546:85:546:101 | (...)... | provenance | Sink:MaD:48169 | +| Log4jJndiInjectionTest.java:547:79:547:86 | source(...) : String | Log4jJndiInjectionTest.java:547:70:547:86 | (...)... | provenance | Sink:MaD:2195 | +| Log4jJndiInjectionTest.java:547:79:547:86 | source(...) : String | Log4jJndiInjectionTest.java:547:70:547:86 | (...)... | provenance | Sink:MaD:48169 | +| Log4jJndiInjectionTest.java:548:64:548:71 | source(...) : String | Log4jJndiInjectionTest.java:548:55:548:71 | (...)... | provenance | Sink:MaD:2195 | +| Log4jJndiInjectionTest.java:548:64:548:71 | source(...) : String | Log4jJndiInjectionTest.java:548:55:548:71 | (...)... | provenance | Sink:MaD:48169 | +| Log4jJndiInjectionTest.java:549:49:549:56 | source(...) : String | Log4jJndiInjectionTest.java:549:40:549:56 | (...)... | provenance | Sink:MaD:2195 | +| Log4jJndiInjectionTest.java:549:49:549:56 | source(...) : String | Log4jJndiInjectionTest.java:549:40:549:56 | (...)... | provenance | Sink:MaD:48169 | +| Log4jJndiInjectionTest.java:550:34:550:41 | source(...) : String | Log4jJndiInjectionTest.java:550:25:550:41 | (...)... | provenance | Sink:MaD:2195 | +| Log4jJndiInjectionTest.java:550:34:550:41 | source(...) : String | Log4jJndiInjectionTest.java:550:25:550:41 | (...)... | provenance | Sink:MaD:48169 | +| Log4jJndiInjectionTest.java:551:139:551:146 | source(...) : String | Log4jJndiInjectionTest.java:551:130:551:146 | (...)... | provenance | Sink:MaD:2196 | +| Log4jJndiInjectionTest.java:551:139:551:146 | source(...) : String | Log4jJndiInjectionTest.java:551:130:551:146 | (...)... | provenance | Sink:MaD:48170 | +| Log4jJndiInjectionTest.java:552:124:552:131 | source(...) : String | Log4jJndiInjectionTest.java:552:115:552:131 | (...)... | provenance | Sink:MaD:2196 | +| Log4jJndiInjectionTest.java:552:124:552:131 | source(...) : String | Log4jJndiInjectionTest.java:552:115:552:131 | (...)... | provenance | Sink:MaD:48170 | +| Log4jJndiInjectionTest.java:553:109:553:116 | source(...) : String | Log4jJndiInjectionTest.java:553:100:553:116 | (...)... | provenance | Sink:MaD:2196 | +| Log4jJndiInjectionTest.java:553:109:553:116 | source(...) : String | Log4jJndiInjectionTest.java:553:100:553:116 | (...)... | provenance | Sink:MaD:48170 | +| Log4jJndiInjectionTest.java:554:94:554:101 | source(...) : String | Log4jJndiInjectionTest.java:554:85:554:101 | (...)... | provenance | Sink:MaD:2196 | +| Log4jJndiInjectionTest.java:554:94:554:101 | source(...) : String | Log4jJndiInjectionTest.java:554:85:554:101 | (...)... | provenance | Sink:MaD:48170 | +| Log4jJndiInjectionTest.java:555:79:555:86 | source(...) : String | Log4jJndiInjectionTest.java:555:70:555:86 | (...)... | provenance | Sink:MaD:2196 | +| Log4jJndiInjectionTest.java:555:79:555:86 | source(...) : String | Log4jJndiInjectionTest.java:555:70:555:86 | (...)... | provenance | Sink:MaD:48170 | +| Log4jJndiInjectionTest.java:556:64:556:71 | source(...) : String | Log4jJndiInjectionTest.java:556:55:556:71 | (...)... | provenance | Sink:MaD:2196 | +| Log4jJndiInjectionTest.java:556:64:556:71 | source(...) : String | Log4jJndiInjectionTest.java:556:55:556:71 | (...)... | provenance | Sink:MaD:48170 | +| Log4jJndiInjectionTest.java:557:49:557:56 | source(...) : String | Log4jJndiInjectionTest.java:557:40:557:56 | (...)... | provenance | Sink:MaD:2196 | +| Log4jJndiInjectionTest.java:557:49:557:56 | source(...) : String | Log4jJndiInjectionTest.java:557:40:557:56 | (...)... | provenance | Sink:MaD:48170 | +| Log4jJndiInjectionTest.java:558:34:558:41 | source(...) : String | Log4jJndiInjectionTest.java:558:25:558:41 | (...)... | provenance | Sink:MaD:2196 | +| Log4jJndiInjectionTest.java:558:34:558:41 | source(...) : String | Log4jJndiInjectionTest.java:558:25:558:41 | (...)... | provenance | Sink:MaD:48170 | +| Log4jJndiInjectionTest.java:559:154:559:161 | source(...) : String | Log4jJndiInjectionTest.java:559:145:559:161 | (...)... | provenance | Sink:MaD:2197 | +| Log4jJndiInjectionTest.java:559:154:559:161 | source(...) : String | Log4jJndiInjectionTest.java:559:145:559:161 | (...)... | provenance | Sink:MaD:48171 | +| Log4jJndiInjectionTest.java:560:139:560:146 | source(...) : String | Log4jJndiInjectionTest.java:560:130:560:146 | (...)... | provenance | Sink:MaD:2197 | +| Log4jJndiInjectionTest.java:560:139:560:146 | source(...) : String | Log4jJndiInjectionTest.java:560:130:560:146 | (...)... | provenance | Sink:MaD:48171 | +| Log4jJndiInjectionTest.java:561:124:561:131 | source(...) : String | Log4jJndiInjectionTest.java:561:115:561:131 | (...)... | provenance | Sink:MaD:2197 | +| Log4jJndiInjectionTest.java:561:124:561:131 | source(...) : String | Log4jJndiInjectionTest.java:561:115:561:131 | (...)... | provenance | Sink:MaD:48171 | +| Log4jJndiInjectionTest.java:562:109:562:116 | source(...) : String | Log4jJndiInjectionTest.java:562:100:562:116 | (...)... | provenance | Sink:MaD:2197 | +| Log4jJndiInjectionTest.java:562:109:562:116 | source(...) : String | Log4jJndiInjectionTest.java:562:100:562:116 | (...)... | provenance | Sink:MaD:48171 | +| Log4jJndiInjectionTest.java:563:94:563:101 | source(...) : String | Log4jJndiInjectionTest.java:563:85:563:101 | (...)... | provenance | Sink:MaD:2197 | +| Log4jJndiInjectionTest.java:563:94:563:101 | source(...) : String | Log4jJndiInjectionTest.java:563:85:563:101 | (...)... | provenance | Sink:MaD:48171 | +| Log4jJndiInjectionTest.java:564:79:564:86 | source(...) : String | Log4jJndiInjectionTest.java:564:70:564:86 | (...)... | provenance | Sink:MaD:2197 | +| Log4jJndiInjectionTest.java:564:79:564:86 | source(...) : String | Log4jJndiInjectionTest.java:564:70:564:86 | (...)... | provenance | Sink:MaD:48171 | +| Log4jJndiInjectionTest.java:565:64:565:71 | source(...) : String | Log4jJndiInjectionTest.java:565:55:565:71 | (...)... | provenance | Sink:MaD:2197 | +| Log4jJndiInjectionTest.java:565:64:565:71 | source(...) : String | Log4jJndiInjectionTest.java:565:55:565:71 | (...)... | provenance | Sink:MaD:48171 | +| Log4jJndiInjectionTest.java:566:49:566:56 | source(...) : String | Log4jJndiInjectionTest.java:566:40:566:56 | (...)... | provenance | Sink:MaD:2197 | +| Log4jJndiInjectionTest.java:566:49:566:56 | source(...) : String | Log4jJndiInjectionTest.java:566:40:566:56 | (...)... | provenance | Sink:MaD:48171 | +| Log4jJndiInjectionTest.java:567:34:567:41 | source(...) : String | Log4jJndiInjectionTest.java:567:25:567:41 | (...)... | provenance | Sink:MaD:2197 | +| Log4jJndiInjectionTest.java:567:34:567:41 | source(...) : String | Log4jJndiInjectionTest.java:567:25:567:41 | (...)... | provenance | Sink:MaD:48171 | +| Log4jJndiInjectionTest.java:568:169:568:176 | source(...) : String | Log4jJndiInjectionTest.java:568:160:568:176 | (...)... | provenance | Sink:MaD:2198 | +| Log4jJndiInjectionTest.java:568:169:568:176 | source(...) : String | Log4jJndiInjectionTest.java:568:160:568:176 | (...)... | provenance | Sink:MaD:48172 | +| Log4jJndiInjectionTest.java:569:154:569:161 | source(...) : String | Log4jJndiInjectionTest.java:569:145:569:161 | (...)... | provenance | Sink:MaD:2198 | +| Log4jJndiInjectionTest.java:569:154:569:161 | source(...) : String | Log4jJndiInjectionTest.java:569:145:569:161 | (...)... | provenance | Sink:MaD:48172 | +| Log4jJndiInjectionTest.java:570:139:570:146 | source(...) : String | Log4jJndiInjectionTest.java:570:130:570:146 | (...)... | provenance | Sink:MaD:2198 | +| Log4jJndiInjectionTest.java:570:139:570:146 | source(...) : String | Log4jJndiInjectionTest.java:570:130:570:146 | (...)... | provenance | Sink:MaD:48172 | +| Log4jJndiInjectionTest.java:571:124:571:131 | source(...) : String | Log4jJndiInjectionTest.java:571:115:571:131 | (...)... | provenance | Sink:MaD:2198 | +| Log4jJndiInjectionTest.java:571:124:571:131 | source(...) : String | Log4jJndiInjectionTest.java:571:115:571:131 | (...)... | provenance | Sink:MaD:48172 | +| Log4jJndiInjectionTest.java:572:109:572:116 | source(...) : String | Log4jJndiInjectionTest.java:572:100:572:116 | (...)... | provenance | Sink:MaD:2198 | +| Log4jJndiInjectionTest.java:572:109:572:116 | source(...) : String | Log4jJndiInjectionTest.java:572:100:572:116 | (...)... | provenance | Sink:MaD:48172 | +| Log4jJndiInjectionTest.java:573:94:573:101 | source(...) : String | Log4jJndiInjectionTest.java:573:85:573:101 | (...)... | provenance | Sink:MaD:2198 | +| Log4jJndiInjectionTest.java:573:94:573:101 | source(...) : String | Log4jJndiInjectionTest.java:573:85:573:101 | (...)... | provenance | Sink:MaD:48172 | +| Log4jJndiInjectionTest.java:574:79:574:86 | source(...) : String | Log4jJndiInjectionTest.java:574:70:574:86 | (...)... | provenance | Sink:MaD:2198 | +| Log4jJndiInjectionTest.java:574:79:574:86 | source(...) : String | Log4jJndiInjectionTest.java:574:70:574:86 | (...)... | provenance | Sink:MaD:48172 | +| Log4jJndiInjectionTest.java:575:64:575:71 | source(...) : String | Log4jJndiInjectionTest.java:575:55:575:71 | (...)... | provenance | Sink:MaD:2198 | +| Log4jJndiInjectionTest.java:575:64:575:71 | source(...) : String | Log4jJndiInjectionTest.java:575:55:575:71 | (...)... | provenance | Sink:MaD:48172 | +| Log4jJndiInjectionTest.java:576:49:576:56 | source(...) : String | Log4jJndiInjectionTest.java:576:40:576:56 | (...)... | provenance | Sink:MaD:2198 | +| Log4jJndiInjectionTest.java:576:49:576:56 | source(...) : String | Log4jJndiInjectionTest.java:576:40:576:56 | (...)... | provenance | Sink:MaD:48172 | +| Log4jJndiInjectionTest.java:577:34:577:41 | source(...) : String | Log4jJndiInjectionTest.java:577:25:577:41 | (...)... | provenance | Sink:MaD:2198 | +| Log4jJndiInjectionTest.java:577:34:577:41 | source(...) : String | Log4jJndiInjectionTest.java:577:25:577:41 | (...)... | provenance | Sink:MaD:48172 | +| Log4jJndiInjectionTest.java:578:34:578:41 | source(...) : String | Log4jJndiInjectionTest.java:578:25:578:41 | (...)... | provenance | Sink:MaD:2190 | +| Log4jJndiInjectionTest.java:578:34:578:41 | source(...) : String | Log4jJndiInjectionTest.java:578:25:578:41 | (...)... | provenance | Sink:MaD:48164 | +| Log4jJndiInjectionTest.java:579:54:579:61 | source(...) : String | Log4jJndiInjectionTest.java:579:40:579:61 | (...)... | provenance | Sink:MaD:2190 | +| Log4jJndiInjectionTest.java:579:54:579:61 | source(...) : String | Log4jJndiInjectionTest.java:579:40:579:61 | (...)... | provenance | Sink:MaD:48164 | +| Log4jJndiInjectionTest.java:580:34:580:41 | source(...) : String | Log4jJndiInjectionTest.java:580:25:580:41 | (...)... | provenance | Sink:MaD:2202 | +| Log4jJndiInjectionTest.java:580:34:580:41 | source(...) : String | Log4jJndiInjectionTest.java:580:25:580:41 | (...)... | provenance | Sink:MaD:48176 | +| Log4jJndiInjectionTest.java:581:39:581:46 | source(...) : String | Log4jJndiInjectionTest.java:581:25:581:46 | (...)... | provenance | Sink:MaD:2203 | +| Log4jJndiInjectionTest.java:581:39:581:46 | source(...) : String | Log4jJndiInjectionTest.java:581:25:581:46 | (...)... | provenance | Sink:MaD:48177 | +| Log4jJndiInjectionTest.java:582:39:582:46 | source(...) : String | Log4jJndiInjectionTest.java:582:25:582:46 | (...)... | provenance | Sink:MaD:2204 | +| Log4jJndiInjectionTest.java:582:39:582:46 | source(...) : String | Log4jJndiInjectionTest.java:582:25:582:46 | (...)... | provenance | Sink:MaD:48178 | +| Log4jJndiInjectionTest.java:583:53:583:60 | source(...) : String | Log4jJndiInjectionTest.java:583:38:583:60 | (...)... | provenance | Sink:MaD:2205 | +| Log4jJndiInjectionTest.java:583:53:583:60 | source(...) : String | Log4jJndiInjectionTest.java:583:38:583:60 | (...)... | provenance | Sink:MaD:48179 | +| Log4jJndiInjectionTest.java:584:53:584:60 | source(...) : String | Log4jJndiInjectionTest.java:584:38:584:60 | (...)... | provenance | Sink:MaD:2206 | +| Log4jJndiInjectionTest.java:584:53:584:60 | source(...) : String | Log4jJndiInjectionTest.java:584:38:584:60 | (...)... | provenance | Sink:MaD:48180 | +| Log4jJndiInjectionTest.java:585:68:585:75 | source(...) : String | Log4jJndiInjectionTest.java:585:53:585:75 | (...)... | provenance | Sink:MaD:2207 | +| Log4jJndiInjectionTest.java:585:68:585:75 | source(...) : String | Log4jJndiInjectionTest.java:585:53:585:75 | (...)... | provenance | Sink:MaD:48181 | +| Log4jJndiInjectionTest.java:586:68:586:75 | source(...) : String | Log4jJndiInjectionTest.java:586:53:586:75 | (...)... | provenance | Sink:MaD:2208 | +| Log4jJndiInjectionTest.java:586:68:586:75 | source(...) : String | Log4jJndiInjectionTest.java:586:53:586:75 | (...)... | provenance | Sink:MaD:48182 | +| Log4jJndiInjectionTest.java:587:63:587:70 | source(...) : String | Log4jJndiInjectionTest.java:587:53:587:70 | (...)... | provenance | Sink:MaD:2209 | +| Log4jJndiInjectionTest.java:587:63:587:70 | source(...) : String | Log4jJndiInjectionTest.java:587:53:587:70 | (...)... | provenance | Sink:MaD:48183 | +| Log4jJndiInjectionTest.java:588:71:588:78 | source(...) : String | Log4jJndiInjectionTest.java:588:53:588:78 | (...)... | provenance | Sink:MaD:2210 | +| Log4jJndiInjectionTest.java:588:71:588:78 | source(...) : String | Log4jJndiInjectionTest.java:588:53:588:78 | (...)... | provenance | Sink:MaD:48184 | +| Log4jJndiInjectionTest.java:589:71:589:78 | source(...) : String | Log4jJndiInjectionTest.java:589:53:589:78 | (...)... | provenance | Sink:MaD:2211 | +| Log4jJndiInjectionTest.java:589:71:589:78 | source(...) : String | Log4jJndiInjectionTest.java:589:53:589:78 | (...)... | provenance | Sink:MaD:48185 | +| Log4jJndiInjectionTest.java:591:62:591:69 | source(...) : String | Log4jJndiInjectionTest.java:591:53:591:69 | (...)... | provenance | Sink:MaD:2214 | +| Log4jJndiInjectionTest.java:591:62:591:69 | source(...) : String | Log4jJndiInjectionTest.java:591:53:591:69 | (...)... | provenance | Sink:MaD:48188 | +| Log4jJndiInjectionTest.java:592:62:592:69 | source(...) : String | Log4jJndiInjectionTest.java:592:53:592:69 | (...)... | provenance | Sink:MaD:2225 | +| Log4jJndiInjectionTest.java:592:62:592:69 | source(...) : String | Log4jJndiInjectionTest.java:592:53:592:69 | (...)... | provenance | Sink:MaD:48199 | +| Log4jJndiInjectionTest.java:593:68:593:90 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:593:68:593:90 | new Object[] | provenance | Sink:MaD:2225 | +| Log4jJndiInjectionTest.java:593:68:593:90 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:593:68:593:90 | new Object[] | provenance | Sink:MaD:48199 | | Log4jJndiInjectionTest.java:593:82:593:89 | source(...) : String | Log4jJndiInjectionTest.java:593:68:593:90 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:594:77:594:84 | source(...) : String | Log4jJndiInjectionTest.java:594:68:594:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:595:62:595:69 | source(...) : String | Log4jJndiInjectionTest.java:595:53:595:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:596:92:596:99 | source(...) : String | Log4jJndiInjectionTest.java:596:83:596:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:597:77:597:84 | source(...) : String | Log4jJndiInjectionTest.java:597:68:597:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:598:62:598:69 | source(...) : String | Log4jJndiInjectionTest.java:598:53:598:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:599:107:599:114 | source(...) : String | Log4jJndiInjectionTest.java:599:98:599:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:600:92:600:99 | source(...) : String | Log4jJndiInjectionTest.java:600:83:600:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:601:77:601:84 | source(...) : String | Log4jJndiInjectionTest.java:601:68:601:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:602:62:602:69 | source(...) : String | Log4jJndiInjectionTest.java:602:53:602:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:603:122:603:129 | source(...) : String | Log4jJndiInjectionTest.java:603:113:603:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:604:107:604:114 | source(...) : String | Log4jJndiInjectionTest.java:604:98:604:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:605:92:605:99 | source(...) : String | Log4jJndiInjectionTest.java:605:83:605:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:606:77:606:84 | source(...) : String | Log4jJndiInjectionTest.java:606:68:606:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:607:62:607:69 | source(...) : String | Log4jJndiInjectionTest.java:607:53:607:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:608:137:608:144 | source(...) : String | Log4jJndiInjectionTest.java:608:128:608:144 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:609:122:609:129 | source(...) : String | Log4jJndiInjectionTest.java:609:113:609:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:610:107:610:114 | source(...) : String | Log4jJndiInjectionTest.java:610:98:610:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:611:92:611:99 | source(...) : String | Log4jJndiInjectionTest.java:611:83:611:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:612:77:612:84 | source(...) : String | Log4jJndiInjectionTest.java:612:68:612:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:613:62:613:69 | source(...) : String | Log4jJndiInjectionTest.java:613:53:613:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:614:152:614:159 | source(...) : String | Log4jJndiInjectionTest.java:614:143:614:159 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:615:137:615:144 | source(...) : String | Log4jJndiInjectionTest.java:615:128:615:144 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:616:122:616:129 | source(...) : String | Log4jJndiInjectionTest.java:616:113:616:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:617:107:617:114 | source(...) : String | Log4jJndiInjectionTest.java:617:98:617:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:618:92:618:99 | source(...) : String | Log4jJndiInjectionTest.java:618:83:618:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:619:77:619:84 | source(...) : String | Log4jJndiInjectionTest.java:619:68:619:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:620:62:620:69 | source(...) : String | Log4jJndiInjectionTest.java:620:53:620:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:621:167:621:174 | source(...) : String | Log4jJndiInjectionTest.java:621:158:621:174 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:622:152:622:159 | source(...) : String | Log4jJndiInjectionTest.java:622:143:622:159 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:623:137:623:144 | source(...) : String | Log4jJndiInjectionTest.java:623:128:623:144 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:624:122:624:129 | source(...) : String | Log4jJndiInjectionTest.java:624:113:624:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:625:107:625:114 | source(...) : String | Log4jJndiInjectionTest.java:625:98:625:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:626:92:626:99 | source(...) : String | Log4jJndiInjectionTest.java:626:83:626:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:627:77:627:84 | source(...) : String | Log4jJndiInjectionTest.java:627:68:627:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:628:62:628:69 | source(...) : String | Log4jJndiInjectionTest.java:628:53:628:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:629:182:629:189 | source(...) : String | Log4jJndiInjectionTest.java:629:173:629:189 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:630:167:630:174 | source(...) : String | Log4jJndiInjectionTest.java:630:158:630:174 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:631:152:631:159 | source(...) : String | Log4jJndiInjectionTest.java:631:143:631:159 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:632:137:632:144 | source(...) : String | Log4jJndiInjectionTest.java:632:128:632:144 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:633:122:633:129 | source(...) : String | Log4jJndiInjectionTest.java:633:113:633:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:634:107:634:114 | source(...) : String | Log4jJndiInjectionTest.java:634:98:634:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:635:92:635:99 | source(...) : String | Log4jJndiInjectionTest.java:635:83:635:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:636:77:636:84 | source(...) : String | Log4jJndiInjectionTest.java:636:68:636:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:637:62:637:69 | source(...) : String | Log4jJndiInjectionTest.java:637:53:637:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:638:197:638:204 | source(...) : String | Log4jJndiInjectionTest.java:638:188:638:204 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:639:182:639:189 | source(...) : String | Log4jJndiInjectionTest.java:639:173:639:189 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:640:167:640:174 | source(...) : String | Log4jJndiInjectionTest.java:640:158:640:174 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:641:152:641:159 | source(...) : String | Log4jJndiInjectionTest.java:641:143:641:159 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:642:137:642:144 | source(...) : String | Log4jJndiInjectionTest.java:642:128:642:144 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:643:122:643:129 | source(...) : String | Log4jJndiInjectionTest.java:643:113:643:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:644:107:644:114 | source(...) : String | Log4jJndiInjectionTest.java:644:98:644:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:645:92:645:99 | source(...) : String | Log4jJndiInjectionTest.java:645:83:645:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:646:77:646:84 | source(...) : String | Log4jJndiInjectionTest.java:646:68:646:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:647:62:647:69 | source(...) : String | Log4jJndiInjectionTest.java:647:53:647:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:648:62:648:69 | source(...) : String | Log4jJndiInjectionTest.java:648:53:648:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:649:82:649:89 | source(...) : String | Log4jJndiInjectionTest.java:649:68:649:89 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:650:62:650:69 | source(...) : String | Log4jJndiInjectionTest.java:650:53:650:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:651:67:651:74 | source(...) : String | Log4jJndiInjectionTest.java:651:53:651:74 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:652:67:652:74 | source(...) : String | Log4jJndiInjectionTest.java:652:53:652:74 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:653:56:653:63 | source(...) : String | Log4jJndiInjectionTest.java:653:38:653:63 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:654:56:654:63 | source(...) : String | Log4jJndiInjectionTest.java:654:38:654:63 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:655:48:655:55 | source(...) : String | Log4jJndiInjectionTest.java:655:38:655:55 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:656:48:656:55 | source(...) : String | Log4jJndiInjectionTest.java:656:38:656:55 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:659:47:659:54 | source(...) : String | Log4jJndiInjectionTest.java:659:38:659:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:660:47:660:54 | source(...) : String | Log4jJndiInjectionTest.java:660:38:660:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:661:53:661:75 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:661:53:661:75 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:594:77:594:84 | source(...) : String | Log4jJndiInjectionTest.java:594:68:594:84 | (...)... | provenance | Sink:MaD:2215 | +| Log4jJndiInjectionTest.java:594:77:594:84 | source(...) : String | Log4jJndiInjectionTest.java:594:68:594:84 | (...)... | provenance | Sink:MaD:48189 | +| Log4jJndiInjectionTest.java:595:62:595:69 | source(...) : String | Log4jJndiInjectionTest.java:595:53:595:69 | (...)... | provenance | Sink:MaD:2215 | +| Log4jJndiInjectionTest.java:595:62:595:69 | source(...) : String | Log4jJndiInjectionTest.java:595:53:595:69 | (...)... | provenance | Sink:MaD:48189 | +| Log4jJndiInjectionTest.java:596:92:596:99 | source(...) : String | Log4jJndiInjectionTest.java:596:83:596:99 | (...)... | provenance | Sink:MaD:2216 | +| Log4jJndiInjectionTest.java:596:92:596:99 | source(...) : String | Log4jJndiInjectionTest.java:596:83:596:99 | (...)... | provenance | Sink:MaD:48190 | +| Log4jJndiInjectionTest.java:597:77:597:84 | source(...) : String | Log4jJndiInjectionTest.java:597:68:597:84 | (...)... | provenance | Sink:MaD:2216 | +| Log4jJndiInjectionTest.java:597:77:597:84 | source(...) : String | Log4jJndiInjectionTest.java:597:68:597:84 | (...)... | provenance | Sink:MaD:48190 | +| Log4jJndiInjectionTest.java:598:62:598:69 | source(...) : String | Log4jJndiInjectionTest.java:598:53:598:69 | (...)... | provenance | Sink:MaD:2216 | +| Log4jJndiInjectionTest.java:598:62:598:69 | source(...) : String | Log4jJndiInjectionTest.java:598:53:598:69 | (...)... | provenance | Sink:MaD:48190 | +| Log4jJndiInjectionTest.java:599:107:599:114 | source(...) : String | Log4jJndiInjectionTest.java:599:98:599:114 | (...)... | provenance | Sink:MaD:2217 | +| Log4jJndiInjectionTest.java:599:107:599:114 | source(...) : String | Log4jJndiInjectionTest.java:599:98:599:114 | (...)... | provenance | Sink:MaD:48191 | +| Log4jJndiInjectionTest.java:600:92:600:99 | source(...) : String | Log4jJndiInjectionTest.java:600:83:600:99 | (...)... | provenance | Sink:MaD:2217 | +| Log4jJndiInjectionTest.java:600:92:600:99 | source(...) : String | Log4jJndiInjectionTest.java:600:83:600:99 | (...)... | provenance | Sink:MaD:48191 | +| Log4jJndiInjectionTest.java:601:77:601:84 | source(...) : String | Log4jJndiInjectionTest.java:601:68:601:84 | (...)... | provenance | Sink:MaD:2217 | +| Log4jJndiInjectionTest.java:601:77:601:84 | source(...) : String | Log4jJndiInjectionTest.java:601:68:601:84 | (...)... | provenance | Sink:MaD:48191 | +| Log4jJndiInjectionTest.java:602:62:602:69 | source(...) : String | Log4jJndiInjectionTest.java:602:53:602:69 | (...)... | provenance | Sink:MaD:2217 | +| Log4jJndiInjectionTest.java:602:62:602:69 | source(...) : String | Log4jJndiInjectionTest.java:602:53:602:69 | (...)... | provenance | Sink:MaD:48191 | +| Log4jJndiInjectionTest.java:603:122:603:129 | source(...) : String | Log4jJndiInjectionTest.java:603:113:603:129 | (...)... | provenance | Sink:MaD:2218 | +| Log4jJndiInjectionTest.java:603:122:603:129 | source(...) : String | Log4jJndiInjectionTest.java:603:113:603:129 | (...)... | provenance | Sink:MaD:48192 | +| Log4jJndiInjectionTest.java:604:107:604:114 | source(...) : String | Log4jJndiInjectionTest.java:604:98:604:114 | (...)... | provenance | Sink:MaD:2218 | +| Log4jJndiInjectionTest.java:604:107:604:114 | source(...) : String | Log4jJndiInjectionTest.java:604:98:604:114 | (...)... | provenance | Sink:MaD:48192 | +| Log4jJndiInjectionTest.java:605:92:605:99 | source(...) : String | Log4jJndiInjectionTest.java:605:83:605:99 | (...)... | provenance | Sink:MaD:2218 | +| Log4jJndiInjectionTest.java:605:92:605:99 | source(...) : String | Log4jJndiInjectionTest.java:605:83:605:99 | (...)... | provenance | Sink:MaD:48192 | +| Log4jJndiInjectionTest.java:606:77:606:84 | source(...) : String | Log4jJndiInjectionTest.java:606:68:606:84 | (...)... | provenance | Sink:MaD:2218 | +| Log4jJndiInjectionTest.java:606:77:606:84 | source(...) : String | Log4jJndiInjectionTest.java:606:68:606:84 | (...)... | provenance | Sink:MaD:48192 | +| Log4jJndiInjectionTest.java:607:62:607:69 | source(...) : String | Log4jJndiInjectionTest.java:607:53:607:69 | (...)... | provenance | Sink:MaD:2218 | +| Log4jJndiInjectionTest.java:607:62:607:69 | source(...) : String | Log4jJndiInjectionTest.java:607:53:607:69 | (...)... | provenance | Sink:MaD:48192 | +| Log4jJndiInjectionTest.java:608:137:608:144 | source(...) : String | Log4jJndiInjectionTest.java:608:128:608:144 | (...)... | provenance | Sink:MaD:2219 | +| Log4jJndiInjectionTest.java:608:137:608:144 | source(...) : String | Log4jJndiInjectionTest.java:608:128:608:144 | (...)... | provenance | Sink:MaD:48193 | +| Log4jJndiInjectionTest.java:609:122:609:129 | source(...) : String | Log4jJndiInjectionTest.java:609:113:609:129 | (...)... | provenance | Sink:MaD:2219 | +| Log4jJndiInjectionTest.java:609:122:609:129 | source(...) : String | Log4jJndiInjectionTest.java:609:113:609:129 | (...)... | provenance | Sink:MaD:48193 | +| Log4jJndiInjectionTest.java:610:107:610:114 | source(...) : String | Log4jJndiInjectionTest.java:610:98:610:114 | (...)... | provenance | Sink:MaD:2219 | +| Log4jJndiInjectionTest.java:610:107:610:114 | source(...) : String | Log4jJndiInjectionTest.java:610:98:610:114 | (...)... | provenance | Sink:MaD:48193 | +| Log4jJndiInjectionTest.java:611:92:611:99 | source(...) : String | Log4jJndiInjectionTest.java:611:83:611:99 | (...)... | provenance | Sink:MaD:2219 | +| Log4jJndiInjectionTest.java:611:92:611:99 | source(...) : String | Log4jJndiInjectionTest.java:611:83:611:99 | (...)... | provenance | Sink:MaD:48193 | +| Log4jJndiInjectionTest.java:612:77:612:84 | source(...) : String | Log4jJndiInjectionTest.java:612:68:612:84 | (...)... | provenance | Sink:MaD:2219 | +| Log4jJndiInjectionTest.java:612:77:612:84 | source(...) : String | Log4jJndiInjectionTest.java:612:68:612:84 | (...)... | provenance | Sink:MaD:48193 | +| Log4jJndiInjectionTest.java:613:62:613:69 | source(...) : String | Log4jJndiInjectionTest.java:613:53:613:69 | (...)... | provenance | Sink:MaD:2219 | +| Log4jJndiInjectionTest.java:613:62:613:69 | source(...) : String | Log4jJndiInjectionTest.java:613:53:613:69 | (...)... | provenance | Sink:MaD:48193 | +| Log4jJndiInjectionTest.java:614:152:614:159 | source(...) : String | Log4jJndiInjectionTest.java:614:143:614:159 | (...)... | provenance | Sink:MaD:2220 | +| Log4jJndiInjectionTest.java:614:152:614:159 | source(...) : String | Log4jJndiInjectionTest.java:614:143:614:159 | (...)... | provenance | Sink:MaD:48194 | +| Log4jJndiInjectionTest.java:615:137:615:144 | source(...) : String | Log4jJndiInjectionTest.java:615:128:615:144 | (...)... | provenance | Sink:MaD:2220 | +| Log4jJndiInjectionTest.java:615:137:615:144 | source(...) : String | Log4jJndiInjectionTest.java:615:128:615:144 | (...)... | provenance | Sink:MaD:48194 | +| Log4jJndiInjectionTest.java:616:122:616:129 | source(...) : String | Log4jJndiInjectionTest.java:616:113:616:129 | (...)... | provenance | Sink:MaD:2220 | +| Log4jJndiInjectionTest.java:616:122:616:129 | source(...) : String | Log4jJndiInjectionTest.java:616:113:616:129 | (...)... | provenance | Sink:MaD:48194 | +| Log4jJndiInjectionTest.java:617:107:617:114 | source(...) : String | Log4jJndiInjectionTest.java:617:98:617:114 | (...)... | provenance | Sink:MaD:2220 | +| Log4jJndiInjectionTest.java:617:107:617:114 | source(...) : String | Log4jJndiInjectionTest.java:617:98:617:114 | (...)... | provenance | Sink:MaD:48194 | +| Log4jJndiInjectionTest.java:618:92:618:99 | source(...) : String | Log4jJndiInjectionTest.java:618:83:618:99 | (...)... | provenance | Sink:MaD:2220 | +| Log4jJndiInjectionTest.java:618:92:618:99 | source(...) : String | Log4jJndiInjectionTest.java:618:83:618:99 | (...)... | provenance | Sink:MaD:48194 | +| Log4jJndiInjectionTest.java:619:77:619:84 | source(...) : String | Log4jJndiInjectionTest.java:619:68:619:84 | (...)... | provenance | Sink:MaD:2220 | +| Log4jJndiInjectionTest.java:619:77:619:84 | source(...) : String | Log4jJndiInjectionTest.java:619:68:619:84 | (...)... | provenance | Sink:MaD:48194 | +| Log4jJndiInjectionTest.java:620:62:620:69 | source(...) : String | Log4jJndiInjectionTest.java:620:53:620:69 | (...)... | provenance | Sink:MaD:2220 | +| Log4jJndiInjectionTest.java:620:62:620:69 | source(...) : String | Log4jJndiInjectionTest.java:620:53:620:69 | (...)... | provenance | Sink:MaD:48194 | +| Log4jJndiInjectionTest.java:621:167:621:174 | source(...) : String | Log4jJndiInjectionTest.java:621:158:621:174 | (...)... | provenance | Sink:MaD:2221 | +| Log4jJndiInjectionTest.java:621:167:621:174 | source(...) : String | Log4jJndiInjectionTest.java:621:158:621:174 | (...)... | provenance | Sink:MaD:48195 | +| Log4jJndiInjectionTest.java:622:152:622:159 | source(...) : String | Log4jJndiInjectionTest.java:622:143:622:159 | (...)... | provenance | Sink:MaD:2221 | +| Log4jJndiInjectionTest.java:622:152:622:159 | source(...) : String | Log4jJndiInjectionTest.java:622:143:622:159 | (...)... | provenance | Sink:MaD:48195 | +| Log4jJndiInjectionTest.java:623:137:623:144 | source(...) : String | Log4jJndiInjectionTest.java:623:128:623:144 | (...)... | provenance | Sink:MaD:2221 | +| Log4jJndiInjectionTest.java:623:137:623:144 | source(...) : String | Log4jJndiInjectionTest.java:623:128:623:144 | (...)... | provenance | Sink:MaD:48195 | +| Log4jJndiInjectionTest.java:624:122:624:129 | source(...) : String | Log4jJndiInjectionTest.java:624:113:624:129 | (...)... | provenance | Sink:MaD:2221 | +| Log4jJndiInjectionTest.java:624:122:624:129 | source(...) : String | Log4jJndiInjectionTest.java:624:113:624:129 | (...)... | provenance | Sink:MaD:48195 | +| Log4jJndiInjectionTest.java:625:107:625:114 | source(...) : String | Log4jJndiInjectionTest.java:625:98:625:114 | (...)... | provenance | Sink:MaD:2221 | +| Log4jJndiInjectionTest.java:625:107:625:114 | source(...) : String | Log4jJndiInjectionTest.java:625:98:625:114 | (...)... | provenance | Sink:MaD:48195 | +| Log4jJndiInjectionTest.java:626:92:626:99 | source(...) : String | Log4jJndiInjectionTest.java:626:83:626:99 | (...)... | provenance | Sink:MaD:2221 | +| Log4jJndiInjectionTest.java:626:92:626:99 | source(...) : String | Log4jJndiInjectionTest.java:626:83:626:99 | (...)... | provenance | Sink:MaD:48195 | +| Log4jJndiInjectionTest.java:627:77:627:84 | source(...) : String | Log4jJndiInjectionTest.java:627:68:627:84 | (...)... | provenance | Sink:MaD:2221 | +| Log4jJndiInjectionTest.java:627:77:627:84 | source(...) : String | Log4jJndiInjectionTest.java:627:68:627:84 | (...)... | provenance | Sink:MaD:48195 | +| Log4jJndiInjectionTest.java:628:62:628:69 | source(...) : String | Log4jJndiInjectionTest.java:628:53:628:69 | (...)... | provenance | Sink:MaD:2221 | +| Log4jJndiInjectionTest.java:628:62:628:69 | source(...) : String | Log4jJndiInjectionTest.java:628:53:628:69 | (...)... | provenance | Sink:MaD:48195 | +| Log4jJndiInjectionTest.java:629:182:629:189 | source(...) : String | Log4jJndiInjectionTest.java:629:173:629:189 | (...)... | provenance | Sink:MaD:2222 | +| Log4jJndiInjectionTest.java:629:182:629:189 | source(...) : String | Log4jJndiInjectionTest.java:629:173:629:189 | (...)... | provenance | Sink:MaD:48196 | +| Log4jJndiInjectionTest.java:630:167:630:174 | source(...) : String | Log4jJndiInjectionTest.java:630:158:630:174 | (...)... | provenance | Sink:MaD:2222 | +| Log4jJndiInjectionTest.java:630:167:630:174 | source(...) : String | Log4jJndiInjectionTest.java:630:158:630:174 | (...)... | provenance | Sink:MaD:48196 | +| Log4jJndiInjectionTest.java:631:152:631:159 | source(...) : String | Log4jJndiInjectionTest.java:631:143:631:159 | (...)... | provenance | Sink:MaD:2222 | +| Log4jJndiInjectionTest.java:631:152:631:159 | source(...) : String | Log4jJndiInjectionTest.java:631:143:631:159 | (...)... | provenance | Sink:MaD:48196 | +| Log4jJndiInjectionTest.java:632:137:632:144 | source(...) : String | Log4jJndiInjectionTest.java:632:128:632:144 | (...)... | provenance | Sink:MaD:2222 | +| Log4jJndiInjectionTest.java:632:137:632:144 | source(...) : String | Log4jJndiInjectionTest.java:632:128:632:144 | (...)... | provenance | Sink:MaD:48196 | +| Log4jJndiInjectionTest.java:633:122:633:129 | source(...) : String | Log4jJndiInjectionTest.java:633:113:633:129 | (...)... | provenance | Sink:MaD:2222 | +| Log4jJndiInjectionTest.java:633:122:633:129 | source(...) : String | Log4jJndiInjectionTest.java:633:113:633:129 | (...)... | provenance | Sink:MaD:48196 | +| Log4jJndiInjectionTest.java:634:107:634:114 | source(...) : String | Log4jJndiInjectionTest.java:634:98:634:114 | (...)... | provenance | Sink:MaD:2222 | +| Log4jJndiInjectionTest.java:634:107:634:114 | source(...) : String | Log4jJndiInjectionTest.java:634:98:634:114 | (...)... | provenance | Sink:MaD:48196 | +| Log4jJndiInjectionTest.java:635:92:635:99 | source(...) : String | Log4jJndiInjectionTest.java:635:83:635:99 | (...)... | provenance | Sink:MaD:2222 | +| Log4jJndiInjectionTest.java:635:92:635:99 | source(...) : String | Log4jJndiInjectionTest.java:635:83:635:99 | (...)... | provenance | Sink:MaD:48196 | +| Log4jJndiInjectionTest.java:636:77:636:84 | source(...) : String | Log4jJndiInjectionTest.java:636:68:636:84 | (...)... | provenance | Sink:MaD:2222 | +| Log4jJndiInjectionTest.java:636:77:636:84 | source(...) : String | Log4jJndiInjectionTest.java:636:68:636:84 | (...)... | provenance | Sink:MaD:48196 | +| Log4jJndiInjectionTest.java:637:62:637:69 | source(...) : String | Log4jJndiInjectionTest.java:637:53:637:69 | (...)... | provenance | Sink:MaD:2222 | +| Log4jJndiInjectionTest.java:637:62:637:69 | source(...) : String | Log4jJndiInjectionTest.java:637:53:637:69 | (...)... | provenance | Sink:MaD:48196 | +| Log4jJndiInjectionTest.java:638:197:638:204 | source(...) : String | Log4jJndiInjectionTest.java:638:188:638:204 | (...)... | provenance | Sink:MaD:2223 | +| Log4jJndiInjectionTest.java:638:197:638:204 | source(...) : String | Log4jJndiInjectionTest.java:638:188:638:204 | (...)... | provenance | Sink:MaD:48197 | +| Log4jJndiInjectionTest.java:639:182:639:189 | source(...) : String | Log4jJndiInjectionTest.java:639:173:639:189 | (...)... | provenance | Sink:MaD:2223 | +| Log4jJndiInjectionTest.java:639:182:639:189 | source(...) : String | Log4jJndiInjectionTest.java:639:173:639:189 | (...)... | provenance | Sink:MaD:48197 | +| Log4jJndiInjectionTest.java:640:167:640:174 | source(...) : String | Log4jJndiInjectionTest.java:640:158:640:174 | (...)... | provenance | Sink:MaD:2223 | +| Log4jJndiInjectionTest.java:640:167:640:174 | source(...) : String | Log4jJndiInjectionTest.java:640:158:640:174 | (...)... | provenance | Sink:MaD:48197 | +| Log4jJndiInjectionTest.java:641:152:641:159 | source(...) : String | Log4jJndiInjectionTest.java:641:143:641:159 | (...)... | provenance | Sink:MaD:2223 | +| Log4jJndiInjectionTest.java:641:152:641:159 | source(...) : String | Log4jJndiInjectionTest.java:641:143:641:159 | (...)... | provenance | Sink:MaD:48197 | +| Log4jJndiInjectionTest.java:642:137:642:144 | source(...) : String | Log4jJndiInjectionTest.java:642:128:642:144 | (...)... | provenance | Sink:MaD:2223 | +| Log4jJndiInjectionTest.java:642:137:642:144 | source(...) : String | Log4jJndiInjectionTest.java:642:128:642:144 | (...)... | provenance | Sink:MaD:48197 | +| Log4jJndiInjectionTest.java:643:122:643:129 | source(...) : String | Log4jJndiInjectionTest.java:643:113:643:129 | (...)... | provenance | Sink:MaD:2223 | +| Log4jJndiInjectionTest.java:643:122:643:129 | source(...) : String | Log4jJndiInjectionTest.java:643:113:643:129 | (...)... | provenance | Sink:MaD:48197 | +| Log4jJndiInjectionTest.java:644:107:644:114 | source(...) : String | Log4jJndiInjectionTest.java:644:98:644:114 | (...)... | provenance | Sink:MaD:2223 | +| Log4jJndiInjectionTest.java:644:107:644:114 | source(...) : String | Log4jJndiInjectionTest.java:644:98:644:114 | (...)... | provenance | Sink:MaD:48197 | +| Log4jJndiInjectionTest.java:645:92:645:99 | source(...) : String | Log4jJndiInjectionTest.java:645:83:645:99 | (...)... | provenance | Sink:MaD:2223 | +| Log4jJndiInjectionTest.java:645:92:645:99 | source(...) : String | Log4jJndiInjectionTest.java:645:83:645:99 | (...)... | provenance | Sink:MaD:48197 | +| Log4jJndiInjectionTest.java:646:77:646:84 | source(...) : String | Log4jJndiInjectionTest.java:646:68:646:84 | (...)... | provenance | Sink:MaD:2223 | +| Log4jJndiInjectionTest.java:646:77:646:84 | source(...) : String | Log4jJndiInjectionTest.java:646:68:646:84 | (...)... | provenance | Sink:MaD:48197 | +| Log4jJndiInjectionTest.java:647:62:647:69 | source(...) : String | Log4jJndiInjectionTest.java:647:53:647:69 | (...)... | provenance | Sink:MaD:2223 | +| Log4jJndiInjectionTest.java:647:62:647:69 | source(...) : String | Log4jJndiInjectionTest.java:647:53:647:69 | (...)... | provenance | Sink:MaD:48197 | +| Log4jJndiInjectionTest.java:648:62:648:69 | source(...) : String | Log4jJndiInjectionTest.java:648:53:648:69 | (...)... | provenance | Sink:MaD:2215 | +| Log4jJndiInjectionTest.java:648:62:648:69 | source(...) : String | Log4jJndiInjectionTest.java:648:53:648:69 | (...)... | provenance | Sink:MaD:48189 | +| Log4jJndiInjectionTest.java:649:82:649:89 | source(...) : String | Log4jJndiInjectionTest.java:649:68:649:89 | (...)... | provenance | Sink:MaD:2215 | +| Log4jJndiInjectionTest.java:649:82:649:89 | source(...) : String | Log4jJndiInjectionTest.java:649:68:649:89 | (...)... | provenance | Sink:MaD:48189 | +| Log4jJndiInjectionTest.java:650:62:650:69 | source(...) : String | Log4jJndiInjectionTest.java:650:53:650:69 | (...)... | provenance | Sink:MaD:2227 | +| Log4jJndiInjectionTest.java:650:62:650:69 | source(...) : String | Log4jJndiInjectionTest.java:650:53:650:69 | (...)... | provenance | Sink:MaD:48201 | +| Log4jJndiInjectionTest.java:651:67:651:74 | source(...) : String | Log4jJndiInjectionTest.java:651:53:651:74 | (...)... | provenance | Sink:MaD:2228 | +| Log4jJndiInjectionTest.java:651:67:651:74 | source(...) : String | Log4jJndiInjectionTest.java:651:53:651:74 | (...)... | provenance | Sink:MaD:48202 | +| Log4jJndiInjectionTest.java:652:67:652:74 | source(...) : String | Log4jJndiInjectionTest.java:652:53:652:74 | (...)... | provenance | Sink:MaD:2229 | +| Log4jJndiInjectionTest.java:652:67:652:74 | source(...) : String | Log4jJndiInjectionTest.java:652:53:652:74 | (...)... | provenance | Sink:MaD:48203 | +| Log4jJndiInjectionTest.java:653:56:653:63 | source(...) : String | Log4jJndiInjectionTest.java:653:38:653:63 | (...)... | provenance | Sink:MaD:2232 | +| Log4jJndiInjectionTest.java:653:56:653:63 | source(...) : String | Log4jJndiInjectionTest.java:653:38:653:63 | (...)... | provenance | Sink:MaD:48206 | +| Log4jJndiInjectionTest.java:654:56:654:63 | source(...) : String | Log4jJndiInjectionTest.java:654:38:654:63 | (...)... | provenance | Sink:MaD:2233 | +| Log4jJndiInjectionTest.java:654:56:654:63 | source(...) : String | Log4jJndiInjectionTest.java:654:38:654:63 | (...)... | provenance | Sink:MaD:48207 | +| Log4jJndiInjectionTest.java:655:48:655:55 | source(...) : String | Log4jJndiInjectionTest.java:655:38:655:55 | (...)... | provenance | Sink:MaD:2230 | +| Log4jJndiInjectionTest.java:655:48:655:55 | source(...) : String | Log4jJndiInjectionTest.java:655:38:655:55 | (...)... | provenance | Sink:MaD:48204 | +| Log4jJndiInjectionTest.java:656:48:656:55 | source(...) : String | Log4jJndiInjectionTest.java:656:38:656:55 | (...)... | provenance | Sink:MaD:2231 | +| Log4jJndiInjectionTest.java:656:48:656:55 | source(...) : String | Log4jJndiInjectionTest.java:656:38:656:55 | (...)... | provenance | Sink:MaD:48205 | +| Log4jJndiInjectionTest.java:659:47:659:54 | source(...) : String | Log4jJndiInjectionTest.java:659:38:659:54 | (...)... | provenance | Sink:MaD:2236 | +| Log4jJndiInjectionTest.java:659:47:659:54 | source(...) : String | Log4jJndiInjectionTest.java:659:38:659:54 | (...)... | provenance | Sink:MaD:48210 | +| Log4jJndiInjectionTest.java:660:47:660:54 | source(...) : String | Log4jJndiInjectionTest.java:660:38:660:54 | (...)... | provenance | Sink:MaD:2247 | +| Log4jJndiInjectionTest.java:660:47:660:54 | source(...) : String | Log4jJndiInjectionTest.java:660:38:660:54 | (...)... | provenance | Sink:MaD:48221 | +| Log4jJndiInjectionTest.java:661:53:661:75 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:661:53:661:75 | new Object[] | provenance | Sink:MaD:2247 | +| Log4jJndiInjectionTest.java:661:53:661:75 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:661:53:661:75 | new Object[] | provenance | Sink:MaD:48221 | | Log4jJndiInjectionTest.java:661:67:661:74 | source(...) : String | Log4jJndiInjectionTest.java:661:53:661:75 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:662:62:662:69 | source(...) : String | Log4jJndiInjectionTest.java:662:53:662:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:663:47:663:54 | source(...) : String | Log4jJndiInjectionTest.java:663:38:663:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:664:77:664:84 | source(...) : String | Log4jJndiInjectionTest.java:664:68:664:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:665:62:665:69 | source(...) : String | Log4jJndiInjectionTest.java:665:53:665:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:666:47:666:54 | source(...) : String | Log4jJndiInjectionTest.java:666:38:666:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:667:92:667:99 | source(...) : String | Log4jJndiInjectionTest.java:667:83:667:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:668:77:668:84 | source(...) : String | Log4jJndiInjectionTest.java:668:68:668:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:669:62:669:69 | source(...) : String | Log4jJndiInjectionTest.java:669:53:669:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:670:47:670:54 | source(...) : String | Log4jJndiInjectionTest.java:670:38:670:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:671:107:671:114 | source(...) : String | Log4jJndiInjectionTest.java:671:98:671:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:672:92:672:99 | source(...) : String | Log4jJndiInjectionTest.java:672:83:672:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:673:77:673:84 | source(...) : String | Log4jJndiInjectionTest.java:673:68:673:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:674:62:674:69 | source(...) : String | Log4jJndiInjectionTest.java:674:53:674:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:675:47:675:54 | source(...) : String | Log4jJndiInjectionTest.java:675:38:675:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:676:122:676:129 | source(...) : String | Log4jJndiInjectionTest.java:676:113:676:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:677:107:677:114 | source(...) : String | Log4jJndiInjectionTest.java:677:98:677:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:678:92:678:99 | source(...) : String | Log4jJndiInjectionTest.java:678:83:678:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:679:77:679:84 | source(...) : String | Log4jJndiInjectionTest.java:679:68:679:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:680:62:680:69 | source(...) : String | Log4jJndiInjectionTest.java:680:53:680:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:681:47:681:54 | source(...) : String | Log4jJndiInjectionTest.java:681:38:681:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:682:137:682:144 | source(...) : String | Log4jJndiInjectionTest.java:682:128:682:144 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:683:122:683:129 | source(...) : String | Log4jJndiInjectionTest.java:683:113:683:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:684:107:684:114 | source(...) : String | Log4jJndiInjectionTest.java:684:98:684:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:685:92:685:99 | source(...) : String | Log4jJndiInjectionTest.java:685:83:685:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:686:77:686:84 | source(...) : String | Log4jJndiInjectionTest.java:686:68:686:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:687:62:687:69 | source(...) : String | Log4jJndiInjectionTest.java:687:53:687:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:688:47:688:54 | source(...) : String | Log4jJndiInjectionTest.java:688:38:688:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:689:152:689:159 | source(...) : String | Log4jJndiInjectionTest.java:689:143:689:159 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:690:137:690:144 | source(...) : String | Log4jJndiInjectionTest.java:690:128:690:144 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:691:122:691:129 | source(...) : String | Log4jJndiInjectionTest.java:691:113:691:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:692:107:692:114 | source(...) : String | Log4jJndiInjectionTest.java:692:98:692:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:693:92:693:99 | source(...) : String | Log4jJndiInjectionTest.java:693:83:693:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:694:77:694:84 | source(...) : String | Log4jJndiInjectionTest.java:694:68:694:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:695:62:695:69 | source(...) : String | Log4jJndiInjectionTest.java:695:53:695:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:696:47:696:54 | source(...) : String | Log4jJndiInjectionTest.java:696:38:696:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:697:167:697:174 | source(...) : String | Log4jJndiInjectionTest.java:697:158:697:174 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:698:152:698:159 | source(...) : String | Log4jJndiInjectionTest.java:698:143:698:159 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:699:137:699:144 | source(...) : String | Log4jJndiInjectionTest.java:699:128:699:144 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:700:122:700:129 | source(...) : String | Log4jJndiInjectionTest.java:700:113:700:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:701:107:701:114 | source(...) : String | Log4jJndiInjectionTest.java:701:98:701:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:702:92:702:99 | source(...) : String | Log4jJndiInjectionTest.java:702:83:702:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:703:77:703:84 | source(...) : String | Log4jJndiInjectionTest.java:703:68:703:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:704:62:704:69 | source(...) : String | Log4jJndiInjectionTest.java:704:53:704:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:705:47:705:54 | source(...) : String | Log4jJndiInjectionTest.java:705:38:705:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:706:182:706:189 | source(...) : String | Log4jJndiInjectionTest.java:706:173:706:189 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:707:167:707:174 | source(...) : String | Log4jJndiInjectionTest.java:707:158:707:174 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:708:152:708:159 | source(...) : String | Log4jJndiInjectionTest.java:708:143:708:159 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:709:137:709:144 | source(...) : String | Log4jJndiInjectionTest.java:709:128:709:144 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:710:122:710:129 | source(...) : String | Log4jJndiInjectionTest.java:710:113:710:129 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:711:107:711:114 | source(...) : String | Log4jJndiInjectionTest.java:711:98:711:114 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:712:92:712:99 | source(...) : String | Log4jJndiInjectionTest.java:712:83:712:99 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:713:77:713:84 | source(...) : String | Log4jJndiInjectionTest.java:713:68:713:84 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:714:62:714:69 | source(...) : String | Log4jJndiInjectionTest.java:714:53:714:69 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:715:47:715:54 | source(...) : String | Log4jJndiInjectionTest.java:715:38:715:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:716:47:716:54 | source(...) : String | Log4jJndiInjectionTest.java:716:38:716:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:717:67:717:74 | source(...) : String | Log4jJndiInjectionTest.java:717:53:717:74 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:718:47:718:54 | source(...) : String | Log4jJndiInjectionTest.java:718:38:718:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:719:52:719:59 | source(...) : String | Log4jJndiInjectionTest.java:719:38:719:59 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:720:52:720:59 | source(...) : String | Log4jJndiInjectionTest.java:720:38:720:59 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:721:41:721:48 | source(...) : String | Log4jJndiInjectionTest.java:721:26:721:48 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:722:41:722:48 | source(...) : String | Log4jJndiInjectionTest.java:722:26:722:48 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:723:56:723:63 | source(...) : String | Log4jJndiInjectionTest.java:723:41:723:63 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:724:56:724:63 | source(...) : String | Log4jJndiInjectionTest.java:724:41:724:63 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:725:51:725:58 | source(...) : String | Log4jJndiInjectionTest.java:725:41:725:58 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:726:59:726:66 | source(...) : String | Log4jJndiInjectionTest.java:726:41:726:66 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:727:59:727:66 | source(...) : String | Log4jJndiInjectionTest.java:727:41:727:66 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:729:50:729:57 | source(...) : String | Log4jJndiInjectionTest.java:729:41:729:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:730:50:730:57 | source(...) : String | Log4jJndiInjectionTest.java:730:41:730:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:731:56:731:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:731:56:731:78 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:662:62:662:69 | source(...) : String | Log4jJndiInjectionTest.java:662:53:662:69 | (...)... | provenance | Sink:MaD:2237 | +| Log4jJndiInjectionTest.java:662:62:662:69 | source(...) : String | Log4jJndiInjectionTest.java:662:53:662:69 | (...)... | provenance | Sink:MaD:48211 | +| Log4jJndiInjectionTest.java:663:47:663:54 | source(...) : String | Log4jJndiInjectionTest.java:663:38:663:54 | (...)... | provenance | Sink:MaD:2237 | +| Log4jJndiInjectionTest.java:663:47:663:54 | source(...) : String | Log4jJndiInjectionTest.java:663:38:663:54 | (...)... | provenance | Sink:MaD:48211 | +| Log4jJndiInjectionTest.java:664:77:664:84 | source(...) : String | Log4jJndiInjectionTest.java:664:68:664:84 | (...)... | provenance | Sink:MaD:2238 | +| Log4jJndiInjectionTest.java:664:77:664:84 | source(...) : String | Log4jJndiInjectionTest.java:664:68:664:84 | (...)... | provenance | Sink:MaD:48212 | +| Log4jJndiInjectionTest.java:665:62:665:69 | source(...) : String | Log4jJndiInjectionTest.java:665:53:665:69 | (...)... | provenance | Sink:MaD:2238 | +| Log4jJndiInjectionTest.java:665:62:665:69 | source(...) : String | Log4jJndiInjectionTest.java:665:53:665:69 | (...)... | provenance | Sink:MaD:48212 | +| Log4jJndiInjectionTest.java:666:47:666:54 | source(...) : String | Log4jJndiInjectionTest.java:666:38:666:54 | (...)... | provenance | Sink:MaD:2238 | +| Log4jJndiInjectionTest.java:666:47:666:54 | source(...) : String | Log4jJndiInjectionTest.java:666:38:666:54 | (...)... | provenance | Sink:MaD:48212 | +| Log4jJndiInjectionTest.java:667:92:667:99 | source(...) : String | Log4jJndiInjectionTest.java:667:83:667:99 | (...)... | provenance | Sink:MaD:2239 | +| Log4jJndiInjectionTest.java:667:92:667:99 | source(...) : String | Log4jJndiInjectionTest.java:667:83:667:99 | (...)... | provenance | Sink:MaD:48213 | +| Log4jJndiInjectionTest.java:668:77:668:84 | source(...) : String | Log4jJndiInjectionTest.java:668:68:668:84 | (...)... | provenance | Sink:MaD:2239 | +| Log4jJndiInjectionTest.java:668:77:668:84 | source(...) : String | Log4jJndiInjectionTest.java:668:68:668:84 | (...)... | provenance | Sink:MaD:48213 | +| Log4jJndiInjectionTest.java:669:62:669:69 | source(...) : String | Log4jJndiInjectionTest.java:669:53:669:69 | (...)... | provenance | Sink:MaD:2239 | +| Log4jJndiInjectionTest.java:669:62:669:69 | source(...) : String | Log4jJndiInjectionTest.java:669:53:669:69 | (...)... | provenance | Sink:MaD:48213 | +| Log4jJndiInjectionTest.java:670:47:670:54 | source(...) : String | Log4jJndiInjectionTest.java:670:38:670:54 | (...)... | provenance | Sink:MaD:2239 | +| Log4jJndiInjectionTest.java:670:47:670:54 | source(...) : String | Log4jJndiInjectionTest.java:670:38:670:54 | (...)... | provenance | Sink:MaD:48213 | +| Log4jJndiInjectionTest.java:671:107:671:114 | source(...) : String | Log4jJndiInjectionTest.java:671:98:671:114 | (...)... | provenance | Sink:MaD:2240 | +| Log4jJndiInjectionTest.java:671:107:671:114 | source(...) : String | Log4jJndiInjectionTest.java:671:98:671:114 | (...)... | provenance | Sink:MaD:48214 | +| Log4jJndiInjectionTest.java:672:92:672:99 | source(...) : String | Log4jJndiInjectionTest.java:672:83:672:99 | (...)... | provenance | Sink:MaD:2240 | +| Log4jJndiInjectionTest.java:672:92:672:99 | source(...) : String | Log4jJndiInjectionTest.java:672:83:672:99 | (...)... | provenance | Sink:MaD:48214 | +| Log4jJndiInjectionTest.java:673:77:673:84 | source(...) : String | Log4jJndiInjectionTest.java:673:68:673:84 | (...)... | provenance | Sink:MaD:2240 | +| Log4jJndiInjectionTest.java:673:77:673:84 | source(...) : String | Log4jJndiInjectionTest.java:673:68:673:84 | (...)... | provenance | Sink:MaD:48214 | +| Log4jJndiInjectionTest.java:674:62:674:69 | source(...) : String | Log4jJndiInjectionTest.java:674:53:674:69 | (...)... | provenance | Sink:MaD:2240 | +| Log4jJndiInjectionTest.java:674:62:674:69 | source(...) : String | Log4jJndiInjectionTest.java:674:53:674:69 | (...)... | provenance | Sink:MaD:48214 | +| Log4jJndiInjectionTest.java:675:47:675:54 | source(...) : String | Log4jJndiInjectionTest.java:675:38:675:54 | (...)... | provenance | Sink:MaD:2240 | +| Log4jJndiInjectionTest.java:675:47:675:54 | source(...) : String | Log4jJndiInjectionTest.java:675:38:675:54 | (...)... | provenance | Sink:MaD:48214 | +| Log4jJndiInjectionTest.java:676:122:676:129 | source(...) : String | Log4jJndiInjectionTest.java:676:113:676:129 | (...)... | provenance | Sink:MaD:2241 | +| Log4jJndiInjectionTest.java:676:122:676:129 | source(...) : String | Log4jJndiInjectionTest.java:676:113:676:129 | (...)... | provenance | Sink:MaD:48215 | +| Log4jJndiInjectionTest.java:677:107:677:114 | source(...) : String | Log4jJndiInjectionTest.java:677:98:677:114 | (...)... | provenance | Sink:MaD:2241 | +| Log4jJndiInjectionTest.java:677:107:677:114 | source(...) : String | Log4jJndiInjectionTest.java:677:98:677:114 | (...)... | provenance | Sink:MaD:48215 | +| Log4jJndiInjectionTest.java:678:92:678:99 | source(...) : String | Log4jJndiInjectionTest.java:678:83:678:99 | (...)... | provenance | Sink:MaD:2241 | +| Log4jJndiInjectionTest.java:678:92:678:99 | source(...) : String | Log4jJndiInjectionTest.java:678:83:678:99 | (...)... | provenance | Sink:MaD:48215 | +| Log4jJndiInjectionTest.java:679:77:679:84 | source(...) : String | Log4jJndiInjectionTest.java:679:68:679:84 | (...)... | provenance | Sink:MaD:2241 | +| Log4jJndiInjectionTest.java:679:77:679:84 | source(...) : String | Log4jJndiInjectionTest.java:679:68:679:84 | (...)... | provenance | Sink:MaD:48215 | +| Log4jJndiInjectionTest.java:680:62:680:69 | source(...) : String | Log4jJndiInjectionTest.java:680:53:680:69 | (...)... | provenance | Sink:MaD:2241 | +| Log4jJndiInjectionTest.java:680:62:680:69 | source(...) : String | Log4jJndiInjectionTest.java:680:53:680:69 | (...)... | provenance | Sink:MaD:48215 | +| Log4jJndiInjectionTest.java:681:47:681:54 | source(...) : String | Log4jJndiInjectionTest.java:681:38:681:54 | (...)... | provenance | Sink:MaD:2241 | +| Log4jJndiInjectionTest.java:681:47:681:54 | source(...) : String | Log4jJndiInjectionTest.java:681:38:681:54 | (...)... | provenance | Sink:MaD:48215 | +| Log4jJndiInjectionTest.java:682:137:682:144 | source(...) : String | Log4jJndiInjectionTest.java:682:128:682:144 | (...)... | provenance | Sink:MaD:2242 | +| Log4jJndiInjectionTest.java:682:137:682:144 | source(...) : String | Log4jJndiInjectionTest.java:682:128:682:144 | (...)... | provenance | Sink:MaD:48216 | +| Log4jJndiInjectionTest.java:683:122:683:129 | source(...) : String | Log4jJndiInjectionTest.java:683:113:683:129 | (...)... | provenance | Sink:MaD:2242 | +| Log4jJndiInjectionTest.java:683:122:683:129 | source(...) : String | Log4jJndiInjectionTest.java:683:113:683:129 | (...)... | provenance | Sink:MaD:48216 | +| Log4jJndiInjectionTest.java:684:107:684:114 | source(...) : String | Log4jJndiInjectionTest.java:684:98:684:114 | (...)... | provenance | Sink:MaD:2242 | +| Log4jJndiInjectionTest.java:684:107:684:114 | source(...) : String | Log4jJndiInjectionTest.java:684:98:684:114 | (...)... | provenance | Sink:MaD:48216 | +| Log4jJndiInjectionTest.java:685:92:685:99 | source(...) : String | Log4jJndiInjectionTest.java:685:83:685:99 | (...)... | provenance | Sink:MaD:2242 | +| Log4jJndiInjectionTest.java:685:92:685:99 | source(...) : String | Log4jJndiInjectionTest.java:685:83:685:99 | (...)... | provenance | Sink:MaD:48216 | +| Log4jJndiInjectionTest.java:686:77:686:84 | source(...) : String | Log4jJndiInjectionTest.java:686:68:686:84 | (...)... | provenance | Sink:MaD:2242 | +| Log4jJndiInjectionTest.java:686:77:686:84 | source(...) : String | Log4jJndiInjectionTest.java:686:68:686:84 | (...)... | provenance | Sink:MaD:48216 | +| Log4jJndiInjectionTest.java:687:62:687:69 | source(...) : String | Log4jJndiInjectionTest.java:687:53:687:69 | (...)... | provenance | Sink:MaD:2242 | +| Log4jJndiInjectionTest.java:687:62:687:69 | source(...) : String | Log4jJndiInjectionTest.java:687:53:687:69 | (...)... | provenance | Sink:MaD:48216 | +| Log4jJndiInjectionTest.java:688:47:688:54 | source(...) : String | Log4jJndiInjectionTest.java:688:38:688:54 | (...)... | provenance | Sink:MaD:2242 | +| Log4jJndiInjectionTest.java:688:47:688:54 | source(...) : String | Log4jJndiInjectionTest.java:688:38:688:54 | (...)... | provenance | Sink:MaD:48216 | +| Log4jJndiInjectionTest.java:689:152:689:159 | source(...) : String | Log4jJndiInjectionTest.java:689:143:689:159 | (...)... | provenance | Sink:MaD:2243 | +| Log4jJndiInjectionTest.java:689:152:689:159 | source(...) : String | Log4jJndiInjectionTest.java:689:143:689:159 | (...)... | provenance | Sink:MaD:48217 | +| Log4jJndiInjectionTest.java:690:137:690:144 | source(...) : String | Log4jJndiInjectionTest.java:690:128:690:144 | (...)... | provenance | Sink:MaD:2243 | +| Log4jJndiInjectionTest.java:690:137:690:144 | source(...) : String | Log4jJndiInjectionTest.java:690:128:690:144 | (...)... | provenance | Sink:MaD:48217 | +| Log4jJndiInjectionTest.java:691:122:691:129 | source(...) : String | Log4jJndiInjectionTest.java:691:113:691:129 | (...)... | provenance | Sink:MaD:2243 | +| Log4jJndiInjectionTest.java:691:122:691:129 | source(...) : String | Log4jJndiInjectionTest.java:691:113:691:129 | (...)... | provenance | Sink:MaD:48217 | +| Log4jJndiInjectionTest.java:692:107:692:114 | source(...) : String | Log4jJndiInjectionTest.java:692:98:692:114 | (...)... | provenance | Sink:MaD:2243 | +| Log4jJndiInjectionTest.java:692:107:692:114 | source(...) : String | Log4jJndiInjectionTest.java:692:98:692:114 | (...)... | provenance | Sink:MaD:48217 | +| Log4jJndiInjectionTest.java:693:92:693:99 | source(...) : String | Log4jJndiInjectionTest.java:693:83:693:99 | (...)... | provenance | Sink:MaD:2243 | +| Log4jJndiInjectionTest.java:693:92:693:99 | source(...) : String | Log4jJndiInjectionTest.java:693:83:693:99 | (...)... | provenance | Sink:MaD:48217 | +| Log4jJndiInjectionTest.java:694:77:694:84 | source(...) : String | Log4jJndiInjectionTest.java:694:68:694:84 | (...)... | provenance | Sink:MaD:2243 | +| Log4jJndiInjectionTest.java:694:77:694:84 | source(...) : String | Log4jJndiInjectionTest.java:694:68:694:84 | (...)... | provenance | Sink:MaD:48217 | +| Log4jJndiInjectionTest.java:695:62:695:69 | source(...) : String | Log4jJndiInjectionTest.java:695:53:695:69 | (...)... | provenance | Sink:MaD:2243 | +| Log4jJndiInjectionTest.java:695:62:695:69 | source(...) : String | Log4jJndiInjectionTest.java:695:53:695:69 | (...)... | provenance | Sink:MaD:48217 | +| Log4jJndiInjectionTest.java:696:47:696:54 | source(...) : String | Log4jJndiInjectionTest.java:696:38:696:54 | (...)... | provenance | Sink:MaD:2243 | +| Log4jJndiInjectionTest.java:696:47:696:54 | source(...) : String | Log4jJndiInjectionTest.java:696:38:696:54 | (...)... | provenance | Sink:MaD:48217 | +| Log4jJndiInjectionTest.java:697:167:697:174 | source(...) : String | Log4jJndiInjectionTest.java:697:158:697:174 | (...)... | provenance | Sink:MaD:2244 | +| Log4jJndiInjectionTest.java:697:167:697:174 | source(...) : String | Log4jJndiInjectionTest.java:697:158:697:174 | (...)... | provenance | Sink:MaD:48218 | +| Log4jJndiInjectionTest.java:698:152:698:159 | source(...) : String | Log4jJndiInjectionTest.java:698:143:698:159 | (...)... | provenance | Sink:MaD:2244 | +| Log4jJndiInjectionTest.java:698:152:698:159 | source(...) : String | Log4jJndiInjectionTest.java:698:143:698:159 | (...)... | provenance | Sink:MaD:48218 | +| Log4jJndiInjectionTest.java:699:137:699:144 | source(...) : String | Log4jJndiInjectionTest.java:699:128:699:144 | (...)... | provenance | Sink:MaD:2244 | +| Log4jJndiInjectionTest.java:699:137:699:144 | source(...) : String | Log4jJndiInjectionTest.java:699:128:699:144 | (...)... | provenance | Sink:MaD:48218 | +| Log4jJndiInjectionTest.java:700:122:700:129 | source(...) : String | Log4jJndiInjectionTest.java:700:113:700:129 | (...)... | provenance | Sink:MaD:2244 | +| Log4jJndiInjectionTest.java:700:122:700:129 | source(...) : String | Log4jJndiInjectionTest.java:700:113:700:129 | (...)... | provenance | Sink:MaD:48218 | +| Log4jJndiInjectionTest.java:701:107:701:114 | source(...) : String | Log4jJndiInjectionTest.java:701:98:701:114 | (...)... | provenance | Sink:MaD:2244 | +| Log4jJndiInjectionTest.java:701:107:701:114 | source(...) : String | Log4jJndiInjectionTest.java:701:98:701:114 | (...)... | provenance | Sink:MaD:48218 | +| Log4jJndiInjectionTest.java:702:92:702:99 | source(...) : String | Log4jJndiInjectionTest.java:702:83:702:99 | (...)... | provenance | Sink:MaD:2244 | +| Log4jJndiInjectionTest.java:702:92:702:99 | source(...) : String | Log4jJndiInjectionTest.java:702:83:702:99 | (...)... | provenance | Sink:MaD:48218 | +| Log4jJndiInjectionTest.java:703:77:703:84 | source(...) : String | Log4jJndiInjectionTest.java:703:68:703:84 | (...)... | provenance | Sink:MaD:2244 | +| Log4jJndiInjectionTest.java:703:77:703:84 | source(...) : String | Log4jJndiInjectionTest.java:703:68:703:84 | (...)... | provenance | Sink:MaD:48218 | +| Log4jJndiInjectionTest.java:704:62:704:69 | source(...) : String | Log4jJndiInjectionTest.java:704:53:704:69 | (...)... | provenance | Sink:MaD:2244 | +| Log4jJndiInjectionTest.java:704:62:704:69 | source(...) : String | Log4jJndiInjectionTest.java:704:53:704:69 | (...)... | provenance | Sink:MaD:48218 | +| Log4jJndiInjectionTest.java:705:47:705:54 | source(...) : String | Log4jJndiInjectionTest.java:705:38:705:54 | (...)... | provenance | Sink:MaD:2244 | +| Log4jJndiInjectionTest.java:705:47:705:54 | source(...) : String | Log4jJndiInjectionTest.java:705:38:705:54 | (...)... | provenance | Sink:MaD:48218 | +| Log4jJndiInjectionTest.java:706:182:706:189 | source(...) : String | Log4jJndiInjectionTest.java:706:173:706:189 | (...)... | provenance | Sink:MaD:2245 | +| Log4jJndiInjectionTest.java:706:182:706:189 | source(...) : String | Log4jJndiInjectionTest.java:706:173:706:189 | (...)... | provenance | Sink:MaD:48219 | +| Log4jJndiInjectionTest.java:707:167:707:174 | source(...) : String | Log4jJndiInjectionTest.java:707:158:707:174 | (...)... | provenance | Sink:MaD:2245 | +| Log4jJndiInjectionTest.java:707:167:707:174 | source(...) : String | Log4jJndiInjectionTest.java:707:158:707:174 | (...)... | provenance | Sink:MaD:48219 | +| Log4jJndiInjectionTest.java:708:152:708:159 | source(...) : String | Log4jJndiInjectionTest.java:708:143:708:159 | (...)... | provenance | Sink:MaD:2245 | +| Log4jJndiInjectionTest.java:708:152:708:159 | source(...) : String | Log4jJndiInjectionTest.java:708:143:708:159 | (...)... | provenance | Sink:MaD:48219 | +| Log4jJndiInjectionTest.java:709:137:709:144 | source(...) : String | Log4jJndiInjectionTest.java:709:128:709:144 | (...)... | provenance | Sink:MaD:2245 | +| Log4jJndiInjectionTest.java:709:137:709:144 | source(...) : String | Log4jJndiInjectionTest.java:709:128:709:144 | (...)... | provenance | Sink:MaD:48219 | +| Log4jJndiInjectionTest.java:710:122:710:129 | source(...) : String | Log4jJndiInjectionTest.java:710:113:710:129 | (...)... | provenance | Sink:MaD:2245 | +| Log4jJndiInjectionTest.java:710:122:710:129 | source(...) : String | Log4jJndiInjectionTest.java:710:113:710:129 | (...)... | provenance | Sink:MaD:48219 | +| Log4jJndiInjectionTest.java:711:107:711:114 | source(...) : String | Log4jJndiInjectionTest.java:711:98:711:114 | (...)... | provenance | Sink:MaD:2245 | +| Log4jJndiInjectionTest.java:711:107:711:114 | source(...) : String | Log4jJndiInjectionTest.java:711:98:711:114 | (...)... | provenance | Sink:MaD:48219 | +| Log4jJndiInjectionTest.java:712:92:712:99 | source(...) : String | Log4jJndiInjectionTest.java:712:83:712:99 | (...)... | provenance | Sink:MaD:2245 | +| Log4jJndiInjectionTest.java:712:92:712:99 | source(...) : String | Log4jJndiInjectionTest.java:712:83:712:99 | (...)... | provenance | Sink:MaD:48219 | +| Log4jJndiInjectionTest.java:713:77:713:84 | source(...) : String | Log4jJndiInjectionTest.java:713:68:713:84 | (...)... | provenance | Sink:MaD:2245 | +| Log4jJndiInjectionTest.java:713:77:713:84 | source(...) : String | Log4jJndiInjectionTest.java:713:68:713:84 | (...)... | provenance | Sink:MaD:48219 | +| Log4jJndiInjectionTest.java:714:62:714:69 | source(...) : String | Log4jJndiInjectionTest.java:714:53:714:69 | (...)... | provenance | Sink:MaD:2245 | +| Log4jJndiInjectionTest.java:714:62:714:69 | source(...) : String | Log4jJndiInjectionTest.java:714:53:714:69 | (...)... | provenance | Sink:MaD:48219 | +| Log4jJndiInjectionTest.java:715:47:715:54 | source(...) : String | Log4jJndiInjectionTest.java:715:38:715:54 | (...)... | provenance | Sink:MaD:2245 | +| Log4jJndiInjectionTest.java:715:47:715:54 | source(...) : String | Log4jJndiInjectionTest.java:715:38:715:54 | (...)... | provenance | Sink:MaD:48219 | +| Log4jJndiInjectionTest.java:716:47:716:54 | source(...) : String | Log4jJndiInjectionTest.java:716:38:716:54 | (...)... | provenance | Sink:MaD:2237 | +| Log4jJndiInjectionTest.java:716:47:716:54 | source(...) : String | Log4jJndiInjectionTest.java:716:38:716:54 | (...)... | provenance | Sink:MaD:48211 | +| Log4jJndiInjectionTest.java:717:67:717:74 | source(...) : String | Log4jJndiInjectionTest.java:717:53:717:74 | (...)... | provenance | Sink:MaD:2237 | +| Log4jJndiInjectionTest.java:717:67:717:74 | source(...) : String | Log4jJndiInjectionTest.java:717:53:717:74 | (...)... | provenance | Sink:MaD:48211 | +| Log4jJndiInjectionTest.java:718:47:718:54 | source(...) : String | Log4jJndiInjectionTest.java:718:38:718:54 | (...)... | provenance | Sink:MaD:2249 | +| Log4jJndiInjectionTest.java:718:47:718:54 | source(...) : String | Log4jJndiInjectionTest.java:718:38:718:54 | (...)... | provenance | Sink:MaD:48223 | +| Log4jJndiInjectionTest.java:719:52:719:59 | source(...) : String | Log4jJndiInjectionTest.java:719:38:719:59 | (...)... | provenance | Sink:MaD:2250 | +| Log4jJndiInjectionTest.java:719:52:719:59 | source(...) : String | Log4jJndiInjectionTest.java:719:38:719:59 | (...)... | provenance | Sink:MaD:48224 | +| Log4jJndiInjectionTest.java:720:52:720:59 | source(...) : String | Log4jJndiInjectionTest.java:720:38:720:59 | (...)... | provenance | Sink:MaD:2251 | +| Log4jJndiInjectionTest.java:720:52:720:59 | source(...) : String | Log4jJndiInjectionTest.java:720:38:720:59 | (...)... | provenance | Sink:MaD:48225 | +| Log4jJndiInjectionTest.java:721:41:721:48 | source(...) : String | Log4jJndiInjectionTest.java:721:26:721:48 | (...)... | provenance | Sink:MaD:2255 | +| Log4jJndiInjectionTest.java:721:41:721:48 | source(...) : String | Log4jJndiInjectionTest.java:721:26:721:48 | (...)... | provenance | Sink:MaD:48229 | +| Log4jJndiInjectionTest.java:722:41:722:48 | source(...) : String | Log4jJndiInjectionTest.java:722:26:722:48 | (...)... | provenance | Sink:MaD:2256 | +| Log4jJndiInjectionTest.java:722:41:722:48 | source(...) : String | Log4jJndiInjectionTest.java:722:26:722:48 | (...)... | provenance | Sink:MaD:48230 | +| Log4jJndiInjectionTest.java:723:56:723:63 | source(...) : String | Log4jJndiInjectionTest.java:723:41:723:63 | (...)... | provenance | Sink:MaD:2257 | +| Log4jJndiInjectionTest.java:723:56:723:63 | source(...) : String | Log4jJndiInjectionTest.java:723:41:723:63 | (...)... | provenance | Sink:MaD:48231 | +| Log4jJndiInjectionTest.java:724:56:724:63 | source(...) : String | Log4jJndiInjectionTest.java:724:41:724:63 | (...)... | provenance | Sink:MaD:2258 | +| Log4jJndiInjectionTest.java:724:56:724:63 | source(...) : String | Log4jJndiInjectionTest.java:724:41:724:63 | (...)... | provenance | Sink:MaD:48232 | +| Log4jJndiInjectionTest.java:725:51:725:58 | source(...) : String | Log4jJndiInjectionTest.java:725:41:725:58 | (...)... | provenance | Sink:MaD:2259 | +| Log4jJndiInjectionTest.java:725:51:725:58 | source(...) : String | Log4jJndiInjectionTest.java:725:41:725:58 | (...)... | provenance | Sink:MaD:48233 | +| Log4jJndiInjectionTest.java:726:59:726:66 | source(...) : String | Log4jJndiInjectionTest.java:726:41:726:66 | (...)... | provenance | Sink:MaD:2260 | +| Log4jJndiInjectionTest.java:726:59:726:66 | source(...) : String | Log4jJndiInjectionTest.java:726:41:726:66 | (...)... | provenance | Sink:MaD:48234 | +| Log4jJndiInjectionTest.java:727:59:727:66 | source(...) : String | Log4jJndiInjectionTest.java:727:41:727:66 | (...)... | provenance | Sink:MaD:2261 | +| Log4jJndiInjectionTest.java:727:59:727:66 | source(...) : String | Log4jJndiInjectionTest.java:727:41:727:66 | (...)... | provenance | Sink:MaD:48235 | +| Log4jJndiInjectionTest.java:729:50:729:57 | source(...) : String | Log4jJndiInjectionTest.java:729:41:729:57 | (...)... | provenance | Sink:MaD:2264 | +| Log4jJndiInjectionTest.java:729:50:729:57 | source(...) : String | Log4jJndiInjectionTest.java:729:41:729:57 | (...)... | provenance | Sink:MaD:48238 | +| Log4jJndiInjectionTest.java:730:50:730:57 | source(...) : String | Log4jJndiInjectionTest.java:730:41:730:57 | (...)... | provenance | Sink:MaD:2275 | +| Log4jJndiInjectionTest.java:730:50:730:57 | source(...) : String | Log4jJndiInjectionTest.java:730:41:730:57 | (...)... | provenance | Sink:MaD:48249 | +| Log4jJndiInjectionTest.java:731:56:731:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:731:56:731:78 | new Object[] | provenance | Sink:MaD:2275 | +| Log4jJndiInjectionTest.java:731:56:731:78 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:731:56:731:78 | new Object[] | provenance | Sink:MaD:48249 | | Log4jJndiInjectionTest.java:731:70:731:77 | source(...) : String | Log4jJndiInjectionTest.java:731:56:731:78 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:732:65:732:72 | source(...) : String | Log4jJndiInjectionTest.java:732:56:732:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:733:50:733:57 | source(...) : String | Log4jJndiInjectionTest.java:733:41:733:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:734:80:734:87 | source(...) : String | Log4jJndiInjectionTest.java:734:71:734:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:735:65:735:72 | source(...) : String | Log4jJndiInjectionTest.java:735:56:735:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:736:50:736:57 | source(...) : String | Log4jJndiInjectionTest.java:736:41:736:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:737:95:737:102 | source(...) : String | Log4jJndiInjectionTest.java:737:86:737:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:738:80:738:87 | source(...) : String | Log4jJndiInjectionTest.java:738:71:738:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:739:65:739:72 | source(...) : String | Log4jJndiInjectionTest.java:739:56:739:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:740:50:740:57 | source(...) : String | Log4jJndiInjectionTest.java:740:41:740:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:741:110:741:117 | source(...) : String | Log4jJndiInjectionTest.java:741:101:741:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:742:95:742:102 | source(...) : String | Log4jJndiInjectionTest.java:742:86:742:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:743:80:743:87 | source(...) : String | Log4jJndiInjectionTest.java:743:71:743:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:744:65:744:72 | source(...) : String | Log4jJndiInjectionTest.java:744:56:744:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:745:50:745:57 | source(...) : String | Log4jJndiInjectionTest.java:745:41:745:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:746:125:746:132 | source(...) : String | Log4jJndiInjectionTest.java:746:116:746:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:747:110:747:117 | source(...) : String | Log4jJndiInjectionTest.java:747:101:747:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:748:95:748:102 | source(...) : String | Log4jJndiInjectionTest.java:748:86:748:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:749:80:749:87 | source(...) : String | Log4jJndiInjectionTest.java:749:71:749:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:750:65:750:72 | source(...) : String | Log4jJndiInjectionTest.java:750:56:750:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:751:50:751:57 | source(...) : String | Log4jJndiInjectionTest.java:751:41:751:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:752:140:752:147 | source(...) : String | Log4jJndiInjectionTest.java:752:131:752:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:753:125:753:132 | source(...) : String | Log4jJndiInjectionTest.java:753:116:753:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:754:110:754:117 | source(...) : String | Log4jJndiInjectionTest.java:754:101:754:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:755:95:755:102 | source(...) : String | Log4jJndiInjectionTest.java:755:86:755:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:756:80:756:87 | source(...) : String | Log4jJndiInjectionTest.java:756:71:756:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:757:65:757:72 | source(...) : String | Log4jJndiInjectionTest.java:757:56:757:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:758:50:758:57 | source(...) : String | Log4jJndiInjectionTest.java:758:41:758:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:759:155:759:162 | source(...) : String | Log4jJndiInjectionTest.java:759:146:759:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:760:140:760:147 | source(...) : String | Log4jJndiInjectionTest.java:760:131:760:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:761:125:761:132 | source(...) : String | Log4jJndiInjectionTest.java:761:116:761:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:762:110:762:117 | source(...) : String | Log4jJndiInjectionTest.java:762:101:762:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:763:95:763:102 | source(...) : String | Log4jJndiInjectionTest.java:763:86:763:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:764:80:764:87 | source(...) : String | Log4jJndiInjectionTest.java:764:71:764:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:765:65:765:72 | source(...) : String | Log4jJndiInjectionTest.java:765:56:765:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:766:50:766:57 | source(...) : String | Log4jJndiInjectionTest.java:766:41:766:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:767:170:767:177 | source(...) : String | Log4jJndiInjectionTest.java:767:161:767:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:768:155:768:162 | source(...) : String | Log4jJndiInjectionTest.java:768:146:768:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:769:140:769:147 | source(...) : String | Log4jJndiInjectionTest.java:769:131:769:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:770:125:770:132 | source(...) : String | Log4jJndiInjectionTest.java:770:116:770:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:771:110:771:117 | source(...) : String | Log4jJndiInjectionTest.java:771:101:771:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:772:95:772:102 | source(...) : String | Log4jJndiInjectionTest.java:772:86:772:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:773:80:773:87 | source(...) : String | Log4jJndiInjectionTest.java:773:71:773:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:774:65:774:72 | source(...) : String | Log4jJndiInjectionTest.java:774:56:774:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:775:50:775:57 | source(...) : String | Log4jJndiInjectionTest.java:775:41:775:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:776:185:776:192 | source(...) : String | Log4jJndiInjectionTest.java:776:176:776:192 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:777:170:777:177 | source(...) : String | Log4jJndiInjectionTest.java:777:161:777:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:778:155:778:162 | source(...) : String | Log4jJndiInjectionTest.java:778:146:778:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:779:140:779:147 | source(...) : String | Log4jJndiInjectionTest.java:779:131:779:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:780:125:780:132 | source(...) : String | Log4jJndiInjectionTest.java:780:116:780:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:781:110:781:117 | source(...) : String | Log4jJndiInjectionTest.java:781:101:781:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:782:95:782:102 | source(...) : String | Log4jJndiInjectionTest.java:782:86:782:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:783:80:783:87 | source(...) : String | Log4jJndiInjectionTest.java:783:71:783:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:784:65:784:72 | source(...) : String | Log4jJndiInjectionTest.java:784:56:784:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:785:50:785:57 | source(...) : String | Log4jJndiInjectionTest.java:785:41:785:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:786:50:786:57 | source(...) : String | Log4jJndiInjectionTest.java:786:41:786:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:787:70:787:77 | source(...) : String | Log4jJndiInjectionTest.java:787:56:787:77 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:788:50:788:57 | source(...) : String | Log4jJndiInjectionTest.java:788:41:788:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:789:55:789:62 | source(...) : String | Log4jJndiInjectionTest.java:789:41:789:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:790:55:790:62 | source(...) : String | Log4jJndiInjectionTest.java:790:41:790:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:791:44:791:51 | source(...) : String | Log4jJndiInjectionTest.java:791:26:791:51 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:792:44:792:51 | source(...) : String | Log4jJndiInjectionTest.java:792:26:792:51 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:793:36:793:43 | source(...) : String | Log4jJndiInjectionTest.java:793:26:793:43 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:794:36:794:43 | source(...) : String | Log4jJndiInjectionTest.java:794:26:794:43 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:797:35:797:42 | source(...) : String | Log4jJndiInjectionTest.java:797:26:797:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:798:35:798:42 | source(...) : String | Log4jJndiInjectionTest.java:798:26:798:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:799:41:799:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:799:41:799:63 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:732:65:732:72 | source(...) : String | Log4jJndiInjectionTest.java:732:56:732:72 | (...)... | provenance | Sink:MaD:2265 | +| Log4jJndiInjectionTest.java:732:65:732:72 | source(...) : String | Log4jJndiInjectionTest.java:732:56:732:72 | (...)... | provenance | Sink:MaD:48239 | +| Log4jJndiInjectionTest.java:733:50:733:57 | source(...) : String | Log4jJndiInjectionTest.java:733:41:733:57 | (...)... | provenance | Sink:MaD:2265 | +| Log4jJndiInjectionTest.java:733:50:733:57 | source(...) : String | Log4jJndiInjectionTest.java:733:41:733:57 | (...)... | provenance | Sink:MaD:48239 | +| Log4jJndiInjectionTest.java:734:80:734:87 | source(...) : String | Log4jJndiInjectionTest.java:734:71:734:87 | (...)... | provenance | Sink:MaD:2266 | +| Log4jJndiInjectionTest.java:734:80:734:87 | source(...) : String | Log4jJndiInjectionTest.java:734:71:734:87 | (...)... | provenance | Sink:MaD:48240 | +| Log4jJndiInjectionTest.java:735:65:735:72 | source(...) : String | Log4jJndiInjectionTest.java:735:56:735:72 | (...)... | provenance | Sink:MaD:2266 | +| Log4jJndiInjectionTest.java:735:65:735:72 | source(...) : String | Log4jJndiInjectionTest.java:735:56:735:72 | (...)... | provenance | Sink:MaD:48240 | +| Log4jJndiInjectionTest.java:736:50:736:57 | source(...) : String | Log4jJndiInjectionTest.java:736:41:736:57 | (...)... | provenance | Sink:MaD:2266 | +| Log4jJndiInjectionTest.java:736:50:736:57 | source(...) : String | Log4jJndiInjectionTest.java:736:41:736:57 | (...)... | provenance | Sink:MaD:48240 | +| Log4jJndiInjectionTest.java:737:95:737:102 | source(...) : String | Log4jJndiInjectionTest.java:737:86:737:102 | (...)... | provenance | Sink:MaD:2267 | +| Log4jJndiInjectionTest.java:737:95:737:102 | source(...) : String | Log4jJndiInjectionTest.java:737:86:737:102 | (...)... | provenance | Sink:MaD:48241 | +| Log4jJndiInjectionTest.java:738:80:738:87 | source(...) : String | Log4jJndiInjectionTest.java:738:71:738:87 | (...)... | provenance | Sink:MaD:2267 | +| Log4jJndiInjectionTest.java:738:80:738:87 | source(...) : String | Log4jJndiInjectionTest.java:738:71:738:87 | (...)... | provenance | Sink:MaD:48241 | +| Log4jJndiInjectionTest.java:739:65:739:72 | source(...) : String | Log4jJndiInjectionTest.java:739:56:739:72 | (...)... | provenance | Sink:MaD:2267 | +| Log4jJndiInjectionTest.java:739:65:739:72 | source(...) : String | Log4jJndiInjectionTest.java:739:56:739:72 | (...)... | provenance | Sink:MaD:48241 | +| Log4jJndiInjectionTest.java:740:50:740:57 | source(...) : String | Log4jJndiInjectionTest.java:740:41:740:57 | (...)... | provenance | Sink:MaD:2267 | +| Log4jJndiInjectionTest.java:740:50:740:57 | source(...) : String | Log4jJndiInjectionTest.java:740:41:740:57 | (...)... | provenance | Sink:MaD:48241 | +| Log4jJndiInjectionTest.java:741:110:741:117 | source(...) : String | Log4jJndiInjectionTest.java:741:101:741:117 | (...)... | provenance | Sink:MaD:2268 | +| Log4jJndiInjectionTest.java:741:110:741:117 | source(...) : String | Log4jJndiInjectionTest.java:741:101:741:117 | (...)... | provenance | Sink:MaD:48242 | +| Log4jJndiInjectionTest.java:742:95:742:102 | source(...) : String | Log4jJndiInjectionTest.java:742:86:742:102 | (...)... | provenance | Sink:MaD:2268 | +| Log4jJndiInjectionTest.java:742:95:742:102 | source(...) : String | Log4jJndiInjectionTest.java:742:86:742:102 | (...)... | provenance | Sink:MaD:48242 | +| Log4jJndiInjectionTest.java:743:80:743:87 | source(...) : String | Log4jJndiInjectionTest.java:743:71:743:87 | (...)... | provenance | Sink:MaD:2268 | +| Log4jJndiInjectionTest.java:743:80:743:87 | source(...) : String | Log4jJndiInjectionTest.java:743:71:743:87 | (...)... | provenance | Sink:MaD:48242 | +| Log4jJndiInjectionTest.java:744:65:744:72 | source(...) : String | Log4jJndiInjectionTest.java:744:56:744:72 | (...)... | provenance | Sink:MaD:2268 | +| Log4jJndiInjectionTest.java:744:65:744:72 | source(...) : String | Log4jJndiInjectionTest.java:744:56:744:72 | (...)... | provenance | Sink:MaD:48242 | +| Log4jJndiInjectionTest.java:745:50:745:57 | source(...) : String | Log4jJndiInjectionTest.java:745:41:745:57 | (...)... | provenance | Sink:MaD:2268 | +| Log4jJndiInjectionTest.java:745:50:745:57 | source(...) : String | Log4jJndiInjectionTest.java:745:41:745:57 | (...)... | provenance | Sink:MaD:48242 | +| Log4jJndiInjectionTest.java:746:125:746:132 | source(...) : String | Log4jJndiInjectionTest.java:746:116:746:132 | (...)... | provenance | Sink:MaD:2269 | +| Log4jJndiInjectionTest.java:746:125:746:132 | source(...) : String | Log4jJndiInjectionTest.java:746:116:746:132 | (...)... | provenance | Sink:MaD:48243 | +| Log4jJndiInjectionTest.java:747:110:747:117 | source(...) : String | Log4jJndiInjectionTest.java:747:101:747:117 | (...)... | provenance | Sink:MaD:2269 | +| Log4jJndiInjectionTest.java:747:110:747:117 | source(...) : String | Log4jJndiInjectionTest.java:747:101:747:117 | (...)... | provenance | Sink:MaD:48243 | +| Log4jJndiInjectionTest.java:748:95:748:102 | source(...) : String | Log4jJndiInjectionTest.java:748:86:748:102 | (...)... | provenance | Sink:MaD:2269 | +| Log4jJndiInjectionTest.java:748:95:748:102 | source(...) : String | Log4jJndiInjectionTest.java:748:86:748:102 | (...)... | provenance | Sink:MaD:48243 | +| Log4jJndiInjectionTest.java:749:80:749:87 | source(...) : String | Log4jJndiInjectionTest.java:749:71:749:87 | (...)... | provenance | Sink:MaD:2269 | +| Log4jJndiInjectionTest.java:749:80:749:87 | source(...) : String | Log4jJndiInjectionTest.java:749:71:749:87 | (...)... | provenance | Sink:MaD:48243 | +| Log4jJndiInjectionTest.java:750:65:750:72 | source(...) : String | Log4jJndiInjectionTest.java:750:56:750:72 | (...)... | provenance | Sink:MaD:2269 | +| Log4jJndiInjectionTest.java:750:65:750:72 | source(...) : String | Log4jJndiInjectionTest.java:750:56:750:72 | (...)... | provenance | Sink:MaD:48243 | +| Log4jJndiInjectionTest.java:751:50:751:57 | source(...) : String | Log4jJndiInjectionTest.java:751:41:751:57 | (...)... | provenance | Sink:MaD:2269 | +| Log4jJndiInjectionTest.java:751:50:751:57 | source(...) : String | Log4jJndiInjectionTest.java:751:41:751:57 | (...)... | provenance | Sink:MaD:48243 | +| Log4jJndiInjectionTest.java:752:140:752:147 | source(...) : String | Log4jJndiInjectionTest.java:752:131:752:147 | (...)... | provenance | Sink:MaD:2270 | +| Log4jJndiInjectionTest.java:752:140:752:147 | source(...) : String | Log4jJndiInjectionTest.java:752:131:752:147 | (...)... | provenance | Sink:MaD:48244 | +| Log4jJndiInjectionTest.java:753:125:753:132 | source(...) : String | Log4jJndiInjectionTest.java:753:116:753:132 | (...)... | provenance | Sink:MaD:2270 | +| Log4jJndiInjectionTest.java:753:125:753:132 | source(...) : String | Log4jJndiInjectionTest.java:753:116:753:132 | (...)... | provenance | Sink:MaD:48244 | +| Log4jJndiInjectionTest.java:754:110:754:117 | source(...) : String | Log4jJndiInjectionTest.java:754:101:754:117 | (...)... | provenance | Sink:MaD:2270 | +| Log4jJndiInjectionTest.java:754:110:754:117 | source(...) : String | Log4jJndiInjectionTest.java:754:101:754:117 | (...)... | provenance | Sink:MaD:48244 | +| Log4jJndiInjectionTest.java:755:95:755:102 | source(...) : String | Log4jJndiInjectionTest.java:755:86:755:102 | (...)... | provenance | Sink:MaD:2270 | +| Log4jJndiInjectionTest.java:755:95:755:102 | source(...) : String | Log4jJndiInjectionTest.java:755:86:755:102 | (...)... | provenance | Sink:MaD:48244 | +| Log4jJndiInjectionTest.java:756:80:756:87 | source(...) : String | Log4jJndiInjectionTest.java:756:71:756:87 | (...)... | provenance | Sink:MaD:2270 | +| Log4jJndiInjectionTest.java:756:80:756:87 | source(...) : String | Log4jJndiInjectionTest.java:756:71:756:87 | (...)... | provenance | Sink:MaD:48244 | +| Log4jJndiInjectionTest.java:757:65:757:72 | source(...) : String | Log4jJndiInjectionTest.java:757:56:757:72 | (...)... | provenance | Sink:MaD:2270 | +| Log4jJndiInjectionTest.java:757:65:757:72 | source(...) : String | Log4jJndiInjectionTest.java:757:56:757:72 | (...)... | provenance | Sink:MaD:48244 | +| Log4jJndiInjectionTest.java:758:50:758:57 | source(...) : String | Log4jJndiInjectionTest.java:758:41:758:57 | (...)... | provenance | Sink:MaD:2270 | +| Log4jJndiInjectionTest.java:758:50:758:57 | source(...) : String | Log4jJndiInjectionTest.java:758:41:758:57 | (...)... | provenance | Sink:MaD:48244 | +| Log4jJndiInjectionTest.java:759:155:759:162 | source(...) : String | Log4jJndiInjectionTest.java:759:146:759:162 | (...)... | provenance | Sink:MaD:2271 | +| Log4jJndiInjectionTest.java:759:155:759:162 | source(...) : String | Log4jJndiInjectionTest.java:759:146:759:162 | (...)... | provenance | Sink:MaD:48245 | +| Log4jJndiInjectionTest.java:760:140:760:147 | source(...) : String | Log4jJndiInjectionTest.java:760:131:760:147 | (...)... | provenance | Sink:MaD:2271 | +| Log4jJndiInjectionTest.java:760:140:760:147 | source(...) : String | Log4jJndiInjectionTest.java:760:131:760:147 | (...)... | provenance | Sink:MaD:48245 | +| Log4jJndiInjectionTest.java:761:125:761:132 | source(...) : String | Log4jJndiInjectionTest.java:761:116:761:132 | (...)... | provenance | Sink:MaD:2271 | +| Log4jJndiInjectionTest.java:761:125:761:132 | source(...) : String | Log4jJndiInjectionTest.java:761:116:761:132 | (...)... | provenance | Sink:MaD:48245 | +| Log4jJndiInjectionTest.java:762:110:762:117 | source(...) : String | Log4jJndiInjectionTest.java:762:101:762:117 | (...)... | provenance | Sink:MaD:2271 | +| Log4jJndiInjectionTest.java:762:110:762:117 | source(...) : String | Log4jJndiInjectionTest.java:762:101:762:117 | (...)... | provenance | Sink:MaD:48245 | +| Log4jJndiInjectionTest.java:763:95:763:102 | source(...) : String | Log4jJndiInjectionTest.java:763:86:763:102 | (...)... | provenance | Sink:MaD:2271 | +| Log4jJndiInjectionTest.java:763:95:763:102 | source(...) : String | Log4jJndiInjectionTest.java:763:86:763:102 | (...)... | provenance | Sink:MaD:48245 | +| Log4jJndiInjectionTest.java:764:80:764:87 | source(...) : String | Log4jJndiInjectionTest.java:764:71:764:87 | (...)... | provenance | Sink:MaD:2271 | +| Log4jJndiInjectionTest.java:764:80:764:87 | source(...) : String | Log4jJndiInjectionTest.java:764:71:764:87 | (...)... | provenance | Sink:MaD:48245 | +| Log4jJndiInjectionTest.java:765:65:765:72 | source(...) : String | Log4jJndiInjectionTest.java:765:56:765:72 | (...)... | provenance | Sink:MaD:2271 | +| Log4jJndiInjectionTest.java:765:65:765:72 | source(...) : String | Log4jJndiInjectionTest.java:765:56:765:72 | (...)... | provenance | Sink:MaD:48245 | +| Log4jJndiInjectionTest.java:766:50:766:57 | source(...) : String | Log4jJndiInjectionTest.java:766:41:766:57 | (...)... | provenance | Sink:MaD:2271 | +| Log4jJndiInjectionTest.java:766:50:766:57 | source(...) : String | Log4jJndiInjectionTest.java:766:41:766:57 | (...)... | provenance | Sink:MaD:48245 | +| Log4jJndiInjectionTest.java:767:170:767:177 | source(...) : String | Log4jJndiInjectionTest.java:767:161:767:177 | (...)... | provenance | Sink:MaD:2272 | +| Log4jJndiInjectionTest.java:767:170:767:177 | source(...) : String | Log4jJndiInjectionTest.java:767:161:767:177 | (...)... | provenance | Sink:MaD:48246 | +| Log4jJndiInjectionTest.java:768:155:768:162 | source(...) : String | Log4jJndiInjectionTest.java:768:146:768:162 | (...)... | provenance | Sink:MaD:2272 | +| Log4jJndiInjectionTest.java:768:155:768:162 | source(...) : String | Log4jJndiInjectionTest.java:768:146:768:162 | (...)... | provenance | Sink:MaD:48246 | +| Log4jJndiInjectionTest.java:769:140:769:147 | source(...) : String | Log4jJndiInjectionTest.java:769:131:769:147 | (...)... | provenance | Sink:MaD:2272 | +| Log4jJndiInjectionTest.java:769:140:769:147 | source(...) : String | Log4jJndiInjectionTest.java:769:131:769:147 | (...)... | provenance | Sink:MaD:48246 | +| Log4jJndiInjectionTest.java:770:125:770:132 | source(...) : String | Log4jJndiInjectionTest.java:770:116:770:132 | (...)... | provenance | Sink:MaD:2272 | +| Log4jJndiInjectionTest.java:770:125:770:132 | source(...) : String | Log4jJndiInjectionTest.java:770:116:770:132 | (...)... | provenance | Sink:MaD:48246 | +| Log4jJndiInjectionTest.java:771:110:771:117 | source(...) : String | Log4jJndiInjectionTest.java:771:101:771:117 | (...)... | provenance | Sink:MaD:2272 | +| Log4jJndiInjectionTest.java:771:110:771:117 | source(...) : String | Log4jJndiInjectionTest.java:771:101:771:117 | (...)... | provenance | Sink:MaD:48246 | +| Log4jJndiInjectionTest.java:772:95:772:102 | source(...) : String | Log4jJndiInjectionTest.java:772:86:772:102 | (...)... | provenance | Sink:MaD:2272 | +| Log4jJndiInjectionTest.java:772:95:772:102 | source(...) : String | Log4jJndiInjectionTest.java:772:86:772:102 | (...)... | provenance | Sink:MaD:48246 | +| Log4jJndiInjectionTest.java:773:80:773:87 | source(...) : String | Log4jJndiInjectionTest.java:773:71:773:87 | (...)... | provenance | Sink:MaD:2272 | +| Log4jJndiInjectionTest.java:773:80:773:87 | source(...) : String | Log4jJndiInjectionTest.java:773:71:773:87 | (...)... | provenance | Sink:MaD:48246 | +| Log4jJndiInjectionTest.java:774:65:774:72 | source(...) : String | Log4jJndiInjectionTest.java:774:56:774:72 | (...)... | provenance | Sink:MaD:2272 | +| Log4jJndiInjectionTest.java:774:65:774:72 | source(...) : String | Log4jJndiInjectionTest.java:774:56:774:72 | (...)... | provenance | Sink:MaD:48246 | +| Log4jJndiInjectionTest.java:775:50:775:57 | source(...) : String | Log4jJndiInjectionTest.java:775:41:775:57 | (...)... | provenance | Sink:MaD:2272 | +| Log4jJndiInjectionTest.java:775:50:775:57 | source(...) : String | Log4jJndiInjectionTest.java:775:41:775:57 | (...)... | provenance | Sink:MaD:48246 | +| Log4jJndiInjectionTest.java:776:185:776:192 | source(...) : String | Log4jJndiInjectionTest.java:776:176:776:192 | (...)... | provenance | Sink:MaD:2273 | +| Log4jJndiInjectionTest.java:776:185:776:192 | source(...) : String | Log4jJndiInjectionTest.java:776:176:776:192 | (...)... | provenance | Sink:MaD:48247 | +| Log4jJndiInjectionTest.java:777:170:777:177 | source(...) : String | Log4jJndiInjectionTest.java:777:161:777:177 | (...)... | provenance | Sink:MaD:2273 | +| Log4jJndiInjectionTest.java:777:170:777:177 | source(...) : String | Log4jJndiInjectionTest.java:777:161:777:177 | (...)... | provenance | Sink:MaD:48247 | +| Log4jJndiInjectionTest.java:778:155:778:162 | source(...) : String | Log4jJndiInjectionTest.java:778:146:778:162 | (...)... | provenance | Sink:MaD:2273 | +| Log4jJndiInjectionTest.java:778:155:778:162 | source(...) : String | Log4jJndiInjectionTest.java:778:146:778:162 | (...)... | provenance | Sink:MaD:48247 | +| Log4jJndiInjectionTest.java:779:140:779:147 | source(...) : String | Log4jJndiInjectionTest.java:779:131:779:147 | (...)... | provenance | Sink:MaD:2273 | +| Log4jJndiInjectionTest.java:779:140:779:147 | source(...) : String | Log4jJndiInjectionTest.java:779:131:779:147 | (...)... | provenance | Sink:MaD:48247 | +| Log4jJndiInjectionTest.java:780:125:780:132 | source(...) : String | Log4jJndiInjectionTest.java:780:116:780:132 | (...)... | provenance | Sink:MaD:2273 | +| Log4jJndiInjectionTest.java:780:125:780:132 | source(...) : String | Log4jJndiInjectionTest.java:780:116:780:132 | (...)... | provenance | Sink:MaD:48247 | +| Log4jJndiInjectionTest.java:781:110:781:117 | source(...) : String | Log4jJndiInjectionTest.java:781:101:781:117 | (...)... | provenance | Sink:MaD:2273 | +| Log4jJndiInjectionTest.java:781:110:781:117 | source(...) : String | Log4jJndiInjectionTest.java:781:101:781:117 | (...)... | provenance | Sink:MaD:48247 | +| Log4jJndiInjectionTest.java:782:95:782:102 | source(...) : String | Log4jJndiInjectionTest.java:782:86:782:102 | (...)... | provenance | Sink:MaD:2273 | +| Log4jJndiInjectionTest.java:782:95:782:102 | source(...) : String | Log4jJndiInjectionTest.java:782:86:782:102 | (...)... | provenance | Sink:MaD:48247 | +| Log4jJndiInjectionTest.java:783:80:783:87 | source(...) : String | Log4jJndiInjectionTest.java:783:71:783:87 | (...)... | provenance | Sink:MaD:2273 | +| Log4jJndiInjectionTest.java:783:80:783:87 | source(...) : String | Log4jJndiInjectionTest.java:783:71:783:87 | (...)... | provenance | Sink:MaD:48247 | +| Log4jJndiInjectionTest.java:784:65:784:72 | source(...) : String | Log4jJndiInjectionTest.java:784:56:784:72 | (...)... | provenance | Sink:MaD:2273 | +| Log4jJndiInjectionTest.java:784:65:784:72 | source(...) : String | Log4jJndiInjectionTest.java:784:56:784:72 | (...)... | provenance | Sink:MaD:48247 | +| Log4jJndiInjectionTest.java:785:50:785:57 | source(...) : String | Log4jJndiInjectionTest.java:785:41:785:57 | (...)... | provenance | Sink:MaD:2273 | +| Log4jJndiInjectionTest.java:785:50:785:57 | source(...) : String | Log4jJndiInjectionTest.java:785:41:785:57 | (...)... | provenance | Sink:MaD:48247 | +| Log4jJndiInjectionTest.java:786:50:786:57 | source(...) : String | Log4jJndiInjectionTest.java:786:41:786:57 | (...)... | provenance | Sink:MaD:2265 | +| Log4jJndiInjectionTest.java:786:50:786:57 | source(...) : String | Log4jJndiInjectionTest.java:786:41:786:57 | (...)... | provenance | Sink:MaD:48239 | +| Log4jJndiInjectionTest.java:787:70:787:77 | source(...) : String | Log4jJndiInjectionTest.java:787:56:787:77 | (...)... | provenance | Sink:MaD:2265 | +| Log4jJndiInjectionTest.java:787:70:787:77 | source(...) : String | Log4jJndiInjectionTest.java:787:56:787:77 | (...)... | provenance | Sink:MaD:48239 | +| Log4jJndiInjectionTest.java:788:50:788:57 | source(...) : String | Log4jJndiInjectionTest.java:788:41:788:57 | (...)... | provenance | Sink:MaD:2277 | +| Log4jJndiInjectionTest.java:788:50:788:57 | source(...) : String | Log4jJndiInjectionTest.java:788:41:788:57 | (...)... | provenance | Sink:MaD:48251 | +| Log4jJndiInjectionTest.java:789:55:789:62 | source(...) : String | Log4jJndiInjectionTest.java:789:41:789:62 | (...)... | provenance | Sink:MaD:2278 | +| Log4jJndiInjectionTest.java:789:55:789:62 | source(...) : String | Log4jJndiInjectionTest.java:789:41:789:62 | (...)... | provenance | Sink:MaD:48252 | +| Log4jJndiInjectionTest.java:790:55:790:62 | source(...) : String | Log4jJndiInjectionTest.java:790:41:790:62 | (...)... | provenance | Sink:MaD:2279 | +| Log4jJndiInjectionTest.java:790:55:790:62 | source(...) : String | Log4jJndiInjectionTest.java:790:41:790:62 | (...)... | provenance | Sink:MaD:48253 | +| Log4jJndiInjectionTest.java:791:44:791:51 | source(...) : String | Log4jJndiInjectionTest.java:791:26:791:51 | (...)... | provenance | Sink:MaD:2282 | +| Log4jJndiInjectionTest.java:791:44:791:51 | source(...) : String | Log4jJndiInjectionTest.java:791:26:791:51 | (...)... | provenance | Sink:MaD:48256 | +| Log4jJndiInjectionTest.java:792:44:792:51 | source(...) : String | Log4jJndiInjectionTest.java:792:26:792:51 | (...)... | provenance | Sink:MaD:2283 | +| Log4jJndiInjectionTest.java:792:44:792:51 | source(...) : String | Log4jJndiInjectionTest.java:792:26:792:51 | (...)... | provenance | Sink:MaD:48257 | +| Log4jJndiInjectionTest.java:793:36:793:43 | source(...) : String | Log4jJndiInjectionTest.java:793:26:793:43 | (...)... | provenance | Sink:MaD:2280 | +| Log4jJndiInjectionTest.java:793:36:793:43 | source(...) : String | Log4jJndiInjectionTest.java:793:26:793:43 | (...)... | provenance | Sink:MaD:48254 | +| Log4jJndiInjectionTest.java:794:36:794:43 | source(...) : String | Log4jJndiInjectionTest.java:794:26:794:43 | (...)... | provenance | Sink:MaD:2281 | +| Log4jJndiInjectionTest.java:794:36:794:43 | source(...) : String | Log4jJndiInjectionTest.java:794:26:794:43 | (...)... | provenance | Sink:MaD:48255 | +| Log4jJndiInjectionTest.java:797:35:797:42 | source(...) : String | Log4jJndiInjectionTest.java:797:26:797:42 | (...)... | provenance | Sink:MaD:2286 | +| Log4jJndiInjectionTest.java:797:35:797:42 | source(...) : String | Log4jJndiInjectionTest.java:797:26:797:42 | (...)... | provenance | Sink:MaD:48260 | +| Log4jJndiInjectionTest.java:798:35:798:42 | source(...) : String | Log4jJndiInjectionTest.java:798:26:798:42 | (...)... | provenance | Sink:MaD:2297 | +| Log4jJndiInjectionTest.java:798:35:798:42 | source(...) : String | Log4jJndiInjectionTest.java:798:26:798:42 | (...)... | provenance | Sink:MaD:48271 | +| Log4jJndiInjectionTest.java:799:41:799:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:799:41:799:63 | new Object[] | provenance | Sink:MaD:2297 | +| Log4jJndiInjectionTest.java:799:41:799:63 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:799:41:799:63 | new Object[] | provenance | Sink:MaD:48271 | | Log4jJndiInjectionTest.java:799:55:799:62 | source(...) : String | Log4jJndiInjectionTest.java:799:41:799:63 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:800:50:800:57 | source(...) : String | Log4jJndiInjectionTest.java:800:41:800:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:801:35:801:42 | source(...) : String | Log4jJndiInjectionTest.java:801:26:801:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:802:65:802:72 | source(...) : String | Log4jJndiInjectionTest.java:802:56:802:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:803:50:803:57 | source(...) : String | Log4jJndiInjectionTest.java:803:41:803:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:804:35:804:42 | source(...) : String | Log4jJndiInjectionTest.java:804:26:804:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:805:80:805:87 | source(...) : String | Log4jJndiInjectionTest.java:805:71:805:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:806:65:806:72 | source(...) : String | Log4jJndiInjectionTest.java:806:56:806:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:807:50:807:57 | source(...) : String | Log4jJndiInjectionTest.java:807:41:807:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:808:35:808:42 | source(...) : String | Log4jJndiInjectionTest.java:808:26:808:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:809:95:809:102 | source(...) : String | Log4jJndiInjectionTest.java:809:86:809:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:810:80:810:87 | source(...) : String | Log4jJndiInjectionTest.java:810:71:810:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:811:65:811:72 | source(...) : String | Log4jJndiInjectionTest.java:811:56:811:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:812:50:812:57 | source(...) : String | Log4jJndiInjectionTest.java:812:41:812:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:813:35:813:42 | source(...) : String | Log4jJndiInjectionTest.java:813:26:813:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:814:110:814:117 | source(...) : String | Log4jJndiInjectionTest.java:814:101:814:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:815:95:815:102 | source(...) : String | Log4jJndiInjectionTest.java:815:86:815:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:816:80:816:87 | source(...) : String | Log4jJndiInjectionTest.java:816:71:816:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:817:65:817:72 | source(...) : String | Log4jJndiInjectionTest.java:817:56:817:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:818:50:818:57 | source(...) : String | Log4jJndiInjectionTest.java:818:41:818:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:819:35:819:42 | source(...) : String | Log4jJndiInjectionTest.java:819:26:819:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:820:125:820:132 | source(...) : String | Log4jJndiInjectionTest.java:820:116:820:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:821:110:821:117 | source(...) : String | Log4jJndiInjectionTest.java:821:101:821:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:822:95:822:102 | source(...) : String | Log4jJndiInjectionTest.java:822:86:822:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:823:80:823:87 | source(...) : String | Log4jJndiInjectionTest.java:823:71:823:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:824:65:824:72 | source(...) : String | Log4jJndiInjectionTest.java:824:56:824:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:825:50:825:57 | source(...) : String | Log4jJndiInjectionTest.java:825:41:825:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:826:35:826:42 | source(...) : String | Log4jJndiInjectionTest.java:826:26:826:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:827:140:827:147 | source(...) : String | Log4jJndiInjectionTest.java:827:131:827:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:828:125:828:132 | source(...) : String | Log4jJndiInjectionTest.java:828:116:828:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:829:110:829:117 | source(...) : String | Log4jJndiInjectionTest.java:829:101:829:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:830:95:830:102 | source(...) : String | Log4jJndiInjectionTest.java:830:86:830:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:831:80:831:87 | source(...) : String | Log4jJndiInjectionTest.java:831:71:831:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:832:65:832:72 | source(...) : String | Log4jJndiInjectionTest.java:832:56:832:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:833:50:833:57 | source(...) : String | Log4jJndiInjectionTest.java:833:41:833:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:834:35:834:42 | source(...) : String | Log4jJndiInjectionTest.java:834:26:834:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:835:155:835:162 | source(...) : String | Log4jJndiInjectionTest.java:835:146:835:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:836:140:836:147 | source(...) : String | Log4jJndiInjectionTest.java:836:131:836:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:837:125:837:132 | source(...) : String | Log4jJndiInjectionTest.java:837:116:837:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:838:110:838:117 | source(...) : String | Log4jJndiInjectionTest.java:838:101:838:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:839:95:839:102 | source(...) : String | Log4jJndiInjectionTest.java:839:86:839:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:840:80:840:87 | source(...) : String | Log4jJndiInjectionTest.java:840:71:840:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:841:65:841:72 | source(...) : String | Log4jJndiInjectionTest.java:841:56:841:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:842:50:842:57 | source(...) : String | Log4jJndiInjectionTest.java:842:41:842:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:843:35:843:42 | source(...) : String | Log4jJndiInjectionTest.java:843:26:843:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:844:170:844:177 | source(...) : String | Log4jJndiInjectionTest.java:844:161:844:177 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:845:155:845:162 | source(...) : String | Log4jJndiInjectionTest.java:845:146:845:162 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:846:140:846:147 | source(...) : String | Log4jJndiInjectionTest.java:846:131:846:147 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:847:125:847:132 | source(...) : String | Log4jJndiInjectionTest.java:847:116:847:132 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:848:110:848:117 | source(...) : String | Log4jJndiInjectionTest.java:848:101:848:117 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:849:95:849:102 | source(...) : String | Log4jJndiInjectionTest.java:849:86:849:102 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:850:80:850:87 | source(...) : String | Log4jJndiInjectionTest.java:850:71:850:87 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:851:65:851:72 | source(...) : String | Log4jJndiInjectionTest.java:851:56:851:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:852:50:852:57 | source(...) : String | Log4jJndiInjectionTest.java:852:41:852:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:853:35:853:42 | source(...) : String | Log4jJndiInjectionTest.java:853:26:853:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:854:35:854:42 | source(...) : String | Log4jJndiInjectionTest.java:854:26:854:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:855:55:855:62 | source(...) : String | Log4jJndiInjectionTest.java:855:41:855:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:856:35:856:42 | source(...) : String | Log4jJndiInjectionTest.java:856:26:856:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:857:40:857:47 | source(...) : String | Log4jJndiInjectionTest.java:857:26:857:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:858:40:858:47 | source(...) : String | Log4jJndiInjectionTest.java:858:26:858:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:859:40:859:47 | source(...) : String | Log4jJndiInjectionTest.java:859:25:859:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:860:40:860:47 | source(...) : String | Log4jJndiInjectionTest.java:860:25:860:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:861:55:861:62 | source(...) : String | Log4jJndiInjectionTest.java:861:40:861:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:862:55:862:62 | source(...) : String | Log4jJndiInjectionTest.java:862:40:862:62 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:863:50:863:57 | source(...) : String | Log4jJndiInjectionTest.java:863:40:863:57 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:864:58:864:65 | source(...) : String | Log4jJndiInjectionTest.java:864:40:864:65 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:865:58:865:65 | source(...) : String | Log4jJndiInjectionTest.java:865:40:865:65 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:867:49:867:56 | source(...) : String | Log4jJndiInjectionTest.java:867:40:867:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:868:49:868:56 | source(...) : String | Log4jJndiInjectionTest.java:868:40:868:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:869:55:869:77 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:869:55:869:77 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:800:50:800:57 | source(...) : String | Log4jJndiInjectionTest.java:800:41:800:57 | (...)... | provenance | Sink:MaD:2287 | +| Log4jJndiInjectionTest.java:800:50:800:57 | source(...) : String | Log4jJndiInjectionTest.java:800:41:800:57 | (...)... | provenance | Sink:MaD:48261 | +| Log4jJndiInjectionTest.java:801:35:801:42 | source(...) : String | Log4jJndiInjectionTest.java:801:26:801:42 | (...)... | provenance | Sink:MaD:2287 | +| Log4jJndiInjectionTest.java:801:35:801:42 | source(...) : String | Log4jJndiInjectionTest.java:801:26:801:42 | (...)... | provenance | Sink:MaD:48261 | +| Log4jJndiInjectionTest.java:802:65:802:72 | source(...) : String | Log4jJndiInjectionTest.java:802:56:802:72 | (...)... | provenance | Sink:MaD:2288 | +| Log4jJndiInjectionTest.java:802:65:802:72 | source(...) : String | Log4jJndiInjectionTest.java:802:56:802:72 | (...)... | provenance | Sink:MaD:48262 | +| Log4jJndiInjectionTest.java:803:50:803:57 | source(...) : String | Log4jJndiInjectionTest.java:803:41:803:57 | (...)... | provenance | Sink:MaD:2288 | +| Log4jJndiInjectionTest.java:803:50:803:57 | source(...) : String | Log4jJndiInjectionTest.java:803:41:803:57 | (...)... | provenance | Sink:MaD:48262 | +| Log4jJndiInjectionTest.java:804:35:804:42 | source(...) : String | Log4jJndiInjectionTest.java:804:26:804:42 | (...)... | provenance | Sink:MaD:2288 | +| Log4jJndiInjectionTest.java:804:35:804:42 | source(...) : String | Log4jJndiInjectionTest.java:804:26:804:42 | (...)... | provenance | Sink:MaD:48262 | +| Log4jJndiInjectionTest.java:805:80:805:87 | source(...) : String | Log4jJndiInjectionTest.java:805:71:805:87 | (...)... | provenance | Sink:MaD:2289 | +| Log4jJndiInjectionTest.java:805:80:805:87 | source(...) : String | Log4jJndiInjectionTest.java:805:71:805:87 | (...)... | provenance | Sink:MaD:48263 | +| Log4jJndiInjectionTest.java:806:65:806:72 | source(...) : String | Log4jJndiInjectionTest.java:806:56:806:72 | (...)... | provenance | Sink:MaD:2289 | +| Log4jJndiInjectionTest.java:806:65:806:72 | source(...) : String | Log4jJndiInjectionTest.java:806:56:806:72 | (...)... | provenance | Sink:MaD:48263 | +| Log4jJndiInjectionTest.java:807:50:807:57 | source(...) : String | Log4jJndiInjectionTest.java:807:41:807:57 | (...)... | provenance | Sink:MaD:2289 | +| Log4jJndiInjectionTest.java:807:50:807:57 | source(...) : String | Log4jJndiInjectionTest.java:807:41:807:57 | (...)... | provenance | Sink:MaD:48263 | +| Log4jJndiInjectionTest.java:808:35:808:42 | source(...) : String | Log4jJndiInjectionTest.java:808:26:808:42 | (...)... | provenance | Sink:MaD:2289 | +| Log4jJndiInjectionTest.java:808:35:808:42 | source(...) : String | Log4jJndiInjectionTest.java:808:26:808:42 | (...)... | provenance | Sink:MaD:48263 | +| Log4jJndiInjectionTest.java:809:95:809:102 | source(...) : String | Log4jJndiInjectionTest.java:809:86:809:102 | (...)... | provenance | Sink:MaD:2290 | +| Log4jJndiInjectionTest.java:809:95:809:102 | source(...) : String | Log4jJndiInjectionTest.java:809:86:809:102 | (...)... | provenance | Sink:MaD:48264 | +| Log4jJndiInjectionTest.java:810:80:810:87 | source(...) : String | Log4jJndiInjectionTest.java:810:71:810:87 | (...)... | provenance | Sink:MaD:2290 | +| Log4jJndiInjectionTest.java:810:80:810:87 | source(...) : String | Log4jJndiInjectionTest.java:810:71:810:87 | (...)... | provenance | Sink:MaD:48264 | +| Log4jJndiInjectionTest.java:811:65:811:72 | source(...) : String | Log4jJndiInjectionTest.java:811:56:811:72 | (...)... | provenance | Sink:MaD:2290 | +| Log4jJndiInjectionTest.java:811:65:811:72 | source(...) : String | Log4jJndiInjectionTest.java:811:56:811:72 | (...)... | provenance | Sink:MaD:48264 | +| Log4jJndiInjectionTest.java:812:50:812:57 | source(...) : String | Log4jJndiInjectionTest.java:812:41:812:57 | (...)... | provenance | Sink:MaD:2290 | +| Log4jJndiInjectionTest.java:812:50:812:57 | source(...) : String | Log4jJndiInjectionTest.java:812:41:812:57 | (...)... | provenance | Sink:MaD:48264 | +| Log4jJndiInjectionTest.java:813:35:813:42 | source(...) : String | Log4jJndiInjectionTest.java:813:26:813:42 | (...)... | provenance | Sink:MaD:2290 | +| Log4jJndiInjectionTest.java:813:35:813:42 | source(...) : String | Log4jJndiInjectionTest.java:813:26:813:42 | (...)... | provenance | Sink:MaD:48264 | +| Log4jJndiInjectionTest.java:814:110:814:117 | source(...) : String | Log4jJndiInjectionTest.java:814:101:814:117 | (...)... | provenance | Sink:MaD:2291 | +| Log4jJndiInjectionTest.java:814:110:814:117 | source(...) : String | Log4jJndiInjectionTest.java:814:101:814:117 | (...)... | provenance | Sink:MaD:48265 | +| Log4jJndiInjectionTest.java:815:95:815:102 | source(...) : String | Log4jJndiInjectionTest.java:815:86:815:102 | (...)... | provenance | Sink:MaD:2291 | +| Log4jJndiInjectionTest.java:815:95:815:102 | source(...) : String | Log4jJndiInjectionTest.java:815:86:815:102 | (...)... | provenance | Sink:MaD:48265 | +| Log4jJndiInjectionTest.java:816:80:816:87 | source(...) : String | Log4jJndiInjectionTest.java:816:71:816:87 | (...)... | provenance | Sink:MaD:2291 | +| Log4jJndiInjectionTest.java:816:80:816:87 | source(...) : String | Log4jJndiInjectionTest.java:816:71:816:87 | (...)... | provenance | Sink:MaD:48265 | +| Log4jJndiInjectionTest.java:817:65:817:72 | source(...) : String | Log4jJndiInjectionTest.java:817:56:817:72 | (...)... | provenance | Sink:MaD:2291 | +| Log4jJndiInjectionTest.java:817:65:817:72 | source(...) : String | Log4jJndiInjectionTest.java:817:56:817:72 | (...)... | provenance | Sink:MaD:48265 | +| Log4jJndiInjectionTest.java:818:50:818:57 | source(...) : String | Log4jJndiInjectionTest.java:818:41:818:57 | (...)... | provenance | Sink:MaD:2291 | +| Log4jJndiInjectionTest.java:818:50:818:57 | source(...) : String | Log4jJndiInjectionTest.java:818:41:818:57 | (...)... | provenance | Sink:MaD:48265 | +| Log4jJndiInjectionTest.java:819:35:819:42 | source(...) : String | Log4jJndiInjectionTest.java:819:26:819:42 | (...)... | provenance | Sink:MaD:2291 | +| Log4jJndiInjectionTest.java:819:35:819:42 | source(...) : String | Log4jJndiInjectionTest.java:819:26:819:42 | (...)... | provenance | Sink:MaD:48265 | +| Log4jJndiInjectionTest.java:820:125:820:132 | source(...) : String | Log4jJndiInjectionTest.java:820:116:820:132 | (...)... | provenance | Sink:MaD:2292 | +| Log4jJndiInjectionTest.java:820:125:820:132 | source(...) : String | Log4jJndiInjectionTest.java:820:116:820:132 | (...)... | provenance | Sink:MaD:48266 | +| Log4jJndiInjectionTest.java:821:110:821:117 | source(...) : String | Log4jJndiInjectionTest.java:821:101:821:117 | (...)... | provenance | Sink:MaD:2292 | +| Log4jJndiInjectionTest.java:821:110:821:117 | source(...) : String | Log4jJndiInjectionTest.java:821:101:821:117 | (...)... | provenance | Sink:MaD:48266 | +| Log4jJndiInjectionTest.java:822:95:822:102 | source(...) : String | Log4jJndiInjectionTest.java:822:86:822:102 | (...)... | provenance | Sink:MaD:2292 | +| Log4jJndiInjectionTest.java:822:95:822:102 | source(...) : String | Log4jJndiInjectionTest.java:822:86:822:102 | (...)... | provenance | Sink:MaD:48266 | +| Log4jJndiInjectionTest.java:823:80:823:87 | source(...) : String | Log4jJndiInjectionTest.java:823:71:823:87 | (...)... | provenance | Sink:MaD:2292 | +| Log4jJndiInjectionTest.java:823:80:823:87 | source(...) : String | Log4jJndiInjectionTest.java:823:71:823:87 | (...)... | provenance | Sink:MaD:48266 | +| Log4jJndiInjectionTest.java:824:65:824:72 | source(...) : String | Log4jJndiInjectionTest.java:824:56:824:72 | (...)... | provenance | Sink:MaD:2292 | +| Log4jJndiInjectionTest.java:824:65:824:72 | source(...) : String | Log4jJndiInjectionTest.java:824:56:824:72 | (...)... | provenance | Sink:MaD:48266 | +| Log4jJndiInjectionTest.java:825:50:825:57 | source(...) : String | Log4jJndiInjectionTest.java:825:41:825:57 | (...)... | provenance | Sink:MaD:2292 | +| Log4jJndiInjectionTest.java:825:50:825:57 | source(...) : String | Log4jJndiInjectionTest.java:825:41:825:57 | (...)... | provenance | Sink:MaD:48266 | +| Log4jJndiInjectionTest.java:826:35:826:42 | source(...) : String | Log4jJndiInjectionTest.java:826:26:826:42 | (...)... | provenance | Sink:MaD:2292 | +| Log4jJndiInjectionTest.java:826:35:826:42 | source(...) : String | Log4jJndiInjectionTest.java:826:26:826:42 | (...)... | provenance | Sink:MaD:48266 | +| Log4jJndiInjectionTest.java:827:140:827:147 | source(...) : String | Log4jJndiInjectionTest.java:827:131:827:147 | (...)... | provenance | Sink:MaD:2293 | +| Log4jJndiInjectionTest.java:827:140:827:147 | source(...) : String | Log4jJndiInjectionTest.java:827:131:827:147 | (...)... | provenance | Sink:MaD:48267 | +| Log4jJndiInjectionTest.java:828:125:828:132 | source(...) : String | Log4jJndiInjectionTest.java:828:116:828:132 | (...)... | provenance | Sink:MaD:2293 | +| Log4jJndiInjectionTest.java:828:125:828:132 | source(...) : String | Log4jJndiInjectionTest.java:828:116:828:132 | (...)... | provenance | Sink:MaD:48267 | +| Log4jJndiInjectionTest.java:829:110:829:117 | source(...) : String | Log4jJndiInjectionTest.java:829:101:829:117 | (...)... | provenance | Sink:MaD:2293 | +| Log4jJndiInjectionTest.java:829:110:829:117 | source(...) : String | Log4jJndiInjectionTest.java:829:101:829:117 | (...)... | provenance | Sink:MaD:48267 | +| Log4jJndiInjectionTest.java:830:95:830:102 | source(...) : String | Log4jJndiInjectionTest.java:830:86:830:102 | (...)... | provenance | Sink:MaD:2293 | +| Log4jJndiInjectionTest.java:830:95:830:102 | source(...) : String | Log4jJndiInjectionTest.java:830:86:830:102 | (...)... | provenance | Sink:MaD:48267 | +| Log4jJndiInjectionTest.java:831:80:831:87 | source(...) : String | Log4jJndiInjectionTest.java:831:71:831:87 | (...)... | provenance | Sink:MaD:2293 | +| Log4jJndiInjectionTest.java:831:80:831:87 | source(...) : String | Log4jJndiInjectionTest.java:831:71:831:87 | (...)... | provenance | Sink:MaD:48267 | +| Log4jJndiInjectionTest.java:832:65:832:72 | source(...) : String | Log4jJndiInjectionTest.java:832:56:832:72 | (...)... | provenance | Sink:MaD:2293 | +| Log4jJndiInjectionTest.java:832:65:832:72 | source(...) : String | Log4jJndiInjectionTest.java:832:56:832:72 | (...)... | provenance | Sink:MaD:48267 | +| Log4jJndiInjectionTest.java:833:50:833:57 | source(...) : String | Log4jJndiInjectionTest.java:833:41:833:57 | (...)... | provenance | Sink:MaD:2293 | +| Log4jJndiInjectionTest.java:833:50:833:57 | source(...) : String | Log4jJndiInjectionTest.java:833:41:833:57 | (...)... | provenance | Sink:MaD:48267 | +| Log4jJndiInjectionTest.java:834:35:834:42 | source(...) : String | Log4jJndiInjectionTest.java:834:26:834:42 | (...)... | provenance | Sink:MaD:2293 | +| Log4jJndiInjectionTest.java:834:35:834:42 | source(...) : String | Log4jJndiInjectionTest.java:834:26:834:42 | (...)... | provenance | Sink:MaD:48267 | +| Log4jJndiInjectionTest.java:835:155:835:162 | source(...) : String | Log4jJndiInjectionTest.java:835:146:835:162 | (...)... | provenance | Sink:MaD:2294 | +| Log4jJndiInjectionTest.java:835:155:835:162 | source(...) : String | Log4jJndiInjectionTest.java:835:146:835:162 | (...)... | provenance | Sink:MaD:48268 | +| Log4jJndiInjectionTest.java:836:140:836:147 | source(...) : String | Log4jJndiInjectionTest.java:836:131:836:147 | (...)... | provenance | Sink:MaD:2294 | +| Log4jJndiInjectionTest.java:836:140:836:147 | source(...) : String | Log4jJndiInjectionTest.java:836:131:836:147 | (...)... | provenance | Sink:MaD:48268 | +| Log4jJndiInjectionTest.java:837:125:837:132 | source(...) : String | Log4jJndiInjectionTest.java:837:116:837:132 | (...)... | provenance | Sink:MaD:2294 | +| Log4jJndiInjectionTest.java:837:125:837:132 | source(...) : String | Log4jJndiInjectionTest.java:837:116:837:132 | (...)... | provenance | Sink:MaD:48268 | +| Log4jJndiInjectionTest.java:838:110:838:117 | source(...) : String | Log4jJndiInjectionTest.java:838:101:838:117 | (...)... | provenance | Sink:MaD:2294 | +| Log4jJndiInjectionTest.java:838:110:838:117 | source(...) : String | Log4jJndiInjectionTest.java:838:101:838:117 | (...)... | provenance | Sink:MaD:48268 | +| Log4jJndiInjectionTest.java:839:95:839:102 | source(...) : String | Log4jJndiInjectionTest.java:839:86:839:102 | (...)... | provenance | Sink:MaD:2294 | +| Log4jJndiInjectionTest.java:839:95:839:102 | source(...) : String | Log4jJndiInjectionTest.java:839:86:839:102 | (...)... | provenance | Sink:MaD:48268 | +| Log4jJndiInjectionTest.java:840:80:840:87 | source(...) : String | Log4jJndiInjectionTest.java:840:71:840:87 | (...)... | provenance | Sink:MaD:2294 | +| Log4jJndiInjectionTest.java:840:80:840:87 | source(...) : String | Log4jJndiInjectionTest.java:840:71:840:87 | (...)... | provenance | Sink:MaD:48268 | +| Log4jJndiInjectionTest.java:841:65:841:72 | source(...) : String | Log4jJndiInjectionTest.java:841:56:841:72 | (...)... | provenance | Sink:MaD:2294 | +| Log4jJndiInjectionTest.java:841:65:841:72 | source(...) : String | Log4jJndiInjectionTest.java:841:56:841:72 | (...)... | provenance | Sink:MaD:48268 | +| Log4jJndiInjectionTest.java:842:50:842:57 | source(...) : String | Log4jJndiInjectionTest.java:842:41:842:57 | (...)... | provenance | Sink:MaD:2294 | +| Log4jJndiInjectionTest.java:842:50:842:57 | source(...) : String | Log4jJndiInjectionTest.java:842:41:842:57 | (...)... | provenance | Sink:MaD:48268 | +| Log4jJndiInjectionTest.java:843:35:843:42 | source(...) : String | Log4jJndiInjectionTest.java:843:26:843:42 | (...)... | provenance | Sink:MaD:2294 | +| Log4jJndiInjectionTest.java:843:35:843:42 | source(...) : String | Log4jJndiInjectionTest.java:843:26:843:42 | (...)... | provenance | Sink:MaD:48268 | +| Log4jJndiInjectionTest.java:844:170:844:177 | source(...) : String | Log4jJndiInjectionTest.java:844:161:844:177 | (...)... | provenance | Sink:MaD:2295 | +| Log4jJndiInjectionTest.java:844:170:844:177 | source(...) : String | Log4jJndiInjectionTest.java:844:161:844:177 | (...)... | provenance | Sink:MaD:48269 | +| Log4jJndiInjectionTest.java:845:155:845:162 | source(...) : String | Log4jJndiInjectionTest.java:845:146:845:162 | (...)... | provenance | Sink:MaD:2295 | +| Log4jJndiInjectionTest.java:845:155:845:162 | source(...) : String | Log4jJndiInjectionTest.java:845:146:845:162 | (...)... | provenance | Sink:MaD:48269 | +| Log4jJndiInjectionTest.java:846:140:846:147 | source(...) : String | Log4jJndiInjectionTest.java:846:131:846:147 | (...)... | provenance | Sink:MaD:2295 | +| Log4jJndiInjectionTest.java:846:140:846:147 | source(...) : String | Log4jJndiInjectionTest.java:846:131:846:147 | (...)... | provenance | Sink:MaD:48269 | +| Log4jJndiInjectionTest.java:847:125:847:132 | source(...) : String | Log4jJndiInjectionTest.java:847:116:847:132 | (...)... | provenance | Sink:MaD:2295 | +| Log4jJndiInjectionTest.java:847:125:847:132 | source(...) : String | Log4jJndiInjectionTest.java:847:116:847:132 | (...)... | provenance | Sink:MaD:48269 | +| Log4jJndiInjectionTest.java:848:110:848:117 | source(...) : String | Log4jJndiInjectionTest.java:848:101:848:117 | (...)... | provenance | Sink:MaD:2295 | +| Log4jJndiInjectionTest.java:848:110:848:117 | source(...) : String | Log4jJndiInjectionTest.java:848:101:848:117 | (...)... | provenance | Sink:MaD:48269 | +| Log4jJndiInjectionTest.java:849:95:849:102 | source(...) : String | Log4jJndiInjectionTest.java:849:86:849:102 | (...)... | provenance | Sink:MaD:2295 | +| Log4jJndiInjectionTest.java:849:95:849:102 | source(...) : String | Log4jJndiInjectionTest.java:849:86:849:102 | (...)... | provenance | Sink:MaD:48269 | +| Log4jJndiInjectionTest.java:850:80:850:87 | source(...) : String | Log4jJndiInjectionTest.java:850:71:850:87 | (...)... | provenance | Sink:MaD:2295 | +| Log4jJndiInjectionTest.java:850:80:850:87 | source(...) : String | Log4jJndiInjectionTest.java:850:71:850:87 | (...)... | provenance | Sink:MaD:48269 | +| Log4jJndiInjectionTest.java:851:65:851:72 | source(...) : String | Log4jJndiInjectionTest.java:851:56:851:72 | (...)... | provenance | Sink:MaD:2295 | +| Log4jJndiInjectionTest.java:851:65:851:72 | source(...) : String | Log4jJndiInjectionTest.java:851:56:851:72 | (...)... | provenance | Sink:MaD:48269 | +| Log4jJndiInjectionTest.java:852:50:852:57 | source(...) : String | Log4jJndiInjectionTest.java:852:41:852:57 | (...)... | provenance | Sink:MaD:2295 | +| Log4jJndiInjectionTest.java:852:50:852:57 | source(...) : String | Log4jJndiInjectionTest.java:852:41:852:57 | (...)... | provenance | Sink:MaD:48269 | +| Log4jJndiInjectionTest.java:853:35:853:42 | source(...) : String | Log4jJndiInjectionTest.java:853:26:853:42 | (...)... | provenance | Sink:MaD:2295 | +| Log4jJndiInjectionTest.java:853:35:853:42 | source(...) : String | Log4jJndiInjectionTest.java:853:26:853:42 | (...)... | provenance | Sink:MaD:48269 | +| Log4jJndiInjectionTest.java:854:35:854:42 | source(...) : String | Log4jJndiInjectionTest.java:854:26:854:42 | (...)... | provenance | Sink:MaD:2287 | +| Log4jJndiInjectionTest.java:854:35:854:42 | source(...) : String | Log4jJndiInjectionTest.java:854:26:854:42 | (...)... | provenance | Sink:MaD:48261 | +| Log4jJndiInjectionTest.java:855:55:855:62 | source(...) : String | Log4jJndiInjectionTest.java:855:41:855:62 | (...)... | provenance | Sink:MaD:2287 | +| Log4jJndiInjectionTest.java:855:55:855:62 | source(...) : String | Log4jJndiInjectionTest.java:855:41:855:62 | (...)... | provenance | Sink:MaD:48261 | +| Log4jJndiInjectionTest.java:856:35:856:42 | source(...) : String | Log4jJndiInjectionTest.java:856:26:856:42 | (...)... | provenance | Sink:MaD:2299 | +| Log4jJndiInjectionTest.java:856:35:856:42 | source(...) : String | Log4jJndiInjectionTest.java:856:26:856:42 | (...)... | provenance | Sink:MaD:48273 | +| Log4jJndiInjectionTest.java:857:40:857:47 | source(...) : String | Log4jJndiInjectionTest.java:857:26:857:47 | (...)... | provenance | Sink:MaD:2300 | +| Log4jJndiInjectionTest.java:857:40:857:47 | source(...) : String | Log4jJndiInjectionTest.java:857:26:857:47 | (...)... | provenance | Sink:MaD:48274 | +| Log4jJndiInjectionTest.java:858:40:858:47 | source(...) : String | Log4jJndiInjectionTest.java:858:26:858:47 | (...)... | provenance | Sink:MaD:2301 | +| Log4jJndiInjectionTest.java:858:40:858:47 | source(...) : String | Log4jJndiInjectionTest.java:858:26:858:47 | (...)... | provenance | Sink:MaD:48275 | +| Log4jJndiInjectionTest.java:859:40:859:47 | source(...) : String | Log4jJndiInjectionTest.java:859:25:859:47 | (...)... | provenance | Sink:MaD:2302 | +| Log4jJndiInjectionTest.java:859:40:859:47 | source(...) : String | Log4jJndiInjectionTest.java:859:25:859:47 | (...)... | provenance | Sink:MaD:48285 | +| Log4jJndiInjectionTest.java:860:40:860:47 | source(...) : String | Log4jJndiInjectionTest.java:860:25:860:47 | (...)... | provenance | Sink:MaD:2303 | +| Log4jJndiInjectionTest.java:860:40:860:47 | source(...) : String | Log4jJndiInjectionTest.java:860:25:860:47 | (...)... | provenance | Sink:MaD:48286 | +| Log4jJndiInjectionTest.java:861:55:861:62 | source(...) : String | Log4jJndiInjectionTest.java:861:40:861:62 | (...)... | provenance | Sink:MaD:2304 | +| Log4jJndiInjectionTest.java:861:55:861:62 | source(...) : String | Log4jJndiInjectionTest.java:861:40:861:62 | (...)... | provenance | Sink:MaD:48287 | +| Log4jJndiInjectionTest.java:862:55:862:62 | source(...) : String | Log4jJndiInjectionTest.java:862:40:862:62 | (...)... | provenance | Sink:MaD:2305 | +| Log4jJndiInjectionTest.java:862:55:862:62 | source(...) : String | Log4jJndiInjectionTest.java:862:40:862:62 | (...)... | provenance | Sink:MaD:48288 | +| Log4jJndiInjectionTest.java:863:50:863:57 | source(...) : String | Log4jJndiInjectionTest.java:863:40:863:57 | (...)... | provenance | Sink:MaD:2306 | +| Log4jJndiInjectionTest.java:863:50:863:57 | source(...) : String | Log4jJndiInjectionTest.java:863:40:863:57 | (...)... | provenance | Sink:MaD:48289 | +| Log4jJndiInjectionTest.java:864:58:864:65 | source(...) : String | Log4jJndiInjectionTest.java:864:40:864:65 | (...)... | provenance | Sink:MaD:2307 | +| Log4jJndiInjectionTest.java:864:58:864:65 | source(...) : String | Log4jJndiInjectionTest.java:864:40:864:65 | (...)... | provenance | Sink:MaD:48290 | +| Log4jJndiInjectionTest.java:865:58:865:65 | source(...) : String | Log4jJndiInjectionTest.java:865:40:865:65 | (...)... | provenance | Sink:MaD:2308 | +| Log4jJndiInjectionTest.java:865:58:865:65 | source(...) : String | Log4jJndiInjectionTest.java:865:40:865:65 | (...)... | provenance | Sink:MaD:48291 | +| Log4jJndiInjectionTest.java:867:49:867:56 | source(...) : String | Log4jJndiInjectionTest.java:867:40:867:56 | (...)... | provenance | Sink:MaD:2311 | +| Log4jJndiInjectionTest.java:867:49:867:56 | source(...) : String | Log4jJndiInjectionTest.java:867:40:867:56 | (...)... | provenance | Sink:MaD:48294 | +| Log4jJndiInjectionTest.java:868:49:868:56 | source(...) : String | Log4jJndiInjectionTest.java:868:40:868:56 | (...)... | provenance | Sink:MaD:2322 | +| Log4jJndiInjectionTest.java:868:49:868:56 | source(...) : String | Log4jJndiInjectionTest.java:868:40:868:56 | (...)... | provenance | Sink:MaD:48305 | +| Log4jJndiInjectionTest.java:869:55:869:77 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:869:55:869:77 | new Object[] | provenance | Sink:MaD:2322 | +| Log4jJndiInjectionTest.java:869:55:869:77 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:869:55:869:77 | new Object[] | provenance | Sink:MaD:48305 | | Log4jJndiInjectionTest.java:869:69:869:76 | source(...) : String | Log4jJndiInjectionTest.java:869:55:869:77 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:870:64:870:71 | source(...) : String | Log4jJndiInjectionTest.java:870:55:870:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:871:49:871:56 | source(...) : String | Log4jJndiInjectionTest.java:871:40:871:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:872:79:872:86 | source(...) : String | Log4jJndiInjectionTest.java:872:70:872:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:873:64:873:71 | source(...) : String | Log4jJndiInjectionTest.java:873:55:873:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:874:49:874:56 | source(...) : String | Log4jJndiInjectionTest.java:874:40:874:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:875:94:875:101 | source(...) : String | Log4jJndiInjectionTest.java:875:85:875:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:876:79:876:86 | source(...) : String | Log4jJndiInjectionTest.java:876:70:876:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:877:64:877:71 | source(...) : String | Log4jJndiInjectionTest.java:877:55:877:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:878:49:878:56 | source(...) : String | Log4jJndiInjectionTest.java:878:40:878:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:879:109:879:116 | source(...) : String | Log4jJndiInjectionTest.java:879:100:879:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:880:94:880:101 | source(...) : String | Log4jJndiInjectionTest.java:880:85:880:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:881:79:881:86 | source(...) : String | Log4jJndiInjectionTest.java:881:70:881:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:882:64:882:71 | source(...) : String | Log4jJndiInjectionTest.java:882:55:882:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:883:49:883:56 | source(...) : String | Log4jJndiInjectionTest.java:883:40:883:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:884:124:884:131 | source(...) : String | Log4jJndiInjectionTest.java:884:115:884:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:885:109:885:116 | source(...) : String | Log4jJndiInjectionTest.java:885:100:885:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:886:94:886:101 | source(...) : String | Log4jJndiInjectionTest.java:886:85:886:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:887:79:887:86 | source(...) : String | Log4jJndiInjectionTest.java:887:70:887:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:888:64:888:71 | source(...) : String | Log4jJndiInjectionTest.java:888:55:888:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:889:49:889:56 | source(...) : String | Log4jJndiInjectionTest.java:889:40:889:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:890:139:890:146 | source(...) : String | Log4jJndiInjectionTest.java:890:130:890:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:891:124:891:131 | source(...) : String | Log4jJndiInjectionTest.java:891:115:891:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:892:109:892:116 | source(...) : String | Log4jJndiInjectionTest.java:892:100:892:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:893:94:893:101 | source(...) : String | Log4jJndiInjectionTest.java:893:85:893:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:894:79:894:86 | source(...) : String | Log4jJndiInjectionTest.java:894:70:894:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:895:64:895:71 | source(...) : String | Log4jJndiInjectionTest.java:895:55:895:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:896:49:896:56 | source(...) : String | Log4jJndiInjectionTest.java:896:40:896:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:897:154:897:161 | source(...) : String | Log4jJndiInjectionTest.java:897:145:897:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:898:139:898:146 | source(...) : String | Log4jJndiInjectionTest.java:898:130:898:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:899:124:899:131 | source(...) : String | Log4jJndiInjectionTest.java:899:115:899:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:900:109:900:116 | source(...) : String | Log4jJndiInjectionTest.java:900:100:900:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:901:94:901:101 | source(...) : String | Log4jJndiInjectionTest.java:901:85:901:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:902:79:902:86 | source(...) : String | Log4jJndiInjectionTest.java:902:70:902:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:903:64:903:71 | source(...) : String | Log4jJndiInjectionTest.java:903:55:903:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:904:49:904:56 | source(...) : String | Log4jJndiInjectionTest.java:904:40:904:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:905:169:905:176 | source(...) : String | Log4jJndiInjectionTest.java:905:160:905:176 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:906:154:906:161 | source(...) : String | Log4jJndiInjectionTest.java:906:145:906:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:907:139:907:146 | source(...) : String | Log4jJndiInjectionTest.java:907:130:907:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:908:124:908:131 | source(...) : String | Log4jJndiInjectionTest.java:908:115:908:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:909:109:909:116 | source(...) : String | Log4jJndiInjectionTest.java:909:100:909:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:910:94:910:101 | source(...) : String | Log4jJndiInjectionTest.java:910:85:910:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:911:79:911:86 | source(...) : String | Log4jJndiInjectionTest.java:911:70:911:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:912:64:912:71 | source(...) : String | Log4jJndiInjectionTest.java:912:55:912:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:913:49:913:56 | source(...) : String | Log4jJndiInjectionTest.java:913:40:913:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:914:184:914:191 | source(...) : String | Log4jJndiInjectionTest.java:914:175:914:191 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:915:169:915:176 | source(...) : String | Log4jJndiInjectionTest.java:915:160:915:176 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:916:154:916:161 | source(...) : String | Log4jJndiInjectionTest.java:916:145:916:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:917:139:917:146 | source(...) : String | Log4jJndiInjectionTest.java:917:130:917:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:918:124:918:131 | source(...) : String | Log4jJndiInjectionTest.java:918:115:918:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:919:109:919:116 | source(...) : String | Log4jJndiInjectionTest.java:919:100:919:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:920:94:920:101 | source(...) : String | Log4jJndiInjectionTest.java:920:85:920:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:921:79:921:86 | source(...) : String | Log4jJndiInjectionTest.java:921:70:921:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:922:64:922:71 | source(...) : String | Log4jJndiInjectionTest.java:922:55:922:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:923:49:923:56 | source(...) : String | Log4jJndiInjectionTest.java:923:40:923:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:924:49:924:56 | source(...) : String | Log4jJndiInjectionTest.java:924:40:924:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:925:69:925:76 | source(...) : String | Log4jJndiInjectionTest.java:925:55:925:76 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:926:49:926:56 | source(...) : String | Log4jJndiInjectionTest.java:926:40:926:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:927:54:927:61 | source(...) : String | Log4jJndiInjectionTest.java:927:40:927:61 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:928:54:928:61 | source(...) : String | Log4jJndiInjectionTest.java:928:40:928:61 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:929:43:929:50 | source(...) : String | Log4jJndiInjectionTest.java:929:25:929:50 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:930:43:930:50 | source(...) : String | Log4jJndiInjectionTest.java:930:25:930:50 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:931:35:931:42 | source(...) : String | Log4jJndiInjectionTest.java:931:25:931:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:932:35:932:42 | source(...) : String | Log4jJndiInjectionTest.java:932:25:932:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:935:34:935:41 | source(...) : String | Log4jJndiInjectionTest.java:935:25:935:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:936:34:936:41 | source(...) : String | Log4jJndiInjectionTest.java:936:25:936:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:937:40:937:62 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:937:40:937:62 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:870:64:870:71 | source(...) : String | Log4jJndiInjectionTest.java:870:55:870:71 | (...)... | provenance | Sink:MaD:2312 | +| Log4jJndiInjectionTest.java:870:64:870:71 | source(...) : String | Log4jJndiInjectionTest.java:870:55:870:71 | (...)... | provenance | Sink:MaD:48295 | +| Log4jJndiInjectionTest.java:871:49:871:56 | source(...) : String | Log4jJndiInjectionTest.java:871:40:871:56 | (...)... | provenance | Sink:MaD:2312 | +| Log4jJndiInjectionTest.java:871:49:871:56 | source(...) : String | Log4jJndiInjectionTest.java:871:40:871:56 | (...)... | provenance | Sink:MaD:48295 | +| Log4jJndiInjectionTest.java:872:79:872:86 | source(...) : String | Log4jJndiInjectionTest.java:872:70:872:86 | (...)... | provenance | Sink:MaD:2313 | +| Log4jJndiInjectionTest.java:872:79:872:86 | source(...) : String | Log4jJndiInjectionTest.java:872:70:872:86 | (...)... | provenance | Sink:MaD:48296 | +| Log4jJndiInjectionTest.java:873:64:873:71 | source(...) : String | Log4jJndiInjectionTest.java:873:55:873:71 | (...)... | provenance | Sink:MaD:2313 | +| Log4jJndiInjectionTest.java:873:64:873:71 | source(...) : String | Log4jJndiInjectionTest.java:873:55:873:71 | (...)... | provenance | Sink:MaD:48296 | +| Log4jJndiInjectionTest.java:874:49:874:56 | source(...) : String | Log4jJndiInjectionTest.java:874:40:874:56 | (...)... | provenance | Sink:MaD:2313 | +| Log4jJndiInjectionTest.java:874:49:874:56 | source(...) : String | Log4jJndiInjectionTest.java:874:40:874:56 | (...)... | provenance | Sink:MaD:48296 | +| Log4jJndiInjectionTest.java:875:94:875:101 | source(...) : String | Log4jJndiInjectionTest.java:875:85:875:101 | (...)... | provenance | Sink:MaD:2314 | +| Log4jJndiInjectionTest.java:875:94:875:101 | source(...) : String | Log4jJndiInjectionTest.java:875:85:875:101 | (...)... | provenance | Sink:MaD:48297 | +| Log4jJndiInjectionTest.java:876:79:876:86 | source(...) : String | Log4jJndiInjectionTest.java:876:70:876:86 | (...)... | provenance | Sink:MaD:2314 | +| Log4jJndiInjectionTest.java:876:79:876:86 | source(...) : String | Log4jJndiInjectionTest.java:876:70:876:86 | (...)... | provenance | Sink:MaD:48297 | +| Log4jJndiInjectionTest.java:877:64:877:71 | source(...) : String | Log4jJndiInjectionTest.java:877:55:877:71 | (...)... | provenance | Sink:MaD:2314 | +| Log4jJndiInjectionTest.java:877:64:877:71 | source(...) : String | Log4jJndiInjectionTest.java:877:55:877:71 | (...)... | provenance | Sink:MaD:48297 | +| Log4jJndiInjectionTest.java:878:49:878:56 | source(...) : String | Log4jJndiInjectionTest.java:878:40:878:56 | (...)... | provenance | Sink:MaD:2314 | +| Log4jJndiInjectionTest.java:878:49:878:56 | source(...) : String | Log4jJndiInjectionTest.java:878:40:878:56 | (...)... | provenance | Sink:MaD:48297 | +| Log4jJndiInjectionTest.java:879:109:879:116 | source(...) : String | Log4jJndiInjectionTest.java:879:100:879:116 | (...)... | provenance | Sink:MaD:2315 | +| Log4jJndiInjectionTest.java:879:109:879:116 | source(...) : String | Log4jJndiInjectionTest.java:879:100:879:116 | (...)... | provenance | Sink:MaD:48298 | +| Log4jJndiInjectionTest.java:880:94:880:101 | source(...) : String | Log4jJndiInjectionTest.java:880:85:880:101 | (...)... | provenance | Sink:MaD:2315 | +| Log4jJndiInjectionTest.java:880:94:880:101 | source(...) : String | Log4jJndiInjectionTest.java:880:85:880:101 | (...)... | provenance | Sink:MaD:48298 | +| Log4jJndiInjectionTest.java:881:79:881:86 | source(...) : String | Log4jJndiInjectionTest.java:881:70:881:86 | (...)... | provenance | Sink:MaD:2315 | +| Log4jJndiInjectionTest.java:881:79:881:86 | source(...) : String | Log4jJndiInjectionTest.java:881:70:881:86 | (...)... | provenance | Sink:MaD:48298 | +| Log4jJndiInjectionTest.java:882:64:882:71 | source(...) : String | Log4jJndiInjectionTest.java:882:55:882:71 | (...)... | provenance | Sink:MaD:2315 | +| Log4jJndiInjectionTest.java:882:64:882:71 | source(...) : String | Log4jJndiInjectionTest.java:882:55:882:71 | (...)... | provenance | Sink:MaD:48298 | +| Log4jJndiInjectionTest.java:883:49:883:56 | source(...) : String | Log4jJndiInjectionTest.java:883:40:883:56 | (...)... | provenance | Sink:MaD:2315 | +| Log4jJndiInjectionTest.java:883:49:883:56 | source(...) : String | Log4jJndiInjectionTest.java:883:40:883:56 | (...)... | provenance | Sink:MaD:48298 | +| Log4jJndiInjectionTest.java:884:124:884:131 | source(...) : String | Log4jJndiInjectionTest.java:884:115:884:131 | (...)... | provenance | Sink:MaD:2316 | +| Log4jJndiInjectionTest.java:884:124:884:131 | source(...) : String | Log4jJndiInjectionTest.java:884:115:884:131 | (...)... | provenance | Sink:MaD:48299 | +| Log4jJndiInjectionTest.java:885:109:885:116 | source(...) : String | Log4jJndiInjectionTest.java:885:100:885:116 | (...)... | provenance | Sink:MaD:2316 | +| Log4jJndiInjectionTest.java:885:109:885:116 | source(...) : String | Log4jJndiInjectionTest.java:885:100:885:116 | (...)... | provenance | Sink:MaD:48299 | +| Log4jJndiInjectionTest.java:886:94:886:101 | source(...) : String | Log4jJndiInjectionTest.java:886:85:886:101 | (...)... | provenance | Sink:MaD:2316 | +| Log4jJndiInjectionTest.java:886:94:886:101 | source(...) : String | Log4jJndiInjectionTest.java:886:85:886:101 | (...)... | provenance | Sink:MaD:48299 | +| Log4jJndiInjectionTest.java:887:79:887:86 | source(...) : String | Log4jJndiInjectionTest.java:887:70:887:86 | (...)... | provenance | Sink:MaD:2316 | +| Log4jJndiInjectionTest.java:887:79:887:86 | source(...) : String | Log4jJndiInjectionTest.java:887:70:887:86 | (...)... | provenance | Sink:MaD:48299 | +| Log4jJndiInjectionTest.java:888:64:888:71 | source(...) : String | Log4jJndiInjectionTest.java:888:55:888:71 | (...)... | provenance | Sink:MaD:2316 | +| Log4jJndiInjectionTest.java:888:64:888:71 | source(...) : String | Log4jJndiInjectionTest.java:888:55:888:71 | (...)... | provenance | Sink:MaD:48299 | +| Log4jJndiInjectionTest.java:889:49:889:56 | source(...) : String | Log4jJndiInjectionTest.java:889:40:889:56 | (...)... | provenance | Sink:MaD:2316 | +| Log4jJndiInjectionTest.java:889:49:889:56 | source(...) : String | Log4jJndiInjectionTest.java:889:40:889:56 | (...)... | provenance | Sink:MaD:48299 | +| Log4jJndiInjectionTest.java:890:139:890:146 | source(...) : String | Log4jJndiInjectionTest.java:890:130:890:146 | (...)... | provenance | Sink:MaD:2317 | +| Log4jJndiInjectionTest.java:890:139:890:146 | source(...) : String | Log4jJndiInjectionTest.java:890:130:890:146 | (...)... | provenance | Sink:MaD:48300 | +| Log4jJndiInjectionTest.java:891:124:891:131 | source(...) : String | Log4jJndiInjectionTest.java:891:115:891:131 | (...)... | provenance | Sink:MaD:2317 | +| Log4jJndiInjectionTest.java:891:124:891:131 | source(...) : String | Log4jJndiInjectionTest.java:891:115:891:131 | (...)... | provenance | Sink:MaD:48300 | +| Log4jJndiInjectionTest.java:892:109:892:116 | source(...) : String | Log4jJndiInjectionTest.java:892:100:892:116 | (...)... | provenance | Sink:MaD:2317 | +| Log4jJndiInjectionTest.java:892:109:892:116 | source(...) : String | Log4jJndiInjectionTest.java:892:100:892:116 | (...)... | provenance | Sink:MaD:48300 | +| Log4jJndiInjectionTest.java:893:94:893:101 | source(...) : String | Log4jJndiInjectionTest.java:893:85:893:101 | (...)... | provenance | Sink:MaD:2317 | +| Log4jJndiInjectionTest.java:893:94:893:101 | source(...) : String | Log4jJndiInjectionTest.java:893:85:893:101 | (...)... | provenance | Sink:MaD:48300 | +| Log4jJndiInjectionTest.java:894:79:894:86 | source(...) : String | Log4jJndiInjectionTest.java:894:70:894:86 | (...)... | provenance | Sink:MaD:2317 | +| Log4jJndiInjectionTest.java:894:79:894:86 | source(...) : String | Log4jJndiInjectionTest.java:894:70:894:86 | (...)... | provenance | Sink:MaD:48300 | +| Log4jJndiInjectionTest.java:895:64:895:71 | source(...) : String | Log4jJndiInjectionTest.java:895:55:895:71 | (...)... | provenance | Sink:MaD:2317 | +| Log4jJndiInjectionTest.java:895:64:895:71 | source(...) : String | Log4jJndiInjectionTest.java:895:55:895:71 | (...)... | provenance | Sink:MaD:48300 | +| Log4jJndiInjectionTest.java:896:49:896:56 | source(...) : String | Log4jJndiInjectionTest.java:896:40:896:56 | (...)... | provenance | Sink:MaD:2317 | +| Log4jJndiInjectionTest.java:896:49:896:56 | source(...) : String | Log4jJndiInjectionTest.java:896:40:896:56 | (...)... | provenance | Sink:MaD:48300 | +| Log4jJndiInjectionTest.java:897:154:897:161 | source(...) : String | Log4jJndiInjectionTest.java:897:145:897:161 | (...)... | provenance | Sink:MaD:2318 | +| Log4jJndiInjectionTest.java:897:154:897:161 | source(...) : String | Log4jJndiInjectionTest.java:897:145:897:161 | (...)... | provenance | Sink:MaD:48301 | +| Log4jJndiInjectionTest.java:898:139:898:146 | source(...) : String | Log4jJndiInjectionTest.java:898:130:898:146 | (...)... | provenance | Sink:MaD:2318 | +| Log4jJndiInjectionTest.java:898:139:898:146 | source(...) : String | Log4jJndiInjectionTest.java:898:130:898:146 | (...)... | provenance | Sink:MaD:48301 | +| Log4jJndiInjectionTest.java:899:124:899:131 | source(...) : String | Log4jJndiInjectionTest.java:899:115:899:131 | (...)... | provenance | Sink:MaD:2318 | +| Log4jJndiInjectionTest.java:899:124:899:131 | source(...) : String | Log4jJndiInjectionTest.java:899:115:899:131 | (...)... | provenance | Sink:MaD:48301 | +| Log4jJndiInjectionTest.java:900:109:900:116 | source(...) : String | Log4jJndiInjectionTest.java:900:100:900:116 | (...)... | provenance | Sink:MaD:2318 | +| Log4jJndiInjectionTest.java:900:109:900:116 | source(...) : String | Log4jJndiInjectionTest.java:900:100:900:116 | (...)... | provenance | Sink:MaD:48301 | +| Log4jJndiInjectionTest.java:901:94:901:101 | source(...) : String | Log4jJndiInjectionTest.java:901:85:901:101 | (...)... | provenance | Sink:MaD:2318 | +| Log4jJndiInjectionTest.java:901:94:901:101 | source(...) : String | Log4jJndiInjectionTest.java:901:85:901:101 | (...)... | provenance | Sink:MaD:48301 | +| Log4jJndiInjectionTest.java:902:79:902:86 | source(...) : String | Log4jJndiInjectionTest.java:902:70:902:86 | (...)... | provenance | Sink:MaD:2318 | +| Log4jJndiInjectionTest.java:902:79:902:86 | source(...) : String | Log4jJndiInjectionTest.java:902:70:902:86 | (...)... | provenance | Sink:MaD:48301 | +| Log4jJndiInjectionTest.java:903:64:903:71 | source(...) : String | Log4jJndiInjectionTest.java:903:55:903:71 | (...)... | provenance | Sink:MaD:2318 | +| Log4jJndiInjectionTest.java:903:64:903:71 | source(...) : String | Log4jJndiInjectionTest.java:903:55:903:71 | (...)... | provenance | Sink:MaD:48301 | +| Log4jJndiInjectionTest.java:904:49:904:56 | source(...) : String | Log4jJndiInjectionTest.java:904:40:904:56 | (...)... | provenance | Sink:MaD:2318 | +| Log4jJndiInjectionTest.java:904:49:904:56 | source(...) : String | Log4jJndiInjectionTest.java:904:40:904:56 | (...)... | provenance | Sink:MaD:48301 | +| Log4jJndiInjectionTest.java:905:169:905:176 | source(...) : String | Log4jJndiInjectionTest.java:905:160:905:176 | (...)... | provenance | Sink:MaD:2319 | +| Log4jJndiInjectionTest.java:905:169:905:176 | source(...) : String | Log4jJndiInjectionTest.java:905:160:905:176 | (...)... | provenance | Sink:MaD:48302 | +| Log4jJndiInjectionTest.java:906:154:906:161 | source(...) : String | Log4jJndiInjectionTest.java:906:145:906:161 | (...)... | provenance | Sink:MaD:2319 | +| Log4jJndiInjectionTest.java:906:154:906:161 | source(...) : String | Log4jJndiInjectionTest.java:906:145:906:161 | (...)... | provenance | Sink:MaD:48302 | +| Log4jJndiInjectionTest.java:907:139:907:146 | source(...) : String | Log4jJndiInjectionTest.java:907:130:907:146 | (...)... | provenance | Sink:MaD:2319 | +| Log4jJndiInjectionTest.java:907:139:907:146 | source(...) : String | Log4jJndiInjectionTest.java:907:130:907:146 | (...)... | provenance | Sink:MaD:48302 | +| Log4jJndiInjectionTest.java:908:124:908:131 | source(...) : String | Log4jJndiInjectionTest.java:908:115:908:131 | (...)... | provenance | Sink:MaD:2319 | +| Log4jJndiInjectionTest.java:908:124:908:131 | source(...) : String | Log4jJndiInjectionTest.java:908:115:908:131 | (...)... | provenance | Sink:MaD:48302 | +| Log4jJndiInjectionTest.java:909:109:909:116 | source(...) : String | Log4jJndiInjectionTest.java:909:100:909:116 | (...)... | provenance | Sink:MaD:2319 | +| Log4jJndiInjectionTest.java:909:109:909:116 | source(...) : String | Log4jJndiInjectionTest.java:909:100:909:116 | (...)... | provenance | Sink:MaD:48302 | +| Log4jJndiInjectionTest.java:910:94:910:101 | source(...) : String | Log4jJndiInjectionTest.java:910:85:910:101 | (...)... | provenance | Sink:MaD:2319 | +| Log4jJndiInjectionTest.java:910:94:910:101 | source(...) : String | Log4jJndiInjectionTest.java:910:85:910:101 | (...)... | provenance | Sink:MaD:48302 | +| Log4jJndiInjectionTest.java:911:79:911:86 | source(...) : String | Log4jJndiInjectionTest.java:911:70:911:86 | (...)... | provenance | Sink:MaD:2319 | +| Log4jJndiInjectionTest.java:911:79:911:86 | source(...) : String | Log4jJndiInjectionTest.java:911:70:911:86 | (...)... | provenance | Sink:MaD:48302 | +| Log4jJndiInjectionTest.java:912:64:912:71 | source(...) : String | Log4jJndiInjectionTest.java:912:55:912:71 | (...)... | provenance | Sink:MaD:2319 | +| Log4jJndiInjectionTest.java:912:64:912:71 | source(...) : String | Log4jJndiInjectionTest.java:912:55:912:71 | (...)... | provenance | Sink:MaD:48302 | +| Log4jJndiInjectionTest.java:913:49:913:56 | source(...) : String | Log4jJndiInjectionTest.java:913:40:913:56 | (...)... | provenance | Sink:MaD:2319 | +| Log4jJndiInjectionTest.java:913:49:913:56 | source(...) : String | Log4jJndiInjectionTest.java:913:40:913:56 | (...)... | provenance | Sink:MaD:48302 | +| Log4jJndiInjectionTest.java:914:184:914:191 | source(...) : String | Log4jJndiInjectionTest.java:914:175:914:191 | (...)... | provenance | Sink:MaD:2320 | +| Log4jJndiInjectionTest.java:914:184:914:191 | source(...) : String | Log4jJndiInjectionTest.java:914:175:914:191 | (...)... | provenance | Sink:MaD:48303 | +| Log4jJndiInjectionTest.java:915:169:915:176 | source(...) : String | Log4jJndiInjectionTest.java:915:160:915:176 | (...)... | provenance | Sink:MaD:2320 | +| Log4jJndiInjectionTest.java:915:169:915:176 | source(...) : String | Log4jJndiInjectionTest.java:915:160:915:176 | (...)... | provenance | Sink:MaD:48303 | +| Log4jJndiInjectionTest.java:916:154:916:161 | source(...) : String | Log4jJndiInjectionTest.java:916:145:916:161 | (...)... | provenance | Sink:MaD:2320 | +| Log4jJndiInjectionTest.java:916:154:916:161 | source(...) : String | Log4jJndiInjectionTest.java:916:145:916:161 | (...)... | provenance | Sink:MaD:48303 | +| Log4jJndiInjectionTest.java:917:139:917:146 | source(...) : String | Log4jJndiInjectionTest.java:917:130:917:146 | (...)... | provenance | Sink:MaD:2320 | +| Log4jJndiInjectionTest.java:917:139:917:146 | source(...) : String | Log4jJndiInjectionTest.java:917:130:917:146 | (...)... | provenance | Sink:MaD:48303 | +| Log4jJndiInjectionTest.java:918:124:918:131 | source(...) : String | Log4jJndiInjectionTest.java:918:115:918:131 | (...)... | provenance | Sink:MaD:2320 | +| Log4jJndiInjectionTest.java:918:124:918:131 | source(...) : String | Log4jJndiInjectionTest.java:918:115:918:131 | (...)... | provenance | Sink:MaD:48303 | +| Log4jJndiInjectionTest.java:919:109:919:116 | source(...) : String | Log4jJndiInjectionTest.java:919:100:919:116 | (...)... | provenance | Sink:MaD:2320 | +| Log4jJndiInjectionTest.java:919:109:919:116 | source(...) : String | Log4jJndiInjectionTest.java:919:100:919:116 | (...)... | provenance | Sink:MaD:48303 | +| Log4jJndiInjectionTest.java:920:94:920:101 | source(...) : String | Log4jJndiInjectionTest.java:920:85:920:101 | (...)... | provenance | Sink:MaD:2320 | +| Log4jJndiInjectionTest.java:920:94:920:101 | source(...) : String | Log4jJndiInjectionTest.java:920:85:920:101 | (...)... | provenance | Sink:MaD:48303 | +| Log4jJndiInjectionTest.java:921:79:921:86 | source(...) : String | Log4jJndiInjectionTest.java:921:70:921:86 | (...)... | provenance | Sink:MaD:2320 | +| Log4jJndiInjectionTest.java:921:79:921:86 | source(...) : String | Log4jJndiInjectionTest.java:921:70:921:86 | (...)... | provenance | Sink:MaD:48303 | +| Log4jJndiInjectionTest.java:922:64:922:71 | source(...) : String | Log4jJndiInjectionTest.java:922:55:922:71 | (...)... | provenance | Sink:MaD:2320 | +| Log4jJndiInjectionTest.java:922:64:922:71 | source(...) : String | Log4jJndiInjectionTest.java:922:55:922:71 | (...)... | provenance | Sink:MaD:48303 | +| Log4jJndiInjectionTest.java:923:49:923:56 | source(...) : String | Log4jJndiInjectionTest.java:923:40:923:56 | (...)... | provenance | Sink:MaD:2320 | +| Log4jJndiInjectionTest.java:923:49:923:56 | source(...) : String | Log4jJndiInjectionTest.java:923:40:923:56 | (...)... | provenance | Sink:MaD:48303 | +| Log4jJndiInjectionTest.java:924:49:924:56 | source(...) : String | Log4jJndiInjectionTest.java:924:40:924:56 | (...)... | provenance | Sink:MaD:2312 | +| Log4jJndiInjectionTest.java:924:49:924:56 | source(...) : String | Log4jJndiInjectionTest.java:924:40:924:56 | (...)... | provenance | Sink:MaD:48295 | +| Log4jJndiInjectionTest.java:925:69:925:76 | source(...) : String | Log4jJndiInjectionTest.java:925:55:925:76 | (...)... | provenance | Sink:MaD:2312 | +| Log4jJndiInjectionTest.java:925:69:925:76 | source(...) : String | Log4jJndiInjectionTest.java:925:55:925:76 | (...)... | provenance | Sink:MaD:48295 | +| Log4jJndiInjectionTest.java:926:49:926:56 | source(...) : String | Log4jJndiInjectionTest.java:926:40:926:56 | (...)... | provenance | Sink:MaD:2324 | +| Log4jJndiInjectionTest.java:926:49:926:56 | source(...) : String | Log4jJndiInjectionTest.java:926:40:926:56 | (...)... | provenance | Sink:MaD:48307 | +| Log4jJndiInjectionTest.java:927:54:927:61 | source(...) : String | Log4jJndiInjectionTest.java:927:40:927:61 | (...)... | provenance | Sink:MaD:2325 | +| Log4jJndiInjectionTest.java:927:54:927:61 | source(...) : String | Log4jJndiInjectionTest.java:927:40:927:61 | (...)... | provenance | Sink:MaD:48308 | +| Log4jJndiInjectionTest.java:928:54:928:61 | source(...) : String | Log4jJndiInjectionTest.java:928:40:928:61 | (...)... | provenance | Sink:MaD:2326 | +| Log4jJndiInjectionTest.java:928:54:928:61 | source(...) : String | Log4jJndiInjectionTest.java:928:40:928:61 | (...)... | provenance | Sink:MaD:48309 | +| Log4jJndiInjectionTest.java:929:43:929:50 | source(...) : String | Log4jJndiInjectionTest.java:929:25:929:50 | (...)... | provenance | Sink:MaD:2329 | +| Log4jJndiInjectionTest.java:929:43:929:50 | source(...) : String | Log4jJndiInjectionTest.java:929:25:929:50 | (...)... | provenance | Sink:MaD:48312 | +| Log4jJndiInjectionTest.java:930:43:930:50 | source(...) : String | Log4jJndiInjectionTest.java:930:25:930:50 | (...)... | provenance | Sink:MaD:2330 | +| Log4jJndiInjectionTest.java:930:43:930:50 | source(...) : String | Log4jJndiInjectionTest.java:930:25:930:50 | (...)... | provenance | Sink:MaD:48313 | +| Log4jJndiInjectionTest.java:931:35:931:42 | source(...) : String | Log4jJndiInjectionTest.java:931:25:931:42 | (...)... | provenance | Sink:MaD:2327 | +| Log4jJndiInjectionTest.java:931:35:931:42 | source(...) : String | Log4jJndiInjectionTest.java:931:25:931:42 | (...)... | provenance | Sink:MaD:48310 | +| Log4jJndiInjectionTest.java:932:35:932:42 | source(...) : String | Log4jJndiInjectionTest.java:932:25:932:42 | (...)... | provenance | Sink:MaD:2328 | +| Log4jJndiInjectionTest.java:932:35:932:42 | source(...) : String | Log4jJndiInjectionTest.java:932:25:932:42 | (...)... | provenance | Sink:MaD:48311 | +| Log4jJndiInjectionTest.java:935:34:935:41 | source(...) : String | Log4jJndiInjectionTest.java:935:25:935:41 | (...)... | provenance | Sink:MaD:2333 | +| Log4jJndiInjectionTest.java:935:34:935:41 | source(...) : String | Log4jJndiInjectionTest.java:935:25:935:41 | (...)... | provenance | Sink:MaD:48316 | +| Log4jJndiInjectionTest.java:936:34:936:41 | source(...) : String | Log4jJndiInjectionTest.java:936:25:936:41 | (...)... | provenance | Sink:MaD:2344 | +| Log4jJndiInjectionTest.java:936:34:936:41 | source(...) : String | Log4jJndiInjectionTest.java:936:25:936:41 | (...)... | provenance | Sink:MaD:48327 | +| Log4jJndiInjectionTest.java:937:40:937:62 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:937:40:937:62 | new Object[] | provenance | Sink:MaD:2344 | +| Log4jJndiInjectionTest.java:937:40:937:62 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:937:40:937:62 | new Object[] | provenance | Sink:MaD:48327 | | Log4jJndiInjectionTest.java:937:54:937:61 | source(...) : String | Log4jJndiInjectionTest.java:937:40:937:62 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:938:49:938:56 | source(...) : String | Log4jJndiInjectionTest.java:938:40:938:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:939:34:939:41 | source(...) : String | Log4jJndiInjectionTest.java:939:25:939:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:940:64:940:71 | source(...) : String | Log4jJndiInjectionTest.java:940:55:940:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:941:49:941:56 | source(...) : String | Log4jJndiInjectionTest.java:941:40:941:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:942:34:942:41 | source(...) : String | Log4jJndiInjectionTest.java:942:25:942:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:943:79:943:86 | source(...) : String | Log4jJndiInjectionTest.java:943:70:943:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:944:64:944:71 | source(...) : String | Log4jJndiInjectionTest.java:944:55:944:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:945:49:945:56 | source(...) : String | Log4jJndiInjectionTest.java:945:40:945:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:946:34:946:41 | source(...) : String | Log4jJndiInjectionTest.java:946:25:946:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:947:94:947:101 | source(...) : String | Log4jJndiInjectionTest.java:947:85:947:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:948:79:948:86 | source(...) : String | Log4jJndiInjectionTest.java:948:70:948:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:949:64:949:71 | source(...) : String | Log4jJndiInjectionTest.java:949:55:949:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:950:49:950:56 | source(...) : String | Log4jJndiInjectionTest.java:950:40:950:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:951:34:951:41 | source(...) : String | Log4jJndiInjectionTest.java:951:25:951:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:952:109:952:116 | source(...) : String | Log4jJndiInjectionTest.java:952:100:952:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:953:94:953:101 | source(...) : String | Log4jJndiInjectionTest.java:953:85:953:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:954:79:954:86 | source(...) : String | Log4jJndiInjectionTest.java:954:70:954:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:955:64:955:71 | source(...) : String | Log4jJndiInjectionTest.java:955:55:955:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:956:49:956:56 | source(...) : String | Log4jJndiInjectionTest.java:956:40:956:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:957:34:957:41 | source(...) : String | Log4jJndiInjectionTest.java:957:25:957:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:958:124:958:131 | source(...) : String | Log4jJndiInjectionTest.java:958:115:958:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:959:109:959:116 | source(...) : String | Log4jJndiInjectionTest.java:959:100:959:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:960:94:960:101 | source(...) : String | Log4jJndiInjectionTest.java:960:85:960:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:961:79:961:86 | source(...) : String | Log4jJndiInjectionTest.java:961:70:961:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:962:64:962:71 | source(...) : String | Log4jJndiInjectionTest.java:962:55:962:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:963:49:963:56 | source(...) : String | Log4jJndiInjectionTest.java:963:40:963:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:964:34:964:41 | source(...) : String | Log4jJndiInjectionTest.java:964:25:964:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:965:139:965:146 | source(...) : String | Log4jJndiInjectionTest.java:965:130:965:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:966:124:966:131 | source(...) : String | Log4jJndiInjectionTest.java:966:115:966:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:967:109:967:116 | source(...) : String | Log4jJndiInjectionTest.java:967:100:967:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:968:94:968:101 | source(...) : String | Log4jJndiInjectionTest.java:968:85:968:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:969:79:969:86 | source(...) : String | Log4jJndiInjectionTest.java:969:70:969:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:970:64:970:71 | source(...) : String | Log4jJndiInjectionTest.java:970:55:970:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:971:49:971:56 | source(...) : String | Log4jJndiInjectionTest.java:971:40:971:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:972:34:972:41 | source(...) : String | Log4jJndiInjectionTest.java:972:25:972:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:973:154:973:161 | source(...) : String | Log4jJndiInjectionTest.java:973:145:973:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:974:139:974:146 | source(...) : String | Log4jJndiInjectionTest.java:974:130:974:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:975:124:975:131 | source(...) : String | Log4jJndiInjectionTest.java:975:115:975:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:976:109:976:116 | source(...) : String | Log4jJndiInjectionTest.java:976:100:976:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:977:94:977:101 | source(...) : String | Log4jJndiInjectionTest.java:977:85:977:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:978:79:978:86 | source(...) : String | Log4jJndiInjectionTest.java:978:70:978:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:979:64:979:71 | source(...) : String | Log4jJndiInjectionTest.java:979:55:979:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:980:49:980:56 | source(...) : String | Log4jJndiInjectionTest.java:980:40:980:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:981:34:981:41 | source(...) : String | Log4jJndiInjectionTest.java:981:25:981:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:982:169:982:176 | source(...) : String | Log4jJndiInjectionTest.java:982:160:982:176 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:983:154:983:161 | source(...) : String | Log4jJndiInjectionTest.java:983:145:983:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:984:139:984:146 | source(...) : String | Log4jJndiInjectionTest.java:984:130:984:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:985:124:985:131 | source(...) : String | Log4jJndiInjectionTest.java:985:115:985:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:986:109:986:116 | source(...) : String | Log4jJndiInjectionTest.java:986:100:986:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:987:94:987:101 | source(...) : String | Log4jJndiInjectionTest.java:987:85:987:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:988:79:988:86 | source(...) : String | Log4jJndiInjectionTest.java:988:70:988:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:989:64:989:71 | source(...) : String | Log4jJndiInjectionTest.java:989:55:989:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:990:49:990:56 | source(...) : String | Log4jJndiInjectionTest.java:990:40:990:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:991:34:991:41 | source(...) : String | Log4jJndiInjectionTest.java:991:25:991:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:992:34:992:41 | source(...) : String | Log4jJndiInjectionTest.java:992:25:992:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:993:54:993:61 | source(...) : String | Log4jJndiInjectionTest.java:993:40:993:61 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:994:34:994:41 | source(...) : String | Log4jJndiInjectionTest.java:994:25:994:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:995:39:995:46 | source(...) : String | Log4jJndiInjectionTest.java:995:25:995:46 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:996:39:996:46 | source(...) : String | Log4jJndiInjectionTest.java:996:25:996:46 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:998:65:998:72 | source(...) : String | Log4jJndiInjectionTest.java:998:55:998:72 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:999:48:999:55 | source(...) : String | Log4jJndiInjectionTest.java:999:39:999:55 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1000:45:1000:67 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:1000:45:1000:67 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:938:49:938:56 | source(...) : String | Log4jJndiInjectionTest.java:938:40:938:56 | (...)... | provenance | Sink:MaD:2334 | +| Log4jJndiInjectionTest.java:938:49:938:56 | source(...) : String | Log4jJndiInjectionTest.java:938:40:938:56 | (...)... | provenance | Sink:MaD:48317 | +| Log4jJndiInjectionTest.java:939:34:939:41 | source(...) : String | Log4jJndiInjectionTest.java:939:25:939:41 | (...)... | provenance | Sink:MaD:2334 | +| Log4jJndiInjectionTest.java:939:34:939:41 | source(...) : String | Log4jJndiInjectionTest.java:939:25:939:41 | (...)... | provenance | Sink:MaD:48317 | +| Log4jJndiInjectionTest.java:940:64:940:71 | source(...) : String | Log4jJndiInjectionTest.java:940:55:940:71 | (...)... | provenance | Sink:MaD:2335 | +| Log4jJndiInjectionTest.java:940:64:940:71 | source(...) : String | Log4jJndiInjectionTest.java:940:55:940:71 | (...)... | provenance | Sink:MaD:48318 | +| Log4jJndiInjectionTest.java:941:49:941:56 | source(...) : String | Log4jJndiInjectionTest.java:941:40:941:56 | (...)... | provenance | Sink:MaD:2335 | +| Log4jJndiInjectionTest.java:941:49:941:56 | source(...) : String | Log4jJndiInjectionTest.java:941:40:941:56 | (...)... | provenance | Sink:MaD:48318 | +| Log4jJndiInjectionTest.java:942:34:942:41 | source(...) : String | Log4jJndiInjectionTest.java:942:25:942:41 | (...)... | provenance | Sink:MaD:2335 | +| Log4jJndiInjectionTest.java:942:34:942:41 | source(...) : String | Log4jJndiInjectionTest.java:942:25:942:41 | (...)... | provenance | Sink:MaD:48318 | +| Log4jJndiInjectionTest.java:943:79:943:86 | source(...) : String | Log4jJndiInjectionTest.java:943:70:943:86 | (...)... | provenance | Sink:MaD:2336 | +| Log4jJndiInjectionTest.java:943:79:943:86 | source(...) : String | Log4jJndiInjectionTest.java:943:70:943:86 | (...)... | provenance | Sink:MaD:48319 | +| Log4jJndiInjectionTest.java:944:64:944:71 | source(...) : String | Log4jJndiInjectionTest.java:944:55:944:71 | (...)... | provenance | Sink:MaD:2336 | +| Log4jJndiInjectionTest.java:944:64:944:71 | source(...) : String | Log4jJndiInjectionTest.java:944:55:944:71 | (...)... | provenance | Sink:MaD:48319 | +| Log4jJndiInjectionTest.java:945:49:945:56 | source(...) : String | Log4jJndiInjectionTest.java:945:40:945:56 | (...)... | provenance | Sink:MaD:2336 | +| Log4jJndiInjectionTest.java:945:49:945:56 | source(...) : String | Log4jJndiInjectionTest.java:945:40:945:56 | (...)... | provenance | Sink:MaD:48319 | +| Log4jJndiInjectionTest.java:946:34:946:41 | source(...) : String | Log4jJndiInjectionTest.java:946:25:946:41 | (...)... | provenance | Sink:MaD:2336 | +| Log4jJndiInjectionTest.java:946:34:946:41 | source(...) : String | Log4jJndiInjectionTest.java:946:25:946:41 | (...)... | provenance | Sink:MaD:48319 | +| Log4jJndiInjectionTest.java:947:94:947:101 | source(...) : String | Log4jJndiInjectionTest.java:947:85:947:101 | (...)... | provenance | Sink:MaD:2337 | +| Log4jJndiInjectionTest.java:947:94:947:101 | source(...) : String | Log4jJndiInjectionTest.java:947:85:947:101 | (...)... | provenance | Sink:MaD:48320 | +| Log4jJndiInjectionTest.java:948:79:948:86 | source(...) : String | Log4jJndiInjectionTest.java:948:70:948:86 | (...)... | provenance | Sink:MaD:2337 | +| Log4jJndiInjectionTest.java:948:79:948:86 | source(...) : String | Log4jJndiInjectionTest.java:948:70:948:86 | (...)... | provenance | Sink:MaD:48320 | +| Log4jJndiInjectionTest.java:949:64:949:71 | source(...) : String | Log4jJndiInjectionTest.java:949:55:949:71 | (...)... | provenance | Sink:MaD:2337 | +| Log4jJndiInjectionTest.java:949:64:949:71 | source(...) : String | Log4jJndiInjectionTest.java:949:55:949:71 | (...)... | provenance | Sink:MaD:48320 | +| Log4jJndiInjectionTest.java:950:49:950:56 | source(...) : String | Log4jJndiInjectionTest.java:950:40:950:56 | (...)... | provenance | Sink:MaD:2337 | +| Log4jJndiInjectionTest.java:950:49:950:56 | source(...) : String | Log4jJndiInjectionTest.java:950:40:950:56 | (...)... | provenance | Sink:MaD:48320 | +| Log4jJndiInjectionTest.java:951:34:951:41 | source(...) : String | Log4jJndiInjectionTest.java:951:25:951:41 | (...)... | provenance | Sink:MaD:2337 | +| Log4jJndiInjectionTest.java:951:34:951:41 | source(...) : String | Log4jJndiInjectionTest.java:951:25:951:41 | (...)... | provenance | Sink:MaD:48320 | +| Log4jJndiInjectionTest.java:952:109:952:116 | source(...) : String | Log4jJndiInjectionTest.java:952:100:952:116 | (...)... | provenance | Sink:MaD:2338 | +| Log4jJndiInjectionTest.java:952:109:952:116 | source(...) : String | Log4jJndiInjectionTest.java:952:100:952:116 | (...)... | provenance | Sink:MaD:48321 | +| Log4jJndiInjectionTest.java:953:94:953:101 | source(...) : String | Log4jJndiInjectionTest.java:953:85:953:101 | (...)... | provenance | Sink:MaD:2338 | +| Log4jJndiInjectionTest.java:953:94:953:101 | source(...) : String | Log4jJndiInjectionTest.java:953:85:953:101 | (...)... | provenance | Sink:MaD:48321 | +| Log4jJndiInjectionTest.java:954:79:954:86 | source(...) : String | Log4jJndiInjectionTest.java:954:70:954:86 | (...)... | provenance | Sink:MaD:2338 | +| Log4jJndiInjectionTest.java:954:79:954:86 | source(...) : String | Log4jJndiInjectionTest.java:954:70:954:86 | (...)... | provenance | Sink:MaD:48321 | +| Log4jJndiInjectionTest.java:955:64:955:71 | source(...) : String | Log4jJndiInjectionTest.java:955:55:955:71 | (...)... | provenance | Sink:MaD:2338 | +| Log4jJndiInjectionTest.java:955:64:955:71 | source(...) : String | Log4jJndiInjectionTest.java:955:55:955:71 | (...)... | provenance | Sink:MaD:48321 | +| Log4jJndiInjectionTest.java:956:49:956:56 | source(...) : String | Log4jJndiInjectionTest.java:956:40:956:56 | (...)... | provenance | Sink:MaD:2338 | +| Log4jJndiInjectionTest.java:956:49:956:56 | source(...) : String | Log4jJndiInjectionTest.java:956:40:956:56 | (...)... | provenance | Sink:MaD:48321 | +| Log4jJndiInjectionTest.java:957:34:957:41 | source(...) : String | Log4jJndiInjectionTest.java:957:25:957:41 | (...)... | provenance | Sink:MaD:2338 | +| Log4jJndiInjectionTest.java:957:34:957:41 | source(...) : String | Log4jJndiInjectionTest.java:957:25:957:41 | (...)... | provenance | Sink:MaD:48321 | +| Log4jJndiInjectionTest.java:958:124:958:131 | source(...) : String | Log4jJndiInjectionTest.java:958:115:958:131 | (...)... | provenance | Sink:MaD:2339 | +| Log4jJndiInjectionTest.java:958:124:958:131 | source(...) : String | Log4jJndiInjectionTest.java:958:115:958:131 | (...)... | provenance | Sink:MaD:48322 | +| Log4jJndiInjectionTest.java:959:109:959:116 | source(...) : String | Log4jJndiInjectionTest.java:959:100:959:116 | (...)... | provenance | Sink:MaD:2339 | +| Log4jJndiInjectionTest.java:959:109:959:116 | source(...) : String | Log4jJndiInjectionTest.java:959:100:959:116 | (...)... | provenance | Sink:MaD:48322 | +| Log4jJndiInjectionTest.java:960:94:960:101 | source(...) : String | Log4jJndiInjectionTest.java:960:85:960:101 | (...)... | provenance | Sink:MaD:2339 | +| Log4jJndiInjectionTest.java:960:94:960:101 | source(...) : String | Log4jJndiInjectionTest.java:960:85:960:101 | (...)... | provenance | Sink:MaD:48322 | +| Log4jJndiInjectionTest.java:961:79:961:86 | source(...) : String | Log4jJndiInjectionTest.java:961:70:961:86 | (...)... | provenance | Sink:MaD:2339 | +| Log4jJndiInjectionTest.java:961:79:961:86 | source(...) : String | Log4jJndiInjectionTest.java:961:70:961:86 | (...)... | provenance | Sink:MaD:48322 | +| Log4jJndiInjectionTest.java:962:64:962:71 | source(...) : String | Log4jJndiInjectionTest.java:962:55:962:71 | (...)... | provenance | Sink:MaD:2339 | +| Log4jJndiInjectionTest.java:962:64:962:71 | source(...) : String | Log4jJndiInjectionTest.java:962:55:962:71 | (...)... | provenance | Sink:MaD:48322 | +| Log4jJndiInjectionTest.java:963:49:963:56 | source(...) : String | Log4jJndiInjectionTest.java:963:40:963:56 | (...)... | provenance | Sink:MaD:2339 | +| Log4jJndiInjectionTest.java:963:49:963:56 | source(...) : String | Log4jJndiInjectionTest.java:963:40:963:56 | (...)... | provenance | Sink:MaD:48322 | +| Log4jJndiInjectionTest.java:964:34:964:41 | source(...) : String | Log4jJndiInjectionTest.java:964:25:964:41 | (...)... | provenance | Sink:MaD:2339 | +| Log4jJndiInjectionTest.java:964:34:964:41 | source(...) : String | Log4jJndiInjectionTest.java:964:25:964:41 | (...)... | provenance | Sink:MaD:48322 | +| Log4jJndiInjectionTest.java:965:139:965:146 | source(...) : String | Log4jJndiInjectionTest.java:965:130:965:146 | (...)... | provenance | Sink:MaD:2340 | +| Log4jJndiInjectionTest.java:965:139:965:146 | source(...) : String | Log4jJndiInjectionTest.java:965:130:965:146 | (...)... | provenance | Sink:MaD:48323 | +| Log4jJndiInjectionTest.java:966:124:966:131 | source(...) : String | Log4jJndiInjectionTest.java:966:115:966:131 | (...)... | provenance | Sink:MaD:2340 | +| Log4jJndiInjectionTest.java:966:124:966:131 | source(...) : String | Log4jJndiInjectionTest.java:966:115:966:131 | (...)... | provenance | Sink:MaD:48323 | +| Log4jJndiInjectionTest.java:967:109:967:116 | source(...) : String | Log4jJndiInjectionTest.java:967:100:967:116 | (...)... | provenance | Sink:MaD:2340 | +| Log4jJndiInjectionTest.java:967:109:967:116 | source(...) : String | Log4jJndiInjectionTest.java:967:100:967:116 | (...)... | provenance | Sink:MaD:48323 | +| Log4jJndiInjectionTest.java:968:94:968:101 | source(...) : String | Log4jJndiInjectionTest.java:968:85:968:101 | (...)... | provenance | Sink:MaD:2340 | +| Log4jJndiInjectionTest.java:968:94:968:101 | source(...) : String | Log4jJndiInjectionTest.java:968:85:968:101 | (...)... | provenance | Sink:MaD:48323 | +| Log4jJndiInjectionTest.java:969:79:969:86 | source(...) : String | Log4jJndiInjectionTest.java:969:70:969:86 | (...)... | provenance | Sink:MaD:2340 | +| Log4jJndiInjectionTest.java:969:79:969:86 | source(...) : String | Log4jJndiInjectionTest.java:969:70:969:86 | (...)... | provenance | Sink:MaD:48323 | +| Log4jJndiInjectionTest.java:970:64:970:71 | source(...) : String | Log4jJndiInjectionTest.java:970:55:970:71 | (...)... | provenance | Sink:MaD:2340 | +| Log4jJndiInjectionTest.java:970:64:970:71 | source(...) : String | Log4jJndiInjectionTest.java:970:55:970:71 | (...)... | provenance | Sink:MaD:48323 | +| Log4jJndiInjectionTest.java:971:49:971:56 | source(...) : String | Log4jJndiInjectionTest.java:971:40:971:56 | (...)... | provenance | Sink:MaD:2340 | +| Log4jJndiInjectionTest.java:971:49:971:56 | source(...) : String | Log4jJndiInjectionTest.java:971:40:971:56 | (...)... | provenance | Sink:MaD:48323 | +| Log4jJndiInjectionTest.java:972:34:972:41 | source(...) : String | Log4jJndiInjectionTest.java:972:25:972:41 | (...)... | provenance | Sink:MaD:2340 | +| Log4jJndiInjectionTest.java:972:34:972:41 | source(...) : String | Log4jJndiInjectionTest.java:972:25:972:41 | (...)... | provenance | Sink:MaD:48323 | +| Log4jJndiInjectionTest.java:973:154:973:161 | source(...) : String | Log4jJndiInjectionTest.java:973:145:973:161 | (...)... | provenance | Sink:MaD:2341 | +| Log4jJndiInjectionTest.java:973:154:973:161 | source(...) : String | Log4jJndiInjectionTest.java:973:145:973:161 | (...)... | provenance | Sink:MaD:48324 | +| Log4jJndiInjectionTest.java:974:139:974:146 | source(...) : String | Log4jJndiInjectionTest.java:974:130:974:146 | (...)... | provenance | Sink:MaD:2341 | +| Log4jJndiInjectionTest.java:974:139:974:146 | source(...) : String | Log4jJndiInjectionTest.java:974:130:974:146 | (...)... | provenance | Sink:MaD:48324 | +| Log4jJndiInjectionTest.java:975:124:975:131 | source(...) : String | Log4jJndiInjectionTest.java:975:115:975:131 | (...)... | provenance | Sink:MaD:2341 | +| Log4jJndiInjectionTest.java:975:124:975:131 | source(...) : String | Log4jJndiInjectionTest.java:975:115:975:131 | (...)... | provenance | Sink:MaD:48324 | +| Log4jJndiInjectionTest.java:976:109:976:116 | source(...) : String | Log4jJndiInjectionTest.java:976:100:976:116 | (...)... | provenance | Sink:MaD:2341 | +| Log4jJndiInjectionTest.java:976:109:976:116 | source(...) : String | Log4jJndiInjectionTest.java:976:100:976:116 | (...)... | provenance | Sink:MaD:48324 | +| Log4jJndiInjectionTest.java:977:94:977:101 | source(...) : String | Log4jJndiInjectionTest.java:977:85:977:101 | (...)... | provenance | Sink:MaD:2341 | +| Log4jJndiInjectionTest.java:977:94:977:101 | source(...) : String | Log4jJndiInjectionTest.java:977:85:977:101 | (...)... | provenance | Sink:MaD:48324 | +| Log4jJndiInjectionTest.java:978:79:978:86 | source(...) : String | Log4jJndiInjectionTest.java:978:70:978:86 | (...)... | provenance | Sink:MaD:2341 | +| Log4jJndiInjectionTest.java:978:79:978:86 | source(...) : String | Log4jJndiInjectionTest.java:978:70:978:86 | (...)... | provenance | Sink:MaD:48324 | +| Log4jJndiInjectionTest.java:979:64:979:71 | source(...) : String | Log4jJndiInjectionTest.java:979:55:979:71 | (...)... | provenance | Sink:MaD:2341 | +| Log4jJndiInjectionTest.java:979:64:979:71 | source(...) : String | Log4jJndiInjectionTest.java:979:55:979:71 | (...)... | provenance | Sink:MaD:48324 | +| Log4jJndiInjectionTest.java:980:49:980:56 | source(...) : String | Log4jJndiInjectionTest.java:980:40:980:56 | (...)... | provenance | Sink:MaD:2341 | +| Log4jJndiInjectionTest.java:980:49:980:56 | source(...) : String | Log4jJndiInjectionTest.java:980:40:980:56 | (...)... | provenance | Sink:MaD:48324 | +| Log4jJndiInjectionTest.java:981:34:981:41 | source(...) : String | Log4jJndiInjectionTest.java:981:25:981:41 | (...)... | provenance | Sink:MaD:2341 | +| Log4jJndiInjectionTest.java:981:34:981:41 | source(...) : String | Log4jJndiInjectionTest.java:981:25:981:41 | (...)... | provenance | Sink:MaD:48324 | +| Log4jJndiInjectionTest.java:982:169:982:176 | source(...) : String | Log4jJndiInjectionTest.java:982:160:982:176 | (...)... | provenance | Sink:MaD:2342 | +| Log4jJndiInjectionTest.java:982:169:982:176 | source(...) : String | Log4jJndiInjectionTest.java:982:160:982:176 | (...)... | provenance | Sink:MaD:48325 | +| Log4jJndiInjectionTest.java:983:154:983:161 | source(...) : String | Log4jJndiInjectionTest.java:983:145:983:161 | (...)... | provenance | Sink:MaD:2342 | +| Log4jJndiInjectionTest.java:983:154:983:161 | source(...) : String | Log4jJndiInjectionTest.java:983:145:983:161 | (...)... | provenance | Sink:MaD:48325 | +| Log4jJndiInjectionTest.java:984:139:984:146 | source(...) : String | Log4jJndiInjectionTest.java:984:130:984:146 | (...)... | provenance | Sink:MaD:2342 | +| Log4jJndiInjectionTest.java:984:139:984:146 | source(...) : String | Log4jJndiInjectionTest.java:984:130:984:146 | (...)... | provenance | Sink:MaD:48325 | +| Log4jJndiInjectionTest.java:985:124:985:131 | source(...) : String | Log4jJndiInjectionTest.java:985:115:985:131 | (...)... | provenance | Sink:MaD:2342 | +| Log4jJndiInjectionTest.java:985:124:985:131 | source(...) : String | Log4jJndiInjectionTest.java:985:115:985:131 | (...)... | provenance | Sink:MaD:48325 | +| Log4jJndiInjectionTest.java:986:109:986:116 | source(...) : String | Log4jJndiInjectionTest.java:986:100:986:116 | (...)... | provenance | Sink:MaD:2342 | +| Log4jJndiInjectionTest.java:986:109:986:116 | source(...) : String | Log4jJndiInjectionTest.java:986:100:986:116 | (...)... | provenance | Sink:MaD:48325 | +| Log4jJndiInjectionTest.java:987:94:987:101 | source(...) : String | Log4jJndiInjectionTest.java:987:85:987:101 | (...)... | provenance | Sink:MaD:2342 | +| Log4jJndiInjectionTest.java:987:94:987:101 | source(...) : String | Log4jJndiInjectionTest.java:987:85:987:101 | (...)... | provenance | Sink:MaD:48325 | +| Log4jJndiInjectionTest.java:988:79:988:86 | source(...) : String | Log4jJndiInjectionTest.java:988:70:988:86 | (...)... | provenance | Sink:MaD:2342 | +| Log4jJndiInjectionTest.java:988:79:988:86 | source(...) : String | Log4jJndiInjectionTest.java:988:70:988:86 | (...)... | provenance | Sink:MaD:48325 | +| Log4jJndiInjectionTest.java:989:64:989:71 | source(...) : String | Log4jJndiInjectionTest.java:989:55:989:71 | (...)... | provenance | Sink:MaD:2342 | +| Log4jJndiInjectionTest.java:989:64:989:71 | source(...) : String | Log4jJndiInjectionTest.java:989:55:989:71 | (...)... | provenance | Sink:MaD:48325 | +| Log4jJndiInjectionTest.java:990:49:990:56 | source(...) : String | Log4jJndiInjectionTest.java:990:40:990:56 | (...)... | provenance | Sink:MaD:2342 | +| Log4jJndiInjectionTest.java:990:49:990:56 | source(...) : String | Log4jJndiInjectionTest.java:990:40:990:56 | (...)... | provenance | Sink:MaD:48325 | +| Log4jJndiInjectionTest.java:991:34:991:41 | source(...) : String | Log4jJndiInjectionTest.java:991:25:991:41 | (...)... | provenance | Sink:MaD:2342 | +| Log4jJndiInjectionTest.java:991:34:991:41 | source(...) : String | Log4jJndiInjectionTest.java:991:25:991:41 | (...)... | provenance | Sink:MaD:48325 | +| Log4jJndiInjectionTest.java:992:34:992:41 | source(...) : String | Log4jJndiInjectionTest.java:992:25:992:41 | (...)... | provenance | Sink:MaD:2334 | +| Log4jJndiInjectionTest.java:992:34:992:41 | source(...) : String | Log4jJndiInjectionTest.java:992:25:992:41 | (...)... | provenance | Sink:MaD:48317 | +| Log4jJndiInjectionTest.java:993:54:993:61 | source(...) : String | Log4jJndiInjectionTest.java:993:40:993:61 | (...)... | provenance | Sink:MaD:2334 | +| Log4jJndiInjectionTest.java:993:54:993:61 | source(...) : String | Log4jJndiInjectionTest.java:993:40:993:61 | (...)... | provenance | Sink:MaD:48317 | +| Log4jJndiInjectionTest.java:994:34:994:41 | source(...) : String | Log4jJndiInjectionTest.java:994:25:994:41 | (...)... | provenance | Sink:MaD:2346 | +| Log4jJndiInjectionTest.java:994:34:994:41 | source(...) : String | Log4jJndiInjectionTest.java:994:25:994:41 | (...)... | provenance | Sink:MaD:48329 | +| Log4jJndiInjectionTest.java:995:39:995:46 | source(...) : String | Log4jJndiInjectionTest.java:995:25:995:46 | (...)... | provenance | Sink:MaD:2347 | +| Log4jJndiInjectionTest.java:995:39:995:46 | source(...) : String | Log4jJndiInjectionTest.java:995:25:995:46 | (...)... | provenance | Sink:MaD:48330 | +| Log4jJndiInjectionTest.java:996:39:996:46 | source(...) : String | Log4jJndiInjectionTest.java:996:25:996:46 | (...)... | provenance | Sink:MaD:2348 | +| Log4jJndiInjectionTest.java:996:39:996:46 | source(...) : String | Log4jJndiInjectionTest.java:996:25:996:46 | (...)... | provenance | Sink:MaD:48331 | +| Log4jJndiInjectionTest.java:998:65:998:72 | source(...) : String | Log4jJndiInjectionTest.java:998:55:998:72 | (...)... | provenance | Sink:MaD:2252 | +| Log4jJndiInjectionTest.java:998:65:998:72 | source(...) : String | Log4jJndiInjectionTest.java:998:55:998:72 | (...)... | provenance | Sink:MaD:48226 | +| Log4jJndiInjectionTest.java:999:48:999:55 | source(...) : String | Log4jJndiInjectionTest.java:999:39:999:55 | (...)... | provenance | Sink:MaD:2253 | +| Log4jJndiInjectionTest.java:999:48:999:55 | source(...) : String | Log4jJndiInjectionTest.java:999:39:999:55 | (...)... | provenance | Sink:MaD:48227 | +| Log4jJndiInjectionTest.java:1000:45:1000:67 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:1000:45:1000:67 | new Object[] | provenance | Sink:MaD:2253 | +| Log4jJndiInjectionTest.java:1000:45:1000:67 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:1000:45:1000:67 | new Object[] | provenance | Sink:MaD:48227 | | Log4jJndiInjectionTest.java:1000:59:1000:66 | source(...) : String | Log4jJndiInjectionTest.java:1000:45:1000:67 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:1001:42:1001:49 | source(...) : String | Log4jJndiInjectionTest.java:1001:33:1001:49 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1002:39:1002:61 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:1002:39:1002:61 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:1001:42:1001:49 | source(...) : String | Log4jJndiInjectionTest.java:1001:33:1001:49 | (...)... | provenance | Sink:MaD:2254 | +| Log4jJndiInjectionTest.java:1001:42:1001:49 | source(...) : String | Log4jJndiInjectionTest.java:1001:33:1001:49 | (...)... | provenance | Sink:MaD:48228 | +| Log4jJndiInjectionTest.java:1002:39:1002:61 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:1002:39:1002:61 | new Object[] | provenance | Sink:MaD:2254 | +| Log4jJndiInjectionTest.java:1002:39:1002:61 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:1002:39:1002:61 | new Object[] | provenance | Sink:MaD:48228 | | Log4jJndiInjectionTest.java:1002:53:1002:60 | source(...) : String | Log4jJndiInjectionTest.java:1002:39:1002:61 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:1020:40:1020:47 | source(...) : String | Log4jJndiInjectionTest.java:1020:25:1020:47 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1021:35:1021:42 | source(...) : String | Log4jJndiInjectionTest.java:1021:25:1021:42 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1023:34:1023:41 | source(...) : String | Log4jJndiInjectionTest.java:1023:25:1023:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1024:34:1024:41 | source(...) : String | Log4jJndiInjectionTest.java:1024:25:1024:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1025:40:1025:62 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:1025:40:1025:62 | new Object[] | provenance | | +| Log4jJndiInjectionTest.java:1020:40:1020:47 | source(...) : String | Log4jJndiInjectionTest.java:1020:25:1020:47 | (...)... | provenance | Sink:MaD:1999 | +| Log4jJndiInjectionTest.java:1020:40:1020:47 | source(...) : String | Log4jJndiInjectionTest.java:1020:25:1020:47 | (...)... | provenance | Sink:MaD:47973 | +| Log4jJndiInjectionTest.java:1021:35:1021:42 | source(...) : String | Log4jJndiInjectionTest.java:1021:25:1021:42 | (...)... | provenance | Sink:MaD:2000 | +| Log4jJndiInjectionTest.java:1021:35:1021:42 | source(...) : String | Log4jJndiInjectionTest.java:1021:25:1021:42 | (...)... | provenance | Sink:MaD:47974 | +| Log4jJndiInjectionTest.java:1023:34:1023:41 | source(...) : String | Log4jJndiInjectionTest.java:1023:25:1023:41 | (...)... | provenance | Sink:MaD:2002 | +| Log4jJndiInjectionTest.java:1023:34:1023:41 | source(...) : String | Log4jJndiInjectionTest.java:1023:25:1023:41 | (...)... | provenance | Sink:MaD:47976 | +| Log4jJndiInjectionTest.java:1024:34:1024:41 | source(...) : String | Log4jJndiInjectionTest.java:1024:25:1024:41 | (...)... | provenance | Sink:MaD:2013 | +| Log4jJndiInjectionTest.java:1024:34:1024:41 | source(...) : String | Log4jJndiInjectionTest.java:1024:25:1024:41 | (...)... | provenance | Sink:MaD:47987 | +| Log4jJndiInjectionTest.java:1025:40:1025:62 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:1025:40:1025:62 | new Object[] | provenance | Sink:MaD:2013 | +| Log4jJndiInjectionTest.java:1025:40:1025:62 | {...} : Object[] [[]] : String | Log4jJndiInjectionTest.java:1025:40:1025:62 | new Object[] | provenance | Sink:MaD:47987 | | Log4jJndiInjectionTest.java:1025:54:1025:61 | source(...) : String | Log4jJndiInjectionTest.java:1025:40:1025:62 | {...} : Object[] [[]] : String | provenance | | -| Log4jJndiInjectionTest.java:1028:49:1028:56 | source(...) : String | Log4jJndiInjectionTest.java:1028:40:1028:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1029:34:1029:41 | source(...) : String | Log4jJndiInjectionTest.java:1029:25:1029:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1030:64:1030:71 | source(...) : String | Log4jJndiInjectionTest.java:1030:55:1030:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1031:49:1031:56 | source(...) : String | Log4jJndiInjectionTest.java:1031:40:1031:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1032:34:1032:41 | source(...) : String | Log4jJndiInjectionTest.java:1032:25:1032:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1033:79:1033:86 | source(...) : String | Log4jJndiInjectionTest.java:1033:70:1033:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1034:64:1034:71 | source(...) : String | Log4jJndiInjectionTest.java:1034:55:1034:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1035:49:1035:56 | source(...) : String | Log4jJndiInjectionTest.java:1035:40:1035:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1036:34:1036:41 | source(...) : String | Log4jJndiInjectionTest.java:1036:25:1036:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1037:94:1037:101 | source(...) : String | Log4jJndiInjectionTest.java:1037:85:1037:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1038:79:1038:86 | source(...) : String | Log4jJndiInjectionTest.java:1038:70:1038:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1039:64:1039:71 | source(...) : String | Log4jJndiInjectionTest.java:1039:55:1039:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1040:49:1040:56 | source(...) : String | Log4jJndiInjectionTest.java:1040:40:1040:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1041:34:1041:41 | source(...) : String | Log4jJndiInjectionTest.java:1041:25:1041:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1042:109:1042:116 | source(...) : String | Log4jJndiInjectionTest.java:1042:100:1042:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1043:94:1043:101 | source(...) : String | Log4jJndiInjectionTest.java:1043:85:1043:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1044:79:1044:86 | source(...) : String | Log4jJndiInjectionTest.java:1044:70:1044:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1045:64:1045:71 | source(...) : String | Log4jJndiInjectionTest.java:1045:55:1045:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1046:49:1046:56 | source(...) : String | Log4jJndiInjectionTest.java:1046:40:1046:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1047:34:1047:41 | source(...) : String | Log4jJndiInjectionTest.java:1047:25:1047:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1048:124:1048:131 | source(...) : String | Log4jJndiInjectionTest.java:1048:115:1048:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1049:109:1049:116 | source(...) : String | Log4jJndiInjectionTest.java:1049:100:1049:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1050:94:1050:101 | source(...) : String | Log4jJndiInjectionTest.java:1050:85:1050:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1051:79:1051:86 | source(...) : String | Log4jJndiInjectionTest.java:1051:70:1051:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1052:64:1052:71 | source(...) : String | Log4jJndiInjectionTest.java:1052:55:1052:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1053:49:1053:56 | source(...) : String | Log4jJndiInjectionTest.java:1053:40:1053:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1054:34:1054:41 | source(...) : String | Log4jJndiInjectionTest.java:1054:25:1054:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1055:139:1055:146 | source(...) : String | Log4jJndiInjectionTest.java:1055:130:1055:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1056:124:1056:131 | source(...) : String | Log4jJndiInjectionTest.java:1056:115:1056:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1057:109:1057:116 | source(...) : String | Log4jJndiInjectionTest.java:1057:100:1057:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1058:94:1058:101 | source(...) : String | Log4jJndiInjectionTest.java:1058:85:1058:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1059:79:1059:86 | source(...) : String | Log4jJndiInjectionTest.java:1059:70:1059:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1060:64:1060:71 | source(...) : String | Log4jJndiInjectionTest.java:1060:55:1060:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1061:49:1061:56 | source(...) : String | Log4jJndiInjectionTest.java:1061:40:1061:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1062:34:1062:41 | source(...) : String | Log4jJndiInjectionTest.java:1062:25:1062:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1063:154:1063:161 | source(...) : String | Log4jJndiInjectionTest.java:1063:145:1063:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1064:139:1064:146 | source(...) : String | Log4jJndiInjectionTest.java:1064:130:1064:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1065:124:1065:131 | source(...) : String | Log4jJndiInjectionTest.java:1065:115:1065:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1066:109:1066:116 | source(...) : String | Log4jJndiInjectionTest.java:1066:100:1066:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1067:94:1067:101 | source(...) : String | Log4jJndiInjectionTest.java:1067:85:1067:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1068:79:1068:86 | source(...) : String | Log4jJndiInjectionTest.java:1068:70:1068:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1069:64:1069:71 | source(...) : String | Log4jJndiInjectionTest.java:1069:55:1069:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1070:49:1070:56 | source(...) : String | Log4jJndiInjectionTest.java:1070:40:1070:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1071:34:1071:41 | source(...) : String | Log4jJndiInjectionTest.java:1071:25:1071:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1072:169:1072:176 | source(...) : String | Log4jJndiInjectionTest.java:1072:160:1072:176 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1073:154:1073:161 | source(...) : String | Log4jJndiInjectionTest.java:1073:145:1073:161 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1074:139:1074:146 | source(...) : String | Log4jJndiInjectionTest.java:1074:130:1074:146 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1075:124:1075:131 | source(...) : String | Log4jJndiInjectionTest.java:1075:115:1075:131 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1076:109:1076:116 | source(...) : String | Log4jJndiInjectionTest.java:1076:100:1076:116 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1077:94:1077:101 | source(...) : String | Log4jJndiInjectionTest.java:1077:85:1077:101 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1078:79:1078:86 | source(...) : String | Log4jJndiInjectionTest.java:1078:70:1078:86 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1079:64:1079:71 | source(...) : String | Log4jJndiInjectionTest.java:1079:55:1079:71 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1080:49:1080:56 | source(...) : String | Log4jJndiInjectionTest.java:1080:40:1080:56 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1081:34:1081:41 | source(...) : String | Log4jJndiInjectionTest.java:1081:25:1081:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1083:34:1083:41 | source(...) : String | Log4jJndiInjectionTest.java:1083:25:1083:41 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1084:54:1084:61 | source(...) : String | Log4jJndiInjectionTest.java:1084:40:1084:61 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1085:39:1085:46 | source(...) : String | Log4jJndiInjectionTest.java:1085:25:1085:46 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1088:47:1088:54 | source(...) : String | Log4jJndiInjectionTest.java:1088:38:1088:54 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1089:53:1089:60 | source(...) : String | Log4jJndiInjectionTest.java:1089:44:1089:60 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1091:13:1091:15 | map [post update] : HashMap [] : String | Log4jJndiInjectionTest.java:1092:34:1092:36 | map | provenance | | -| Log4jJndiInjectionTest.java:1091:28:1091:44 | (...)... : String | Log4jJndiInjectionTest.java:1091:13:1091:15 | map [post update] : HashMap [] : String | provenance | | +| Log4jJndiInjectionTest.java:1028:49:1028:56 | source(...) : String | Log4jJndiInjectionTest.java:1028:40:1028:56 | (...)... | provenance | Sink:MaD:2003 | +| Log4jJndiInjectionTest.java:1028:49:1028:56 | source(...) : String | Log4jJndiInjectionTest.java:1028:40:1028:56 | (...)... | provenance | Sink:MaD:47977 | +| Log4jJndiInjectionTest.java:1029:34:1029:41 | source(...) : String | Log4jJndiInjectionTest.java:1029:25:1029:41 | (...)... | provenance | Sink:MaD:2003 | +| Log4jJndiInjectionTest.java:1029:34:1029:41 | source(...) : String | Log4jJndiInjectionTest.java:1029:25:1029:41 | (...)... | provenance | Sink:MaD:47977 | +| Log4jJndiInjectionTest.java:1030:64:1030:71 | source(...) : String | Log4jJndiInjectionTest.java:1030:55:1030:71 | (...)... | provenance | Sink:MaD:2004 | +| Log4jJndiInjectionTest.java:1030:64:1030:71 | source(...) : String | Log4jJndiInjectionTest.java:1030:55:1030:71 | (...)... | provenance | Sink:MaD:47978 | +| Log4jJndiInjectionTest.java:1031:49:1031:56 | source(...) : String | Log4jJndiInjectionTest.java:1031:40:1031:56 | (...)... | provenance | Sink:MaD:2004 | +| Log4jJndiInjectionTest.java:1031:49:1031:56 | source(...) : String | Log4jJndiInjectionTest.java:1031:40:1031:56 | (...)... | provenance | Sink:MaD:47978 | +| Log4jJndiInjectionTest.java:1032:34:1032:41 | source(...) : String | Log4jJndiInjectionTest.java:1032:25:1032:41 | (...)... | provenance | Sink:MaD:2004 | +| Log4jJndiInjectionTest.java:1032:34:1032:41 | source(...) : String | Log4jJndiInjectionTest.java:1032:25:1032:41 | (...)... | provenance | Sink:MaD:47978 | +| Log4jJndiInjectionTest.java:1033:79:1033:86 | source(...) : String | Log4jJndiInjectionTest.java:1033:70:1033:86 | (...)... | provenance | Sink:MaD:2005 | +| Log4jJndiInjectionTest.java:1033:79:1033:86 | source(...) : String | Log4jJndiInjectionTest.java:1033:70:1033:86 | (...)... | provenance | Sink:MaD:47979 | +| Log4jJndiInjectionTest.java:1034:64:1034:71 | source(...) : String | Log4jJndiInjectionTest.java:1034:55:1034:71 | (...)... | provenance | Sink:MaD:2005 | +| Log4jJndiInjectionTest.java:1034:64:1034:71 | source(...) : String | Log4jJndiInjectionTest.java:1034:55:1034:71 | (...)... | provenance | Sink:MaD:47979 | +| Log4jJndiInjectionTest.java:1035:49:1035:56 | source(...) : String | Log4jJndiInjectionTest.java:1035:40:1035:56 | (...)... | provenance | Sink:MaD:2005 | +| Log4jJndiInjectionTest.java:1035:49:1035:56 | source(...) : String | Log4jJndiInjectionTest.java:1035:40:1035:56 | (...)... | provenance | Sink:MaD:47979 | +| Log4jJndiInjectionTest.java:1036:34:1036:41 | source(...) : String | Log4jJndiInjectionTest.java:1036:25:1036:41 | (...)... | provenance | Sink:MaD:2005 | +| Log4jJndiInjectionTest.java:1036:34:1036:41 | source(...) : String | Log4jJndiInjectionTest.java:1036:25:1036:41 | (...)... | provenance | Sink:MaD:47979 | +| Log4jJndiInjectionTest.java:1037:94:1037:101 | source(...) : String | Log4jJndiInjectionTest.java:1037:85:1037:101 | (...)... | provenance | Sink:MaD:2006 | +| Log4jJndiInjectionTest.java:1037:94:1037:101 | source(...) : String | Log4jJndiInjectionTest.java:1037:85:1037:101 | (...)... | provenance | Sink:MaD:47980 | +| Log4jJndiInjectionTest.java:1038:79:1038:86 | source(...) : String | Log4jJndiInjectionTest.java:1038:70:1038:86 | (...)... | provenance | Sink:MaD:2006 | +| Log4jJndiInjectionTest.java:1038:79:1038:86 | source(...) : String | Log4jJndiInjectionTest.java:1038:70:1038:86 | (...)... | provenance | Sink:MaD:47980 | +| Log4jJndiInjectionTest.java:1039:64:1039:71 | source(...) : String | Log4jJndiInjectionTest.java:1039:55:1039:71 | (...)... | provenance | Sink:MaD:2006 | +| Log4jJndiInjectionTest.java:1039:64:1039:71 | source(...) : String | Log4jJndiInjectionTest.java:1039:55:1039:71 | (...)... | provenance | Sink:MaD:47980 | +| Log4jJndiInjectionTest.java:1040:49:1040:56 | source(...) : String | Log4jJndiInjectionTest.java:1040:40:1040:56 | (...)... | provenance | Sink:MaD:2006 | +| Log4jJndiInjectionTest.java:1040:49:1040:56 | source(...) : String | Log4jJndiInjectionTest.java:1040:40:1040:56 | (...)... | provenance | Sink:MaD:47980 | +| Log4jJndiInjectionTest.java:1041:34:1041:41 | source(...) : String | Log4jJndiInjectionTest.java:1041:25:1041:41 | (...)... | provenance | Sink:MaD:2006 | +| Log4jJndiInjectionTest.java:1041:34:1041:41 | source(...) : String | Log4jJndiInjectionTest.java:1041:25:1041:41 | (...)... | provenance | Sink:MaD:47980 | +| Log4jJndiInjectionTest.java:1042:109:1042:116 | source(...) : String | Log4jJndiInjectionTest.java:1042:100:1042:116 | (...)... | provenance | Sink:MaD:2007 | +| Log4jJndiInjectionTest.java:1042:109:1042:116 | source(...) : String | Log4jJndiInjectionTest.java:1042:100:1042:116 | (...)... | provenance | Sink:MaD:47981 | +| Log4jJndiInjectionTest.java:1043:94:1043:101 | source(...) : String | Log4jJndiInjectionTest.java:1043:85:1043:101 | (...)... | provenance | Sink:MaD:2007 | +| Log4jJndiInjectionTest.java:1043:94:1043:101 | source(...) : String | Log4jJndiInjectionTest.java:1043:85:1043:101 | (...)... | provenance | Sink:MaD:47981 | +| Log4jJndiInjectionTest.java:1044:79:1044:86 | source(...) : String | Log4jJndiInjectionTest.java:1044:70:1044:86 | (...)... | provenance | Sink:MaD:2007 | +| Log4jJndiInjectionTest.java:1044:79:1044:86 | source(...) : String | Log4jJndiInjectionTest.java:1044:70:1044:86 | (...)... | provenance | Sink:MaD:47981 | +| Log4jJndiInjectionTest.java:1045:64:1045:71 | source(...) : String | Log4jJndiInjectionTest.java:1045:55:1045:71 | (...)... | provenance | Sink:MaD:2007 | +| Log4jJndiInjectionTest.java:1045:64:1045:71 | source(...) : String | Log4jJndiInjectionTest.java:1045:55:1045:71 | (...)... | provenance | Sink:MaD:47981 | +| Log4jJndiInjectionTest.java:1046:49:1046:56 | source(...) : String | Log4jJndiInjectionTest.java:1046:40:1046:56 | (...)... | provenance | Sink:MaD:2007 | +| Log4jJndiInjectionTest.java:1046:49:1046:56 | source(...) : String | Log4jJndiInjectionTest.java:1046:40:1046:56 | (...)... | provenance | Sink:MaD:47981 | +| Log4jJndiInjectionTest.java:1047:34:1047:41 | source(...) : String | Log4jJndiInjectionTest.java:1047:25:1047:41 | (...)... | provenance | Sink:MaD:2007 | +| Log4jJndiInjectionTest.java:1047:34:1047:41 | source(...) : String | Log4jJndiInjectionTest.java:1047:25:1047:41 | (...)... | provenance | Sink:MaD:47981 | +| Log4jJndiInjectionTest.java:1048:124:1048:131 | source(...) : String | Log4jJndiInjectionTest.java:1048:115:1048:131 | (...)... | provenance | Sink:MaD:2008 | +| Log4jJndiInjectionTest.java:1048:124:1048:131 | source(...) : String | Log4jJndiInjectionTest.java:1048:115:1048:131 | (...)... | provenance | Sink:MaD:47982 | +| Log4jJndiInjectionTest.java:1049:109:1049:116 | source(...) : String | Log4jJndiInjectionTest.java:1049:100:1049:116 | (...)... | provenance | Sink:MaD:2008 | +| Log4jJndiInjectionTest.java:1049:109:1049:116 | source(...) : String | Log4jJndiInjectionTest.java:1049:100:1049:116 | (...)... | provenance | Sink:MaD:47982 | +| Log4jJndiInjectionTest.java:1050:94:1050:101 | source(...) : String | Log4jJndiInjectionTest.java:1050:85:1050:101 | (...)... | provenance | Sink:MaD:2008 | +| Log4jJndiInjectionTest.java:1050:94:1050:101 | source(...) : String | Log4jJndiInjectionTest.java:1050:85:1050:101 | (...)... | provenance | Sink:MaD:47982 | +| Log4jJndiInjectionTest.java:1051:79:1051:86 | source(...) : String | Log4jJndiInjectionTest.java:1051:70:1051:86 | (...)... | provenance | Sink:MaD:2008 | +| Log4jJndiInjectionTest.java:1051:79:1051:86 | source(...) : String | Log4jJndiInjectionTest.java:1051:70:1051:86 | (...)... | provenance | Sink:MaD:47982 | +| Log4jJndiInjectionTest.java:1052:64:1052:71 | source(...) : String | Log4jJndiInjectionTest.java:1052:55:1052:71 | (...)... | provenance | Sink:MaD:2008 | +| Log4jJndiInjectionTest.java:1052:64:1052:71 | source(...) : String | Log4jJndiInjectionTest.java:1052:55:1052:71 | (...)... | provenance | Sink:MaD:47982 | +| Log4jJndiInjectionTest.java:1053:49:1053:56 | source(...) : String | Log4jJndiInjectionTest.java:1053:40:1053:56 | (...)... | provenance | Sink:MaD:2008 | +| Log4jJndiInjectionTest.java:1053:49:1053:56 | source(...) : String | Log4jJndiInjectionTest.java:1053:40:1053:56 | (...)... | provenance | Sink:MaD:47982 | +| Log4jJndiInjectionTest.java:1054:34:1054:41 | source(...) : String | Log4jJndiInjectionTest.java:1054:25:1054:41 | (...)... | provenance | Sink:MaD:2008 | +| Log4jJndiInjectionTest.java:1054:34:1054:41 | source(...) : String | Log4jJndiInjectionTest.java:1054:25:1054:41 | (...)... | provenance | Sink:MaD:47982 | +| Log4jJndiInjectionTest.java:1055:139:1055:146 | source(...) : String | Log4jJndiInjectionTest.java:1055:130:1055:146 | (...)... | provenance | Sink:MaD:2009 | +| Log4jJndiInjectionTest.java:1055:139:1055:146 | source(...) : String | Log4jJndiInjectionTest.java:1055:130:1055:146 | (...)... | provenance | Sink:MaD:47983 | +| Log4jJndiInjectionTest.java:1056:124:1056:131 | source(...) : String | Log4jJndiInjectionTest.java:1056:115:1056:131 | (...)... | provenance | Sink:MaD:2009 | +| Log4jJndiInjectionTest.java:1056:124:1056:131 | source(...) : String | Log4jJndiInjectionTest.java:1056:115:1056:131 | (...)... | provenance | Sink:MaD:47983 | +| Log4jJndiInjectionTest.java:1057:109:1057:116 | source(...) : String | Log4jJndiInjectionTest.java:1057:100:1057:116 | (...)... | provenance | Sink:MaD:2009 | +| Log4jJndiInjectionTest.java:1057:109:1057:116 | source(...) : String | Log4jJndiInjectionTest.java:1057:100:1057:116 | (...)... | provenance | Sink:MaD:47983 | +| Log4jJndiInjectionTest.java:1058:94:1058:101 | source(...) : String | Log4jJndiInjectionTest.java:1058:85:1058:101 | (...)... | provenance | Sink:MaD:2009 | +| Log4jJndiInjectionTest.java:1058:94:1058:101 | source(...) : String | Log4jJndiInjectionTest.java:1058:85:1058:101 | (...)... | provenance | Sink:MaD:47983 | +| Log4jJndiInjectionTest.java:1059:79:1059:86 | source(...) : String | Log4jJndiInjectionTest.java:1059:70:1059:86 | (...)... | provenance | Sink:MaD:2009 | +| Log4jJndiInjectionTest.java:1059:79:1059:86 | source(...) : String | Log4jJndiInjectionTest.java:1059:70:1059:86 | (...)... | provenance | Sink:MaD:47983 | +| Log4jJndiInjectionTest.java:1060:64:1060:71 | source(...) : String | Log4jJndiInjectionTest.java:1060:55:1060:71 | (...)... | provenance | Sink:MaD:2009 | +| Log4jJndiInjectionTest.java:1060:64:1060:71 | source(...) : String | Log4jJndiInjectionTest.java:1060:55:1060:71 | (...)... | provenance | Sink:MaD:47983 | +| Log4jJndiInjectionTest.java:1061:49:1061:56 | source(...) : String | Log4jJndiInjectionTest.java:1061:40:1061:56 | (...)... | provenance | Sink:MaD:2009 | +| Log4jJndiInjectionTest.java:1061:49:1061:56 | source(...) : String | Log4jJndiInjectionTest.java:1061:40:1061:56 | (...)... | provenance | Sink:MaD:47983 | +| Log4jJndiInjectionTest.java:1062:34:1062:41 | source(...) : String | Log4jJndiInjectionTest.java:1062:25:1062:41 | (...)... | provenance | Sink:MaD:2009 | +| Log4jJndiInjectionTest.java:1062:34:1062:41 | source(...) : String | Log4jJndiInjectionTest.java:1062:25:1062:41 | (...)... | provenance | Sink:MaD:47983 | +| Log4jJndiInjectionTest.java:1063:154:1063:161 | source(...) : String | Log4jJndiInjectionTest.java:1063:145:1063:161 | (...)... | provenance | Sink:MaD:2010 | +| Log4jJndiInjectionTest.java:1063:154:1063:161 | source(...) : String | Log4jJndiInjectionTest.java:1063:145:1063:161 | (...)... | provenance | Sink:MaD:47984 | +| Log4jJndiInjectionTest.java:1064:139:1064:146 | source(...) : String | Log4jJndiInjectionTest.java:1064:130:1064:146 | (...)... | provenance | Sink:MaD:2010 | +| Log4jJndiInjectionTest.java:1064:139:1064:146 | source(...) : String | Log4jJndiInjectionTest.java:1064:130:1064:146 | (...)... | provenance | Sink:MaD:47984 | +| Log4jJndiInjectionTest.java:1065:124:1065:131 | source(...) : String | Log4jJndiInjectionTest.java:1065:115:1065:131 | (...)... | provenance | Sink:MaD:2010 | +| Log4jJndiInjectionTest.java:1065:124:1065:131 | source(...) : String | Log4jJndiInjectionTest.java:1065:115:1065:131 | (...)... | provenance | Sink:MaD:47984 | +| Log4jJndiInjectionTest.java:1066:109:1066:116 | source(...) : String | Log4jJndiInjectionTest.java:1066:100:1066:116 | (...)... | provenance | Sink:MaD:2010 | +| Log4jJndiInjectionTest.java:1066:109:1066:116 | source(...) : String | Log4jJndiInjectionTest.java:1066:100:1066:116 | (...)... | provenance | Sink:MaD:47984 | +| Log4jJndiInjectionTest.java:1067:94:1067:101 | source(...) : String | Log4jJndiInjectionTest.java:1067:85:1067:101 | (...)... | provenance | Sink:MaD:2010 | +| Log4jJndiInjectionTest.java:1067:94:1067:101 | source(...) : String | Log4jJndiInjectionTest.java:1067:85:1067:101 | (...)... | provenance | Sink:MaD:47984 | +| Log4jJndiInjectionTest.java:1068:79:1068:86 | source(...) : String | Log4jJndiInjectionTest.java:1068:70:1068:86 | (...)... | provenance | Sink:MaD:2010 | +| Log4jJndiInjectionTest.java:1068:79:1068:86 | source(...) : String | Log4jJndiInjectionTest.java:1068:70:1068:86 | (...)... | provenance | Sink:MaD:47984 | +| Log4jJndiInjectionTest.java:1069:64:1069:71 | source(...) : String | Log4jJndiInjectionTest.java:1069:55:1069:71 | (...)... | provenance | Sink:MaD:2010 | +| Log4jJndiInjectionTest.java:1069:64:1069:71 | source(...) : String | Log4jJndiInjectionTest.java:1069:55:1069:71 | (...)... | provenance | Sink:MaD:47984 | +| Log4jJndiInjectionTest.java:1070:49:1070:56 | source(...) : String | Log4jJndiInjectionTest.java:1070:40:1070:56 | (...)... | provenance | Sink:MaD:2010 | +| Log4jJndiInjectionTest.java:1070:49:1070:56 | source(...) : String | Log4jJndiInjectionTest.java:1070:40:1070:56 | (...)... | provenance | Sink:MaD:47984 | +| Log4jJndiInjectionTest.java:1071:34:1071:41 | source(...) : String | Log4jJndiInjectionTest.java:1071:25:1071:41 | (...)... | provenance | Sink:MaD:2010 | +| Log4jJndiInjectionTest.java:1071:34:1071:41 | source(...) : String | Log4jJndiInjectionTest.java:1071:25:1071:41 | (...)... | provenance | Sink:MaD:47984 | +| Log4jJndiInjectionTest.java:1072:169:1072:176 | source(...) : String | Log4jJndiInjectionTest.java:1072:160:1072:176 | (...)... | provenance | Sink:MaD:2011 | +| Log4jJndiInjectionTest.java:1072:169:1072:176 | source(...) : String | Log4jJndiInjectionTest.java:1072:160:1072:176 | (...)... | provenance | Sink:MaD:47985 | +| Log4jJndiInjectionTest.java:1073:154:1073:161 | source(...) : String | Log4jJndiInjectionTest.java:1073:145:1073:161 | (...)... | provenance | Sink:MaD:2011 | +| Log4jJndiInjectionTest.java:1073:154:1073:161 | source(...) : String | Log4jJndiInjectionTest.java:1073:145:1073:161 | (...)... | provenance | Sink:MaD:47985 | +| Log4jJndiInjectionTest.java:1074:139:1074:146 | source(...) : String | Log4jJndiInjectionTest.java:1074:130:1074:146 | (...)... | provenance | Sink:MaD:2011 | +| Log4jJndiInjectionTest.java:1074:139:1074:146 | source(...) : String | Log4jJndiInjectionTest.java:1074:130:1074:146 | (...)... | provenance | Sink:MaD:47985 | +| Log4jJndiInjectionTest.java:1075:124:1075:131 | source(...) : String | Log4jJndiInjectionTest.java:1075:115:1075:131 | (...)... | provenance | Sink:MaD:2011 | +| Log4jJndiInjectionTest.java:1075:124:1075:131 | source(...) : String | Log4jJndiInjectionTest.java:1075:115:1075:131 | (...)... | provenance | Sink:MaD:47985 | +| Log4jJndiInjectionTest.java:1076:109:1076:116 | source(...) : String | Log4jJndiInjectionTest.java:1076:100:1076:116 | (...)... | provenance | Sink:MaD:2011 | +| Log4jJndiInjectionTest.java:1076:109:1076:116 | source(...) : String | Log4jJndiInjectionTest.java:1076:100:1076:116 | (...)... | provenance | Sink:MaD:47985 | +| Log4jJndiInjectionTest.java:1077:94:1077:101 | source(...) : String | Log4jJndiInjectionTest.java:1077:85:1077:101 | (...)... | provenance | Sink:MaD:2011 | +| Log4jJndiInjectionTest.java:1077:94:1077:101 | source(...) : String | Log4jJndiInjectionTest.java:1077:85:1077:101 | (...)... | provenance | Sink:MaD:47985 | +| Log4jJndiInjectionTest.java:1078:79:1078:86 | source(...) : String | Log4jJndiInjectionTest.java:1078:70:1078:86 | (...)... | provenance | Sink:MaD:2011 | +| Log4jJndiInjectionTest.java:1078:79:1078:86 | source(...) : String | Log4jJndiInjectionTest.java:1078:70:1078:86 | (...)... | provenance | Sink:MaD:47985 | +| Log4jJndiInjectionTest.java:1079:64:1079:71 | source(...) : String | Log4jJndiInjectionTest.java:1079:55:1079:71 | (...)... | provenance | Sink:MaD:2011 | +| Log4jJndiInjectionTest.java:1079:64:1079:71 | source(...) : String | Log4jJndiInjectionTest.java:1079:55:1079:71 | (...)... | provenance | Sink:MaD:47985 | +| Log4jJndiInjectionTest.java:1080:49:1080:56 | source(...) : String | Log4jJndiInjectionTest.java:1080:40:1080:56 | (...)... | provenance | Sink:MaD:2011 | +| Log4jJndiInjectionTest.java:1080:49:1080:56 | source(...) : String | Log4jJndiInjectionTest.java:1080:40:1080:56 | (...)... | provenance | Sink:MaD:47985 | +| Log4jJndiInjectionTest.java:1081:34:1081:41 | source(...) : String | Log4jJndiInjectionTest.java:1081:25:1081:41 | (...)... | provenance | Sink:MaD:2011 | +| Log4jJndiInjectionTest.java:1081:34:1081:41 | source(...) : String | Log4jJndiInjectionTest.java:1081:25:1081:41 | (...)... | provenance | Sink:MaD:47985 | +| Log4jJndiInjectionTest.java:1083:34:1083:41 | source(...) : String | Log4jJndiInjectionTest.java:1083:25:1083:41 | (...)... | provenance | Sink:MaD:2003 | +| Log4jJndiInjectionTest.java:1083:34:1083:41 | source(...) : String | Log4jJndiInjectionTest.java:1083:25:1083:41 | (...)... | provenance | Sink:MaD:47977 | +| Log4jJndiInjectionTest.java:1084:54:1084:61 | source(...) : String | Log4jJndiInjectionTest.java:1084:40:1084:61 | (...)... | provenance | Sink:MaD:2003 | +| Log4jJndiInjectionTest.java:1084:54:1084:61 | source(...) : String | Log4jJndiInjectionTest.java:1084:40:1084:61 | (...)... | provenance | Sink:MaD:47977 | +| Log4jJndiInjectionTest.java:1085:39:1085:46 | source(...) : String | Log4jJndiInjectionTest.java:1085:25:1085:46 | (...)... | provenance | Sink:MaD:2001 | +| Log4jJndiInjectionTest.java:1085:39:1085:46 | source(...) : String | Log4jJndiInjectionTest.java:1085:25:1085:46 | (...)... | provenance | Sink:MaD:47975 | +| Log4jJndiInjectionTest.java:1088:47:1088:54 | source(...) : String | Log4jJndiInjectionTest.java:1088:38:1088:54 | (...)... | provenance | Sink:MaD:2349 | +| Log4jJndiInjectionTest.java:1089:53:1089:60 | source(...) : String | Log4jJndiInjectionTest.java:1089:44:1089:60 | (...)... | provenance | Sink:MaD:2351 | +| Log4jJndiInjectionTest.java:1091:13:1091:15 | map [post update] : HashMap [] : String | Log4jJndiInjectionTest.java:1092:34:1092:36 | map | provenance | Sink:MaD:2350 | +| Log4jJndiInjectionTest.java:1091:28:1091:44 | (...)... : String | Log4jJndiInjectionTest.java:1091:13:1091:15 | map [post update] : HashMap [] : String | provenance | MaD:43892 | | Log4jJndiInjectionTest.java:1091:37:1091:44 | source(...) : String | Log4jJndiInjectionTest.java:1091:28:1091:44 | (...)... : String | provenance | | -| Log4jJndiInjectionTest.java:1095:31:1095:88 | with(...) : StringMapMessage | Log4jJndiInjectionTest.java:1096:26:1096:29 | mmsg | provenance | | -| Log4jJndiInjectionTest.java:1095:71:1095:87 | (...)... : String | Log4jJndiInjectionTest.java:1095:31:1095:88 | with(...) : StringMapMessage | provenance | | +| Log4jJndiInjectionTest.java:1095:31:1095:88 | with(...) : StringMapMessage | Log4jJndiInjectionTest.java:1096:26:1096:29 | mmsg | provenance | Sink:MaD:2089 | +| Log4jJndiInjectionTest.java:1095:31:1095:88 | with(...) : StringMapMessage | Log4jJndiInjectionTest.java:1096:26:1096:29 | mmsg | provenance | Sink:MaD:48063 | +| Log4jJndiInjectionTest.java:1095:71:1095:87 | (...)... : String | Log4jJndiInjectionTest.java:1095:31:1095:88 | with(...) : StringMapMessage | provenance | MaD:1994+MaD:1993 | | Log4jJndiInjectionTest.java:1095:80:1095:87 | source(...) : String | Log4jJndiInjectionTest.java:1095:71:1095:87 | (...)... : String | provenance | | -| Log4jJndiInjectionTest.java:1100:13:1100:16 | mmsg [post update] : StringMapMessage | Log4jJndiInjectionTest.java:1101:26:1101:29 | mmsg | provenance | | -| Log4jJndiInjectionTest.java:1100:35:1100:51 | (...)... : String | Log4jJndiInjectionTest.java:1100:13:1100:16 | mmsg [post update] : StringMapMessage | provenance | | +| Log4jJndiInjectionTest.java:1100:13:1100:16 | mmsg [post update] : StringMapMessage | Log4jJndiInjectionTest.java:1101:26:1101:29 | mmsg | provenance | Sink:MaD:2089 | +| Log4jJndiInjectionTest.java:1100:13:1100:16 | mmsg [post update] : StringMapMessage | Log4jJndiInjectionTest.java:1101:26:1101:29 | mmsg | provenance | Sink:MaD:48063 | +| Log4jJndiInjectionTest.java:1100:35:1100:51 | (...)... : String | Log4jJndiInjectionTest.java:1100:13:1100:16 | mmsg [post update] : StringMapMessage | provenance | MaD:1994 | | Log4jJndiInjectionTest.java:1100:44:1100:51 | source(...) : String | Log4jJndiInjectionTest.java:1100:35:1100:51 | (...)... : String | provenance | | -| Log4jJndiInjectionTest.java:1105:13:1105:16 | mmsg [post update] : StringMapMessage | Log4jJndiInjectionTest.java:1106:26:1106:29 | mmsg | provenance | | -| Log4jJndiInjectionTest.java:1105:34:1105:50 | (...)... : String | Log4jJndiInjectionTest.java:1105:13:1105:16 | mmsg [post update] : StringMapMessage | provenance | | +| Log4jJndiInjectionTest.java:1105:13:1105:16 | mmsg [post update] : StringMapMessage | Log4jJndiInjectionTest.java:1106:26:1106:29 | mmsg | provenance | Sink:MaD:2089 | +| Log4jJndiInjectionTest.java:1105:13:1105:16 | mmsg [post update] : StringMapMessage | Log4jJndiInjectionTest.java:1106:26:1106:29 | mmsg | provenance | Sink:MaD:48063 | +| Log4jJndiInjectionTest.java:1105:34:1105:50 | (...)... : String | Log4jJndiInjectionTest.java:1105:13:1105:16 | mmsg [post update] : StringMapMessage | provenance | MaD:1991 | | Log4jJndiInjectionTest.java:1105:43:1105:50 | source(...) : String | Log4jJndiInjectionTest.java:1105:34:1105:50 | (...)... : String | provenance | | | Log4jJndiInjectionTest.java:1111:13:1111:15 | map [post update] : HashMap [] : String | Log4jJndiInjectionTest.java:1112:25:1112:27 | map : HashMap [] : String | provenance | | -| Log4jJndiInjectionTest.java:1111:33:1111:49 | (...)... : String | Log4jJndiInjectionTest.java:1111:13:1111:15 | map [post update] : HashMap [] : String | provenance | | +| Log4jJndiInjectionTest.java:1111:33:1111:49 | (...)... : String | Log4jJndiInjectionTest.java:1111:13:1111:15 | map [post update] : HashMap [] : String | provenance | MaD:43892 | | Log4jJndiInjectionTest.java:1111:42:1111:49 | source(...) : String | Log4jJndiInjectionTest.java:1111:33:1111:49 | (...)... : String | provenance | | -| Log4jJndiInjectionTest.java:1112:13:1112:16 | mmsg [post update] : StringMapMessage | Log4jJndiInjectionTest.java:1113:26:1113:29 | mmsg | provenance | | -| Log4jJndiInjectionTest.java:1112:25:1112:27 | map : HashMap [] : String | Log4jJndiInjectionTest.java:1112:13:1112:16 | mmsg [post update] : StringMapMessage | provenance | | -| Log4jJndiInjectionTest.java:1116:61:1116:68 | source(...) : String | Log4jJndiInjectionTest.java:1116:52:1116:68 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1117:81:1117:88 | source(...) : String | Log4jJndiInjectionTest.java:1117:72:1117:88 | (...)... | provenance | | -| Log4jJndiInjectionTest.java:1119:13:1119:15 | map [post update] : HashMap [] : String | Log4jJndiInjectionTest.java:1120:43:1120:45 | map | provenance | | -| Log4jJndiInjectionTest.java:1119:13:1119:15 | map [post update] : HashMap [] : String | Log4jJndiInjectionTest.java:1121:63:1121:65 | map | provenance | | -| Log4jJndiInjectionTest.java:1119:33:1119:49 | (...)... : String | Log4jJndiInjectionTest.java:1119:13:1119:15 | map [post update] : HashMap [] : String | provenance | | +| Log4jJndiInjectionTest.java:1112:13:1112:16 | mmsg [post update] : StringMapMessage | Log4jJndiInjectionTest.java:1113:26:1113:29 | mmsg | provenance | Sink:MaD:2089 | +| Log4jJndiInjectionTest.java:1112:13:1112:16 | mmsg [post update] : StringMapMessage | Log4jJndiInjectionTest.java:1113:26:1113:29 | mmsg | provenance | Sink:MaD:48063 | +| Log4jJndiInjectionTest.java:1112:25:1112:27 | map : HashMap [] : String | Log4jJndiInjectionTest.java:1112:13:1112:16 | mmsg [post update] : StringMapMessage | provenance | MaD:1992 | +| Log4jJndiInjectionTest.java:1116:61:1116:68 | source(...) : String | Log4jJndiInjectionTest.java:1116:52:1116:68 | (...)... | provenance | Sink:MaD:1995 | +| Log4jJndiInjectionTest.java:1117:81:1117:88 | source(...) : String | Log4jJndiInjectionTest.java:1117:72:1117:88 | (...)... | provenance | Sink:MaD:1997 | +| Log4jJndiInjectionTest.java:1119:13:1119:15 | map [post update] : HashMap [] : String | Log4jJndiInjectionTest.java:1120:43:1120:45 | map | provenance | Sink:MaD:1996 | +| Log4jJndiInjectionTest.java:1119:13:1119:15 | map [post update] : HashMap [] : String | Log4jJndiInjectionTest.java:1121:63:1121:65 | map | provenance | Sink:MaD:1998 | +| Log4jJndiInjectionTest.java:1119:33:1119:49 | (...)... : String | Log4jJndiInjectionTest.java:1119:13:1119:15 | map [post update] : HashMap [] : String | provenance | MaD:43892 | | Log4jJndiInjectionTest.java:1119:42:1119:49 | source(...) : String | Log4jJndiInjectionTest.java:1119:33:1119:49 | (...)... : String | provenance | | nodes | Log4jJndiInjectionTest.java:24:16:24:45 | getParameter(...) : String | semmle.label | getParameter(...) : String | diff --git a/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected index da71e407707e..4a5e877e1763 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected @@ -1,12 +1,12 @@ edges -| FilePathInjection.java:21:21:21:34 | getPara(...) : String | FilePathInjection.java:26:47:26:59 | finalFilePath | provenance | | -| FilePathInjection.java:64:21:64:34 | getPara(...) : String | FilePathInjection.java:72:47:72:59 | finalFilePath | provenance | | -| FilePathInjection.java:87:21:87:34 | getPara(...) : String | FilePathInjection.java:95:47:95:59 | finalFilePath | provenance | | -| FilePathInjection.java:177:50:177:58 | file : File | FilePathInjection.java:182:30:182:33 | file | provenance | | -| FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:209:24:209:31 | filePath : String | provenance | | -| FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:210:23:210:26 | file | provenance | | +| FilePathInjection.java:21:21:21:34 | getPara(...) : String | FilePathInjection.java:26:47:26:59 | finalFilePath | provenance | Src:MaD:1972 Sink:MaD:42888 | +| FilePathInjection.java:64:21:64:34 | getPara(...) : String | FilePathInjection.java:72:47:72:59 | finalFilePath | provenance | Src:MaD:1972 AdditionalValueStep Sink:MaD:42888 | +| FilePathInjection.java:87:21:87:34 | getPara(...) : String | FilePathInjection.java:95:47:95:59 | finalFilePath | provenance | Src:MaD:1972 AdditionalValueStep Sink:MaD:42888 | +| FilePathInjection.java:177:50:177:58 | file : File | FilePathInjection.java:182:30:182:33 | file | provenance | Sink:MaD:42885 | +| FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:209:24:209:31 | filePath : String | provenance | Src:MaD:44662 | +| FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:210:23:210:26 | file | provenance | Sink:MaD:42882 | | FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:217:19:217:22 | file : File | provenance | | -| FilePathInjection.java:209:24:209:31 | filePath : String | FilePathInjection.java:209:15:209:32 | new File(...) : File | provenance | | +| FilePathInjection.java:209:24:209:31 | filePath : String | FilePathInjection.java:209:15:209:32 | new File(...) : File | provenance | MaD:42944 | | FilePathInjection.java:217:19:217:22 | file : File | FilePathInjection.java:177:50:177:58 | file : File | provenance | | nodes | FilePathInjection.java:21:21:21:34 | getPara(...) : String | semmle.label | getPara(...) : String | diff --git a/java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.expected b/java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.expected index 926675f900a7..09a6ba84fa7e 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.expected @@ -1,18 +1,18 @@ edges -| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:22:67:22:72 | script : String | provenance | | -| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:25:66:25:71 | script : String | provenance | | -| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:31:36:31:41 | script : String | provenance | | -| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:38:52:38:57 | script : String | provenance | | -| RuntimeExecTest.java:22:43:22:73 | {...} : String[] [[]] : String | RuntimeExecTest.java:22:43:22:73 | new String[] | provenance | | +| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:22:67:22:72 | script : String | provenance | Src:MaD:43038 | +| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:25:66:25:71 | script : String | provenance | Src:MaD:43038 | +| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:31:36:31:41 | script : String | provenance | Src:MaD:43038 | +| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:38:52:38:57 | script : String | provenance | Src:MaD:43038 | +| RuntimeExecTest.java:22:43:22:73 | {...} : String[] [[]] : String | RuntimeExecTest.java:22:43:22:73 | new String[] | provenance | Sink:MaD:43017 | | RuntimeExecTest.java:22:67:22:72 | script : String | RuntimeExecTest.java:22:43:22:73 | {...} : String[] [[]] : String | provenance | | -| RuntimeExecTest.java:25:42:25:72 | {...} : String[] [[]] : String | RuntimeExecTest.java:26:43:26:55 | commandArray1 | provenance | | +| RuntimeExecTest.java:25:42:25:72 | {...} : String[] [[]] : String | RuntimeExecTest.java:26:43:26:55 | commandArray1 | provenance | Sink:MaD:43017 | | RuntimeExecTest.java:25:66:25:71 | script : String | RuntimeExecTest.java:25:42:25:72 | {...} : String[] [[]] : String | provenance | | -| RuntimeExecTest.java:31:17:31:29 | commandArray2 [post update] : String[] [[]] : String | RuntimeExecTest.java:32:43:32:55 | commandArray2 | provenance | | +| RuntimeExecTest.java:31:17:31:29 | commandArray2 [post update] : String[] [[]] : String | RuntimeExecTest.java:32:43:32:55 | commandArray2 | provenance | Sink:MaD:43017 | | RuntimeExecTest.java:31:36:31:41 | script : String | RuntimeExecTest.java:31:17:31:29 | commandArray2 [post update] : String[] [[]] : String | provenance | | -| RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | provenance | | -| RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) | provenance | | -| RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [] : String | RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [] : String | provenance | | -| RuntimeExecTest.java:38:39:38:58 | new String[] : String[] [[]] : String | RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [] : String | provenance | | +| RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | provenance | MaD:44346 | +| RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) | provenance | Sink:MaD:43017 | +| RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [] : String | RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [] : String | provenance | MaD:44281 | +| RuntimeExecTest.java:38:39:38:58 | new String[] : String[] [[]] : String | RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [] : String | provenance | MaD:43716 | | RuntimeExecTest.java:38:39:38:58 | {...} : String[] [[]] : String | RuntimeExecTest.java:38:39:38:58 | new String[] : String[] [[]] : String | provenance | | | RuntimeExecTest.java:38:52:38:57 | script : String | RuntimeExecTest.java:38:39:38:58 | {...} : String[] [[]] : String | provenance | | nodes diff --git a/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected b/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected index d27556a5ccb8..7c6d0fd722b7 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected @@ -1,6 +1,6 @@ edges -| JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | JSchOSInjectionTest.java:27:52:27:68 | ... + ... | provenance | | -| JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) : String | JSchOSInjectionTest.java:53:36:53:52 | ... + ... | provenance | | +| JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | JSchOSInjectionTest.java:27:52:27:68 | ... + ... | provenance | Src:MaD:44662 Sink:MaD:1957 | +| JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) : String | JSchOSInjectionTest.java:53:36:53:52 | ... + ... | provenance | Src:MaD:44662 Sink:MaD:1957 | nodes | JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | semmle.label | getParameter(...) : String | | JSchOSInjectionTest.java:27:52:27:68 | ... + ... | semmle.label | ... + ... | diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.expected index 9f043f8db51d..5cea005c987f 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.expected @@ -11,7 +11,7 @@ edges | MybatisSqlInjection.java:110:40:110:43 | name : String | MybatisSqlInjectionService.java:88:32:88:42 | name : String | provenance | | | MybatisSqlInjectionService.java:48:19:48:29 | name : String | MybatisSqlInjectionService.java:50:23:50:26 | name : String | provenance | | | MybatisSqlInjectionService.java:50:3:50:9 | hashMap [post update] : HashMap [] : String | MybatisSqlInjectionService.java:51:27:51:33 | hashMap | provenance | | -| MybatisSqlInjectionService.java:50:23:50:26 | name : String | MybatisSqlInjectionService.java:50:3:50:9 | hashMap [post update] : HashMap [] : String | provenance | | +| MybatisSqlInjectionService.java:50:23:50:26 | name : String | MybatisSqlInjectionService.java:50:3:50:9 | hashMap [post update] : HashMap [] : String | provenance | MaD:43892 | | MybatisSqlInjectionService.java:54:32:54:42 | name : String | MybatisSqlInjectionService.java:55:32:55:35 | name | provenance | | | MybatisSqlInjectionService.java:80:20:80:30 | name : String | MybatisSqlInjectionService.java:81:28:81:31 | name | provenance | | | MybatisSqlInjectionService.java:84:20:84:29 | age : String | MybatisSqlInjectionService.java:85:28:85:30 | age | provenance | | diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.expected index 2afdd9869d70..5da7a51a2ec7 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.expected @@ -1,8 +1,8 @@ edges -| BeanShellInjection.java:13:17:13:44 | getParameter(...) : String | BeanShellInjection.java:15:45:15:48 | code : String | provenance | | +| BeanShellInjection.java:13:17:13:44 | getParameter(...) : String | BeanShellInjection.java:15:45:15:48 | code : String | provenance | Src:MaD:44662 | | BeanShellInjection.java:15:45:15:48 | code : String | BeanShellInjection.java:15:22:15:49 | new StaticScriptSource(...) | provenance | | -| BeanShellInjection.java:20:17:20:44 | getParameter(...) : String | BeanShellInjection.java:22:20:22:23 | code | provenance | | -| BeanShellInjection.java:27:17:27:44 | getParameter(...) : String | BeanShellInjection.java:29:32:29:35 | code : String | provenance | | +| BeanShellInjection.java:20:17:20:44 | getParameter(...) : String | BeanShellInjection.java:22:20:22:23 | code | provenance | Src:MaD:44662 | +| BeanShellInjection.java:27:17:27:44 | getParameter(...) : String | BeanShellInjection.java:29:32:29:35 | code : String | provenance | Src:MaD:44662 | | BeanShellInjection.java:29:3:29:20 | staticScriptSource : StaticScriptSource | BeanShellInjection.java:31:22:31:39 | staticScriptSource | provenance | | | BeanShellInjection.java:29:32:29:35 | code : String | BeanShellInjection.java:29:3:29:20 | staticScriptSource : StaticScriptSource | provenance | | nodes diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.expected index 0f61156df132..267fa2caf275 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.expected @@ -1,7 +1,7 @@ edges -| JShellInjection.java:12:18:12:45 | getParameter(...) : String | JShellInjection.java:15:15:15:19 | input | provenance | | -| JShellInjection.java:20:18:20:45 | getParameter(...) : String | JShellInjection.java:24:31:24:35 | input | provenance | | -| JShellInjection.java:29:18:29:45 | getParameter(...) : String | JShellInjection.java:33:37:33:41 | input : String | provenance | | +| JShellInjection.java:12:18:12:45 | getParameter(...) : String | JShellInjection.java:15:15:15:19 | input | provenance | Src:MaD:44662 | +| JShellInjection.java:20:18:20:45 | getParameter(...) : String | JShellInjection.java:24:31:24:35 | input | provenance | Src:MaD:44662 | +| JShellInjection.java:29:18:29:45 | getParameter(...) : String | JShellInjection.java:33:37:33:41 | input : String | provenance | Src:MaD:44662 | | JShellInjection.java:33:15:33:42 | analyzeCompletion(...) : CompletionInfo | JShellInjection.java:37:16:37:19 | info : CompletionInfo | provenance | | | JShellInjection.java:33:37:33:41 | input : String | JShellInjection.java:33:15:33:42 | analyzeCompletion(...) : CompletionInfo | provenance | | | JShellInjection.java:35:12:35:50 | analyzeCompletion(...) : CompletionInfo | JShellInjection.java:37:16:37:19 | info : CompletionInfo | provenance | | diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.expected index dbf9191adad3..81f253ad8f4e 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.expected @@ -1,8 +1,8 @@ edges -| JakartaExpressionInjection.java:23:25:23:47 | getInputStream(...) : InputStream | JakartaExpressionInjection.java:23:54:23:58 | bytes [post update] : byte[] | provenance | | +| JakartaExpressionInjection.java:23:25:23:47 | getInputStream(...) : InputStream | JakartaExpressionInjection.java:23:54:23:58 | bytes [post update] : byte[] | provenance | Src:MaD:43270 MaD:42960 | | JakartaExpressionInjection.java:23:54:23:58 | bytes [post update] : byte[] | JakartaExpressionInjection.java:24:48:24:52 | bytes : byte[] | provenance | | | JakartaExpressionInjection.java:24:37:24:59 | new String(...) : String | JakartaExpressionInjection.java:25:31:25:40 | expression : String | provenance | | -| JakartaExpressionInjection.java:24:48:24:52 | bytes : byte[] | JakartaExpressionInjection.java:24:37:24:59 | new String(...) : String | provenance | | +| JakartaExpressionInjection.java:24:48:24:52 | bytes : byte[] | JakartaExpressionInjection.java:24:37:24:59 | new String(...) : String | provenance | MaD:43079 | | JakartaExpressionInjection.java:25:31:25:40 | expression : String | JakartaExpressionInjection.java:32:24:32:33 | expression : String | provenance | | | JakartaExpressionInjection.java:25:31:25:40 | expression : String | JakartaExpressionInjection.java:40:24:40:33 | expression : String | provenance | | | JakartaExpressionInjection.java:25:31:25:40 | expression : String | JakartaExpressionInjection.java:48:24:48:33 | expression : String | provenance | | diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.expected index 0d090adbea60..fe06d561722a 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.expected @@ -1,9 +1,9 @@ edges -| JythonInjection.java:28:23:28:50 | getParameter(...) : String | JythonInjection.java:36:30:36:33 | code | provenance | | -| JythonInjection.java:53:23:53:50 | getParameter(...) : String | JythonInjection.java:58:44:58:47 | code | provenance | | -| JythonInjection.java:73:23:73:50 | getParameter(...) : String | JythonInjection.java:81:35:81:38 | code | provenance | | -| JythonInjection.java:97:23:97:50 | getParameter(...) : String | JythonInjection.java:106:61:106:64 | code : String | provenance | | -| JythonInjection.java:106:61:106:64 | code : String | JythonInjection.java:106:61:106:75 | getBytes(...) | provenance | | +| JythonInjection.java:28:23:28:50 | getParameter(...) : String | JythonInjection.java:36:30:36:33 | code | provenance | Src:MaD:44662 | +| JythonInjection.java:53:23:53:50 | getParameter(...) : String | JythonInjection.java:58:44:58:47 | code | provenance | Src:MaD:44662 | +| JythonInjection.java:73:23:73:50 | getParameter(...) : String | JythonInjection.java:81:35:81:38 | code | provenance | Src:MaD:44662 | +| JythonInjection.java:97:23:97:50 | getParameter(...) : String | JythonInjection.java:106:61:106:64 | code : String | provenance | Src:MaD:44662 | +| JythonInjection.java:106:61:106:64 | code : String | JythonInjection.java:106:61:106:75 | getBytes(...) | provenance | MaD:43090 | nodes | JythonInjection.java:28:23:28:50 | getParameter(...) : String | semmle.label | getParameter(...) : String | | JythonInjection.java:36:30:36:33 | code | semmle.label | code | diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/ScriptInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-094/ScriptInjection.expected index d2119033cdf9..918584078241 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/ScriptInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-094/ScriptInjection.expected @@ -1,20 +1,20 @@ edges -| RhinoServlet.java:28:23:28:50 | getParameter(...) : String | RhinoServlet.java:32:55:32:58 | code | provenance | | -| RhinoServlet.java:81:23:81:50 | getParameter(...) : String | RhinoServlet.java:83:54:83:57 | code | provenance | | -| RhinoServlet.java:88:23:88:50 | getParameter(...) : String | RhinoServlet.java:89:74:89:77 | code : String | provenance | | -| RhinoServlet.java:89:74:89:77 | code : String | RhinoServlet.java:89:74:89:88 | getBytes(...) | provenance | | +| RhinoServlet.java:28:23:28:50 | getParameter(...) : String | RhinoServlet.java:32:55:32:58 | code | provenance | Src:MaD:44662 | +| RhinoServlet.java:81:23:81:50 | getParameter(...) : String | RhinoServlet.java:83:54:83:57 | code | provenance | Src:MaD:44662 | +| RhinoServlet.java:88:23:88:50 | getParameter(...) : String | RhinoServlet.java:89:74:89:77 | code : String | provenance | Src:MaD:44662 | +| RhinoServlet.java:89:74:89:77 | code : String | RhinoServlet.java:89:74:89:88 | getBytes(...) | provenance | MaD:43090 | | ScriptEngineTest.java:20:44:20:55 | input : String | ScriptEngineTest.java:24:37:24:41 | input | provenance | | | ScriptEngineTest.java:27:51:27:62 | input : String | ScriptEngineTest.java:31:31:31:35 | input | provenance | | | ScriptEngineTest.java:35:58:35:69 | input : String | ScriptEngineTest.java:39:31:39:35 | input | provenance | | | ScriptEngineTest.java:42:46:42:57 | input : String | ScriptEngineTest.java:46:31:46:35 | input | provenance | | | ScriptEngineTest.java:49:41:49:52 | input : String | ScriptEngineTest.java:52:42:52:46 | input | provenance | | | ScriptEngineTest.java:56:41:56:52 | input : String | ScriptEngineTest.java:59:51:59:55 | input | provenance | | -| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:93:57:93:60 | code : String | provenance | | -| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:94:64:94:67 | code : String | provenance | | -| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:95:71:95:74 | code : String | provenance | | -| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:96:59:96:62 | code : String | provenance | | -| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:97:54:97:57 | code : String | provenance | | -| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:98:54:98:57 | code : String | provenance | | +| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:93:57:93:60 | code : String | provenance | Src:MaD:44662 | +| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:94:64:94:67 | code : String | provenance | Src:MaD:44662 | +| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:95:71:95:74 | code : String | provenance | Src:MaD:44662 | +| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:96:59:96:62 | code : String | provenance | Src:MaD:44662 | +| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:97:54:97:57 | code : String | provenance | Src:MaD:44662 | +| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:98:54:98:57 | code : String | provenance | Src:MaD:44662 | | ScriptEngineTest.java:93:57:93:60 | code : String | ScriptEngineTest.java:20:44:20:55 | input : String | provenance | | | ScriptEngineTest.java:94:64:94:67 | code : String | ScriptEngineTest.java:27:51:27:62 | input : String | provenance | | | ScriptEngineTest.java:95:71:95:74 | code : String | ScriptEngineTest.java:35:58:35:69 | input : String | provenance | | diff --git a/java/ql/test/experimental/query-tests/security/CWE-1004/SensitiveCookieNotHttpOnly.expected b/java/ql/test/experimental/query-tests/security/CWE-1004/SensitiveCookieNotHttpOnly.expected index 5b1eefcc07ad..80c84e80b667 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-1004/SensitiveCookieNotHttpOnly.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-1004/SensitiveCookieNotHttpOnly.expected @@ -1,23 +1,25 @@ edges | SensitiveCookieNotHttpOnly.java:24:33:24:43 | "jwt_token" : String | SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | provenance | | -| SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:31:28:31:36 | jwtCookie | provenance | | +| SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:31:28:31:36 | jwtCookie | provenance | Sink:MaD:44653 | | SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | provenance | | -| SensitiveCookieNotHttpOnly.java:42:42:42:49 | "token=" : String | SensitiveCookieNotHttpOnly.java:42:42:42:69 | ... + ... | provenance | | -| SensitiveCookieNotHttpOnly.java:42:42:42:57 | ... + ... : String | SensitiveCookieNotHttpOnly.java:42:42:42:69 | ... + ... | provenance | | -| SensitiveCookieNotHttpOnly.java:52:42:52:113 | new NewCookie(...) : NewCookie | SensitiveCookieNotHttpOnly.java:52:42:52:124 | toString(...) | provenance | | -| SensitiveCookieNotHttpOnly.java:52:56:52:75 | "session-access-key" : String | SensitiveCookieNotHttpOnly.java:52:42:52:113 | new NewCookie(...) : NewCookie | provenance | | +| SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | provenance | MaD:44659 | +| SensitiveCookieNotHttpOnly.java:42:42:42:49 | "token=" : String | SensitiveCookieNotHttpOnly.java:42:42:42:69 | ... + ... | provenance | Sink:MaD:44654 | +| SensitiveCookieNotHttpOnly.java:42:42:42:57 | ... + ... : String | SensitiveCookieNotHttpOnly.java:42:42:42:69 | ... + ... | provenance | Sink:MaD:44654 | +| SensitiveCookieNotHttpOnly.java:52:42:52:113 | new NewCookie(...) : NewCookie | SensitiveCookieNotHttpOnly.java:52:42:52:124 | toString(...) | provenance | MaD:44701 Sink:MaD:44656 | +| SensitiveCookieNotHttpOnly.java:52:56:52:75 | "session-access-key" : String | SensitiveCookieNotHttpOnly.java:52:42:52:113 | new NewCookie(...) : NewCookie | provenance | MaD:44739 | | SensitiveCookieNotHttpOnly.java:63:37:63:115 | new NewCookie(...) : NewCookie | SensitiveCookieNotHttpOnly.java:64:25:64:39 | accessKeyCookie : NewCookie | provenance | | -| SensitiveCookieNotHttpOnly.java:63:51:63:70 | "session-access-key" : String | SensitiveCookieNotHttpOnly.java:63:37:63:115 | new NewCookie(...) : NewCookie | provenance | | -| SensitiveCookieNotHttpOnly.java:64:25:64:39 | accessKeyCookie : NewCookie | SensitiveCookieNotHttpOnly.java:64:25:64:50 | toString(...) : String | provenance | | -| SensitiveCookieNotHttpOnly.java:64:25:64:50 | toString(...) : String | SensitiveCookieNotHttpOnly.java:65:42:65:47 | keyStr | provenance | | -| SensitiveCookieNotHttpOnly.java:70:28:70:35 | "token=" : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | | -| SensitiveCookieNotHttpOnly.java:70:28:70:43 | ... + ... : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | | -| SensitiveCookieNotHttpOnly.java:70:28:70:55 | ... + ... : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | | +| SensitiveCookieNotHttpOnly.java:63:51:63:70 | "session-access-key" : String | SensitiveCookieNotHttpOnly.java:63:37:63:115 | new NewCookie(...) : NewCookie | provenance | MaD:44739 | +| SensitiveCookieNotHttpOnly.java:64:25:64:39 | accessKeyCookie : NewCookie | SensitiveCookieNotHttpOnly.java:64:25:64:50 | toString(...) : String | provenance | MaD:44701 | +| SensitiveCookieNotHttpOnly.java:64:25:64:50 | toString(...) : String | SensitiveCookieNotHttpOnly.java:65:42:65:47 | keyStr | provenance | Sink:MaD:44656 | +| SensitiveCookieNotHttpOnly.java:70:28:70:35 | "token=" : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | Sink:MaD:44654 | +| SensitiveCookieNotHttpOnly.java:70:28:70:43 | ... + ... : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | Sink:MaD:44654 | +| SensitiveCookieNotHttpOnly.java:70:28:70:55 | ... + ... : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | Sink:MaD:44654 | | SensitiveCookieNotHttpOnly.java:88:35:88:51 | "Presto-UI-Token" : String | SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | provenance | | | SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:91:16:91:21 | cookie : Cookie | provenance | | | SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | provenance | | +| SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | provenance | MaD:44659 | | SensitiveCookieNotHttpOnly.java:91:16:91:21 | cookie : Cookie | SensitiveCookieNotHttpOnly.java:110:25:110:64 | createAuthenticationCookie(...) : Cookie | provenance | | -| SensitiveCookieNotHttpOnly.java:110:25:110:64 | createAuthenticationCookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:111:28:111:33 | cookie | provenance | | +| SensitiveCookieNotHttpOnly.java:110:25:110:64 | createAuthenticationCookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:111:28:111:33 | cookie | provenance | Sink:MaD:44653 | nodes | SensitiveCookieNotHttpOnly.java:24:33:24:43 | "jwt_token" : String | semmle.label | "jwt_token" : String | | SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | semmle.label | new Cookie(...) : Cookie | diff --git a/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.expected b/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.expected index a006cdd08b4a..05ab62a412cf 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.expected @@ -1,5 +1,5 @@ edges -| InsecureWebResourceResponse.java:28:27:28:37 | getIntent(...) : Intent | InsecureWebResourceResponse.java:28:27:28:64 | getStringExtra(...) : String | provenance | | +| InsecureWebResourceResponse.java:28:27:28:37 | getIntent(...) : Intent | InsecureWebResourceResponse.java:28:27:28:64 | getStringExtra(...) : String | provenance | MaD:330 | | InsecureWebResourceResponse.java:28:27:28:64 | getStringExtra(...) : String | InsecureWebResourceResponse.java:30:25:30:32 | inputUrl : String | provenance | | | InsecureWebResourceResponse.java:28:27:28:64 | getStringExtra(...) : String | InsecureWebResourceResponse.java:32:25:32:32 | inputUrl : String | provenance | | | InsecureWebResourceResponse.java:28:27:28:64 | getStringExtra(...) : String | InsecureWebResourceResponse.java:34:25:34:32 | inputUrl : String | provenance | | @@ -19,99 +19,99 @@ edges | InsecureWebResourceResponse.java:59:34:59:43 | url : String | InsecureWebResourceResponse.java:75:20:75:22 | url : String | provenance | | | InsecureWebResourceResponse.java:63:77:63:86 | url : String | InsecureWebResourceResponse.java:65:41:65:43 | url : String | provenance | | | InsecureWebResourceResponse.java:65:31:65:44 | parse(...) : Uri | InsecureWebResourceResponse.java:66:71:66:73 | uri : Uri | provenance | | -| InsecureWebResourceResponse.java:65:41:65:43 | url : String | InsecureWebResourceResponse.java:65:31:65:44 | parse(...) : Uri | provenance | | +| InsecureWebResourceResponse.java:65:41:65:43 | url : String | InsecureWebResourceResponse.java:65:31:65:44 | parse(...) : Uri | provenance | MaD:514 | | InsecureWebResourceResponse.java:66:51:66:84 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:68:71:68:81 | inputStream | provenance | | -| InsecureWebResourceResponse.java:66:71:66:73 | uri : Uri | InsecureWebResourceResponse.java:66:71:66:83 | getPath(...) : String | provenance | | -| InsecureWebResourceResponse.java:66:71:66:83 | getPath(...) : String | InsecureWebResourceResponse.java:66:51:66:84 | new FileInputStream(...) : FileInputStream | provenance | | -| InsecureWebResourceResponse.java:75:20:75:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:75:20:75:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:75:20:75:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:75:20:75:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | | -| InsecureWebResourceResponse.java:75:20:75:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | | +| InsecureWebResourceResponse.java:66:71:66:73 | uri : Uri | InsecureWebResourceResponse.java:66:71:66:83 | getPath(...) : String | provenance | MaD:504 | +| InsecureWebResourceResponse.java:66:71:66:83 | getPath(...) : String | InsecureWebResourceResponse.java:66:51:66:84 | new FileInputStream(...) : FileInputStream | provenance | MaD:1981 | +| InsecureWebResourceResponse.java:75:20:75:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:75:20:75:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:75:20:75:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:75:20:75:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:75:20:75:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | AdditionalTaintStep | | InsecureWebResourceResponse.java:80:34:80:43 | url : String | InsecureWebResourceResponse.java:101:20:101:22 | url : String | provenance | | | InsecureWebResourceResponse.java:84:77:84:86 | url : String | InsecureWebResourceResponse.java:86:41:86:43 | url : String | provenance | | | InsecureWebResourceResponse.java:86:31:86:44 | parse(...) : Uri | InsecureWebResourceResponse.java:88:66:88:68 | uri : Uri | provenance | | -| InsecureWebResourceResponse.java:86:41:86:43 | url : String | InsecureWebResourceResponse.java:86:31:86:44 | parse(...) : Uri | provenance | | +| InsecureWebResourceResponse.java:86:41:86:43 | url : String | InsecureWebResourceResponse.java:86:31:86:44 | parse(...) : Uri | provenance | MaD:514 | | InsecureWebResourceResponse.java:88:42:88:90 | new File(...) : File | InsecureWebResourceResponse.java:89:75:89:83 | cacheFile : File | provenance | | -| InsecureWebResourceResponse.java:88:66:88:68 | uri : Uri | InsecureWebResourceResponse.java:88:66:88:89 | getLastPathSegment(...) : String | provenance | | -| InsecureWebResourceResponse.java:88:66:88:89 | getLastPathSegment(...) : String | InsecureWebResourceResponse.java:88:42:88:90 | new File(...) : File | provenance | | +| InsecureWebResourceResponse.java:88:66:88:68 | uri : Uri | InsecureWebResourceResponse.java:88:66:88:89 | getLastPathSegment(...) : String | provenance | MaD:503 | +| InsecureWebResourceResponse.java:88:66:88:89 | getLastPathSegment(...) : String | InsecureWebResourceResponse.java:88:42:88:90 | new File(...) : File | provenance | MaD:42945 | | InsecureWebResourceResponse.java:89:55:89:84 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:91:75:91:85 | inputStream | provenance | | -| InsecureWebResourceResponse.java:89:75:89:83 | cacheFile : File | InsecureWebResourceResponse.java:89:55:89:84 | new FileInputStream(...) : FileInputStream | provenance | | -| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | | -| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | | +| InsecureWebResourceResponse.java:89:75:89:83 | cacheFile : File | InsecureWebResourceResponse.java:89:55:89:84 | new FileInputStream(...) : FileInputStream | provenance | MaD:1981 | +| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | AdditionalTaintStep | | InsecureWebResourceResponse.java:106:34:106:43 | url : String | InsecureWebResourceResponse.java:127:20:127:22 | url : String | provenance | | | InsecureWebResourceResponse.java:110:77:110:86 | url : String | InsecureWebResourceResponse.java:112:41:112:43 | url : String | provenance | | | InsecureWebResourceResponse.java:112:31:112:44 | parse(...) : Uri | InsecureWebResourceResponse.java:113:35:113:37 | uri : Uri | provenance | | -| InsecureWebResourceResponse.java:112:41:112:43 | url : String | InsecureWebResourceResponse.java:112:31:112:44 | parse(...) : Uri | provenance | | -| InsecureWebResourceResponse.java:113:35:113:37 | uri : Uri | InsecureWebResourceResponse.java:113:35:113:47 | getPath(...) : String | provenance | | -| InsecureWebResourceResponse.java:113:35:113:47 | getPath(...) : String | InsecureWebResourceResponse.java:113:35:113:60 | substring(...) : String | provenance | | +| InsecureWebResourceResponse.java:112:41:112:43 | url : String | InsecureWebResourceResponse.java:112:31:112:44 | parse(...) : Uri | provenance | MaD:514 | +| InsecureWebResourceResponse.java:113:35:113:37 | uri : Uri | InsecureWebResourceResponse.java:113:35:113:47 | getPath(...) : String | provenance | MaD:504 | +| InsecureWebResourceResponse.java:113:35:113:47 | getPath(...) : String | InsecureWebResourceResponse.java:113:35:113:60 | substring(...) : String | provenance | MaD:43108 | | InsecureWebResourceResponse.java:113:35:113:60 | substring(...) : String | InsecureWebResourceResponse.java:115:75:115:78 | path : String | provenance | | | InsecureWebResourceResponse.java:115:55:115:108 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:117:75:117:85 | inputStream | provenance | | -| InsecureWebResourceResponse.java:115:75:115:78 | path : String | InsecureWebResourceResponse.java:115:75:115:107 | substring(...) : String | provenance | | -| InsecureWebResourceResponse.java:115:75:115:107 | substring(...) : String | InsecureWebResourceResponse.java:115:55:115:108 | new FileInputStream(...) : FileInputStream | provenance | | -| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | | -| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | | +| InsecureWebResourceResponse.java:115:75:115:78 | path : String | InsecureWebResourceResponse.java:115:75:115:107 | substring(...) : String | provenance | MaD:43108 | +| InsecureWebResourceResponse.java:115:75:115:107 | substring(...) : String | InsecureWebResourceResponse.java:115:55:115:108 | new FileInputStream(...) : FileInputStream | provenance | MaD:1981 | +| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | AdditionalTaintStep | | InsecureWebResourceResponse.java:131:36:131:45 | url : String | InsecureWebResourceResponse.java:152:20:152:22 | url : String | provenance | | -| InsecureWebResourceResponse.java:152:20:152:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:152:20:152:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:152:20:152:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:152:20:152:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | | -| InsecureWebResourceResponse.java:152:20:152:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | | +| InsecureWebResourceResponse.java:152:20:152:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:152:20:152:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:152:20:152:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:152:20:152:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:152:20:152:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | AdditionalTaintStep | | InsecureWebResourceResponse.java:156:35:156:44 | url : String | InsecureWebResourceResponse.java:177:20:177:22 | url : String | provenance | | -| InsecureWebResourceResponse.java:177:20:177:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:177:20:177:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:177:20:177:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:177:20:177:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | | -| InsecureWebResourceResponse.java:177:20:177:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | | +| InsecureWebResourceResponse.java:177:20:177:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:177:20:177:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:177:20:177:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:177:20:177:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:177:20:177:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | AdditionalTaintStep | | InsecureWebResourceResponse.java:181:34:181:43 | url : String | InsecureWebResourceResponse.java:184:20:184:22 | url : String | provenance | | -| InsecureWebResourceResponse.java:184:20:184:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:184:20:184:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:184:20:184:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:184:20:184:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | | -| InsecureWebResourceResponse.java:184:20:184:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | | +| InsecureWebResourceResponse.java:184:20:184:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:184:20:184:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:184:20:184:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:184:20:184:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:184:20:184:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | AdditionalTaintStep | | InsecureWebResourceResponse.java:188:34:188:43 | url : String | InsecureWebResourceResponse.java:209:20:209:22 | url : String | provenance | | | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | InsecureWebResourceResponse.java:194:31:194:37 | request : WebResourceRequest | provenance | | -| InsecureWebResourceResponse.java:194:31:194:37 | request : WebResourceRequest | InsecureWebResourceResponse.java:194:31:194:46 | getUrl(...) : Uri | provenance | | +| InsecureWebResourceResponse.java:194:31:194:37 | request : WebResourceRequest | InsecureWebResourceResponse.java:194:31:194:46 | getUrl(...) : Uri | provenance | MaD:1950 | | InsecureWebResourceResponse.java:194:31:194:46 | getUrl(...) : Uri | InsecureWebResourceResponse.java:196:66:196:68 | uri : Uri | provenance | | | InsecureWebResourceResponse.java:196:42:196:90 | new File(...) : File | InsecureWebResourceResponse.java:197:75:197:83 | cacheFile : File | provenance | | -| InsecureWebResourceResponse.java:196:66:196:68 | uri : Uri | InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String | provenance | | -| InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String | InsecureWebResourceResponse.java:196:42:196:90 | new File(...) : File | provenance | | +| InsecureWebResourceResponse.java:196:66:196:68 | uri : Uri | InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String | provenance | MaD:503 | +| InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String | InsecureWebResourceResponse.java:196:42:196:90 | new File(...) : File | provenance | MaD:42945 | | InsecureWebResourceResponse.java:197:55:197:84 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:199:75:199:85 | inputStream | provenance | | -| InsecureWebResourceResponse.java:197:75:197:83 | cacheFile : File | InsecureWebResourceResponse.java:197:55:197:84 | new FileInputStream(...) : FileInputStream | provenance | | -| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | | -| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | | +| InsecureWebResourceResponse.java:197:75:197:83 | cacheFile : File | InsecureWebResourceResponse.java:197:55:197:84 | new FileInputStream(...) : FileInputStream | provenance | MaD:1981 | +| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | AdditionalTaintStep | | InsecureWebResourceResponse.java:217:35:217:44 | url : String | InsecureWebResourceResponse.java:226:20:226:22 | url : String | provenance | | -| InsecureWebResourceResponse.java:226:20:226:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:226:20:226:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:226:20:226:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | | -| InsecureWebResourceResponse.java:226:20:226:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | | -| InsecureWebResourceResponse.java:226:20:226:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | | +| InsecureWebResourceResponse.java:226:20:226:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:226:20:226:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:226:20:226:22 | url : String | InsecureWebResourceResponse.java:110:77:110:86 | url : String | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:226:20:226:22 | url : String | InsecureWebResourceResponse.java:192:77:192:102 | request : WebResourceRequest | provenance | AdditionalTaintStep | +| InsecureWebResourceResponse.java:226:20:226:22 | url : String | InsecureWebResourceResponse.java:232:69:232:78 | url : String | provenance | AdditionalTaintStep | | InsecureWebResourceResponse.java:232:69:232:78 | url : String | InsecureWebResourceResponse.java:234:33:234:35 | url : String | provenance | | | InsecureWebResourceResponse.java:234:23:234:36 | parse(...) : Uri | InsecureWebResourceResponse.java:235:63:235:65 | uri : Uri | provenance | | -| InsecureWebResourceResponse.java:234:33:234:35 | url : String | InsecureWebResourceResponse.java:234:23:234:36 | parse(...) : Uri | provenance | | +| InsecureWebResourceResponse.java:234:33:234:35 | url : String | InsecureWebResourceResponse.java:234:23:234:36 | parse(...) : Uri | provenance | MaD:514 | | InsecureWebResourceResponse.java:235:43:235:76 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:237:63:237:73 | inputStream | provenance | | -| InsecureWebResourceResponse.java:235:63:235:65 | uri : Uri | InsecureWebResourceResponse.java:235:63:235:75 | getPath(...) : String | provenance | | -| InsecureWebResourceResponse.java:235:63:235:75 | getPath(...) : String | InsecureWebResourceResponse.java:235:43:235:76 | new FileInputStream(...) : FileInputStream | provenance | | -| InsecureWebViewActivity.java:27:27:27:37 | getIntent(...) : Intent | InsecureWebViewActivity.java:27:27:27:64 | getStringExtra(...) : String | provenance | | +| InsecureWebResourceResponse.java:235:63:235:65 | uri : Uri | InsecureWebResourceResponse.java:235:63:235:75 | getPath(...) : String | provenance | MaD:504 | +| InsecureWebResourceResponse.java:235:63:235:75 | getPath(...) : String | InsecureWebResourceResponse.java:235:43:235:76 | new FileInputStream(...) : FileInputStream | provenance | MaD:1981 | +| InsecureWebViewActivity.java:27:27:27:37 | getIntent(...) : Intent | InsecureWebViewActivity.java:27:27:27:64 | getStringExtra(...) : String | provenance | MaD:330 | | InsecureWebViewActivity.java:27:27:27:64 | getStringExtra(...) : String | InsecureWebViewActivity.java:28:20:28:27 | inputUrl : String | provenance | | | InsecureWebViewActivity.java:28:20:28:27 | inputUrl : String | InsecureWebViewActivity.java:42:28:42:37 | url : String | provenance | | | InsecureWebViewActivity.java:42:28:42:37 | url : String | InsecureWebViewActivity.java:43:25:43:27 | url : String | provenance | | -| InsecureWebViewActivity.java:43:25:43:27 | url : String | InsecureWebViewActivity.java:53:77:53:86 | url : String | provenance | | +| InsecureWebViewActivity.java:43:25:43:27 | url : String | InsecureWebViewActivity.java:53:77:53:86 | url : String | provenance | AdditionalTaintStep | | InsecureWebViewActivity.java:53:77:53:86 | url : String | InsecureWebViewActivity.java:55:41:55:43 | url : String | provenance | | | InsecureWebViewActivity.java:55:31:55:44 | parse(...) : Uri | InsecureWebViewActivity.java:56:71:56:73 | uri : Uri | provenance | | -| InsecureWebViewActivity.java:55:41:55:43 | url : String | InsecureWebViewActivity.java:55:31:55:44 | parse(...) : Uri | provenance | | +| InsecureWebViewActivity.java:55:41:55:43 | url : String | InsecureWebViewActivity.java:55:31:55:44 | parse(...) : Uri | provenance | MaD:514 | | InsecureWebViewActivity.java:56:51:56:84 | new FileInputStream(...) : FileInputStream | InsecureWebViewActivity.java:58:71:58:81 | inputStream | provenance | | -| InsecureWebViewActivity.java:56:71:56:73 | uri : Uri | InsecureWebViewActivity.java:56:71:56:83 | getPath(...) : String | provenance | | -| InsecureWebViewActivity.java:56:71:56:83 | getPath(...) : String | InsecureWebViewActivity.java:56:51:56:84 | new FileInputStream(...) : FileInputStream | provenance | | +| InsecureWebViewActivity.java:56:71:56:73 | uri : Uri | InsecureWebViewActivity.java:56:71:56:83 | getPath(...) : String | provenance | MaD:504 | +| InsecureWebViewActivity.java:56:71:56:83 | getPath(...) : String | InsecureWebViewActivity.java:56:51:56:84 | new FileInputStream(...) : FileInputStream | provenance | MaD:1981 | nodes | InsecureWebResourceResponse.java:28:27:28:37 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent | | InsecureWebResourceResponse.java:28:27:28:64 | getStringExtra(...) : String | semmle.label | getStringExtra(...) : String | diff --git a/java/ql/test/experimental/query-tests/security/CWE-200/SensitiveAndroidFileLeak.expected b/java/ql/test/experimental/query-tests/security/CWE-200/SensitiveAndroidFileLeak.expected index 739a825664bf..467d77b0e409 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-200/SensitiveAndroidFileLeak.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-200/SensitiveAndroidFileLeak.expected @@ -1,6 +1,6 @@ edges | FileService.java:20:31:20:43 | intent : Intent | FileService.java:21:28:21:33 | intent : Intent | provenance | | -| FileService.java:21:28:21:33 | intent : Intent | FileService.java:21:28:21:64 | getStringExtra(...) : String | provenance | | +| FileService.java:21:28:21:33 | intent : Intent | FileService.java:21:28:21:64 | getStringExtra(...) : String | provenance | MaD:330 | | FileService.java:21:28:21:64 | getStringExtra(...) : String | FileService.java:25:42:25:50 | localPath : String | provenance | | | FileService.java:25:13:25:51 | makeParamsToExecute(...) : Object[] | FileService.java:40:41:40:55 | params : Object[] | provenance | | | FileService.java:25:13:25:51 | makeParamsToExecute(...) : Object[] [[]] : String | FileService.java:25:13:25:51 | makeParamsToExecute(...) : Object[] | provenance | | @@ -10,14 +10,14 @@ edges | FileService.java:34:20:36:13 | {...} : Object[] [[]] : String | FileService.java:34:20:36:13 | new Object[] : Object[] [[]] : String | provenance | | | FileService.java:35:17:35:25 | sourceUri : String | FileService.java:34:20:36:13 | {...} : Object[] [[]] : String | provenance | | | FileService.java:40:41:40:55 | params : Object[] | FileService.java:44:33:44:52 | (...)... : String[] | provenance | | -| FileService.java:44:33:44:52 | (...)... : String[] | FileService.java:45:53:45:59 | ...[...] | provenance | | +| FileService.java:44:33:44:52 | (...)... : String[] | FileService.java:45:53:45:59 | ...[...] | provenance | Sink:MaD:42888 | | LeakFileActivity2.java:15:13:15:18 | intent : Intent | LeakFileActivity2.java:16:26:16:31 | intent : Intent | provenance | | | LeakFileActivity2.java:16:26:16:31 | intent : Intent | FileService.java:20:31:20:43 | intent : Intent | provenance | | | LeakFileActivity.java:14:35:14:38 | data : Intent | LeakFileActivity.java:18:40:18:59 | contentIntent : Intent | provenance | | | LeakFileActivity.java:18:40:18:59 | contentIntent : Intent | LeakFileActivity.java:19:31:19:43 | contentIntent : Intent | provenance | | -| LeakFileActivity.java:19:31:19:43 | contentIntent : Intent | LeakFileActivity.java:19:31:19:53 | getData(...) : Uri | provenance | | +| LeakFileActivity.java:19:31:19:43 | contentIntent : Intent | LeakFileActivity.java:19:31:19:53 | getData(...) : Uri | provenance | MaD:317 | | LeakFileActivity.java:19:31:19:53 | getData(...) : Uri | LeakFileActivity.java:21:58:21:72 | streamsToUpload : Uri | provenance | | -| LeakFileActivity.java:21:58:21:72 | streamsToUpload : Uri | LeakFileActivity.java:21:58:21:82 | getPath(...) | provenance | | +| LeakFileActivity.java:21:58:21:72 | streamsToUpload : Uri | LeakFileActivity.java:21:58:21:82 | getPath(...) | provenance | MaD:504 Sink:MaD:42924 | nodes | FileService.java:20:31:20:43 | intent : Intent | semmle.label | intent : Intent | | FileService.java:21:28:21:33 | intent : Intent | semmle.label | intent : Intent | diff --git a/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.expected b/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.expected index 64b6414d2e02..8845418ec367 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.expected @@ -6,7 +6,7 @@ edges | Test.java:99:26:99:45 | doFinal(...) : byte[] | Test.java:101:49:101:51 | tag | provenance | | | Test.java:116:28:116:30 | tag : byte[] | Test.java:118:44:118:46 | tag | provenance | | | Test.java:134:56:134:58 | tag : ByteBuffer | Test.java:136:44:136:46 | tag : ByteBuffer | provenance | | -| Test.java:136:44:136:46 | tag : ByteBuffer | Test.java:136:44:136:54 | array(...) | provenance | | +| Test.java:136:44:136:46 | tag : ByteBuffer | Test.java:136:44:136:54 | array(...) | provenance | MaD:43457 | | Test.java:148:56:148:58 | tag : ByteBuffer | Test.java:150:53:150:55 | tag | provenance | | | Test.java:174:26:174:50 | doFinal(...) : byte[] | Test.java:176:44:176:46 | tag | provenance | | | Test.java:201:34:201:50 | doFinal(...) : byte[] | Test.java:204:26:204:36 | computedTag | provenance | | diff --git a/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.expected b/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.expected index c803d30fa2fe..ebc616f9826c 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.expected @@ -1,5 +1,5 @@ edges -| UnvalidatedCors.java:21:22:21:48 | getHeader(...) : String | UnvalidatedCors.java:27:67:27:69 | url | provenance | | +| UnvalidatedCors.java:21:22:21:48 | getHeader(...) : String | UnvalidatedCors.java:27:67:27:69 | url | provenance | Src:MaD:44640 Sink:MaD:44654 | nodes | UnvalidatedCors.java:21:22:21:48 | getHeader(...) : String | semmle.label | getHeader(...) : String | | UnvalidatedCors.java:27:67:27:69 | url | semmle.label | url | diff --git a/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected b/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected index 1fa40af94f29..2621cd8075a1 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected @@ -1,8 +1,8 @@ edges | ClientSuppliedIpUsedInSecurityCheck.java:16:21:16:33 | getClientIP(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:17:37:17:38 | ip | provenance | | | ClientSuppliedIpUsedInSecurityCheck.java:24:21:24:33 | getClientIP(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:25:33:25:34 | ip | provenance | | -| ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:23 | xfHeader : String | provenance | | -| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:23 | xfHeader : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:34 | split(...) : String[] | provenance | | +| ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:23 | xfHeader : String | provenance | Src:MaD:44640 | +| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:23 | xfHeader : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:34 | split(...) : String[] | provenance | MaD:43103 | | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:34 | split(...) : String[] | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | provenance | | | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | ClientSuppliedIpUsedInSecurityCheck.java:16:21:16:33 | getClientIP(...) : String | provenance | | | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | ClientSuppliedIpUsedInSecurityCheck.java:24:21:24:33 | getClientIP(...) : String | provenance | | diff --git a/java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.expected index 3bd9825e18fd..c0ae69ab3932 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.expected @@ -1,11 +1,11 @@ edges -| JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr | provenance | | -| JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr | provenance | | -| JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr | provenance | | -| JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr | provenance | | -| JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr | provenance | | -| JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr | provenance | | -| JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr | provenance | | +| JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr | provenance | Src:MaD:44662 | +| JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr | provenance | Src:MaD:44662 | +| JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr | provenance | Src:MaD:44662 | +| JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr | provenance | Src:MaD:44662 | +| JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr | provenance | Src:MaD:44662 Sink:MaD:42923 | +| JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr | provenance | Src:MaD:44662 Sink:MaD:42923 | +| JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr | provenance | Src:MaD:44662 | nodes | JsonpController.java:33:32:33:68 | getParameter(...) : String | semmle.label | getParameter(...) : String | | JsonpController.java:37:16:37:24 | resultStr | semmle.label | resultStr | diff --git a/java/ql/test/experimental/query-tests/security/CWE-400/LocalThreadResourceAbuse.expected b/java/ql/test/experimental/query-tests/security/CWE-400/LocalThreadResourceAbuse.expected index 04c8147eac5a..2a7e010b53f6 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-400/LocalThreadResourceAbuse.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-400/LocalThreadResourceAbuse.expected @@ -1,12 +1,12 @@ edges -| ThreadResourceAbuse.java:37:25:37:73 | getInitParameter(...) : String | ThreadResourceAbuse.java:40:28:40:36 | delayTime : Number | provenance | | +| ThreadResourceAbuse.java:37:25:37:73 | getInitParameter(...) : String | ThreadResourceAbuse.java:40:28:40:36 | delayTime : Number | provenance | TaintPreservingCallable | | ThreadResourceAbuse.java:40:4:40:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:71:15:71:17 | parameter this : UncheckedSyncAction [waitTime] : Number | provenance | | | ThreadResourceAbuse.java:40:28:40:36 | delayTime : Number | ThreadResourceAbuse.java:40:4:40:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | provenance | | | ThreadResourceAbuse.java:40:28:40:36 | delayTime : Number | ThreadResourceAbuse.java:66:30:66:41 | waitTime : Number | provenance | | | ThreadResourceAbuse.java:66:30:66:41 | waitTime : Number | ThreadResourceAbuse.java:67:20:67:27 | waitTime : Number | provenance | | | ThreadResourceAbuse.java:67:20:67:27 | waitTime : Number | ThreadResourceAbuse.java:67:4:67:7 | this [post update] : UncheckedSyncAction [waitTime] : Number | provenance | | | ThreadResourceAbuse.java:71:15:71:17 | parameter this : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | this <.field> : UncheckedSyncAction [waitTime] : Number | provenance | | -| ThreadResourceAbuse.java:74:18:74:25 | this <.field> : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | waitTime | provenance | | +| ThreadResourceAbuse.java:74:18:74:25 | this <.field> : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | waitTime | provenance | Sink:MaD:1982 | nodes | ThreadResourceAbuse.java:37:25:37:73 | getInitParameter(...) : String | semmle.label | getInitParameter(...) : String | | ThreadResourceAbuse.java:40:4:40:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | semmle.label | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | diff --git a/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected b/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected index 635ce2979ffe..bbd254964b88 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected @@ -1,36 +1,36 @@ edges -| ThreadResourceAbuse.java:18:25:18:57 | getParameter(...) : String | ThreadResourceAbuse.java:21:28:21:36 | delayTime : Number | provenance | | +| ThreadResourceAbuse.java:18:25:18:57 | getParameter(...) : String | ThreadResourceAbuse.java:21:28:21:36 | delayTime : Number | provenance | Src:MaD:44662 TaintPreservingCallable | | ThreadResourceAbuse.java:21:4:21:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:71:15:71:17 | parameter this : UncheckedSyncAction [waitTime] : Number | provenance | | | ThreadResourceAbuse.java:21:28:21:36 | delayTime : Number | ThreadResourceAbuse.java:21:4:21:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | provenance | | | ThreadResourceAbuse.java:21:28:21:36 | delayTime : Number | ThreadResourceAbuse.java:66:30:66:41 | waitTime : Number | provenance | | -| ThreadResourceAbuse.java:29:82:29:114 | getParameter(...) : String | ThreadResourceAbuse.java:30:28:30:36 | delayTime : Number | provenance | | +| ThreadResourceAbuse.java:29:82:29:114 | getParameter(...) : String | ThreadResourceAbuse.java:30:28:30:36 | delayTime : Number | provenance | Src:MaD:44662 TaintPreservingCallable | | ThreadResourceAbuse.java:30:4:30:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:71:15:71:17 | parameter this : UncheckedSyncAction [waitTime] : Number | provenance | | | ThreadResourceAbuse.java:30:28:30:36 | delayTime : Number | ThreadResourceAbuse.java:30:4:30:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | provenance | | | ThreadResourceAbuse.java:30:28:30:36 | delayTime : Number | ThreadResourceAbuse.java:66:30:66:41 | waitTime : Number | provenance | | | ThreadResourceAbuse.java:66:30:66:41 | waitTime : Number | ThreadResourceAbuse.java:67:20:67:27 | waitTime : Number | provenance | | | ThreadResourceAbuse.java:67:20:67:27 | waitTime : Number | ThreadResourceAbuse.java:67:4:67:7 | this [post update] : UncheckedSyncAction [waitTime] : Number | provenance | | | ThreadResourceAbuse.java:71:15:71:17 | parameter this : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | this <.field> : UncheckedSyncAction [waitTime] : Number | provenance | | -| ThreadResourceAbuse.java:74:18:74:25 | this <.field> : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | waitTime | provenance | | -| ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | ThreadResourceAbuse.java:144:34:144:42 | delayTime | provenance | | -| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:176:17:176:26 | retryAfter | provenance | | -| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | provenance | | +| ThreadResourceAbuse.java:74:18:74:25 | this <.field> : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | waitTime | provenance | Sink:MaD:1982 | +| ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | ThreadResourceAbuse.java:144:34:144:42 | delayTime | provenance | Src:MaD:44639 TaintPreservingCallable Sink:MaD:1985 | +| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:176:17:176:26 | retryAfter | provenance | Src:MaD:44640 TaintPreservingCallable Sink:MaD:1982 | +| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | provenance | Src:MaD:44662 TaintPreservingCallable | | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number | UploadListener.java:28:14:28:19 | parameter this : UploadListener [slowUploads] : Number | provenance | | | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number | provenance | | | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | provenance | | -| ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | provenance | | -| ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | ThreadResourceAbuse.java:219:17:219:33 | ... * ... | provenance | | -| ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | provenance | | +| ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | provenance | Src:MaD:44640 TaintPreservingCallable | +| ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | ThreadResourceAbuse.java:219:17:219:33 | ... * ... | provenance | Sink:MaD:1982 | +| ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | provenance | Src:MaD:44640 TaintPreservingCallable | | ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | provenance | | -| ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | ThreadResourceAbuse.java:233:17:233:26 | retryAfter | provenance | | +| ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | ThreadResourceAbuse.java:233:17:233:26 | retryAfter | provenance | Sink:MaD:1982 | | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | UploadListener.java:16:17:16:33 | sleepMilliseconds : Number | provenance | | | UploadListener.java:16:17:16:33 | sleepMilliseconds : Number | UploadListener.java:16:3:16:13 | this <.field> [post update] : UploadListener [slowUploads] : Number | provenance | | | UploadListener.java:28:14:28:19 | parameter this : UploadListener [slowUploads] : Number | UploadListener.java:29:3:29:11 | this <.field> : UploadListener [slowUploads] : Number | provenance | | | UploadListener.java:29:3:29:11 | this <.field> : UploadListener [slowUploads] : Number | UploadListener.java:30:3:30:15 | this <.field> : UploadListener [slowUploads] : Number | provenance | | | UploadListener.java:30:3:30:15 | this <.field> : UploadListener [slowUploads] : Number | UploadListener.java:33:7:33:17 | this <.field> : UploadListener [slowUploads] : Number | provenance | | | UploadListener.java:30:3:30:15 | this <.field> : UploadListener [slowUploads] : Number | UploadListener.java:35:18:35:28 | this <.field> : UploadListener [slowUploads] : Number | provenance | | -| UploadListener.java:33:7:33:17 | slowUploads : Number | UploadListener.java:35:18:35:28 | slowUploads | provenance | | +| UploadListener.java:33:7:33:17 | slowUploads : Number | UploadListener.java:35:18:35:28 | slowUploads | provenance | Sink:MaD:1982 | | UploadListener.java:33:7:33:17 | this <.field> : UploadListener [slowUploads] : Number | UploadListener.java:33:7:33:17 | slowUploads : Number | provenance | | -| UploadListener.java:35:18:35:28 | this <.field> : UploadListener [slowUploads] : Number | UploadListener.java:35:18:35:28 | slowUploads | provenance | | +| UploadListener.java:35:18:35:28 | this <.field> : UploadListener [slowUploads] : Number | UploadListener.java:35:18:35:28 | slowUploads | provenance | Sink:MaD:1982 | nodes | ThreadResourceAbuse.java:18:25:18:57 | getParameter(...) : String | semmle.label | getParameter(...) : String | | ThreadResourceAbuse.java:21:4:21:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | semmle.label | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | diff --git a/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.expected b/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.expected index 37a3e15ea7a1..5665d912827f 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.expected @@ -1,12 +1,12 @@ edges -| UnsafeReflection.java:21:28:21:60 | getParameter(...) : String | UnsafeReflection.java:24:41:24:49 | className : String | provenance | | -| UnsafeReflection.java:22:33:22:70 | getParameter(...) : String | UnsafeReflection.java:25:76:25:89 | parameterValue | provenance | | +| UnsafeReflection.java:21:28:21:60 | getParameter(...) : String | UnsafeReflection.java:24:41:24:49 | className : String | provenance | Src:MaD:44662 | +| UnsafeReflection.java:22:33:22:70 | getParameter(...) : String | UnsafeReflection.java:25:76:25:89 | parameterValue | provenance | Src:MaD:44662 | | UnsafeReflection.java:24:27:24:50 | forName(...) : Class | UnsafeReflection.java:25:29:25:33 | clazz : Class | provenance | | | UnsafeReflection.java:24:41:24:49 | className : String | UnsafeReflection.java:24:27:24:50 | forName(...) : Class | provenance | | | UnsafeReflection.java:25:29:25:33 | clazz : Class | UnsafeReflection.java:25:29:25:59 | getDeclaredConstructors(...) : Constructor[] | provenance | | | UnsafeReflection.java:25:29:25:59 | getDeclaredConstructors(...) : Constructor[] | UnsafeReflection.java:25:29:25:62 | ...[...] | provenance | | -| UnsafeReflection.java:33:28:33:60 | getParameter(...) : String | UnsafeReflection.java:37:49:37:57 | className : String | provenance | | -| UnsafeReflection.java:34:33:34:70 | getParameter(...) : String | UnsafeReflection.java:39:58:39:71 | parameterValue | provenance | | +| UnsafeReflection.java:33:28:33:60 | getParameter(...) : String | UnsafeReflection.java:37:49:37:57 | className : String | provenance | Src:MaD:44662 | +| UnsafeReflection.java:34:33:34:70 | getParameter(...) : String | UnsafeReflection.java:39:58:39:71 | parameterValue | provenance | Src:MaD:44662 | | UnsafeReflection.java:37:27:37:58 | loadClass(...) : Class | UnsafeReflection.java:38:29:38:33 | clazz : Class | provenance | | | UnsafeReflection.java:37:49:37:57 | className : String | UnsafeReflection.java:37:27:37:58 | loadClass(...) : Class | provenance | | | UnsafeReflection.java:38:29:38:33 | clazz : Class | UnsafeReflection.java:38:29:38:47 | newInstance(...) : Object | provenance | | @@ -17,13 +17,13 @@ edges | UnsafeReflection.java:46:24:46:82 | beanIdOrClassName : String | UnsafeReflection.java:53:30:53:46 | beanIdOrClassName : String | provenance | | | UnsafeReflection.java:46:132:46:168 | body : Map | UnsafeReflection.java:49:37:49:40 | body : Map | provenance | | | UnsafeReflection.java:49:23:49:59 | (...)... : List | UnsafeReflection.java:53:67:53:73 | rawData : List | provenance | | -| UnsafeReflection.java:49:37:49:40 | body : Map | UnsafeReflection.java:49:37:49:59 | get(...) : Object | provenance | | +| UnsafeReflection.java:49:37:49:40 | body : Map | UnsafeReflection.java:49:37:49:59 | get(...) : Object | provenance | MaD:43863 | | UnsafeReflection.java:49:37:49:59 | get(...) : Object | UnsafeReflection.java:49:23:49:59 | (...)... : List | provenance | | | UnsafeReflection.java:53:30:53:46 | beanIdOrClassName : String | UnsafeReflection.java:104:34:104:57 | beanIdOrClassName : String | provenance | | | UnsafeReflection.java:53:67:53:73 | rawData : List | UnsafeReflection.java:104:102:104:118 | data : List | provenance | | -| UnsafeReflection.java:62:33:62:70 | getParameter(...) : String | UnsafeReflection.java:68:76:68:89 | parameterValue | provenance | | -| UnsafeReflection.java:77:33:77:70 | getParameter(...) : String | UnsafeReflection.java:83:76:83:89 | parameterValue | provenance | | -| UnsafeReflection.java:92:33:92:70 | getParameter(...) : String | UnsafeReflection.java:98:76:98:89 | parameterValue | provenance | | +| UnsafeReflection.java:62:33:62:70 | getParameter(...) : String | UnsafeReflection.java:68:76:68:89 | parameterValue | provenance | Src:MaD:44662 | +| UnsafeReflection.java:77:33:77:70 | getParameter(...) : String | UnsafeReflection.java:83:76:83:89 | parameterValue | provenance | Src:MaD:44662 | +| UnsafeReflection.java:92:33:92:70 | getParameter(...) : String | UnsafeReflection.java:98:76:98:89 | parameterValue | provenance | Src:MaD:44662 | | UnsafeReflection.java:104:34:104:57 | beanIdOrClassName : String | UnsafeReflection.java:108:39:108:55 | beanIdOrClassName : String | provenance | | | UnsafeReflection.java:104:102:104:118 | data : List | UnsafeReflection.java:119:41:119:44 | data | provenance | | | UnsafeReflection.java:108:25:108:56 | forName(...) : Class | UnsafeReflection.java:109:31:109:39 | beanClass : Class | provenance | | diff --git a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.expected b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.expected index 5d1bec7e0936..597b5199e743 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.expected @@ -1,17 +1,17 @@ edges -| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:14:30:14:32 | map : Map | provenance | | +| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:14:30:14:32 | map : Map | provenance | Src:MaD:44663 | | SensitiveGetQuery2.java:14:21:14:48 | (...)... : String | SensitiveGetQuery2.java:15:29:15:36 | password | provenance | | | SensitiveGetQuery2.java:14:21:14:48 | (...)... : String | SensitiveGetQuery2.java:15:29:15:36 | password : String | provenance | | -| SensitiveGetQuery2.java:14:30:14:32 | map : Map | SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object | provenance | | +| SensitiveGetQuery2.java:14:30:14:32 | map : Map | SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object | provenance | MaD:43863 | | SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object | SensitiveGetQuery2.java:14:21:14:48 | (...)... : String | provenance | | | SensitiveGetQuery2.java:15:29:15:36 | password : String | SensitiveGetQuery2.java:18:40:18:54 | password : String | provenance | | | SensitiveGetQuery2.java:18:40:18:54 | password : String | SensitiveGetQuery2.java:19:61:19:68 | password | provenance | | | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | SensitiveGetQuery3.java:13:57:13:64 | password | provenance | | -| SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) : String | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | provenance | | +| SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) : String | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | provenance | Src:MaD:44662 | | SensitiveGetQuery4.java:14:24:14:66 | getRequestParameter(...) : String | SensitiveGetQuery4.java:16:37:16:47 | accessToken | provenance | | -| SensitiveGetQuery4.java:20:10:20:40 | getParameter(...) : String | SensitiveGetQuery4.java:14:24:14:66 | getRequestParameter(...) : String | provenance | | -| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password | provenance | | -| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password : String | provenance | | +| SensitiveGetQuery4.java:20:10:20:40 | getParameter(...) : String | SensitiveGetQuery4.java:14:24:14:66 | getRequestParameter(...) : String | provenance | Src:MaD:44662 | +| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password | provenance | Src:MaD:44662 | +| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password : String | provenance | Src:MaD:44662 | | SensitiveGetQuery.java:14:29:14:36 | password : String | SensitiveGetQuery.java:17:40:17:54 | password : String | provenance | | | SensitiveGetQuery.java:17:40:17:54 | password : String | SensitiveGetQuery.java:18:61:18:68 | password | provenance | | nodes diff --git a/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.expected b/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.expected index d257ae513247..c11b7bb3335d 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.expected @@ -1,8 +1,8 @@ edges -| UncaughtServletException.java:13:15:13:43 | getParameter(...) : String | UncaughtServletException.java:14:44:14:45 | ip | provenance | | -| UncaughtServletException.java:16:19:16:41 | getRemoteUser(...) : String | UncaughtServletException.java:17:20:17:25 | userId | provenance | | -| UncaughtServletException.java:54:16:54:44 | getParameter(...) : String | UncaughtServletException.java:55:45:55:46 | ip | provenance | | -| UncaughtServletException.java:75:21:75:43 | getRemoteUser(...) : String | UncaughtServletException.java:76:22:76:27 | userId | provenance | | +| UncaughtServletException.java:13:15:13:43 | getParameter(...) : String | UncaughtServletException.java:14:44:14:45 | ip | provenance | Src:MaD:44662 | +| UncaughtServletException.java:16:19:16:41 | getRemoteUser(...) : String | UncaughtServletException.java:17:20:17:25 | userId | provenance | Src:MaD:44649 | +| UncaughtServletException.java:54:16:54:44 | getParameter(...) : String | UncaughtServletException.java:55:45:55:46 | ip | provenance | Src:MaD:44662 | +| UncaughtServletException.java:75:21:75:43 | getRemoteUser(...) : String | UncaughtServletException.java:76:22:76:27 | userId | provenance | Src:MaD:44649 | nodes | UncaughtServletException.java:13:15:13:43 | getParameter(...) : String | semmle.label | getParameter(...) : String | | UncaughtServletException.java:14:44:14:45 | ip | semmle.label | ip | diff --git a/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.expected b/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.expected index 8042fd3ddedc..dfeab1653606 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.expected @@ -6,35 +6,35 @@ edges | SpringUrlRedirect.java:41:24:41:41 | redirectUrl : String | SpringUrlRedirect.java:44:29:44:39 | redirectUrl | provenance | | | SpringUrlRedirect.java:49:24:49:41 | redirectUrl : String | SpringUrlRedirect.java:52:30:52:40 | redirectUrl | provenance | | | SpringUrlRedirect.java:57:24:57:41 | redirectUrl : String | SpringUrlRedirect.java:58:55:58:65 | redirectUrl : String | provenance | | -| SpringUrlRedirect.java:58:30:58:66 | new ..[] { .. } : Object[] [[]] : String | SpringUrlRedirect.java:58:30:58:66 | format(...) | provenance | | +| SpringUrlRedirect.java:58:30:58:66 | new ..[] { .. } : Object[] [[]] : String | SpringUrlRedirect.java:58:30:58:66 | format(...) | provenance | MaD:43086 | | SpringUrlRedirect.java:58:55:58:65 | redirectUrl : String | SpringUrlRedirect.java:58:30:58:66 | new ..[] { .. } : Object[] [[]] : String | provenance | | | SpringUrlRedirect.java:62:24:62:41 | redirectUrl : String | SpringUrlRedirect.java:63:44:63:68 | ... + ... : String | provenance | | -| SpringUrlRedirect.java:63:44:63:68 | ... + ... : String | SpringUrlRedirect.java:63:30:63:76 | format(...) | provenance | | +| SpringUrlRedirect.java:63:44:63:68 | ... + ... : String | SpringUrlRedirect.java:63:30:63:76 | format(...) | provenance | MaD:43085 | | SpringUrlRedirect.java:89:38:89:55 | redirectUrl : String | SpringUrlRedirect.java:91:38:91:48 | redirectUrl : String | provenance | | -| SpringUrlRedirect.java:91:38:91:48 | redirectUrl : String | SpringUrlRedirect.java:91:27:91:49 | create(...) | provenance | | +| SpringUrlRedirect.java:91:38:91:48 | redirectUrl : String | SpringUrlRedirect.java:91:27:91:49 | create(...) | provenance | MaD:43306 | | SpringUrlRedirect.java:96:39:96:56 | redirectUrl : String | SpringUrlRedirect.java:98:44:98:54 | redirectUrl : String | provenance | | | SpringUrlRedirect.java:98:9:98:19 | httpHeaders : HttpHeaders | SpringUrlRedirect.java:100:37:100:47 | httpHeaders | provenance | | | SpringUrlRedirect.java:98:33:98:55 | create(...) : URI | SpringUrlRedirect.java:98:9:98:19 | httpHeaders : HttpHeaders | provenance | | -| SpringUrlRedirect.java:98:44:98:54 | redirectUrl : String | SpringUrlRedirect.java:98:33:98:55 | create(...) : URI | provenance | | +| SpringUrlRedirect.java:98:44:98:54 | redirectUrl : String | SpringUrlRedirect.java:98:33:98:55 | create(...) : URI | provenance | MaD:43306 | | SpringUrlRedirect.java:104:39:104:56 | redirectUrl : String | SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | provenance | | | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders | SpringUrlRedirect.java:108:68:108:78 | httpHeaders | provenance | | | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders [, ] : String | SpringUrlRedirect.java:108:68:108:78 | httpHeaders | provenance | | -| SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders | provenance | | -| SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders [, ] : String | provenance | | +| SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:49197 | +| SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders [, ] : String | provenance | MaD:49438 | | SpringUrlRedirect.java:112:39:112:56 | redirectUrl : String | SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | provenance | | | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders | SpringUrlRedirect.java:116:37:116:47 | httpHeaders | provenance | | | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders [, ] : String | SpringUrlRedirect.java:116:37:116:47 | httpHeaders | provenance | | -| SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders | provenance | | -| SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders [, ] : String | provenance | | +| SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:49197 | +| SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders [, ] : String | provenance | MaD:49438 | | SpringUrlRedirect.java:120:33:120:50 | redirectUrl : String | SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | provenance | | | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders | SpringUrlRedirect.java:124:49:124:59 | httpHeaders | provenance | | | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders [, ] : String | SpringUrlRedirect.java:124:49:124:59 | httpHeaders | provenance | | -| SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders | provenance | | -| SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders [, ] : String | provenance | | +| SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:49197 | +| SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders [, ] : String | provenance | MaD:49438 | | SpringUrlRedirect.java:128:33:128:50 | redirectUrl : String | SpringUrlRedirect.java:130:44:130:54 | redirectUrl : String | provenance | | | SpringUrlRedirect.java:130:9:130:19 | httpHeaders : HttpHeaders | SpringUrlRedirect.java:132:49:132:59 | httpHeaders | provenance | | | SpringUrlRedirect.java:130:33:130:55 | create(...) : URI | SpringUrlRedirect.java:130:9:130:19 | httpHeaders : HttpHeaders | provenance | | -| SpringUrlRedirect.java:130:44:130:54 | redirectUrl : String | SpringUrlRedirect.java:130:33:130:55 | create(...) : URI | provenance | | +| SpringUrlRedirect.java:130:44:130:54 | redirectUrl : String | SpringUrlRedirect.java:130:33:130:55 | create(...) : URI | provenance | MaD:43306 | nodes | SpringUrlRedirect.java:17:30:17:47 | redirectUrl : String | semmle.label | redirectUrl : String | | SpringUrlRedirect.java:19:19:19:29 | redirectUrl | semmle.label | redirectUrl | diff --git a/java/ql/test/experimental/query-tests/security/CWE-625/PermissiveDotRegex.expected b/java/ql/test/experimental/query-tests/security/CWE-625/PermissiveDotRegex.expected index d6e5f12ec299..af2568a0790d 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-625/PermissiveDotRegex.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-625/PermissiveDotRegex.expected @@ -1,9 +1,14 @@ edges -| DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | DotRegexFilter.java:32:25:32:30 | source | provenance | | -| DotRegexServlet.java:19:19:19:39 | getPathInfo(...) : String | DotRegexServlet.java:22:25:22:30 | source | provenance | | -| DotRegexServlet.java:57:19:57:41 | getRequestURI(...) : String | DotRegexServlet.java:59:21:59:26 | source | provenance | | -| DotRegexServlet.java:75:19:75:39 | getPathInfo(...) : String | DotRegexServlet.java:77:56:77:61 | source | provenance | | -| DotRegexServlet.java:112:19:112:39 | getPathInfo(...) : String | DotRegexServlet.java:115:25:115:30 | source | provenance | | +| DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | DotRegexFilter.java:32:25:32:30 | source | provenance | Src:MaD:1986 | +| DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | DotRegexFilter.java:32:25:32:30 | source | provenance | Src:MaD:44647 | +| DotRegexServlet.java:19:19:19:39 | getPathInfo(...) : String | DotRegexServlet.java:22:25:22:30 | source | provenance | Src:MaD:1986 | +| DotRegexServlet.java:19:19:19:39 | getPathInfo(...) : String | DotRegexServlet.java:22:25:22:30 | source | provenance | Src:MaD:44647 | +| DotRegexServlet.java:57:19:57:41 | getRequestURI(...) : String | DotRegexServlet.java:59:21:59:26 | source | provenance | Src:MaD:1988 | +| DotRegexServlet.java:57:19:57:41 | getRequestURI(...) : String | DotRegexServlet.java:59:21:59:26 | source | provenance | Src:MaD:44650 | +| DotRegexServlet.java:75:19:75:39 | getPathInfo(...) : String | DotRegexServlet.java:77:56:77:61 | source | provenance | Src:MaD:1986 | +| DotRegexServlet.java:75:19:75:39 | getPathInfo(...) : String | DotRegexServlet.java:77:56:77:61 | source | provenance | Src:MaD:44647 | +| DotRegexServlet.java:112:19:112:39 | getPathInfo(...) : String | DotRegexServlet.java:115:25:115:30 | source | provenance | Src:MaD:1986 | +| DotRegexServlet.java:112:19:112:39 | getPathInfo(...) : String | DotRegexServlet.java:115:25:115:30 | source | provenance | Src:MaD:44647 | | DotRegexSpring.java:20:26:20:50 | path : String | DotRegexSpring.java:22:21:22:24 | path : String | provenance | | | DotRegexSpring.java:22:10:22:25 | decodePath(...) : String | DotRegexSpring.java:23:25:23:28 | path | provenance | | | DotRegexSpring.java:22:21:22:24 | path : String | DotRegexSpring.java:22:10:22:25 | decodePath(...) : String | provenance | | @@ -16,7 +21,7 @@ edges | DotRegexSpring.java:69:28:69:38 | path : String | DotRegexSpring.java:73:10:73:13 | path : String | provenance | | | DotRegexSpring.java:71:11:71:42 | decode(...) : String | DotRegexSpring.java:71:29:71:32 | path : String | provenance | | | DotRegexSpring.java:71:11:71:42 | decode(...) : String | DotRegexSpring.java:73:10:73:13 | path : String | provenance | | -| DotRegexSpring.java:71:29:71:32 | path : String | DotRegexSpring.java:71:11:71:42 | decode(...) : String | provenance | | +| DotRegexSpring.java:71:29:71:32 | path : String | DotRegexSpring.java:71:11:71:42 | decode(...) : String | provenance | MaD:43327 | nodes | DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | semmle.label | getPathInfo(...) : String | | DotRegexFilter.java:32:25:32:30 | source | semmle.label | source | diff --git a/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.expected index 60b0f3977ee0..5604e742680d 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.expected @@ -1,31 +1,31 @@ edges -| XQueryInjection.java:45:23:45:50 | getParameter(...) : String | XQueryInjection.java:50:60:50:64 | query : String | provenance | | +| XQueryInjection.java:45:23:45:50 | getParameter(...) : String | XQueryInjection.java:50:60:50:64 | query : String | provenance | Src:MaD:44662 | | XQueryInjection.java:50:37:50:65 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:51:35:51:38 | xqpe | provenance | | | XQueryInjection.java:50:60:50:64 | query : String | XQueryInjection.java:50:37:50:65 | prepareExpression(...) : XQPreparedExpression | provenance | | -| XQueryInjection.java:59:23:59:50 | getParameter(...) : String | XQueryInjection.java:65:53:65:57 | query | provenance | | +| XQueryInjection.java:59:23:59:50 | getParameter(...) : String | XQueryInjection.java:65:53:65:57 | query | provenance | Src:MaD:44662 | | XQueryInjection.java:73:32:73:59 | nameStr : String | XQueryInjection.java:78:60:78:64 | query : String | provenance | | | XQueryInjection.java:78:37:78:65 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:79:35:79:38 | xqpe | provenance | | | XQueryInjection.java:78:60:78:64 | query : String | XQueryInjection.java:78:37:78:65 | prepareExpression(...) : XQPreparedExpression | provenance | | | XQueryInjection.java:86:33:86:60 | nameStr : String | XQueryInjection.java:92:53:92:57 | query | provenance | | -| XQueryInjection.java:100:28:100:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:103:60:103:63 | name : ServletInputStream | provenance | | +| XQueryInjection.java:100:28:100:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:103:60:103:63 | name : ServletInputStream | provenance | Src:MaD:44661 | | XQueryInjection.java:103:37:103:64 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:104:35:104:38 | xqpe | provenance | | | XQueryInjection.java:103:60:103:63 | name : ServletInputStream | XQueryInjection.java:103:37:103:64 | prepareExpression(...) : XQPreparedExpression | provenance | | -| XQueryInjection.java:112:28:112:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:116:53:116:56 | name | provenance | | -| XQueryInjection.java:124:28:124:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:125:70:125:73 | name : ServletInputStream | provenance | | +| XQueryInjection.java:112:28:112:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:116:53:116:56 | name | provenance | Src:MaD:44661 | +| XQueryInjection.java:124:28:124:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:125:70:125:73 | name : ServletInputStream | provenance | Src:MaD:44661 | | XQueryInjection.java:125:29:125:75 | new BufferedReader(...) : BufferedReader | XQueryInjection.java:128:60:128:61 | br : BufferedReader | provenance | | -| XQueryInjection.java:125:48:125:74 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:125:29:125:75 | new BufferedReader(...) : BufferedReader | provenance | | -| XQueryInjection.java:125:70:125:73 | name : ServletInputStream | XQueryInjection.java:125:48:125:74 | new InputStreamReader(...) : InputStreamReader | provenance | | +| XQueryInjection.java:125:48:125:74 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:125:29:125:75 | new BufferedReader(...) : BufferedReader | provenance | MaD:42932 | +| XQueryInjection.java:125:70:125:73 | name : ServletInputStream | XQueryInjection.java:125:48:125:74 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42966 | | XQueryInjection.java:128:37:128:62 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:129:35:129:38 | xqpe | provenance | | | XQueryInjection.java:128:60:128:61 | br : BufferedReader | XQueryInjection.java:128:37:128:62 | prepareExpression(...) : XQPreparedExpression | provenance | | -| XQueryInjection.java:137:28:137:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:138:70:138:73 | name : ServletInputStream | provenance | | +| XQueryInjection.java:137:28:137:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:138:70:138:73 | name : ServletInputStream | provenance | Src:MaD:44661 | | XQueryInjection.java:138:29:138:75 | new BufferedReader(...) : BufferedReader | XQueryInjection.java:142:53:142:54 | br | provenance | | -| XQueryInjection.java:138:48:138:74 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:138:29:138:75 | new BufferedReader(...) : BufferedReader | provenance | | -| XQueryInjection.java:138:70:138:73 | name : ServletInputStream | XQueryInjection.java:138:48:138:74 | new InputStreamReader(...) : InputStreamReader | provenance | | -| XQueryInjection.java:150:23:150:50 | getParameter(...) : String | XQueryInjection.java:155:29:155:32 | name | provenance | | -| XQueryInjection.java:157:26:157:49 | getInputStream(...) : ServletInputStream | XQueryInjection.java:158:70:158:71 | is : ServletInputStream | provenance | | +| XQueryInjection.java:138:48:138:74 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:138:29:138:75 | new BufferedReader(...) : BufferedReader | provenance | MaD:42932 | +| XQueryInjection.java:138:70:138:73 | name : ServletInputStream | XQueryInjection.java:138:48:138:74 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42966 | +| XQueryInjection.java:150:23:150:50 | getParameter(...) : String | XQueryInjection.java:155:29:155:32 | name | provenance | Src:MaD:44662 | +| XQueryInjection.java:157:26:157:49 | getInputStream(...) : ServletInputStream | XQueryInjection.java:158:70:158:71 | is : ServletInputStream | provenance | Src:MaD:44661 | | XQueryInjection.java:158:29:158:73 | new BufferedReader(...) : BufferedReader | XQueryInjection.java:159:29:159:30 | br | provenance | | -| XQueryInjection.java:158:48:158:72 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:158:29:158:73 | new BufferedReader(...) : BufferedReader | provenance | | -| XQueryInjection.java:158:70:158:71 | is : ServletInputStream | XQueryInjection.java:158:48:158:72 | new InputStreamReader(...) : InputStreamReader | provenance | | +| XQueryInjection.java:158:48:158:72 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:158:29:158:73 | new BufferedReader(...) : BufferedReader | provenance | MaD:42932 | +| XQueryInjection.java:158:70:158:71 | is : ServletInputStream | XQueryInjection.java:158:48:158:72 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42966 | nodes | XQueryInjection.java:45:23:45:50 | getParameter(...) : String | semmle.label | getParameter(...) : String | | XQueryInjection.java:50:37:50:65 | prepareExpression(...) : XQPreparedExpression | semmle.label | prepareExpression(...) : XQPreparedExpression | diff --git a/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.expected b/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.expected index 80df54d749a2..888250176ec6 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.expected @@ -1,13 +1,13 @@ edges -| NFEAndroidDoS.java:13:24:13:34 | getIntent(...) : Intent | NFEAndroidDoS.java:13:24:13:61 | getStringExtra(...) : String | provenance | | -| NFEAndroidDoS.java:13:24:13:61 | getStringExtra(...) : String | NFEAndroidDoS.java:14:21:14:51 | parseDouble(...) | provenance | | -| NFEAndroidDoS.java:22:21:22:31 | getIntent(...) : Intent | NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : String | provenance | | -| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : String | NFEAndroidDoS.java:23:15:23:40 | parseInt(...) | provenance | | -| NFEAndroidDoS.java:25:22:25:32 | getIntent(...) : Intent | NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : String | provenance | | -| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : String | NFEAndroidDoS.java:26:16:26:42 | parseInt(...) | provenance | | -| NFEAndroidDoS.java:43:24:43:34 | getIntent(...) : Intent | NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : String | provenance | | -| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : String | NFEAndroidDoS.java:44:21:44:43 | new Double(...) | provenance | | -| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : String | NFEAndroidDoS.java:47:21:47:47 | valueOf(...) | provenance | | +| NFEAndroidDoS.java:13:24:13:34 | getIntent(...) : Intent | NFEAndroidDoS.java:13:24:13:61 | getStringExtra(...) : String | provenance | MaD:330 | +| NFEAndroidDoS.java:13:24:13:61 | getStringExtra(...) : String | NFEAndroidDoS.java:14:21:14:51 | parseDouble(...) | provenance | TaintPreservingCallable | +| NFEAndroidDoS.java:22:21:22:31 | getIntent(...) : Intent | NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : String | provenance | MaD:330 | +| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : String | NFEAndroidDoS.java:23:15:23:40 | parseInt(...) | provenance | TaintPreservingCallable | +| NFEAndroidDoS.java:25:22:25:32 | getIntent(...) : Intent | NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : String | provenance | MaD:330 | +| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : String | NFEAndroidDoS.java:26:16:26:42 | parseInt(...) | provenance | TaintPreservingCallable | +| NFEAndroidDoS.java:43:24:43:34 | getIntent(...) : Intent | NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : String | provenance | MaD:330 | +| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : String | NFEAndroidDoS.java:44:21:44:43 | new Double(...) | provenance | TaintPreservingCallable | +| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : String | NFEAndroidDoS.java:47:21:47:47 | valueOf(...) | provenance | TaintPreservingCallable | nodes | NFEAndroidDoS.java:13:24:13:34 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent | | NFEAndroidDoS.java:13:24:13:61 | getStringExtra(...) : String | semmle.label | getStringExtra(...) : String | diff --git a/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.expected b/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.expected index 9666029ebdc2..1a8ff23fae39 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.expected @@ -1,9 +1,9 @@ edges -| HashWithoutSalt.java:10:36:10:43 | password : String | HashWithoutSalt.java:10:36:10:54 | getBytes(...) | provenance | | -| HashWithoutSalt.java:25:13:25:20 | password : String | HashWithoutSalt.java:25:13:25:31 | getBytes(...) | provenance | | -| HashWithoutSalt.java:93:22:93:29 | password : String | HashWithoutSalt.java:93:22:93:40 | getBytes(...) : byte[] | provenance | | +| HashWithoutSalt.java:10:36:10:43 | password : String | HashWithoutSalt.java:10:36:10:54 | getBytes(...) | provenance | MaD:43090 | +| HashWithoutSalt.java:25:13:25:20 | password : String | HashWithoutSalt.java:25:13:25:31 | getBytes(...) | provenance | MaD:43090 | +| HashWithoutSalt.java:93:22:93:29 | password : String | HashWithoutSalt.java:93:22:93:40 | getBytes(...) : byte[] | provenance | MaD:43090 | | HashWithoutSalt.java:93:22:93:40 | getBytes(...) : byte[] | HashWithoutSalt.java:94:17:94:25 | passBytes | provenance | | -| HashWithoutSalt.java:111:22:111:29 | password : String | HashWithoutSalt.java:111:22:111:40 | getBytes(...) : byte[] | provenance | | +| HashWithoutSalt.java:111:22:111:29 | password : String | HashWithoutSalt.java:111:22:111:40 | getBytes(...) : byte[] | provenance | MaD:43090 | | HashWithoutSalt.java:111:22:111:40 | getBytes(...) : byte[] | HashWithoutSalt.java:112:18:112:26 | passBytes | provenance | | nodes | HashWithoutSalt.java:10:36:10:43 | password : String | semmle.label | password : String | diff --git a/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.ql b/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.ql index 8f3e731dadde..b58044b14f4b 100644 --- a/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.ql +++ b/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.ql @@ -14,7 +14,7 @@ predicate taintFlowUpdate(DataFlow::ParameterNode p1, DataFlow::ParameterNode p2 predicate summaryStep(FlowSummaryNode src, FlowSummaryNode sink) { FlowSummaryImpl::Private::Steps::summaryLocalStep(src.getSummaryNode(), sink.getSummaryNode(), - false) or + false, _) or FlowSummaryImpl::Private::Steps::summaryReadStep(src.getSummaryNode(), _, sink.getSummaryNode()) or FlowSummaryImpl::Private::Steps::summaryStoreStep(src.getSummaryNode(), _, sink.getSummaryNode()) } @@ -22,7 +22,7 @@ predicate summaryStep(FlowSummaryNode src, FlowSummaryNode sink) { from DataFlow::Node src, DataFlow::Node sink where ( - localAdditionalTaintStep(src, sink) or + localAdditionalTaintStep(src, sink, _) or FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(src, sink, _) ) and not summaryStep(src, sink) diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected index 9be77dca3332..9e899c2866dd 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected @@ -1,12 +1,12 @@ edges | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | | -| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | | -| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:43079 | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:43270 MaD:42960 | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | | | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | -| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | | -| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43676 | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43543 | | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | | nodes diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected index c3d7b2f7a5f9..05cc5f16a53c 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected @@ -1,16 +1,16 @@ edges | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | | -| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | | -| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:43079 | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:43270 MaD:42960 | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | | | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | -| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | | -| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43676 | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43543 | | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | | -| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | | -| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:1 Sink:MaD:43543 | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:1 Sink:MaD:43676 | nodes | Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] | | Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected index 301b7bdc9110..11ae2ff36414 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected @@ -1,26 +1,26 @@ edges | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | | -| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | | -| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:43079 | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:43270 MaD:42960 | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | | | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | -| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | | -| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43676 | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43543 | | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | | -| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | | -| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | | -| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | | -| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | | -| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:1 Sink:MaD:43543 | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:1 Sink:MaD:43676 | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | Src:MaD:2 Sink:MaD:43543 | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | Src:MaD:2 Sink:MaD:43676 | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42960 | | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | provenance | | | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | provenance | | -| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | | +| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43543 | | Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | | Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | provenance | | | Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | -| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | | +| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43676 | nodes | Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] | | Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected index 0c536214b5ba..1d5286d83fb5 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected @@ -1,28 +1,28 @@ edges | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | | -| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | | -| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:43079 | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:43270 MaD:42960 | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | | | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | -| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | | -| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43676 | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43543 | | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | | -| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | | -| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | | -| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | | -| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | | -| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:55:26:55:68 | ... + ... | provenance | | -| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:58:36:58:41 | result | provenance | | -| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:1 Sink:MaD:43543 | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:1 Sink:MaD:43676 | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | Src:MaD:2 Sink:MaD:43543 | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | Src:MaD:2 Sink:MaD:43676 | +| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:55:26:55:68 | ... + ... | provenance | Src:MaD:3 Sink:MaD:43543 | +| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:58:36:58:41 | result | provenance | Src:MaD:3 Sink:MaD:43676 | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42960 | | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | provenance | | | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | provenance | | -| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | | +| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43543 | | Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | | Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | provenance | | | Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | -| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | | +| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43676 | nodes | Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] | | Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected index 7a0b1572ac54..f48aff00da29 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected @@ -1,24 +1,24 @@ edges | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | | -| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | | -| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:43079 | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:43270 MaD:42960 | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | | | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | -| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | | -| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43676 | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43543 | | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | | -| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | | -| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | | -| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | Src:MaD:3 Sink:MaD:43543 | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | Src:MaD:3 Sink:MaD:43676 | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42960 | | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | provenance | | | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | provenance | | -| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | | +| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43543 | | Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | | Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | provenance | | | Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | -| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | | +| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43676 | nodes | Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] | | Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected index ba132f5b7395..e4f539c2414d 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected @@ -1,24 +1,24 @@ edges | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | | -| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | | -| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:43079 | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:43270 MaD:42960 | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | | | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | | | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | -| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | | -| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43676 | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43543 | | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | | -| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | | -| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | | -| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:2 Sink:MaD:43543 | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:2 Sink:MaD:43676 | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42960 | | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | provenance | | | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | provenance | | -| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | | +| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43543 | | Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | | Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | provenance | | | Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | | -| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | | +| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43676 | nodes | Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] | | Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String | diff --git a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected index 57aadbcee428..941e6ac3d6c9 100644 --- a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected +++ b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected @@ -1,8 +1,8 @@ edges -| UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | provenance | | -| UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | provenance | | -| UrlRedirectJax.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJax.java:10:24:10:62 | new URI(...) | provenance | | -| UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJax.java:13:33:13:71 | new URI(...) | provenance | | +| UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | provenance | Src:MaD:44662 MaD:43305 Sink:MaD:42717 | +| UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | provenance | Src:MaD:44662 MaD:43305 Sink:MaD:42718 | +| UrlRedirectJax.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJax.java:10:24:10:62 | new URI(...) | provenance | Src:MaD:44662 MaD:43305 Sink:MaD:44690 | +| UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJax.java:13:33:13:71 | new URI(...) | provenance | Src:MaD:44662 MaD:43305 Sink:MaD:44691 | nodes | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | semmle.label | new URI(...) | | UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | semmle.label | getParameter(...) : String | diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected b/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected index 07beb3e1b00b..618af71b184a 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected @@ -1,9 +1,9 @@ edges | ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:8:31:8:34 | name : String | provenance | | -| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:9:48:9:51 | file | provenance | | -| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:10:49:10:52 | file | provenance | | -| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:11:36:11:39 | file | provenance | | -| ZipTest.java:8:31:8:34 | name : String | ZipTest.java:8:17:8:35 | new File(...) : File | provenance | | +| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:9:48:9:51 | file | provenance | Sink:MaD:42888 | +| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:10:49:10:52 | file | provenance | Sink:MaD:42924 | +| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:11:36:11:39 | file | provenance | Sink:MaD:42896 | +| ZipTest.java:8:31:8:34 | name : String | ZipTest.java:8:17:8:35 | new File(...) : File | provenance | MaD:42945 | nodes | ZipTest.java:7:19:7:33 | getName(...) : String | semmle.label | getName(...) : String | | ZipTest.java:8:17:8:35 | new File(...) : File | semmle.label | new File(...) : File | diff --git a/java/ql/test/query-tests/security/CWE-078/ExecTaintedLocal.expected b/java/ql/test/query-tests/security/CWE-078/ExecTaintedLocal.expected index 791ee28469ad..2601553681d3 100644 --- a/java/ql/test/query-tests/security/CWE-078/ExecTaintedLocal.expected +++ b/java/ql/test/query-tests/security/CWE-078/ExecTaintedLocal.expected @@ -3,16 +3,16 @@ edges | Test.java:6:35:6:44 | arg : String | Test.java:10:61:10:73 | ... + ... : String | provenance | | | Test.java:6:35:6:44 | arg : String | Test.java:16:13:16:25 | ... + ... : String | provenance | | | Test.java:6:35:6:44 | arg : String | Test.java:22:15:22:27 | ... + ... : String | provenance | | -| Test.java:7:25:7:70 | new ..[] { .. } : String[] [[]] : String | Test.java:7:25:7:70 | new ..[] { .. } | provenance | | +| Test.java:7:25:7:70 | new ..[] { .. } : String[] [[]] : String | Test.java:7:25:7:70 | new ..[] { .. } | provenance | Sink:MaD:43013 | | Test.java:7:44:7:69 | ... + ... : String | Test.java:7:25:7:70 | new ..[] { .. } : String[] [[]] : String | provenance | | -| Test.java:10:29:10:74 | {...} : String[] [[]] : String | Test.java:10:29:10:74 | new String[] | provenance | | +| Test.java:10:29:10:74 | {...} : String[] [[]] : String | Test.java:10:29:10:74 | new String[] | provenance | Sink:MaD:43013 | | Test.java:10:61:10:73 | ... + ... : String | Test.java:10:29:10:74 | {...} : String[] [[]] : String | provenance | | -| Test.java:16:5:16:7 | cmd [post update] : ArrayList [] : String | Test.java:18:29:18:31 | cmd | provenance | | -| Test.java:16:13:16:25 | ... + ... : String | Test.java:16:5:16:7 | cmd [post update] : ArrayList [] : String | provenance | | -| Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | Test.java:24:29:24:32 | cmd1 | provenance | | +| Test.java:16:5:16:7 | cmd [post update] : ArrayList [] : String | Test.java:18:29:18:31 | cmd | provenance | Sink:MaD:43012 | +| Test.java:16:13:16:25 | ... + ... : String | Test.java:16:5:16:7 | cmd [post update] : ArrayList [] : String | provenance | MaD:43725 | +| Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | Test.java:24:29:24:32 | cmd1 | provenance | Sink:MaD:43013 | | Test.java:22:15:22:27 | ... + ... : String | Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | provenance | | | Test.java:28:38:28:47 | arg : String | Test.java:29:44:29:64 | ... + ... : String | provenance | | -| Test.java:29:25:29:65 | new ..[] { .. } : String[] [[]] : String | Test.java:29:25:29:65 | new ..[] { .. } | provenance | | +| Test.java:29:25:29:65 | new ..[] { .. } : String[] [[]] : String | Test.java:29:25:29:65 | new ..[] { .. } | provenance | Sink:MaD:43013 | | Test.java:29:44:29:64 | ... + ... : String | Test.java:29:25:29:65 | new ..[] { .. } : String[] [[]] : String | provenance | | | Test.java:57:27:57:39 | args : String[] | Test.java:60:20:60:22 | arg : String | provenance | | | Test.java:57:27:57:39 | args : String[] | Test.java:61:23:61:25 | arg : String | provenance | | diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.expected b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.expected index 75c75b528ad6..2a60e787c6ad 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.expected +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.expected @@ -2,18 +2,18 @@ edges | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:17:56:17:66 | stringQuery : String | provenance | | | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:21:49:21:52 | json | provenance | | | Mongo.java:17:56:17:66 | stringQuery : String | Mongo.java:17:45:17:67 | parse(...) | provenance | | -| Test.java:29:30:29:42 | args : String[] | Test.java:36:47:36:52 | query1 | provenance | | -| Test.java:29:30:29:42 | args : String[] | Test.java:42:57:42:62 | query2 | provenance | | -| Test.java:29:30:29:42 | args : String[] | Test.java:50:62:50:67 | query3 | provenance | | +| Test.java:29:30:29:42 | args : String[] | Test.java:36:47:36:52 | query1 | provenance | Sink:MaD:43542 | +| Test.java:29:30:29:42 | args : String[] | Test.java:42:57:42:62 | query2 | provenance | Sink:MaD:43530 | +| Test.java:29:30:29:42 | args : String[] | Test.java:50:62:50:67 | query3 | provenance | Sink:MaD:43531 | | Test.java:29:30:29:42 | args : String[] | Test.java:58:19:58:26 | category : String | provenance | | -| Test.java:29:30:29:42 | args : String[] | Test.java:70:40:70:44 | query | provenance | | -| Test.java:29:30:29:42 | args : String[] | Test.java:78:46:78:50 | query | provenance | | +| Test.java:29:30:29:42 | args : String[] | Test.java:70:40:70:44 | query | provenance | Sink:MaD:43543 | +| Test.java:29:30:29:42 | args : String[] | Test.java:78:46:78:50 | query | provenance | Sink:MaD:43541 | | Test.java:58:4:58:10 | querySb [post update] : StringBuilder | Test.java:60:29:60:35 | querySb : StringBuilder | provenance | | -| Test.java:58:19:58:26 | category : String | Test.java:58:4:58:10 | querySb [post update] : StringBuilder | provenance | | -| Test.java:60:29:60:35 | querySb : StringBuilder | Test.java:60:29:60:46 | toString(...) : String | provenance | | -| Test.java:60:29:60:46 | toString(...) : String | Test.java:62:47:62:61 | querySbToString | provenance | | -| Test.java:183:33:183:45 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | provenance | | -| Test.java:213:34:213:46 | args : String[] | Test.java:221:81:221:111 | ... + ... | provenance | | +| Test.java:58:19:58:26 | category : String | Test.java:58:4:58:10 | querySb [post update] : StringBuilder | provenance | MaD:43043 | +| Test.java:60:29:60:35 | querySb : StringBuilder | Test.java:60:29:60:46 | toString(...) : String | provenance | MaD:43058 | +| Test.java:60:29:60:46 | toString(...) : String | Test.java:62:47:62:61 | querySbToString | provenance | Sink:MaD:43542 | +| Test.java:183:33:183:45 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | provenance | Sink:MaD:43542 | +| Test.java:213:34:213:46 | args : String[] | Test.java:221:81:221:111 | ... + ... | provenance | Sink:MaD:43542 | | Test.java:227:26:227:38 | args : String[] | Test.java:228:11:228:14 | args : String[] | provenance | | | Test.java:227:26:227:38 | args : String[] | Test.java:232:14:232:17 | args : String[] | provenance | | | Test.java:227:26:227:38 | args : String[] | Test.java:233:15:233:18 | args : String[] | provenance | | diff --git a/java/ql/test/query-tests/security/CWE-090/LdapInjection.expected b/java/ql/test/query-tests/security/CWE-090/LdapInjection.expected index caf000940746..62cf8788be4c 100644 --- a/java/ql/test/query-tests/security/CWE-090/LdapInjection.expected +++ b/java/ql/test/query-tests/security/CWE-090/LdapInjection.expected @@ -1,151 +1,158 @@ edges -| LdapInjection.java:45:28:45:52 | jBad : String | LdapInjection.java:47:38:47:57 | ... + ... | provenance | | -| LdapInjection.java:45:55:45:81 | jBadDN : String | LdapInjection.java:47:16:47:35 | ... + ... | provenance | | -| LdapInjection.java:51:28:51:52 | jBad : String | LdapInjection.java:53:56:53:75 | ... + ... | provenance | | +| LdapInjection.java:45:28:45:52 | jBad : String | LdapInjection.java:47:38:47:57 | ... + ... | provenance | Sink:MaD:44614 | +| LdapInjection.java:45:55:45:81 | jBadDN : String | LdapInjection.java:47:16:47:35 | ... + ... | provenance | Sink:MaD:44614 | +| LdapInjection.java:51:28:51:52 | jBad : String | LdapInjection.java:53:56:53:75 | ... + ... | provenance | Sink:MaD:44614 | | LdapInjection.java:51:55:51:85 | jBadDNName : String | LdapInjection.java:53:29:53:52 | ... + ... : String | provenance | | -| LdapInjection.java:53:29:53:52 | ... + ... : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | provenance | | -| LdapInjection.java:57:28:57:52 | jBad : String | LdapInjection.java:59:63:59:82 | ... + ... | provenance | | -| LdapInjection.java:63:28:63:59 | jBadInitial : String | LdapInjection.java:65:29:65:55 | ... + ... | provenance | | -| LdapInjection.java:69:28:69:52 | jBad : String | LdapInjection.java:71:84:71:103 | ... + ... | provenance | | +| LdapInjection.java:53:29:53:52 | ... + ... : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | provenance | Sink:MaD:44614 | +| LdapInjection.java:53:29:53:52 | ... + ... : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | provenance | MaD:13099 Sink:MaD:44614 | +| LdapInjection.java:57:28:57:52 | jBad : String | LdapInjection.java:59:63:59:82 | ... + ... | provenance | Sink:MaD:44614 | +| LdapInjection.java:63:28:63:59 | jBadInitial : String | LdapInjection.java:65:29:65:55 | ... + ... | provenance | Sink:MaD:44614 | +| LdapInjection.java:69:28:69:52 | jBad : String | LdapInjection.java:71:84:71:103 | ... + ... | provenance | Sink:MaD:44614 | | LdapInjection.java:69:55:69:88 | jBadDNNameAdd : String | LdapInjection.java:71:53:71:79 | ... + ... : String | provenance | | -| LdapInjection.java:71:16:71:31 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | | +| LdapInjection.java:71:16:71:31 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | MaD:13248 Sink:MaD:44614 | | LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:31 | new LdapName(...) : LdapName | provenance | | -| LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | | +| LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | Sink:MaD:44614 | | LdapInjection.java:71:53:71:79 | ... + ... : String | LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | provenance | | -| LdapInjection.java:75:28:75:52 | jBad : String | LdapInjection.java:79:47:79:66 | ... + ... | provenance | | +| LdapInjection.java:71:53:71:79 | ... + ... : String | LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | provenance | MaD:13099 | +| LdapInjection.java:75:28:75:52 | jBad : String | LdapInjection.java:79:47:79:66 | ... + ... | provenance | Sink:MaD:44614 | | LdapInjection.java:75:55:75:89 | jBadDNNameAdd2 : String | LdapInjection.java:78:30:78:57 | ... + ... : String | provenance | | | LdapInjection.java:78:5:78:8 | name : LdapName | LdapInjection.java:79:40:79:43 | name : LdapName | provenance | | | LdapInjection.java:78:5:78:8 | name [post update] : LdapName | LdapInjection.java:79:40:79:43 | name : LdapName | provenance | | | LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | LdapInjection.java:78:17:78:68 | getRdns(...) : List | provenance | | +| LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | LdapInjection.java:78:17:78:68 | getRdns(...) : List | provenance | MaD:13111 | | LdapInjection.java:78:17:78:68 | getRdns(...) : List | LdapInjection.java:78:5:78:8 | name : LdapName | provenance | | -| LdapInjection.java:78:17:78:68 | getRdns(...) : List | LdapInjection.java:78:5:78:8 | name [post update] : LdapName | provenance | | +| LdapInjection.java:78:17:78:68 | getRdns(...) : List | LdapInjection.java:78:5:78:8 | name [post update] : LdapName | provenance | MaD:13105 | | LdapInjection.java:78:30:78:57 | ... + ... : String | LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | provenance | | -| LdapInjection.java:79:16:79:31 | new LdapName(...) : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | | +| LdapInjection.java:78:30:78:57 | ... + ... : String | LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | provenance | MaD:13099 | +| LdapInjection.java:79:16:79:31 | new LdapName(...) : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | MaD:13248 Sink:MaD:44614 | | LdapInjection.java:79:40:79:43 | name : LdapName | LdapInjection.java:79:16:79:31 | new LdapName(...) : LdapName | provenance | | -| LdapInjection.java:79:40:79:43 | name : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | | -| LdapInjection.java:83:28:83:52 | jBad : String | LdapInjection.java:85:75:85:94 | ... + ... | provenance | | +| LdapInjection.java:79:40:79:43 | name : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | Sink:MaD:44614 | +| LdapInjection.java:83:28:83:52 | jBad : String | LdapInjection.java:85:75:85:94 | ... + ... | provenance | Sink:MaD:44614 | | LdapInjection.java:83:55:83:93 | jBadDNNameToString : String | LdapInjection.java:85:29:85:60 | ... + ... : String | provenance | | -| LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | LdapInjection.java:85:16:85:72 | toString(...) | provenance | | +| LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | LdapInjection.java:85:16:85:72 | toString(...) | provenance | Sink:MaD:44614 | | LdapInjection.java:85:29:85:60 | ... + ... : String | LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | provenance | | -| LdapInjection.java:89:28:89:52 | jBad : String | LdapInjection.java:91:76:91:95 | ... + ... | provenance | | +| LdapInjection.java:85:29:85:60 | ... + ... : String | LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | provenance | MaD:13099 | +| LdapInjection.java:89:28:89:52 | jBad : String | LdapInjection.java:91:76:91:95 | ... + ... | provenance | Sink:MaD:44614 | | LdapInjection.java:89:55:89:90 | jBadDNNameClone : String | LdapInjection.java:91:36:91:64 | ... + ... : String | provenance | | | LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | LdapInjection.java:91:23:91:73 | clone(...) : Object | provenance | | -| LdapInjection.java:91:23:91:73 | clone(...) : Object | LdapInjection.java:91:16:91:73 | (...)... | provenance | | +| LdapInjection.java:91:23:91:73 | clone(...) : Object | LdapInjection.java:91:16:91:73 | (...)... | provenance | Sink:MaD:44614 | | LdapInjection.java:91:36:91:64 | ... + ... : String | LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | provenance | | +| LdapInjection.java:91:36:91:64 | ... + ... : String | LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | provenance | MaD:13099 | | LdapInjection.java:100:27:100:59 | jOkAttribute : String | LdapInjection.java:101:49:101:60 | jOkAttribute : String | provenance | | -| LdapInjection.java:101:49:101:60 | jOkAttribute : String | LdapInjection.java:101:29:101:75 | new BasicAttributes(...) | provenance | | -| LdapInjection.java:106:31:106:55 | uBad : String | LdapInjection.java:108:67:108:86 | ... + ... | provenance | | -| LdapInjection.java:106:58:106:84 | uBadDN : String | LdapInjection.java:108:20:108:39 | ... + ... | provenance | | +| LdapInjection.java:101:49:101:60 | jOkAttribute : String | LdapInjection.java:101:29:101:75 | new BasicAttributes(...) | provenance | MaD:12965 Sink:MaD:44614 | +| LdapInjection.java:106:31:106:55 | uBad : String | LdapInjection.java:108:67:108:86 | ... + ... | provenance | Sink:MaD:1935 | +| LdapInjection.java:106:58:106:84 | uBadDN : String | LdapInjection.java:108:20:108:39 | ... + ... | provenance | Sink:MaD:1935 | | LdapInjection.java:112:31:112:67 | uBadFilterCreate : String | LdapInjection.java:113:72:113:87 | uBadFilterCreate : String | provenance | | -| LdapInjection.java:113:72:113:87 | uBadFilterCreate : String | LdapInjection.java:113:58:113:88 | create(...) | provenance | | +| LdapInjection.java:113:72:113:87 | uBadFilterCreate : String | LdapInjection.java:113:58:113:88 | create(...) | provenance | Sink:MaD:1934 | | LdapInjection.java:117:31:117:70 | uBadROSearchRequest : String | LdapInjection.java:120:9:120:43 | ... + ... : String | provenance | | | LdapInjection.java:117:73:117:103 | uBadROSRDN : String | LdapInjection.java:119:55:119:78 | ... + ... : String | provenance | | -| LdapInjection.java:119:31:120:44 | new SearchRequest(...) : SearchRequest | LdapInjection.java:121:14:121:14 | s | provenance | | +| LdapInjection.java:119:31:120:44 | new SearchRequest(...) : SearchRequest | LdapInjection.java:121:14:121:14 | s | provenance | Sink:MaD:1932 | | LdapInjection.java:119:55:119:78 | ... + ... : String | LdapInjection.java:119:31:120:44 | new SearchRequest(...) : SearchRequest | provenance | | | LdapInjection.java:120:9:120:43 | ... + ... : String | LdapInjection.java:119:31:120:44 | new SearchRequest(...) : SearchRequest | provenance | | | LdapInjection.java:125:31:125:68 | uBadSearchRequest : String | LdapInjection.java:128:9:128:41 | ... + ... : String | provenance | | | LdapInjection.java:125:71:125:99 | uBadSRDN : String | LdapInjection.java:127:47:127:68 | ... + ... : String | provenance | | -| LdapInjection.java:127:23:128:42 | new SearchRequest(...) : SearchRequest | LdapInjection.java:129:14:129:14 | s | provenance | | +| LdapInjection.java:127:23:128:42 | new SearchRequest(...) : SearchRequest | LdapInjection.java:129:14:129:14 | s | provenance | Sink:MaD:1933 | | LdapInjection.java:127:47:127:68 | ... + ... : String | LdapInjection.java:127:23:128:42 | new SearchRequest(...) : SearchRequest | provenance | | | LdapInjection.java:128:9:128:41 | ... + ... : String | LdapInjection.java:127:23:128:42 | new SearchRequest(...) : SearchRequest | provenance | | -| LdapInjection.java:133:31:133:55 | uBad : String | LdapInjection.java:135:69:135:88 | ... + ... | provenance | | -| LdapInjection.java:133:58:133:87 | uBadDNSFR : String | LdapInjection.java:135:22:135:44 | ... + ... | provenance | | +| LdapInjection.java:133:31:133:55 | uBad : String | LdapInjection.java:135:69:135:88 | ... + ... | provenance | Sink:MaD:1945 | +| LdapInjection.java:133:58:133:87 | uBadDNSFR : String | LdapInjection.java:135:22:135:44 | ... + ... | provenance | Sink:MaD:1945 | | LdapInjection.java:139:31:139:75 | uBadROSearchRequestAsync : String | LdapInjection.java:142:9:142:48 | ... + ... : String | provenance | | | LdapInjection.java:139:78:139:113 | uBadROSRDNAsync : String | LdapInjection.java:141:55:141:83 | ... + ... : String | provenance | | -| LdapInjection.java:141:31:142:49 | new SearchRequest(...) : SearchRequest | LdapInjection.java:143:19:143:19 | s | provenance | | +| LdapInjection.java:141:31:142:49 | new SearchRequest(...) : SearchRequest | LdapInjection.java:143:19:143:19 | s | provenance | Sink:MaD:1931 | | LdapInjection.java:141:55:141:83 | ... + ... : String | LdapInjection.java:141:31:142:49 | new SearchRequest(...) : SearchRequest | provenance | | | LdapInjection.java:142:9:142:48 | ... + ... : String | LdapInjection.java:141:31:142:49 | new SearchRequest(...) : SearchRequest | provenance | | | LdapInjection.java:147:31:147:73 | uBadSearchRequestAsync : String | LdapInjection.java:150:9:150:46 | ... + ... : String | provenance | | | LdapInjection.java:147:76:147:109 | uBadSRDNAsync : String | LdapInjection.java:149:47:149:73 | ... + ... : String | provenance | | -| LdapInjection.java:149:23:150:47 | new SearchRequest(...) : SearchRequest | LdapInjection.java:151:19:151:19 | s | provenance | | +| LdapInjection.java:149:23:150:47 | new SearchRequest(...) : SearchRequest | LdapInjection.java:151:19:151:19 | s | provenance | Sink:MaD:1931 | | LdapInjection.java:149:47:149:73 | ... + ... : String | LdapInjection.java:149:23:150:47 | new SearchRequest(...) : SearchRequest | provenance | | | LdapInjection.java:150:9:150:46 | ... + ... : String | LdapInjection.java:149:23:150:47 | new SearchRequest(...) : SearchRequest | provenance | | | LdapInjection.java:155:31:155:70 | uBadFilterCreateNOT : String | LdapInjection.java:156:95:156:113 | uBadFilterCreateNOT : String | provenance | | -| LdapInjection.java:156:81:156:114 | create(...) : Filter | LdapInjection.java:156:58:156:115 | createNOTFilter(...) | provenance | | +| LdapInjection.java:156:81:156:114 | create(...) : Filter | LdapInjection.java:156:58:156:115 | createNOTFilter(...) | provenance | Sink:MaD:1934 | | LdapInjection.java:156:95:156:113 | uBadFilterCreateNOT : String | LdapInjection.java:156:81:156:114 | create(...) : Filter | provenance | | | LdapInjection.java:160:31:160:75 | uBadFilterCreateToString : String | LdapInjection.java:161:72:161:95 | uBadFilterCreateToString : String | provenance | | -| LdapInjection.java:161:58:161:96 | create(...) : Filter | LdapInjection.java:161:58:161:107 | toString(...) | provenance | | +| LdapInjection.java:161:58:161:96 | create(...) : Filter | LdapInjection.java:161:58:161:107 | toString(...) | provenance | Sink:MaD:1935 | | LdapInjection.java:161:72:161:95 | uBadFilterCreateToString : String | LdapInjection.java:161:58:161:96 | create(...) : Filter | provenance | | | LdapInjection.java:165:32:165:82 | uBadFilterCreateToStringBuffer : String | LdapInjection.java:167:19:167:48 | uBadFilterCreateToStringBuffer : String | provenance | | | LdapInjection.java:167:5:167:49 | create(...) : Filter | LdapInjection.java:167:70:167:70 | b : StringBuilder | provenance | | | LdapInjection.java:167:19:167:48 | uBadFilterCreateToStringBuffer : String | LdapInjection.java:167:5:167:49 | create(...) : Filter | provenance | | | LdapInjection.java:167:70:167:70 | b : StringBuilder | LdapInjection.java:168:58:168:58 | b : StringBuilder | provenance | | -| LdapInjection.java:168:58:168:58 | b : StringBuilder | LdapInjection.java:168:58:168:69 | toString(...) | provenance | | +| LdapInjection.java:168:58:168:58 | b : StringBuilder | LdapInjection.java:168:58:168:69 | toString(...) | provenance | MaD:43058 Sink:MaD:1935 | | LdapInjection.java:172:32:172:78 | uBadSearchRequestDuplicate : String | LdapInjection.java:175:9:175:50 | ... + ... : String | provenance | | | LdapInjection.java:174:23:175:51 | new SearchRequest(...) : SearchRequest | LdapInjection.java:176:14:176:14 | s : SearchRequest | provenance | | | LdapInjection.java:175:9:175:50 | ... + ... : String | LdapInjection.java:174:23:175:51 | new SearchRequest(...) : SearchRequest | provenance | | -| LdapInjection.java:176:14:176:14 | s : SearchRequest | LdapInjection.java:176:14:176:26 | duplicate(...) | provenance | | +| LdapInjection.java:176:14:176:14 | s : SearchRequest | LdapInjection.java:176:14:176:26 | duplicate(...) | provenance | Sink:MaD:1933 | | LdapInjection.java:180:32:180:80 | uBadROSearchRequestDuplicate : String | LdapInjection.java:183:9:183:52 | ... + ... : String | provenance | | | LdapInjection.java:182:31:183:53 | new SearchRequest(...) : SearchRequest | LdapInjection.java:184:14:184:14 | s : SearchRequest | provenance | | | LdapInjection.java:183:9:183:52 | ... + ... : String | LdapInjection.java:182:31:183:53 | new SearchRequest(...) : SearchRequest | provenance | | -| LdapInjection.java:184:14:184:14 | s : SearchRequest | LdapInjection.java:184:14:184:26 | duplicate(...) | provenance | | +| LdapInjection.java:184:14:184:14 | s : SearchRequest | LdapInjection.java:184:14:184:26 | duplicate(...) | provenance | Sink:MaD:1933 | | LdapInjection.java:188:32:188:74 | uBadSearchRequestSetDN : String | LdapInjection.java:191:17:191:38 | uBadSearchRequestSetDN : String | provenance | | -| LdapInjection.java:191:5:191:5 | s : SearchRequest | LdapInjection.java:192:14:192:14 | s | provenance | | +| LdapInjection.java:191:5:191:5 | s : SearchRequest | LdapInjection.java:192:14:192:14 | s | provenance | Sink:MaD:1933 | | LdapInjection.java:191:17:191:38 | uBadSearchRequestSetDN : String | LdapInjection.java:191:5:191:5 | s : SearchRequest | provenance | | | LdapInjection.java:196:32:196:78 | uBadSearchRequestSetFilter : String | LdapInjection.java:199:17:199:42 | uBadSearchRequestSetFilter : String | provenance | | -| LdapInjection.java:199:5:199:5 | s : SearchRequest | LdapInjection.java:200:14:200:14 | s | provenance | | +| LdapInjection.java:199:5:199:5 | s : SearchRequest | LdapInjection.java:200:14:200:14 | s | provenance | Sink:MaD:1933 | | LdapInjection.java:199:17:199:42 | uBadSearchRequestSetFilter : String | LdapInjection.java:199:5:199:5 | s : SearchRequest | provenance | | -| LdapInjection.java:229:30:229:54 | sBad : String | LdapInjection.java:230:36:230:55 | ... + ... | provenance | | -| LdapInjection.java:229:57:229:83 | sBadDN : String | LdapInjection.java:230:14:230:33 | ... + ... | provenance | | -| LdapInjection.java:234:30:234:54 | sBad : String | LdapInjection.java:235:88:235:107 | ... + ... | provenance | | +| LdapInjection.java:229:30:229:54 | sBad : String | LdapInjection.java:230:36:230:55 | ... + ... | provenance | Sink:MaD:49327 | +| LdapInjection.java:229:57:229:83 | sBadDN : String | LdapInjection.java:230:14:230:33 | ... + ... | provenance | Sink:MaD:49327 | +| LdapInjection.java:234:30:234:54 | sBad : String | LdapInjection.java:235:88:235:107 | ... + ... | provenance | Sink:MaD:49317 | | LdapInjection.java:234:57:234:92 | sBadDNLNBuilder : String | LdapInjection.java:235:48:235:76 | ... + ... : String | provenance | | -| LdapInjection.java:235:20:235:77 | newInstance(...) : LdapNameBuilder | LdapInjection.java:235:20:235:85 | build(...) | provenance | | +| LdapInjection.java:235:20:235:77 | newInstance(...) : LdapNameBuilder | LdapInjection.java:235:20:235:85 | build(...) | provenance | Sink:MaD:49317 | | LdapInjection.java:235:48:235:76 | ... + ... : String | LdapInjection.java:235:20:235:77 | newInstance(...) : LdapNameBuilder | provenance | | -| LdapInjection.java:239:30:239:54 | sBad : String | LdapInjection.java:240:100:240:119 | ... + ... | provenance | | +| LdapInjection.java:239:30:239:54 | sBad : String | LdapInjection.java:240:100:240:119 | ... + ... | provenance | Sink:MaD:49329 | | LdapInjection.java:239:57:239:95 | sBadDNLNBuilderAdd : String | LdapInjection.java:240:57:240:88 | ... + ... : String | provenance | | -| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | | +| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | Sink:MaD:49314 | +| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | Sink:MaD:49329 | | LdapInjection.java:240:57:240:88 | ... + ... : String | LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | provenance | | | LdapInjection.java:244:30:244:63 | sBadLdapQuery : String | LdapInjection.java:245:47:245:75 | ... + ... : String | provenance | | -| LdapInjection.java:245:47:245:75 | ... + ... : String | LdapInjection.java:245:15:245:76 | filter(...) | provenance | | +| LdapInjection.java:245:47:245:75 | ... + ... : String | LdapInjection.java:245:15:245:76 | filter(...) | provenance | Sink:MaD:49326 | | LdapInjection.java:249:30:249:60 | sBadFilter : String | LdapInjection.java:250:86:250:111 | ... + ... : String | provenance | | | LdapInjection.java:249:63:249:98 | sBadDNLdapUtils : String | LdapInjection.java:250:34:250:62 | ... + ... : String | provenance | | -| LdapInjection.java:250:34:250:62 | ... + ... : String | LdapInjection.java:250:12:250:63 | newLdapName(...) | provenance | | -| LdapInjection.java:250:86:250:111 | ... + ... : String | LdapInjection.java:250:66:250:112 | new HardcodedFilter(...) | provenance | | +| LdapInjection.java:250:34:250:62 | ... + ... : String | LdapInjection.java:250:12:250:63 | newLdapName(...) | provenance | Sink:MaD:49325 | +| LdapInjection.java:250:86:250:111 | ... + ... : String | LdapInjection.java:250:66:250:112 | new HardcodedFilter(...) | provenance | Sink:MaD:49325 | | LdapInjection.java:254:30:254:63 | sBadLdapQuery : String | LdapInjection.java:255:56:255:84 | ... + ... : String | provenance | | -| LdapInjection.java:255:56:255:84 | ... + ... : String | LdapInjection.java:255:24:255:85 | filter(...) | provenance | | +| LdapInjection.java:255:56:255:84 | ... + ... : String | LdapInjection.java:255:24:255:85 | filter(...) | provenance | Sink:MaD:49328 | | LdapInjection.java:259:30:259:64 | sBadLdapQuery2 : String | LdapInjection.java:260:51:260:80 | ... + ... : String | provenance | | -| LdapInjection.java:260:19:260:81 | filter(...) : LdapQuery | LdapInjection.java:261:24:261:24 | q | provenance | | +| LdapInjection.java:260:19:260:81 | filter(...) : LdapQuery | LdapInjection.java:261:24:261:24 | q | provenance | Sink:MaD:49328 | | LdapInjection.java:260:51:260:80 | ... + ... : String | LdapInjection.java:260:19:260:81 | filter(...) : LdapQuery | provenance | | | LdapInjection.java:265:30:265:73 | sBadLdapQueryWithFilter : String | LdapInjection.java:266:76:266:114 | ... + ... : String | provenance | | -| LdapInjection.java:266:56:266:115 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:266:24:266:116 | filter(...) | provenance | | +| LdapInjection.java:266:56:266:115 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:266:24:266:116 | filter(...) | provenance | Sink:MaD:49328 | | LdapInjection.java:266:76:266:114 | ... + ... : String | LdapInjection.java:266:56:266:115 | new HardcodedFilter(...) : HardcodedFilter | provenance | | | LdapInjection.java:270:30:270:74 | sBadLdapQueryWithFilter2 : String | LdapInjection.java:271:68:271:107 | ... + ... : String | provenance | | | LdapInjection.java:271:48:271:108 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:272:56:272:56 | f : HardcodedFilter | provenance | | | LdapInjection.java:271:68:271:107 | ... + ... : String | LdapInjection.java:271:48:271:108 | new HardcodedFilter(...) : HardcodedFilter | provenance | | -| LdapInjection.java:272:56:272:56 | f : HardcodedFilter | LdapInjection.java:272:24:272:57 | filter(...) | provenance | | +| LdapInjection.java:272:56:272:56 | f : HardcodedFilter | LdapInjection.java:272:24:272:57 | filter(...) | provenance | Sink:MaD:49328 | | LdapInjection.java:276:31:276:68 | sBadLdapQueryBase : String | LdapInjection.java:277:42:277:58 | sBadLdapQueryBase : String | provenance | | -| LdapInjection.java:277:12:277:59 | base(...) : LdapQueryBuilder | LdapInjection.java:277:12:277:66 | base(...) | provenance | | +| LdapInjection.java:277:12:277:59 | base(...) : LdapQueryBuilder | LdapInjection.java:277:12:277:66 | base(...) | provenance | Sink:MaD:49325 | | LdapInjection.java:277:42:277:58 | sBadLdapQueryBase : String | LdapInjection.java:277:12:277:59 | base(...) : LdapQueryBuilder | provenance | | | LdapInjection.java:281:31:281:71 | sBadLdapQueryComplex : String | LdapInjection.java:282:54:282:73 | sBadLdapQueryComplex : String | provenance | | | LdapInjection.java:282:24:282:74 | base(...) : LdapQueryBuilder | LdapInjection.java:282:24:282:87 | where(...) : ConditionCriteria | provenance | | -| LdapInjection.java:282:24:282:87 | where(...) : ConditionCriteria | LdapInjection.java:282:24:282:98 | is(...) | provenance | | +| LdapInjection.java:282:24:282:87 | where(...) : ConditionCriteria | LdapInjection.java:282:24:282:98 | is(...) | provenance | Sink:MaD:49328 | | LdapInjection.java:282:54:282:73 | sBadLdapQueryComplex : String | LdapInjection.java:282:24:282:74 | base(...) : LdapQueryBuilder | provenance | | | LdapInjection.java:286:31:286:69 | sBadFilterToString : String | LdapInjection.java:287:38:287:71 | ... + ... : String | provenance | | -| LdapInjection.java:287:18:287:72 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:287:18:287:83 | toString(...) | provenance | | +| LdapInjection.java:287:18:287:72 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:287:18:287:83 | toString(...) | provenance | Sink:MaD:49327 | | LdapInjection.java:287:38:287:71 | ... + ... : String | LdapInjection.java:287:18:287:72 | new HardcodedFilter(...) : HardcodedFilter | provenance | | | LdapInjection.java:291:31:291:67 | sBadFilterEncode : String | LdapInjection.java:293:25:293:56 | ... + ... : String | provenance | | | LdapInjection.java:293:5:293:57 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:293:66:293:66 | s : StringBuffer | provenance | | | LdapInjection.java:293:25:293:56 | ... + ... : String | LdapInjection.java:293:5:293:57 | new HardcodedFilter(...) : HardcodedFilter | provenance | | | LdapInjection.java:293:66:293:66 | s : StringBuffer | LdapInjection.java:294:18:294:18 | s : StringBuffer | provenance | | -| LdapInjection.java:294:18:294:18 | s : StringBuffer | LdapInjection.java:294:18:294:29 | toString(...) | provenance | | -| LdapInjection.java:314:30:314:54 | aBad : String | LdapInjection.java:316:36:316:55 | ... + ... | provenance | | -| LdapInjection.java:314:57:314:83 | aBadDN : String | LdapInjection.java:316:14:316:33 | ... + ... | provenance | | -| LdapInjection.java:320:30:320:54 | aBad : String | LdapInjection.java:322:65:322:84 | ... + ... | provenance | | +| LdapInjection.java:294:18:294:18 | s : StringBuffer | LdapInjection.java:294:18:294:29 | toString(...) | provenance | MaD:43058 Sink:MaD:49327 | +| LdapInjection.java:314:30:314:54 | aBad : String | LdapInjection.java:316:36:316:55 | ... + ... | provenance | Sink:MaD:47425 | +| LdapInjection.java:314:57:314:83 | aBadDN : String | LdapInjection.java:316:14:316:33 | ... + ... | provenance | Sink:MaD:47425 | +| LdapInjection.java:320:30:320:54 | aBad : String | LdapInjection.java:322:65:322:84 | ... + ... | provenance | Sink:MaD:47425 | | LdapInjection.java:320:57:320:94 | aBadDNObjToString : String | LdapInjection.java:322:21:322:51 | ... + ... : String | provenance | | -| LdapInjection.java:322:14:322:52 | new Dn(...) : Dn | LdapInjection.java:322:14:322:62 | getName(...) | provenance | | +| LdapInjection.java:322:14:322:52 | new Dn(...) : Dn | LdapInjection.java:322:14:322:62 | getName(...) | provenance | Sink:MaD:47425 | | LdapInjection.java:322:21:322:51 | ... + ... : String | LdapInjection.java:322:14:322:52 | new Dn(...) : Dn | provenance | | | LdapInjection.java:326:30:326:67 | aBadSearchRequest : String | LdapInjection.java:329:17:329:49 | ... + ... : String | provenance | | -| LdapInjection.java:329:5:329:5 | s : SearchRequestImpl | LdapInjection.java:330:14:330:14 | s | provenance | | +| LdapInjection.java:329:5:329:5 | s : SearchRequestImpl | LdapInjection.java:330:14:330:14 | s | provenance | Sink:MaD:47425 | | LdapInjection.java:329:17:329:49 | ... + ... : String | LdapInjection.java:329:5:329:5 | s : SearchRequestImpl | provenance | | | LdapInjection.java:334:74:334:103 | aBadDNObj : String | LdapInjection.java:337:22:337:44 | ... + ... : String | provenance | | -| LdapInjection.java:337:5:337:5 | s : SearchRequestImpl | LdapInjection.java:338:14:338:14 | s | provenance | | +| LdapInjection.java:337:5:337:5 | s : SearchRequestImpl | LdapInjection.java:338:14:338:14 | s | provenance | Sink:MaD:47425 | | LdapInjection.java:337:15:337:45 | new Dn(...) : Dn | LdapInjection.java:337:5:337:5 | s : SearchRequestImpl | provenance | | | LdapInjection.java:337:22:337:44 | ... + ... : String | LdapInjection.java:337:15:337:45 | new Dn(...) : Dn | provenance | | | LdapInjection.java:342:30:342:72 | aBadDNSearchRequestGet : String | LdapInjection.java:345:22:345:57 | ... + ... : String | provenance | | | LdapInjection.java:345:5:345:5 | s : SearchRequestImpl | LdapInjection.java:346:14:346:14 | s : SearchRequestImpl | provenance | | | LdapInjection.java:345:15:345:58 | new Dn(...) : Dn | LdapInjection.java:345:5:345:5 | s : SearchRequestImpl | provenance | | | LdapInjection.java:345:22:345:57 | ... + ... : String | LdapInjection.java:345:15:345:58 | new Dn(...) : Dn | provenance | | -| LdapInjection.java:346:14:346:14 | s : SearchRequestImpl | LdapInjection.java:346:14:346:24 | getBase(...) | provenance | | +| LdapInjection.java:346:14:346:14 | s : SearchRequestImpl | LdapInjection.java:346:14:346:24 | getBase(...) | provenance | Sink:MaD:47425 | nodes | LdapInjection.java:45:28:45:52 | jBad : String | semmle.label | jBad : String | | LdapInjection.java:45:55:45:81 | jBadDN : String | semmle.label | jBadDN : String | diff --git a/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.expected b/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.expected index adff0e4ca422..838ee5854144 100644 --- a/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.expected +++ b/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.expected @@ -1,5 +1,5 @@ edges -| InsecureBeanValidation.java:7:28:7:40 | object : String | InsecureBeanValidation.java:11:64:11:68 | value | provenance | | +| InsecureBeanValidation.java:7:28:7:40 | object : String | InsecureBeanValidation.java:11:64:11:68 | value | provenance | Src:MaD:44678 Sink:MaD:44679 | nodes | InsecureBeanValidation.java:7:28:7:40 | object : String | semmle.label | object : String | | InsecureBeanValidation.java:11:64:11:68 | value | semmle.label | value | diff --git a/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected b/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected index 7ec4c978a03d..0a735eeab51d 100644 --- a/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected +++ b/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected @@ -1,8 +1,8 @@ edges -| ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | ResponseSplitting.java:23:23:23:28 | cookie | provenance | | -| ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | provenance | | -| ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:27 | t : String | provenance | | -| ResponseSplitting.java:59:27:59:27 | t : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | provenance | | +| ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | ResponseSplitting.java:23:23:23:28 | cookie | provenance | Sink:MaD:44653 | +| ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | provenance | Src:MaD:44662 MaD:44660 | +| ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:27 | t : String | provenance | Src:MaD:44662 | +| ResponseSplitting.java:59:27:59:27 | t : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | provenance | MaD:43101 Sink:MaD:44656 | nodes | ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | semmle.label | new Cookie(...) : Cookie | | ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | semmle.label | getParameter(...) : String | diff --git a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected index 2ae58aa9d563..180e9a33d4a8 100644 --- a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected +++ b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected @@ -1,8 +1,8 @@ edges -| Test.java:76:27:76:60 | getProperty(...) : String | Test.java:78:37:78:48 | userProperty : String | provenance | | -| Test.java:78:37:78:48 | userProperty : String | Test.java:78:37:78:55 | trim(...) : String | provenance | | -| Test.java:78:37:78:55 | trim(...) : String | Test.java:80:31:80:34 | size | provenance | | -| Test.java:78:37:78:55 | trim(...) : String | Test.java:86:34:86:37 | size | provenance | | +| Test.java:76:27:76:60 | getProperty(...) : String | Test.java:78:37:78:48 | userProperty : String | provenance | Src:MaD:43040 | +| Test.java:78:37:78:48 | userProperty : String | Test.java:78:37:78:55 | trim(...) : String | provenance | MaD:43114 | +| Test.java:78:37:78:55 | trim(...) : String | Test.java:80:31:80:34 | size | provenance | TaintPreservingCallable | +| Test.java:78:37:78:55 | trim(...) : String | Test.java:86:34:86:37 | size | provenance | TaintPreservingCallable | nodes | Test.java:76:27:76:60 | getProperty(...) : String | semmle.label | getProperty(...) : String | | Test.java:78:37:78:48 | userProperty : String | semmle.label | userProperty : String | diff --git a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected index 40248b6c645b..e0d6332275e2 100644 --- a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected +++ b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected @@ -1,7 +1,7 @@ edges -| Test.java:14:27:14:60 | getProperty(...) : String | Test.java:16:38:16:49 | userProperty : String | provenance | | -| Test.java:16:38:16:49 | userProperty : String | Test.java:16:38:16:56 | trim(...) : String | provenance | | -| Test.java:16:38:16:56 | trim(...) : String | Test.java:19:34:19:38 | index | provenance | | +| Test.java:14:27:14:60 | getProperty(...) : String | Test.java:16:38:16:49 | userProperty : String | provenance | Src:MaD:43040 | +| Test.java:16:38:16:49 | userProperty : String | Test.java:16:38:16:56 | trim(...) : String | provenance | MaD:43114 | +| Test.java:16:38:16:56 | trim(...) : String | Test.java:19:34:19:38 | index | provenance | TaintPreservingCallable | nodes | Test.java:14:27:14:60 | getProperty(...) : String | semmle.label | getProperty(...) : String | | Test.java:16:38:16:49 | userProperty : String | semmle.label | userProperty : String | diff --git a/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.expected b/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.expected index d5b66f9d4b28..8fe019c2b2f6 100644 --- a/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.expected +++ b/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.expected @@ -1,7 +1,7 @@ edges -| Test.java:33:30:33:74 | getParameter(...) : String | Test.java:34:20:34:32 | userParameter : String | provenance | | +| Test.java:33:30:33:74 | getParameter(...) : String | Test.java:34:20:34:32 | userParameter : String | provenance | Src:MaD:44662 | | Test.java:34:20:34:32 | userParameter : String | Test.java:37:31:37:43 | format : String | provenance | | -| Test.java:37:31:37:43 | format : String | Test.java:39:25:39:30 | format | provenance | | +| Test.java:37:31:37:43 | format : String | Test.java:39:25:39:30 | format | provenance | Sink:MaD:42905 | nodes | Test.java:33:30:33:74 | getParameter(...) : String | semmle.label | getParameter(...) : String | | Test.java:34:20:34:32 | userParameter : String | semmle.label | userParameter : String | diff --git a/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatStringLocal.expected b/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatStringLocal.expected index 3f6e0a3ff234..69a8314c94e2 100644 --- a/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatStringLocal.expected +++ b/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatStringLocal.expected @@ -1,9 +1,9 @@ edges -| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:19:19:19:30 | userProperty | provenance | | -| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:21:23:21:34 | userProperty | provenance | | -| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:23:23:23:34 | userProperty | provenance | | -| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:25:28:25:39 | userProperty | provenance | | -| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:27:44:27:55 | userProperty | provenance | | +| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:19:19:19:30 | userProperty | provenance | Src:MaD:43040 | +| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:21:23:21:34 | userProperty | provenance | Src:MaD:43040 Sink:MaD:42905 | +| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:23:23:23:34 | userProperty | provenance | Src:MaD:43040 Sink:MaD:42908 | +| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:25:28:25:39 | userProperty | provenance | Src:MaD:43040 | +| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:27:44:27:55 | userProperty | provenance | Src:MaD:43040 | nodes | Test.java:17:27:17:60 | getProperty(...) : String | semmle.label | getProperty(...) : String | | Test.java:19:19:19:30 | userProperty | semmle.label | userProperty | diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTaintedLocal.expected b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTaintedLocal.expected index d051c41d4d05..6213d682ab13 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTaintedLocal.expected +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTaintedLocal.expected @@ -1,27 +1,27 @@ edges | ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | provenance | | | ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | provenance | | -| ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | provenance | | -| ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | provenance | | +| ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42966 | +| ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42966 | | ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | provenance | | | ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | provenance | | -| ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | provenance | | -| ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | provenance | | -| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | provenance | | -| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | provenance | | +| ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | provenance | MaD:42932 | +| ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | provenance | MaD:42932 | +| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | provenance | MaD:42933 | +| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | provenance | MaD:42933 | | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String | provenance | | | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String | provenance | | -| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | provenance | | -| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | provenance | | -| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:32:17:32:20 | data | provenance | | -| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:40:17:40:20 | data | provenance | | -| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:50:17:50:20 | data | provenance | | -| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:64:20:64:23 | data : Number | provenance | | -| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:95:37:95:40 | data | provenance | | -| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:118:9:118:12 | data : Number | provenance | | -| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:119:10:119:13 | data : Number | provenance | | -| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:120:10:120:13 | data : Number | provenance | | -| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:121:10:121:13 | data : Number | provenance | | +| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | provenance | MaD:43114 | +| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | provenance | MaD:43114 | +| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:32:17:32:20 | data | provenance | TaintPreservingCallable | +| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:40:17:40:20 | data | provenance | TaintPreservingCallable | +| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:50:17:50:20 | data | provenance | TaintPreservingCallable | +| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:64:20:64:23 | data : Number | provenance | TaintPreservingCallable | +| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:95:37:95:40 | data | provenance | TaintPreservingCallable | +| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:118:9:118:12 | data : Number | provenance | TaintPreservingCallable | +| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:119:10:119:13 | data : Number | provenance | TaintPreservingCallable | +| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:120:10:120:13 | data : Number | provenance | TaintPreservingCallable | +| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:121:10:121:13 | data : Number | provenance | TaintPreservingCallable | | ArithmeticTainted.java:64:4:64:10 | tainted [post update] : Holder [dat] : Number | ArithmeticTainted.java:66:18:66:24 | tainted : Holder [dat] : Number | provenance | | | ArithmeticTainted.java:64:20:64:23 | data : Number | ArithmeticTainted.java:64:4:64:10 | tainted [post update] : Holder [dat] : Number | provenance | | | ArithmeticTainted.java:64:20:64:23 | data : Number | Holder.java:12:22:12:26 | d : Number | provenance | | diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/TempDirLocalInformationDisclosure.expected b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/TempDirLocalInformationDisclosure.expected index 21e9f7379c62..57a8ce9ef694 100644 --- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/TempDirLocalInformationDisclosure.expected +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/TempDirLocalInformationDisclosure.expected @@ -1,59 +1,59 @@ edges | Files.java:10:24:10:69 | new File(...) : File | Files.java:14:37:14:43 | baseDir : File | provenance | | -| Files.java:10:33:10:68 | getProperty(...) : String | Files.java:10:24:10:69 | new File(...) : File | provenance | | +| Files.java:10:33:10:68 | getProperty(...) : String | Files.java:10:24:10:69 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | | Files.java:14:28:14:64 | new File(...) : File | Files.java:15:17:15:23 | tempDir | provenance | | -| Files.java:14:37:14:43 | baseDir : File | Files.java:14:28:14:64 | new File(...) : File | provenance | | -| Test.java:36:24:36:69 | new File(...) : File | Test.java:39:63:39:69 | tempDir | provenance | | -| Test.java:36:33:36:68 | getProperty(...) : String | Test.java:36:24:36:69 | new File(...) : File | provenance | | -| Test.java:50:29:50:94 | new File(...) : File | Test.java:53:63:53:74 | tempDirChild | provenance | | -| Test.java:50:38:50:83 | new File(...) : File | Test.java:50:29:50:94 | new File(...) : File | provenance | | -| Test.java:50:47:50:82 | getProperty(...) : String | Test.java:50:38:50:83 | new File(...) : File | provenance | | -| Test.java:61:24:61:69 | new File(...) : File | Test.java:61:24:61:88 | getCanonicalFile(...) : File | provenance | | -| Test.java:61:24:61:88 | getCanonicalFile(...) : File | Test.java:64:63:64:69 | tempDir | provenance | | -| Test.java:61:33:61:68 | getProperty(...) : String | Test.java:61:24:61:69 | new File(...) : File | provenance | | -| Test.java:75:24:75:69 | new File(...) : File | Test.java:75:24:75:87 | getAbsoluteFile(...) : File | provenance | | -| Test.java:75:24:75:87 | getAbsoluteFile(...) : File | Test.java:78:63:78:69 | tempDir | provenance | | -| Test.java:75:33:75:68 | getProperty(...) : String | Test.java:75:24:75:69 | new File(...) : File | provenance | | +| Files.java:14:37:14:43 | baseDir : File | Files.java:14:28:14:64 | new File(...) : File | provenance | MaD:42944 | +| Test.java:36:24:36:69 | new File(...) : File | Test.java:39:63:39:69 | tempDir | provenance | Sink:MaD:42881 | +| Test.java:36:33:36:68 | getProperty(...) : String | Test.java:36:24:36:69 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:50:29:50:94 | new File(...) : File | Test.java:53:63:53:74 | tempDirChild | provenance | Sink:MaD:42881 | +| Test.java:50:38:50:83 | new File(...) : File | Test.java:50:29:50:94 | new File(...) : File | provenance | MaD:42944 | +| Test.java:50:47:50:82 | getProperty(...) : String | Test.java:50:38:50:83 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:61:24:61:69 | new File(...) : File | Test.java:61:24:61:88 | getCanonicalFile(...) : File | provenance | MaD:42948 | +| Test.java:61:24:61:88 | getCanonicalFile(...) : File | Test.java:64:63:64:69 | tempDir | provenance | Sink:MaD:42881 | +| Test.java:61:33:61:68 | getProperty(...) : String | Test.java:61:24:61:69 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:75:24:75:69 | new File(...) : File | Test.java:75:24:75:87 | getAbsoluteFile(...) : File | provenance | MaD:42946 | +| Test.java:75:24:75:87 | getAbsoluteFile(...) : File | Test.java:78:63:78:69 | tempDir | provenance | Sink:MaD:42881 | +| Test.java:75:33:75:68 | getProperty(...) : String | Test.java:75:24:75:69 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | | Test.java:110:29:110:84 | new File(...) : File | Test.java:113:9:113:20 | tempDirChild | provenance | | -| Test.java:110:38:110:73 | getProperty(...) : String | Test.java:110:29:110:84 | new File(...) : File | provenance | | +| Test.java:110:38:110:73 | getProperty(...) : String | Test.java:110:29:110:84 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | | Test.java:134:29:134:84 | new File(...) : File | Test.java:137:9:137:20 | tempDirChild | provenance | | -| Test.java:134:38:134:73 | getProperty(...) : String | Test.java:134:29:134:84 | new File(...) : File | provenance | | +| Test.java:134:38:134:73 | getProperty(...) : String | Test.java:134:29:134:84 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | | Test.java:158:29:158:88 | new File(...) : File | Test.java:159:21:159:32 | tempDirChild : File | provenance | | -| Test.java:158:38:158:73 | getProperty(...) : String | Test.java:158:29:158:88 | new File(...) : File | provenance | | -| Test.java:159:21:159:32 | tempDirChild : File | Test.java:159:21:159:41 | toPath(...) | provenance | | +| Test.java:158:38:158:73 | getProperty(...) : String | Test.java:158:29:158:88 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:159:21:159:32 | tempDirChild : File | Test.java:159:21:159:41 | toPath(...) | provenance | MaD:42954 Sink:MaD:43376 | | Test.java:187:29:187:88 | new File(...) : File | Test.java:188:21:188:32 | tempDirChild : File | provenance | | -| Test.java:187:38:187:73 | getProperty(...) : String | Test.java:187:29:187:88 | new File(...) : File | provenance | | -| Test.java:188:21:188:32 | tempDirChild : File | Test.java:188:21:188:41 | toPath(...) | provenance | | -| Test.java:204:29:204:104 | new File(...) : File | Test.java:204:29:204:113 | toPath(...) : Path | provenance | | -| Test.java:204:29:204:113 | toPath(...) : Path | Test.java:207:33:207:44 | tempDirChild | provenance | | -| Test.java:204:38:204:73 | getProperty(...) : String | Test.java:204:29:204:104 | new File(...) : File | provenance | | -| Test.java:216:29:216:102 | new File(...) : File | Test.java:216:29:216:111 | toPath(...) : Path | provenance | | -| Test.java:216:29:216:111 | toPath(...) : Path | Test.java:219:31:219:42 | tempDirChild | provenance | | -| Test.java:216:38:216:73 | getProperty(...) : String | Test.java:216:29:216:102 | new File(...) : File | provenance | | +| Test.java:187:38:187:73 | getProperty(...) : String | Test.java:187:29:187:88 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:188:21:188:32 | tempDirChild : File | Test.java:188:21:188:41 | toPath(...) | provenance | MaD:42954 Sink:MaD:43376 | +| Test.java:204:29:204:104 | new File(...) : File | Test.java:204:29:204:113 | toPath(...) : Path | provenance | MaD:42954 | +| Test.java:204:29:204:113 | toPath(...) : Path | Test.java:207:33:207:44 | tempDirChild | provenance | Sink:MaD:43366 | +| Test.java:204:38:204:73 | getProperty(...) : String | Test.java:204:29:204:104 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:216:29:216:102 | new File(...) : File | Test.java:216:29:216:111 | toPath(...) : Path | provenance | MaD:42954 | +| Test.java:216:29:216:111 | toPath(...) : Path | Test.java:219:31:219:42 | tempDirChild | provenance | Sink:MaD:43368 | +| Test.java:216:38:216:73 | getProperty(...) : String | Test.java:216:29:216:102 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | | Test.java:228:29:228:100 | new File(...) : File | Test.java:231:26:231:37 | tempDirChild : File | provenance | | -| Test.java:228:38:228:73 | getProperty(...) : String | Test.java:228:29:228:100 | new File(...) : File | provenance | | -| Test.java:231:26:231:37 | tempDirChild : File | Test.java:231:26:231:46 | toPath(...) | provenance | | +| Test.java:228:38:228:73 | getProperty(...) : String | Test.java:228:29:228:100 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:231:26:231:37 | tempDirChild : File | Test.java:231:26:231:46 | toPath(...) | provenance | MaD:42954 Sink:MaD:43351 | | Test.java:249:29:249:101 | new File(...) : File | Test.java:252:31:252:42 | tempDirChild : File | provenance | | -| Test.java:249:38:249:73 | getProperty(...) : String | Test.java:249:29:249:101 | new File(...) : File | provenance | | -| Test.java:252:31:252:42 | tempDirChild : File | Test.java:252:31:252:51 | toPath(...) | provenance | | +| Test.java:249:38:249:73 | getProperty(...) : String | Test.java:249:29:249:101 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:252:31:252:42 | tempDirChild : File | Test.java:252:31:252:51 | toPath(...) | provenance | MaD:42954 Sink:MaD:43350 | | Test.java:260:29:260:109 | new File(...) : File | Test.java:263:33:263:44 | tempDirChild : File | provenance | | -| Test.java:260:38:260:73 | getProperty(...) : String | Test.java:260:29:260:109 | new File(...) : File | provenance | | -| Test.java:263:33:263:44 | tempDirChild : File | Test.java:263:33:263:53 | toPath(...) | provenance | | +| Test.java:260:38:260:73 | getProperty(...) : String | Test.java:260:29:260:109 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:263:33:263:44 | tempDirChild : File | Test.java:263:33:263:53 | toPath(...) | provenance | MaD:42954 Sink:MaD:43349 | | Test.java:294:29:294:101 | new File(...) : File | Test.java:298:35:298:46 | tempDirChild : File | provenance | | -| Test.java:294:38:294:73 | getProperty(...) : String | Test.java:294:29:294:101 | new File(...) : File | provenance | | -| Test.java:298:35:298:46 | tempDirChild : File | Test.java:298:35:298:55 | toPath(...) | provenance | | +| Test.java:294:38:294:73 | getProperty(...) : String | Test.java:294:29:294:101 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:298:35:298:46 | tempDirChild : File | Test.java:298:35:298:55 | toPath(...) | provenance | MaD:42954 Sink:MaD:43350 | | Test.java:313:29:313:101 | new File(...) : File | Test.java:316:35:316:46 | tempDirChild : File | provenance | | -| Test.java:313:38:313:73 | getProperty(...) : String | Test.java:313:29:313:101 | new File(...) : File | provenance | | -| Test.java:316:35:316:46 | tempDirChild : File | Test.java:316:35:316:55 | toPath(...) | provenance | | +| Test.java:313:38:313:73 | getProperty(...) : String | Test.java:313:29:313:101 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:316:35:316:46 | tempDirChild : File | Test.java:316:35:316:55 | toPath(...) | provenance | MaD:42954 Sink:MaD:43350 | | Test.java:322:29:322:101 | new File(...) : File | Test.java:326:35:326:46 | tempDirChild : File | provenance | | -| Test.java:322:38:322:73 | getProperty(...) : String | Test.java:322:29:322:101 | new File(...) : File | provenance | | -| Test.java:326:35:326:46 | tempDirChild : File | Test.java:326:35:326:55 | toPath(...) | provenance | | +| Test.java:322:38:322:73 | getProperty(...) : String | Test.java:322:29:322:101 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:326:35:326:46 | tempDirChild : File | Test.java:326:35:326:55 | toPath(...) | provenance | MaD:42954 Sink:MaD:43350 | | Test.java:350:29:350:101 | new File(...) : File | Test.java:355:35:355:46 | tempDirChild : File | provenance | | -| Test.java:350:38:350:73 | getProperty(...) : String | Test.java:350:29:350:101 | new File(...) : File | provenance | | -| Test.java:355:35:355:46 | tempDirChild : File | Test.java:355:35:355:55 | toPath(...) | provenance | | +| Test.java:350:38:350:73 | getProperty(...) : String | Test.java:350:29:350:101 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:355:35:355:46 | tempDirChild : File | Test.java:355:35:355:55 | toPath(...) | provenance | MaD:42954 Sink:MaD:43350 | | Test.java:361:29:361:101 | new File(...) : File | Test.java:366:35:366:46 | tempDirChild : File | provenance | | -| Test.java:361:38:361:73 | getProperty(...) : String | Test.java:361:29:361:101 | new File(...) : File | provenance | | -| Test.java:366:35:366:46 | tempDirChild : File | Test.java:366:35:366:55 | toPath(...) | provenance | | +| Test.java:361:38:361:73 | getProperty(...) : String | Test.java:361:29:361:101 | new File(...) : File | provenance | Src:MaD:43040 MaD:42944 | +| Test.java:366:35:366:46 | tempDirChild : File | Test.java:366:35:366:55 | toPath(...) | provenance | MaD:42954 Sink:MaD:43350 | nodes | Files.java:10:24:10:69 | new File(...) : File | semmle.label | new File(...) : File | | Files.java:10:33:10:68 | getProperty(...) : String | semmle.label | getProperty(...) : String | diff --git a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.expected b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.expected index 8377276e40c1..68005bfa4bcf 100644 --- a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.expected +++ b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.expected @@ -1,7 +1,7 @@ edges -| UnsafeHostnameVerification.java:66:37:80:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:81:55:81:62 | verifier | provenance | | -| UnsafeHostnameVerification.java:88:37:93:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:94:55:94:62 | verifier | provenance | | -| UnsafeHostnameVerification.java:97:42:97:68 | ALLOW_ALL_HOSTNAME_VERIFIER : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:34:59:34:85 | ALLOW_ALL_HOSTNAME_VERIFIER | provenance | | +| UnsafeHostnameVerification.java:66:37:80:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:81:55:81:62 | verifier | provenance | Sink:MaD:44622 | +| UnsafeHostnameVerification.java:88:37:93:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:94:55:94:62 | verifier | provenance | Sink:MaD:44622 | +| UnsafeHostnameVerification.java:97:42:97:68 | ALLOW_ALL_HOSTNAME_VERIFIER : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:34:59:34:85 | ALLOW_ALL_HOSTNAME_VERIFIER | provenance | Sink:MaD:44622 | | UnsafeHostnameVerification.java:97:72:102:5 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:97:42:97:68 | ALLOW_ALL_HOSTNAME_VERIFIER : new HostnameVerifier(...) { ... } | provenance | | nodes | UnsafeHostnameVerification.java:14:55:19:9 | new (...) | semmle.label | new (...) | diff --git a/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.expected b/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.expected index 2b2ff6478ce6..ab59a5d454b7 100644 --- a/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.expected +++ b/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.expected @@ -1,15 +1,17 @@ edges | HttpsUrlsTest.java:23:23:23:31 | "http://" : String | HttpsUrlsTest.java:24:21:24:56 | ... + ... : String | provenance | | -| HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | HttpsUrlsTest.java:28:50:28:50 | u | provenance | | +| HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | HttpsUrlsTest.java:28:50:28:50 | u | provenance | Sink:MaD:43282 | | HttpsUrlsTest.java:24:21:24:56 | ... + ... : String | HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | provenance | | +| HttpsUrlsTest.java:24:21:24:56 | ... + ... : String | HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | provenance | MaD:43315 | | HttpsUrlsTest.java:36:23:36:28 | "http" : String | HttpsUrlsTest.java:37:21:37:28 | protocol : String | provenance | | -| HttpsUrlsTest.java:37:13:37:62 | new URL(...) : URL | HttpsUrlsTest.java:41:50:41:50 | u | provenance | | +| HttpsUrlsTest.java:37:13:37:62 | new URL(...) : URL | HttpsUrlsTest.java:41:50:41:50 | u | provenance | Sink:MaD:43282 | | HttpsUrlsTest.java:37:21:37:28 | protocol : String | HttpsUrlsTest.java:37:13:37:62 | new URL(...) : URL | provenance | | | HttpsUrlsTest.java:49:23:49:31 | "http://" : String | HttpsUrlsTest.java:51:64:51:98 | ... + ... : String | provenance | | -| HttpsUrlsTest.java:51:13:51:99 | new URL(...) : URL | HttpsUrlsTest.java:55:50:55:50 | u | provenance | | +| HttpsUrlsTest.java:51:13:51:99 | new URL(...) : URL | HttpsUrlsTest.java:55:50:55:50 | u | provenance | Sink:MaD:43282 | | HttpsUrlsTest.java:51:64:51:98 | ... + ... : String | HttpsUrlsTest.java:51:13:51:99 | new URL(...) : URL | provenance | | +| HttpsUrlsTest.java:51:64:51:98 | ... + ... : String | HttpsUrlsTest.java:51:13:51:99 | new URL(...) : URL | provenance | MaD:43323 | | HttpsUrlsTest.java:87:23:87:28 | "http" : String | HttpsUrlsTest.java:88:21:88:28 | protocol : String | provenance | | -| HttpsUrlsTest.java:88:13:88:52 | new URL(...) : URL | HttpsUrlsTest.java:92:50:92:50 | u | provenance | | +| HttpsUrlsTest.java:88:13:88:52 | new URL(...) : URL | HttpsUrlsTest.java:92:50:92:50 | u | provenance | Sink:MaD:43282 | | HttpsUrlsTest.java:88:21:88:28 | protocol : String | HttpsUrlsTest.java:88:13:88:52 | new URL(...) : URL | provenance | | nodes | HttpsUrlsTest.java:23:23:23:31 | "http://" : String | semmle.label | "http://" : String | diff --git a/java/ql/test/query-tests/security/CWE-327/semmle/tests/BrokenCryptoAlgorithm.expected b/java/ql/test/query-tests/security/CWE-327/semmle/tests/BrokenCryptoAlgorithm.expected index 7c3a7f3f0828..f5402377891d 100644 --- a/java/ql/test/query-tests/security/CWE-327/semmle/tests/BrokenCryptoAlgorithm.expected +++ b/java/ql/test/query-tests/security/CWE-327/semmle/tests/BrokenCryptoAlgorithm.expected @@ -1,5 +1,5 @@ edges -| WeakHashing.java:21:86:21:90 | "MD5" : String | WeakHashing.java:21:56:21:91 | getProperty(...) | provenance | | +| WeakHashing.java:21:86:21:90 | "MD5" : String | WeakHashing.java:21:56:21:91 | getProperty(...) | provenance | MaD:43975 | nodes | Test.java:19:45:19:49 | "DES" | semmle.label | "DES" | | Test.java:42:33:42:37 | "RC2" | semmle.label | "RC2" | diff --git a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected index cf5af88efd85..a33e643a1fcc 100644 --- a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected +++ b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected @@ -1,10 +1,10 @@ edges -| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | provenance | | -| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:45:28:45:39 | input : String | provenance | | +| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | provenance | Src:MaD:44662 | +| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:45:28:45:39 | input : String | provenance | Src:MaD:44662 | | UrlRedirect.java:45:28:45:39 | input : String | UrlRedirect.java:46:10:46:14 | input : String | provenance | | -| UrlRedirect.java:46:10:46:14 | input : String | UrlRedirect.java:46:10:46:40 | replaceAll(...) : String | provenance | | -| mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:31:14:38 | source(...) : String | provenance | | -| mad/Test.java:14:31:14:38 | source(...) : String | mad/Test.java:14:22:14:38 | (...)... | provenance | | +| UrlRedirect.java:46:10:46:14 | input : String | UrlRedirect.java:46:10:46:40 | replaceAll(...) : String | provenance | MaD:43099 | +| mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:31:14:38 | source(...) : String | provenance | Src:MaD:44662 | +| mad/Test.java:14:31:14:38 | source(...) : String | mad/Test.java:14:22:14:38 | (...)... | provenance | Sink:MaD:48982 | nodes | UrlRedirect2.java:27:25:27:54 | getParameter(...) | semmle.label | getParameter(...) | | UrlRedirect.java:23:25:23:54 | getParameter(...) | semmle.label | getParameter(...) | diff --git a/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTaintedLocal.expected b/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTaintedLocal.expected index 89bf2054d1d6..d853b3b5860c 100644 --- a/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTaintedLocal.expected +++ b/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTaintedLocal.expected @@ -1,11 +1,11 @@ edges | Test.java:10:36:11:47 | new BufferedReader(...) : BufferedReader | Test.java:12:26:12:39 | readerBuffered : BufferedReader | provenance | | -| Test.java:11:6:11:46 | new InputStreamReader(...) : InputStreamReader | Test.java:10:36:11:47 | new BufferedReader(...) : BufferedReader | provenance | | -| Test.java:11:28:11:36 | System.in : InputStream | Test.java:11:6:11:46 | new InputStreamReader(...) : InputStreamReader | provenance | | -| Test.java:12:26:12:39 | readerBuffered : BufferedReader | Test.java:12:26:12:50 | readLine(...) : String | provenance | | +| Test.java:11:6:11:46 | new InputStreamReader(...) : InputStreamReader | Test.java:10:36:11:47 | new BufferedReader(...) : BufferedReader | provenance | MaD:42932 | +| Test.java:11:28:11:36 | System.in : InputStream | Test.java:11:6:11:46 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42966 | +| Test.java:12:26:12:39 | readerBuffered : BufferedReader | Test.java:12:26:12:50 | readLine(...) : String | provenance | MaD:42933 | | Test.java:12:26:12:50 | readLine(...) : String | Test.java:14:27:14:38 | stringNumber : String | provenance | | -| Test.java:14:27:14:38 | stringNumber : String | Test.java:14:27:14:45 | trim(...) : String | provenance | | -| Test.java:14:27:14:45 | trim(...) : String | Test.java:21:22:21:25 | data | provenance | | +| Test.java:14:27:14:38 | stringNumber : String | Test.java:14:27:14:45 | trim(...) : String | provenance | MaD:43114 | +| Test.java:14:27:14:45 | trim(...) : String | Test.java:21:22:21:25 | data | provenance | TaintPreservingCallable | nodes | Test.java:10:36:11:47 | new BufferedReader(...) : BufferedReader | semmle.label | new BufferedReader(...) : BufferedReader | | Test.java:11:6:11:46 | new InputStreamReader(...) : InputStreamReader | semmle.label | new InputStreamReader(...) : InputStreamReader | diff --git a/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.expected b/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.expected index 9d67e3e6c3df..9f486fc3c1a0 100644 --- a/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.expected +++ b/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.expected @@ -1,5 +1,5 @@ edges -| TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) : String | TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | provenance | | +| TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) : String | TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | provenance | Src:MaD:44662 | nodes | TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) : String | semmle.label | getParameter(...) : String | | TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | semmle.label | ... + ... | diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll index dd4331527519..e04341adb940 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll @@ -229,41 +229,55 @@ private predicate typeModel(string row) { any(TypeModelCsv s).row(inversePad(row private predicate typeVariableModel(string row) { any(TypeVariableModelCsv s).row(inversePad(row)) } /** Holds if a source model exists for the given parameters. */ -predicate sourceModel(string type, string path, string kind) { +predicate sourceModel(string type, string path, string kind, string model) { exists(string row | sourceModel(row) and row.splitAt(";", 0) = type and row.splitAt(";", 1) = path and - row.splitAt(";", 2) = kind + row.splitAt(";", 2) = kind and + model = "SourceModelCsv" ) or - Extensions::sourceModel(type, path, kind) + exists(QlBuiltins::ExtensionId madId | + Extensions::sourceModel(type, path, kind, madId) and + model = "MaD:" + madId.toString() + ) } /** Holds if a sink model exists for the given parameters. */ -private predicate sinkModel(string type, string path, string kind) { +private predicate sinkModel(string type, string path, string kind, string model) { exists(string row | sinkModel(row) and row.splitAt(";", 0) = type and row.splitAt(";", 1) = path and - row.splitAt(";", 2) = kind + row.splitAt(";", 2) = kind and + model = "SinkModelCsv" ) or - Extensions::sinkModel(type, path, kind) + exists(QlBuiltins::ExtensionId madId | + Extensions::sinkModel(type, path, kind, madId) and + model = "MaD:" + madId.toString() + ) } /** Holds if a summary model `row` exists for the given parameters. */ -private predicate summaryModel(string type, string path, string input, string output, string kind) { +private predicate summaryModel( + string type, string path, string input, string output, string kind, string model +) { exists(string row | summaryModel(row) and row.splitAt(";", 0) = type and row.splitAt(";", 1) = path and row.splitAt(";", 2) = input and row.splitAt(";", 3) = output and - row.splitAt(";", 4) = kind + row.splitAt(";", 4) = kind and + model = "SummaryModelCsv" ) or - Extensions::summaryModel(type, path, input, output, kind) + exists(QlBuiltins::ExtensionId madId | + Extensions::summaryModel(type, path, input, output, kind, madId) and + model = "MaD:" + madId.toString() + ) } /** Holds if a type model exists for the given parameters. */ @@ -294,9 +308,9 @@ private predicate typeVariableModel(string name, string path) { */ predicate isRelevantType(string type) { ( - sourceModel(type, _, _) or - sinkModel(type, _, _) or - summaryModel(type, _, _, _, _) or + sourceModel(type, _, _, _) or + sinkModel(type, _, _, _) or + summaryModel(type, _, _, _, _, _) or typeModel(_, type, _) ) and ( @@ -319,9 +333,9 @@ pragma[nomagic] predicate isRelevantFullPath(string type, string path) { isRelevantType(type) and ( - sourceModel(type, path, _) or - sinkModel(type, path, _) or - summaryModel(type, path, _, _, _) or + sourceModel(type, path, _, _) or + sinkModel(type, path, _, _) or + summaryModel(type, path, _, _, _, _) or typeModel(_, type, path) ) } @@ -331,8 +345,8 @@ private predicate accessPathRange(string s) { isRelevantFullPath(_, s) or exists(string type | isRelevantType(type) | - summaryModel(type, _, s, _, _) or - summaryModel(type, _, _, s, _) + summaryModel(type, _, s, _, _, _) or + summaryModel(type, _, _, s, _, _) ) or typeVariableModel(_, s) @@ -543,7 +557,7 @@ private API::Node getNodeFromPath(string type, AccessPath path) { pragma[nomagic] private predicate typeStepModel(string type, AccessPath basePath, AccessPath output) { - summaryModel(type, basePath, "", output, "type") + summaryModel(type, basePath, "", output, "type", _) } pragma[nomagic] @@ -621,9 +635,9 @@ module ModelOutput { * Holds if a CSV source model contributed `source` with the given `kind`. */ cached - API::Node getASourceNode(string kind) { + API::Node getASourceNode(string kind, string model) { exists(string type, string path | - sourceModel(type, path, kind) and + sourceModel(type, path, kind, model) and result = getNodeFromPath(type, path) ) } @@ -632,9 +646,9 @@ module ModelOutput { * Holds if a CSV sink model contributed `sink` with the given `kind`. */ cached - API::Node getASinkNode(string kind) { + API::Node getASinkNode(string kind, string model) { exists(string type, string path | - sinkModel(type, path, kind) and + sinkModel(type, path, kind, model) and result = getNodeFromPath(type, path) ) } @@ -644,10 +658,10 @@ module ModelOutput { */ cached predicate relevantSummaryModel( - string type, string path, string input, string output, string kind + string type, string path, string input, string output, string kind, string model ) { isRelevantType(type) and - summaryModel(type, path, input, output, kind) + summaryModel(type, path, input, output, kind, model) } /** @@ -655,7 +669,7 @@ module ModelOutput { */ cached predicate resolvedSummaryBase(string type, string path, Specific::InvokeNode baseNode) { - summaryModel(type, path, _, _, _) and + summaryModel(type, path, _, _, _, _) and baseNode = getInvocationFromPath(type, path) } @@ -664,7 +678,7 @@ module ModelOutput { */ cached predicate resolvedSummaryRefBase(string type, string path, API::Node baseNode) { - summaryModel(type, path, _, _, _) and + summaryModel(type, path, _, _, _, _) and baseNode = getNodeFromPath(type, path) } @@ -680,12 +694,22 @@ module ModelOutput { import Specific::ModelOutputSpecific private import codeql.mad.ModelValidation as SharedModelVal + /** + * Holds if a CSV source model contributed `source` with the given `kind`. + */ + API::Node getASourceNode(string kind) { result = getASourceNode(kind, _) } + + /** + * Holds if a CSV sink model contributed `sink` with the given `kind`. + */ + API::Node getASinkNode(string kind) { result = getASinkNode(kind, _) } + private module KindValConfig implements SharedModelVal::KindValidationConfigSig { - predicate summaryKind(string kind) { summaryModel(_, _, _, _, kind) } + predicate summaryKind(string kind) { summaryModel(_, _, _, _, kind, _) } - predicate sinkKind(string kind) { sinkModel(_, _, kind) } + predicate sinkKind(string kind) { sinkModel(_, _, kind, _) } - predicate sourceKind(string kind) { sourceModel(_, _, kind) } + predicate sourceKind(string kind) { sourceModel(_, _, kind, _) } } private module KindVal = SharedModelVal::KindValidation; diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll index f0edf1702d3c..51e71f68b1ee 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll @@ -8,13 +8,15 @@ * * The kind `remote` represents a general remote flow source. */ -extensible predicate sourceModel(string type, string path, string kind); +extensible predicate sourceModel( + string type, string path, string kind, QlBuiltins::ExtensionId madId +); /** * Holds if the value at `(type, path)` should be seen as a sink * of the given `kind`. */ -extensible predicate sinkModel(string type, string path, string kind); +extensible predicate sinkModel(string type, string path, string kind, QlBuiltins::ExtensionId madId); /** * Holds if in calls to `(type, path)`, the value referred to by `input` @@ -23,7 +25,9 @@ extensible predicate sinkModel(string type, string path, string kind); * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps, * respectively. */ -extensible predicate summaryModel(string type, string path, string input, string output, string kind); +extensible predicate summaryModel( + string type, string path, string input, string output, string kind, QlBuiltins::ExtensionId madId +); /** * Holds if calls to `(type, path)` should be considered neutral. The meaning of this depends on the `kind`. diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll index 664c040d57e8..d9f08d911a01 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll @@ -257,7 +257,7 @@ predicate invocationMatchesExtraCallSiteFilter(API::InvokeNode invoke, AccessPat pragma[nomagic] private predicate relevantInputOutputPath(API::InvokeNode base, AccessPath inputOrOutput) { exists(string type, string input, string output, string path | - ModelOutput::relevantSummaryModel(type, path, input, output, _) and + ModelOutput::relevantSummaryModel(type, path, input, output, _, _) and ModelOutput::resolvedSummaryBase(type, path, base) and inputOrOutput = [input, output] ) @@ -289,7 +289,7 @@ private API::Node getNodeFromInputOutputPath(API::InvokeNode baseNode, AccessPat */ predicate summaryStep(API::Node pred, API::Node succ, string kind) { exists(string type, string path, API::InvokeNode base, AccessPath input, AccessPath output | - ModelOutput::relevantSummaryModel(type, path, input, output, kind) and + ModelOutput::relevantSummaryModel(type, path, input, output, kind, _) and ModelOutput::resolvedSummaryBase(type, path, base) and pred = getNodeFromInputOutputPath(base, input) and succ = getNodeFromInputOutputPath(base, output) diff --git a/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll b/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll index 9c3033e61267..7a54ace60ed8 100644 --- a/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll +++ b/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll @@ -31,8 +31,21 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari * DEPRECATED: Use `propagatesFlow` instead. */ deprecated predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - this.propagatesFlow(input, output, preservesValue) + this.propagatesFlow(input, output, preservesValue, _) } + + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { + this.propagatesFlow(input, output, preservesValue) and model = this + } + + /** + * Holds if data may flow from `input` to `output` through this callable. + * + * `preservesValue` indicates whether this is a value-preserving step or a taint-step. + */ + predicate propagatesFlow(string input, string output, boolean preservesValue) { none() } } deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack; diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll index 1ad6d0f7e6ed..9d7b1d5aa84b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll @@ -3,6 +3,7 @@ private import DataFlowPublic private import semmle.python.essa.SsaCompute private import semmle.python.dataflow.new.internal.ImportResolution private import FlowSummaryImpl as FlowSummaryImpl +private import semmle.python.frameworks.data.ModelsAsData // Since we allow extra data-flow steps from modeled frameworks, we import these // up-front, to ensure these are included. This provides a more seamless experience from // a user point of view, since they don't need to know they need to import a specific @@ -471,12 +472,12 @@ import StepRelationTransformations * * It includes flow steps from flow summaries. */ -predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - simpleLocalFlowStepForTypetracking(nodeFrom, nodeTo) +predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { + simpleLocalFlowStepForTypetracking(nodeFrom, nodeTo) and model = "" or - summaryLocalStep(nodeFrom, nodeTo) + summaryLocalStep(nodeFrom, nodeTo, model) or - variableCaptureLocalFlowStep(nodeFrom, nodeTo) + variableCaptureLocalFlowStep(nodeFrom, nodeTo) and model = "" } /** @@ -490,9 +491,9 @@ predicate simpleLocalFlowStepForTypetracking(Node nodeFrom, Node nodeTo) { LocalFlow::localFlowStep(nodeFrom, nodeTo) } -private predicate summaryLocalStep(Node nodeFrom, Node nodeTo) { +private predicate summaryLocalStep(Node nodeFrom, Node nodeTo, string model) { FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), - nodeTo.(FlowSummaryNode).getSummaryNode(), true) + nodeTo.(FlowSummaryNode).getSummaryNode(), true, model) } predicate variableCaptureLocalFlowStep(Node nodeFrom, Node nodeTo) { @@ -1078,6 +1079,14 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { /** Extra data-flow steps needed for lambda flow analysis. */ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } +predicate knownSourceModel(Node source, string model) { + source = ModelOutput::getASourceNode(_, model).asSource() +} + +predicate knownSinkModel(Node sink, string model) { + sink = ModelOutput::getASinkNode(_, model).asSink() +} + /** * Holds if flow is allowed to pass from parameter `p` and back to itself as a * side-effect, resulting in a summary from `p` to itself. diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll index 16a9572db6a7..f9ee4fc6e462 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll @@ -642,7 +642,9 @@ newtype TContent = or // // 2) summaries in data-extension files - exists(string input, string output | ModelOutput::relevantSummaryModel(_, _, input, output, _) | + exists(string input, string output | + ModelOutput::relevantSummaryModel(_, _, input, output, _, _) + | attr = [input, output].regexpFind("(?<=(^|\\.)Attribute\\[)[^\\]]+(?=\\])", _, _).trim() ) } or diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll index 7f1a6464adf4..ad007c6f6fe3 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowUtil.qll @@ -12,7 +12,7 @@ private import FlowSummaryImpl as FlowSummaryImpl * (intra-procedural) step. */ predicate localFlowStep(Node nodeFrom, Node nodeTo) { - simpleLocalFlowStep(nodeFrom, nodeTo) + simpleLocalFlowStep(nodeFrom, nodeTo, _) or // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural. diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll b/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll index 34b137b35115..733795478ce4 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/LocalSources.qll @@ -242,7 +242,7 @@ private module Cached { */ pragma[nomagic] private predicate localSourceFlowStep(Node nodeFrom, Node nodeTo) { - simpleLocalFlowStep(nodeFrom, nodeTo) and + simpleLocalFlowStep(nodeFrom, nodeTo, _) and not nodeTo = any(ModuleVariableNode v).getARead() } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll index 6eab2f48885c..4b397b1de41e 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll @@ -24,10 +24,11 @@ private module Cached { * global taint flow configurations. */ cached - predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - localAdditionalTaintStep(nodeFrom, nodeTo) + predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) { + localAdditionalTaintStep(nodeFrom, nodeTo, model) or - any(AdditionalTaintStep a).step(nodeFrom, nodeTo) + any(AdditionalTaintStep a).step(nodeFrom, nodeTo) and + model = "AdditionalTaintStep" } /** @@ -36,30 +37,34 @@ private module Cached { * different objects. */ cached - predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - concatStep(nodeFrom, nodeTo) - or - subscriptStep(nodeFrom, nodeTo) - or - stringManipulation(nodeFrom, nodeTo) - or - containerStep(nodeFrom, nodeTo) - or - copyStep(nodeFrom, nodeTo) - or - DataFlowPrivate::forReadStep(nodeFrom, _, nodeTo) - or - DataFlowPrivate::iterableUnpackingReadStep(nodeFrom, _, nodeTo) - or - DataFlowPrivate::iterableUnpackingStoreStep(nodeFrom, _, nodeTo) - or - awaitStep(nodeFrom, nodeTo) - or - asyncWithStep(nodeFrom, nodeTo) + predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) { + ( + concatStep(nodeFrom, nodeTo) + or + subscriptStep(nodeFrom, nodeTo) + or + stringManipulation(nodeFrom, nodeTo) + or + containerStep(nodeFrom, nodeTo) + or + copyStep(nodeFrom, nodeTo) + or + DataFlowPrivate::forReadStep(nodeFrom, _, nodeTo) + or + DataFlowPrivate::iterableUnpackingReadStep(nodeFrom, _, nodeTo) + or + DataFlowPrivate::iterableUnpackingStoreStep(nodeFrom, _, nodeTo) + or + awaitStep(nodeFrom, nodeTo) + or + asyncWithStep(nodeFrom, nodeTo) + ) and + model = "" or FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom .(DataFlowPrivate::FlowSummaryNode) - .getSummaryNode(), nodeTo.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false) + .getSummaryNode(), nodeTo.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false, + model) } } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPublic.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPublic.qll index 5b88de4fab96..c05c880f7261 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPublic.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPublic.qll @@ -34,7 +34,7 @@ predicate localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { // Ordinary data flow DataFlow::localFlowStep(nodeFrom, nodeTo) or - localAdditionalTaintStep(nodeFrom, nodeTo) + localAdditionalTaintStep(nodeFrom, nodeTo, _) } /** diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll index 42ce5cdd2377..f3e4ff40800b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll @@ -24,7 +24,15 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input { ContentFilter getFilterFromWithContentStep(Content content) { none() } // Callables - class SummarizedCallable = FlowSummaryImpl::Private::SummarizedCallableImpl; + class SummarizedCallable instanceof FlowSummaryImpl::Private::SummarizedCallableImpl { + string toString() { result = super.toString() } + + predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + super.propagatesFlow(input, output, preservesValue, _) + } + } // Summaries and their stacks class SummaryComponent = FlowSummaryImpl::Private::SummaryComponent; diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll b/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll index 2f4c74ea9e4b..c2176c0644b9 100644 --- a/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll +++ b/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll @@ -33,7 +33,7 @@ private class SummarizedCallableFromModel extends SummarizedCallable { string path; SummarizedCallableFromModel() { - ModelOutput::relevantSummaryModel(type, path, _, _, _) and + ModelOutput::relevantSummaryModel(type, path, _, _, _, _) and this = type + ";" + path } @@ -46,8 +46,10 @@ private class SummarizedCallableFromModel extends SummarizedCallable { ) } - override predicate propagatesFlow(string input, string output, boolean preservesValue) { - exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind) | + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { + exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind, model) | kind = "value" and preservesValue = true or diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll index dd4331527519..e04341adb940 100644 --- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll +++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll @@ -229,41 +229,55 @@ private predicate typeModel(string row) { any(TypeModelCsv s).row(inversePad(row private predicate typeVariableModel(string row) { any(TypeVariableModelCsv s).row(inversePad(row)) } /** Holds if a source model exists for the given parameters. */ -predicate sourceModel(string type, string path, string kind) { +predicate sourceModel(string type, string path, string kind, string model) { exists(string row | sourceModel(row) and row.splitAt(";", 0) = type and row.splitAt(";", 1) = path and - row.splitAt(";", 2) = kind + row.splitAt(";", 2) = kind and + model = "SourceModelCsv" ) or - Extensions::sourceModel(type, path, kind) + exists(QlBuiltins::ExtensionId madId | + Extensions::sourceModel(type, path, kind, madId) and + model = "MaD:" + madId.toString() + ) } /** Holds if a sink model exists for the given parameters. */ -private predicate sinkModel(string type, string path, string kind) { +private predicate sinkModel(string type, string path, string kind, string model) { exists(string row | sinkModel(row) and row.splitAt(";", 0) = type and row.splitAt(";", 1) = path and - row.splitAt(";", 2) = kind + row.splitAt(";", 2) = kind and + model = "SinkModelCsv" ) or - Extensions::sinkModel(type, path, kind) + exists(QlBuiltins::ExtensionId madId | + Extensions::sinkModel(type, path, kind, madId) and + model = "MaD:" + madId.toString() + ) } /** Holds if a summary model `row` exists for the given parameters. */ -private predicate summaryModel(string type, string path, string input, string output, string kind) { +private predicate summaryModel( + string type, string path, string input, string output, string kind, string model +) { exists(string row | summaryModel(row) and row.splitAt(";", 0) = type and row.splitAt(";", 1) = path and row.splitAt(";", 2) = input and row.splitAt(";", 3) = output and - row.splitAt(";", 4) = kind + row.splitAt(";", 4) = kind and + model = "SummaryModelCsv" ) or - Extensions::summaryModel(type, path, input, output, kind) + exists(QlBuiltins::ExtensionId madId | + Extensions::summaryModel(type, path, input, output, kind, madId) and + model = "MaD:" + madId.toString() + ) } /** Holds if a type model exists for the given parameters. */ @@ -294,9 +308,9 @@ private predicate typeVariableModel(string name, string path) { */ predicate isRelevantType(string type) { ( - sourceModel(type, _, _) or - sinkModel(type, _, _) or - summaryModel(type, _, _, _, _) or + sourceModel(type, _, _, _) or + sinkModel(type, _, _, _) or + summaryModel(type, _, _, _, _, _) or typeModel(_, type, _) ) and ( @@ -319,9 +333,9 @@ pragma[nomagic] predicate isRelevantFullPath(string type, string path) { isRelevantType(type) and ( - sourceModel(type, path, _) or - sinkModel(type, path, _) or - summaryModel(type, path, _, _, _) or + sourceModel(type, path, _, _) or + sinkModel(type, path, _, _) or + summaryModel(type, path, _, _, _, _) or typeModel(_, type, path) ) } @@ -331,8 +345,8 @@ private predicate accessPathRange(string s) { isRelevantFullPath(_, s) or exists(string type | isRelevantType(type) | - summaryModel(type, _, s, _, _) or - summaryModel(type, _, _, s, _) + summaryModel(type, _, s, _, _, _) or + summaryModel(type, _, _, s, _, _) ) or typeVariableModel(_, s) @@ -543,7 +557,7 @@ private API::Node getNodeFromPath(string type, AccessPath path) { pragma[nomagic] private predicate typeStepModel(string type, AccessPath basePath, AccessPath output) { - summaryModel(type, basePath, "", output, "type") + summaryModel(type, basePath, "", output, "type", _) } pragma[nomagic] @@ -621,9 +635,9 @@ module ModelOutput { * Holds if a CSV source model contributed `source` with the given `kind`. */ cached - API::Node getASourceNode(string kind) { + API::Node getASourceNode(string kind, string model) { exists(string type, string path | - sourceModel(type, path, kind) and + sourceModel(type, path, kind, model) and result = getNodeFromPath(type, path) ) } @@ -632,9 +646,9 @@ module ModelOutput { * Holds if a CSV sink model contributed `sink` with the given `kind`. */ cached - API::Node getASinkNode(string kind) { + API::Node getASinkNode(string kind, string model) { exists(string type, string path | - sinkModel(type, path, kind) and + sinkModel(type, path, kind, model) and result = getNodeFromPath(type, path) ) } @@ -644,10 +658,10 @@ module ModelOutput { */ cached predicate relevantSummaryModel( - string type, string path, string input, string output, string kind + string type, string path, string input, string output, string kind, string model ) { isRelevantType(type) and - summaryModel(type, path, input, output, kind) + summaryModel(type, path, input, output, kind, model) } /** @@ -655,7 +669,7 @@ module ModelOutput { */ cached predicate resolvedSummaryBase(string type, string path, Specific::InvokeNode baseNode) { - summaryModel(type, path, _, _, _) and + summaryModel(type, path, _, _, _, _) and baseNode = getInvocationFromPath(type, path) } @@ -664,7 +678,7 @@ module ModelOutput { */ cached predicate resolvedSummaryRefBase(string type, string path, API::Node baseNode) { - summaryModel(type, path, _, _, _) and + summaryModel(type, path, _, _, _, _) and baseNode = getNodeFromPath(type, path) } @@ -680,12 +694,22 @@ module ModelOutput { import Specific::ModelOutputSpecific private import codeql.mad.ModelValidation as SharedModelVal + /** + * Holds if a CSV source model contributed `source` with the given `kind`. + */ + API::Node getASourceNode(string kind) { result = getASourceNode(kind, _) } + + /** + * Holds if a CSV sink model contributed `sink` with the given `kind`. + */ + API::Node getASinkNode(string kind) { result = getASinkNode(kind, _) } + private module KindValConfig implements SharedModelVal::KindValidationConfigSig { - predicate summaryKind(string kind) { summaryModel(_, _, _, _, kind) } + predicate summaryKind(string kind) { summaryModel(_, _, _, _, kind, _) } - predicate sinkKind(string kind) { sinkModel(_, _, kind) } + predicate sinkKind(string kind) { sinkModel(_, _, kind, _) } - predicate sourceKind(string kind) { sourceModel(_, _, kind) } + predicate sourceKind(string kind) { sourceModel(_, _, kind, _) } } private module KindVal = SharedModelVal::KindValidation; diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll index f0edf1702d3c..51e71f68b1ee 100644 --- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll +++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll @@ -8,13 +8,15 @@ * * The kind `remote` represents a general remote flow source. */ -extensible predicate sourceModel(string type, string path, string kind); +extensible predicate sourceModel( + string type, string path, string kind, QlBuiltins::ExtensionId madId +); /** * Holds if the value at `(type, path)` should be seen as a sink * of the given `kind`. */ -extensible predicate sinkModel(string type, string path, string kind); +extensible predicate sinkModel(string type, string path, string kind, QlBuiltins::ExtensionId madId); /** * Holds if in calls to `(type, path)`, the value referred to by `input` @@ -23,7 +25,9 @@ extensible predicate sinkModel(string type, string path, string kind); * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps, * respectively. */ -extensible predicate summaryModel(string type, string path, string input, string output, string kind); +extensible predicate summaryModel( + string type, string path, string input, string output, string kind, QlBuiltins::ExtensionId madId +); /** * Holds if calls to `(type, path)` should be considered neutral. The meaning of this depends on the `kind`. diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll index 6b20cf2398eb..e7c61536aa90 100644 --- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll +++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll @@ -138,7 +138,7 @@ predicate invocationMatchesExtraCallSiteFilter(API::CallNode invoke, AccessPathT pragma[nomagic] private predicate relevantInputOutputPath(API::CallNode base, AccessPath inputOrOutput) { exists(string type, string input, string output, string path | - ModelOutput::relevantSummaryModel(type, path, input, output, _) and + ModelOutput::relevantSummaryModel(type, path, input, output, _, _) and ModelOutput::resolvedSummaryBase(type, path, base) and inputOrOutput = [input, output] ) @@ -170,7 +170,7 @@ private API::Node getNodeFromInputOutputPath(API::CallNode baseNode, AccessPath */ predicate summaryStep(API::Node pred, API::Node succ, string kind) { exists(string type, string path, API::CallNode base, AccessPath input, AccessPath output | - ModelOutput::relevantSummaryModel(type, path, input, output, kind) and + ModelOutput::relevantSummaryModel(type, path, input, output, kind, _) and // TODO??? ModelOutput::resolvedSummaryBase(type, path, base) and pred = getNodeFromInputOutputPath(base, input) and succ = getNodeFromInputOutputPath(base, output) diff --git a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll index 82e3c3121d0b..a65569510dff 100644 --- a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll +++ b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll @@ -157,12 +157,12 @@ class ExternalApiDataNode extends DataFlow::Node { ExternalApiDataNode() { exists(InterestingExternalApiCall call | this = call.getArgument(_)) and // Not already modeled as a taint step - not TaintTrackingPrivate::defaultAdditionalTaintStep(this, _) and + not TaintTrackingPrivate::defaultAdditionalTaintStep(this, _, _) and // for `list.append(x)`, we have a additional taint step from x -> [post] list. // Since we have modeled this explicitly, I don't see any cases where we would want to report this. not exists(DataFlow::PostUpdateNode post | post.getPreUpdateNode() = this and - TaintTrackingPrivate::defaultAdditionalTaintStep(_, post) + TaintTrackingPrivate::defaultAdditionalTaintStep(_, post, _) ) } } diff --git a/python/ql/test/experimental/dataflow/summaries/summaries.expected b/python/ql/test/experimental/dataflow/summaries/summaries.expected index 847ec210b3ce..2749c882707f 100644 --- a/python/ql/test/experimental/dataflow/summaries/summaries.expected +++ b/python/ql/test/experimental/dataflow/summaries/summaries.expected @@ -1,49 +1,49 @@ edges | summaries.py:32:1:32:7 | ControlFlowNode for tainted | summaries.py:33:6:33:12 | ControlFlowNode for tainted | provenance | | | summaries.py:32:11:32:26 | ControlFlowNode for identity() | summaries.py:32:1:32:7 | ControlFlowNode for tainted | provenance | | -| summaries.py:32:20:32:25 | ControlFlowNode for SOURCE | summaries.py:32:11:32:26 | ControlFlowNode for identity() | provenance | | +| summaries.py:32:20:32:25 | ControlFlowNode for SOURCE | summaries.py:32:11:32:26 | ControlFlowNode for identity() | provenance | identity | | summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda | provenance | | | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | summaries.py:36:1:36:14 | ControlFlowNode for tainted_lambda | provenance | | | summaries.py:36:38:36:38 | ControlFlowNode for x | summaries.py:36:41:36:45 | ControlFlowNode for BinaryExpr | provenance | | -| summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | provenance | | -| summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | summaries.py:36:38:36:38 | ControlFlowNode for x | provenance | | +| summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | provenance | apply_lambda | +| summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | summaries.py:36:38:36:38 | ControlFlowNode for x | provenance | apply_lambda | | summaries.py:44:1:44:12 | ControlFlowNode for tainted_list | summaries.py:45:6:45:20 | ControlFlowNode for Subscript | provenance | | | summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | provenance | | | summaries.py:44:16:44:33 | ControlFlowNode for reversed() | summaries.py:44:1:44:12 | ControlFlowNode for tainted_list | provenance | | | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | summaries.py:44:1:44:12 | ControlFlowNode for tainted_list [List element] | provenance | | -| summaries.py:44:25:44:32 | ControlFlowNode for List | summaries.py:44:16:44:33 | ControlFlowNode for reversed() | provenance | | -| summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | provenance | | +| summaries.py:44:25:44:32 | ControlFlowNode for List | summaries.py:44:16:44:33 | ControlFlowNode for reversed() | provenance | builtins.reversed | +| summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | provenance | builtins.reversed | | summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List | provenance | | | summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | provenance | | | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | summaries.py:45:6:45:20 | ControlFlowNode for Subscript | provenance | | | summaries.py:48:15:48:15 | ControlFlowNode for x | summaries.py:49:12:49:18 | ControlFlowNode for BinaryExpr | provenance | | | summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | provenance | | | summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | summaries.py:51:1:51:14 | ControlFlowNode for tainted_mapped [List element] | provenance | | -| summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | summaries.py:48:15:48:15 | ControlFlowNode for x | provenance | | -| summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | provenance | | +| summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | summaries.py:48:15:48:15 | ControlFlowNode for x | provenance | list_map | +| summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | provenance | list_map | | summaries.py:51:39:51:44 | ControlFlowNode for SOURCE | summaries.py:51:38:51:45 | ControlFlowNode for List [List element] | provenance | | | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] | summaries.py:52:6:52:22 | ControlFlowNode for Subscript | provenance | | | summaries.py:54:23:54:23 | ControlFlowNode for x | summaries.py:55:12:55:12 | ControlFlowNode for x | provenance | | | summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | provenance | | | summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | summaries.py:57:1:57:23 | ControlFlowNode for tainted_mapped_explicit [List element] | provenance | | -| summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | summaries.py:54:23:54:23 | ControlFlowNode for x | provenance | | -| summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | provenance | | +| summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | summaries.py:54:23:54:23 | ControlFlowNode for x | provenance | list_map | +| summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | summaries.py:57:27:57:63 | ControlFlowNode for list_map() [List element] | provenance | list_map | | summaries.py:57:56:57:61 | ControlFlowNode for SOURCE | summaries.py:57:55:57:62 | ControlFlowNode for List [List element] | provenance | | | summaries.py:58:6:58:28 | ControlFlowNode for tainted_mapped_explicit [List element] | summaries.py:58:6:58:31 | ControlFlowNode for Subscript | provenance | | | summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | provenance | | | summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | summaries.py:60:1:60:22 | ControlFlowNode for tainted_mapped_summary [List element] | provenance | | -| summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | provenance | | +| summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | summaries.py:60:26:60:53 | ControlFlowNode for list_map() [List element] | provenance | list_map | | summaries.py:60:46:60:51 | ControlFlowNode for SOURCE | summaries.py:60:45:60:52 | ControlFlowNode for List [List element] | provenance | | | summaries.py:61:6:61:27 | ControlFlowNode for tainted_mapped_summary [List element] | summaries.py:61:6:61:30 | ControlFlowNode for Subscript | provenance | | | summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | provenance | | | summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | summaries.py:63:1:63:12 | ControlFlowNode for tainted_list [List element] | provenance | | -| summaries.py:63:35:63:40 | ControlFlowNode for SOURCE | summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | provenance | | +| summaries.py:63:35:63:40 | ControlFlowNode for SOURCE | summaries.py:63:16:63:41 | ControlFlowNode for append_to_list() [List element] | provenance | append_to_list | | summaries.py:64:6:64:17 | ControlFlowNode for tainted_list [List element] | summaries.py:64:6:64:20 | ControlFlowNode for Subscript | provenance | | | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | summaries.py:68:6:68:26 | ControlFlowNode for Subscript | provenance | | | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | provenance | | | summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist [List element] | provenance | | -| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | provenance | | -| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | provenance | | +| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:1:67:18 | ControlFlowNode for tainted_resultlist | provenance | AdditionalTaintStep | +| summaries.py:67:33:67:38 | ControlFlowNode for SOURCE | summaries.py:67:22:67:39 | ControlFlowNode for json_loads() [List element] | provenance | json.loads | | summaries.py:68:6:68:23 | ControlFlowNode for tainted_resultlist [List element] | summaries.py:68:6:68:26 | ControlFlowNode for Subscript | provenance | | nodes | summaries.py:32:1:32:7 | ControlFlowNode for tainted | semmle.label | ControlFlowNode for tainted | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected b/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected index b96f44e358bb..0eccd8c13b26 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected @@ -3,11 +3,11 @@ edges | TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | provenance | | | TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | provenance | | | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | provenance | | -| TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | provenance | | +| TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | provenance | list.append | | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | provenance | | | TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | provenance | | | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result | provenance | | -| TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | provenance | | +| TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | provenance | list.append | | TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | provenance | | | TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | provenance | | | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | provenance | | @@ -58,7 +58,7 @@ edges | TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar | TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | provenance | | | TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | provenance | | | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | TarSlipImprov.py:236:44:236:50 | ControlFlowNode for members | provenance | | -| TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | provenance | | +| TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | provenance | list.append | | TarSlipImprov.py:258:6:258:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | provenance | | | TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | provenance | | | TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | TarSlipImprov.py:261:25:261:29 | ControlFlowNode for entry | provenance | | @@ -83,7 +83,7 @@ edges | TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:304:1:304:3 | ControlFlowNode for tar | provenance | | | TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | provenance | | | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | TarSlipImprov.py:310:49:310:54 | ControlFlowNode for result | provenance | | -| TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | provenance | | +| TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | provenance | list.append | nodes | TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar | | TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected b/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected index f5af1aac6479..c98bf111545d 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected @@ -1,16 +1,19 @@ edges | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | provenance | | | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | provenance | | -| UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | provenance | | -| UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | provenance | | +| UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | provenance | | +| UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | provenance | dict.get | | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | provenance | | | UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | provenance | | | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | provenance | | | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | UnsafeUnpack.py:19:35:19:41 | ControlFlowNode for tarpath | provenance | | | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | provenance | | | UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | provenance | | +| UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | provenance | | +| UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | provenance | | | UnsafeUnpack.py:33:50:33:65 | ControlFlowNode for local_ziped_path | UnsafeUnpack.py:34:23:34:38 | ControlFlowNode for local_ziped_path | provenance | | | UnsafeUnpack.py:47:20:47:34 | ControlFlowNode for compressed_file | UnsafeUnpack.py:48:23:48:37 | ControlFlowNode for compressed_file | provenance | | @@ -18,15 +21,17 @@ edges | UnsafeUnpack.py:51:19:51:36 | ControlFlowNode for Attribute() | UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file | provenance | | | UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file | UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file | provenance | | | UnsafeUnpack.py:65:19:65:31 | ControlFlowNode for Attribute | UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file | provenance | | -| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | provenance | | -| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | provenance | | +| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | provenance | | | UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | provenance | | | UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | provenance | | | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:87:23:87:29 | ControlFlowNode for tarpath | provenance | | | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | provenance | | | UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | provenance | | +| UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | provenance | | +| UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | provenance | | | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | UnsafeUnpack.py:105:35:105:42 | ControlFlowNode for savepath | provenance | | | UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | provenance | | @@ -35,8 +40,10 @@ edges | UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | provenance | | | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | provenance | | | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | provenance | | +| UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | provenance | AdditionalTaintStep | | UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | provenance | | | UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | provenance | | +| UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | provenance | dict.get | | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | provenance | | | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | UnsafeUnpack.py:112:35:112:43 | ControlFlowNode for file_path | provenance | | | UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | provenance | | @@ -64,19 +71,22 @@ edges | UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | provenance | | | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | provenance | | | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | provenance | | +| UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | provenance | AdditionalTaintStep | | UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | provenance | | | UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | provenance | | | UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | provenance | | | UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | provenance | | | UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | provenance | | | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | provenance | | -| UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | provenance | | +| UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | provenance | list.append | | UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | provenance | | | UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | provenance | | | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | provenance | | | UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | provenance | | | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | provenance | | +| UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | provenance | | +| UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | provenance | | | UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:1:176:34 | ControlFlowNode for Attribute() | provenance | | | UnsafeUnpack.py:194:53:194:55 | ControlFlowNode for tmp | UnsafeUnpack.py:201:29:201:31 | ControlFlowNode for tmp | provenance | | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected index 2754b5b8c065..06cf81cc6aaf 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/TemplateInjection.expected @@ -2,44 +2,44 @@ edges | AirspeedSsti.py:2:26:2:32 | ControlFlowNode for ImportMember | AirspeedSsti.py:2:26:2:32 | ControlFlowNode for request | provenance | | | AirspeedSsti.py:2:26:2:32 | ControlFlowNode for request | AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request | provenance | | | AirspeedSsti.py:10:5:10:12 | ControlFlowNode for template | AirspeedSsti.py:11:30:11:37 | ControlFlowNode for template | provenance | | -| AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request | AirspeedSsti.py:10:16:10:27 | ControlFlowNode for Attribute | provenance | | -| AirspeedSsti.py:10:16:10:27 | ControlFlowNode for Attribute | AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | provenance | | +| AirspeedSsti.py:10:16:10:22 | ControlFlowNode for request | AirspeedSsti.py:10:16:10:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| AirspeedSsti.py:10:16:10:27 | ControlFlowNode for Attribute | AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | provenance | dict.get | | AirspeedSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | AirspeedSsti.py:10:5:10:12 | ControlFlowNode for template | provenance | | | CheetahSinks.py:1:26:1:32 | ControlFlowNode for ImportMember | CheetahSinks.py:1:26:1:32 | ControlFlowNode for request | provenance | | | CheetahSinks.py:1:26:1:32 | ControlFlowNode for request | CheetahSinks.py:10:16:10:22 | ControlFlowNode for request | provenance | | | CheetahSinks.py:1:26:1:32 | ControlFlowNode for request | CheetahSinks.py:21:16:21:22 | ControlFlowNode for request | provenance | | | CheetahSinks.py:10:5:10:12 | ControlFlowNode for template | CheetahSinks.py:11:21:11:28 | ControlFlowNode for template | provenance | | -| CheetahSinks.py:10:16:10:22 | ControlFlowNode for request | CheetahSinks.py:10:16:10:27 | ControlFlowNode for Attribute | provenance | | -| CheetahSinks.py:10:16:10:27 | ControlFlowNode for Attribute | CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() | provenance | | +| CheetahSinks.py:10:16:10:22 | ControlFlowNode for request | CheetahSinks.py:10:16:10:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| CheetahSinks.py:10:16:10:27 | ControlFlowNode for Attribute | CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() | provenance | dict.get | | CheetahSinks.py:10:16:10:43 | ControlFlowNode for Attribute() | CheetahSinks.py:10:5:10:12 | ControlFlowNode for template | provenance | | | CheetahSinks.py:21:5:21:12 | ControlFlowNode for template | CheetahSinks.py:22:20:22:27 | ControlFlowNode for template | provenance | | -| CheetahSinks.py:21:16:21:22 | ControlFlowNode for request | CheetahSinks.py:21:16:21:27 | ControlFlowNode for Attribute | provenance | | -| CheetahSinks.py:21:16:21:27 | ControlFlowNode for Attribute | CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() | provenance | | +| CheetahSinks.py:21:16:21:22 | ControlFlowNode for request | CheetahSinks.py:21:16:21:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| CheetahSinks.py:21:16:21:27 | ControlFlowNode for Attribute | CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() | provenance | dict.get | | CheetahSinks.py:21:16:21:43 | ControlFlowNode for Attribute() | CheetahSinks.py:21:5:21:12 | ControlFlowNode for template | provenance | | | ChevronSsti.py:1:26:1:32 | ControlFlowNode for ImportMember | ChevronSsti.py:1:26:1:32 | ControlFlowNode for request | provenance | | | ChevronSsti.py:1:26:1:32 | ControlFlowNode for request | ChevronSsti.py:10:16:10:22 | ControlFlowNode for request | provenance | | | ChevronSsti.py:10:5:10:12 | ControlFlowNode for template | ChevronSsti.py:11:27:11:34 | ControlFlowNode for template | provenance | | -| ChevronSsti.py:10:16:10:22 | ControlFlowNode for request | ChevronSsti.py:10:16:10:27 | ControlFlowNode for Attribute | provenance | | -| ChevronSsti.py:10:16:10:27 | ControlFlowNode for Attribute | ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | provenance | | +| ChevronSsti.py:10:16:10:22 | ControlFlowNode for request | ChevronSsti.py:10:16:10:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| ChevronSsti.py:10:16:10:27 | ControlFlowNode for Attribute | ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | provenance | dict.get | | ChevronSsti.py:10:16:10:43 | ControlFlowNode for Attribute() | ChevronSsti.py:10:5:10:12 | ControlFlowNode for template | provenance | | -| DjangoTemplates.py:6:8:6:14 | ControlFlowNode for request | DjangoTemplates.py:8:5:8:12 | ControlFlowNode for template | provenance | | +| DjangoTemplates.py:6:8:6:14 | ControlFlowNode for request | DjangoTemplates.py:8:5:8:12 | ControlFlowNode for template | provenance | AdditionalTaintStep | | DjangoTemplates.py:8:5:8:12 | ControlFlowNode for template | DjangoTemplates.py:9:18:9:25 | ControlFlowNode for template | provenance | | | FlaskTemplate.py:1:26:1:32 | ControlFlowNode for ImportMember | FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | provenance | | | FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request | provenance | | | FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request | provenance | | | FlaskTemplate.py:1:26:1:32 | ControlFlowNode for request | FlaskTemplate.py:17:41:17:47 | ControlFlowNode for request | provenance | | -| FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | provenance | | -| FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | provenance | | -| FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | FlaskTemplate.py:11:39:11:66 | ControlFlowNode for Attribute() | provenance | | -| FlaskTemplate.py:17:41:17:47 | ControlFlowNode for request | FlaskTemplate.py:17:41:17:52 | ControlFlowNode for Attribute | provenance | | -| FlaskTemplate.py:17:41:17:52 | ControlFlowNode for Attribute | FlaskTemplate.py:17:41:17:68 | ControlFlowNode for Attribute() | provenance | | -| JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | provenance | | +| FlaskTemplate.py:10:8:10:14 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| FlaskTemplate.py:11:39:11:45 | ControlFlowNode for request | FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| FlaskTemplate.py:11:39:11:50 | ControlFlowNode for Attribute | FlaskTemplate.py:11:39:11:66 | ControlFlowNode for Attribute() | provenance | dict.get | +| FlaskTemplate.py:17:41:17:47 | ControlFlowNode for request | FlaskTemplate.py:17:41:17:52 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| FlaskTemplate.py:17:41:17:52 | ControlFlowNode for Attribute | FlaskTemplate.py:17:41:17:68 | ControlFlowNode for Attribute() | provenance | dict.get | +| JinjaSsti.py:7:7:7:13 | ControlFlowNode for request | JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | provenance | AdditionalTaintStep | | JinjaSsti.py:9:5:9:12 | ControlFlowNode for template | JinjaSsti.py:10:25:10:32 | ControlFlowNode for template | provenance | | -| JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | provenance | | +| JinjaSsti.py:16:7:16:13 | ControlFlowNode for request | JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | provenance | AdditionalTaintStep | | JinjaSsti.py:19:5:19:12 | ControlFlowNode for template | JinjaSsti.py:20:28:20:35 | ControlFlowNode for template | provenance | | -| MakoSsti.py:6:10:6:16 | ControlFlowNode for request | MakoSsti.py:8:5:8:12 | ControlFlowNode for template | provenance | | +| MakoSsti.py:6:10:6:16 | ControlFlowNode for request | MakoSsti.py:8:5:8:12 | ControlFlowNode for template | provenance | AdditionalTaintStep | | MakoSsti.py:8:5:8:12 | ControlFlowNode for template | MakoSsti.py:9:27:9:34 | ControlFlowNode for template | provenance | | -| TRender.py:5:13:5:19 | ControlFlowNode for request | TRender.py:6:5:6:12 | ControlFlowNode for template | provenance | | +| TRender.py:5:13:5:19 | ControlFlowNode for request | TRender.py:6:5:6:12 | ControlFlowNode for template | provenance | AdditionalTaintStep | | TRender.py:6:5:6:12 | ControlFlowNode for template | TRender.py:7:24:7:31 | ControlFlowNode for template | provenance | | nodes | AirspeedSsti.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/EmailXss.expected b/python/ql/test/experimental/query-tests/Security/CWE-079/EmailXss.expected index 8581fcda227f..d878762ebdaa 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-079/EmailXss.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-079/EmailXss.expected @@ -3,37 +3,37 @@ edges | flask_mail.py:1:19:1:25 | ControlFlowNode for request | flask_mail.py:13:22:13:28 | ControlFlowNode for request | provenance | | | flask_mail.py:1:19:1:25 | ControlFlowNode for request | flask_mail.py:18:14:18:20 | ControlFlowNode for request | provenance | | | flask_mail.py:1:19:1:25 | ControlFlowNode for request | flask_mail.py:31:24:31:30 | ControlFlowNode for request | provenance | | -| flask_mail.py:13:22:13:28 | ControlFlowNode for request | flask_mail.py:13:22:13:41 | ControlFlowNode for Subscript | provenance | | -| flask_mail.py:13:22:13:28 | ControlFlowNode for request | flask_mail.py:18:14:18:33 | ControlFlowNode for Subscript | provenance | | -| flask_mail.py:18:14:18:20 | ControlFlowNode for request | flask_mail.py:18:14:18:33 | ControlFlowNode for Subscript | provenance | | -| flask_mail.py:31:24:31:30 | ControlFlowNode for request | flask_mail.py:31:24:31:43 | ControlFlowNode for Subscript | provenance | | +| flask_mail.py:13:22:13:28 | ControlFlowNode for request | flask_mail.py:13:22:13:41 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | +| flask_mail.py:13:22:13:28 | ControlFlowNode for request | flask_mail.py:18:14:18:33 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | +| flask_mail.py:18:14:18:20 | ControlFlowNode for request | flask_mail.py:18:14:18:33 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | +| flask_mail.py:31:24:31:30 | ControlFlowNode for request | flask_mail.py:31:24:31:43 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | provenance | | | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | provenance | | | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request | provenance | | | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | provenance | | -| sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | sendgrid_mail.py:14:22:14:49 | ControlFlowNode for Subscript | provenance | | -| sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request | sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript | provenance | | +| sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | sendgrid_mail.py:14:22:14:49 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | +| sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request | sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | | sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript | sendgrid_mail.py:26:22:26:62 | ControlFlowNode for HtmlContent() | provenance | | -| sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | sendgrid_mail.py:37:41:37:68 | ControlFlowNode for Subscript | provenance | | +| sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | sendgrid_mail.py:37:41:37:68 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for ImportMember | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | provenance | | | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | provenance | | | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | provenance | | | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | provenance | | -| sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:16:26:16:79 | ControlFlowNode for Attribute() | provenance | | -| sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:25:27:77 | ControlFlowNode for Attribute() | provenance | | -| sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | provenance | | -| sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:25:27:77 | ControlFlowNode for Attribute() | provenance | | -| sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | provenance | | -| sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | provenance | | +| sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:16:26:16:79 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:25:27:77 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:25:27:77 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for request | provenance | | | smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for request | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | provenance | | | smtplib_bad_subparts.py:17:5:17:8 | ControlFlowNode for name | smtplib_bad_subparts.py:20:5:20:8 | ControlFlowNode for html | provenance | | -| smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | smtplib_bad_subparts.py:17:5:17:8 | ControlFlowNode for name | provenance | | +| smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | smtplib_bad_subparts.py:17:5:17:8 | ControlFlowNode for name | provenance | AdditionalTaintStep | | smtplib_bad_subparts.py:20:5:20:8 | ControlFlowNode for html | smtplib_bad_subparts.py:24:22:24:25 | ControlFlowNode for html | provenance | | | smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for request | provenance | | | smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for request | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | provenance | | | smtplib_bad_via_attach.py:20:5:20:8 | ControlFlowNode for name | smtplib_bad_via_attach.py:23:5:23:8 | ControlFlowNode for html | provenance | | -| smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | smtplib_bad_via_attach.py:20:5:20:8 | ControlFlowNode for name | provenance | | +| smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | smtplib_bad_via_attach.py:20:5:20:8 | ControlFlowNode for name | provenance | AdditionalTaintStep | | smtplib_bad_via_attach.py:23:5:23:8 | ControlFlowNode for html | smtplib_bad_via_attach.py:27:22:27:25 | ControlFlowNode for html | provenance | | nodes | django_mail.py:14:48:14:82 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected index 5f899a4d1a12..d10801045a1c 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected @@ -2,12 +2,13 @@ edges | xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | xslt.py:3:26:3:32 | ControlFlowNode for request | provenance | | | xslt.py:3:26:3:32 | ControlFlowNode for request | xslt.py:10:17:10:23 | ControlFlowNode for request | provenance | | | xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery | xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | provenance | | -| xslt.py:10:17:10:23 | ControlFlowNode for request | xslt.py:10:17:10:28 | ControlFlowNode for Attribute | provenance | | -| xslt.py:10:17:10:28 | ControlFlowNode for Attribute | xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | provenance | | +| xslt.py:10:17:10:23 | ControlFlowNode for request | xslt.py:10:17:10:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xslt.py:10:17:10:28 | ControlFlowNode for Attribute | xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | provenance | dict.get | | xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery | provenance | | | xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | xslt.py:14:29:14:37 | ControlFlowNode for xslt_root | provenance | | | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | provenance | | | xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | | +| xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | xsltInjection.py:3:26:3:32 | ControlFlowNode for ImportMember | xsltInjection.py:3:26:3:32 | ControlFlowNode for request | provenance | | | xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:10:17:10:23 | ControlFlowNode for request | provenance | | | xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:17:17:17:23 | ControlFlowNode for request | provenance | | @@ -15,41 +16,46 @@ edges | xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:35:17:35:23 | ControlFlowNode for request | provenance | | | xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:44:17:44:23 | ControlFlowNode for request | provenance | | | xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery | xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | provenance | | -| xsltInjection.py:10:17:10:23 | ControlFlowNode for request | xsltInjection.py:10:17:10:28 | ControlFlowNode for Attribute | provenance | | -| xsltInjection.py:10:17:10:28 | ControlFlowNode for Attribute | xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | provenance | | +| xsltInjection.py:10:17:10:23 | ControlFlowNode for request | xsltInjection.py:10:17:10:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xsltInjection.py:10:17:10:28 | ControlFlowNode for Attribute | xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | provenance | dict.get | | xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery | provenance | | | xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root | provenance | | | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | provenance | | | xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | | +| xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | provenance | | -| xsltInjection.py:17:17:17:23 | ControlFlowNode for request | xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute | provenance | | -| xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute | xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | provenance | | +| xsltInjection.py:17:17:17:23 | ControlFlowNode for request | xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute | xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | provenance | dict.get | | xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | provenance | | | xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root | provenance | | | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | provenance | | | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | provenance | | +| xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | provenance | | -| xsltInjection.py:26:17:26:23 | ControlFlowNode for request | xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute | provenance | | -| xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute | xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | provenance | | +| xsltInjection.py:26:17:26:23 | ControlFlowNode for request | xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute | xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | provenance | dict.get | | xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | provenance | | | xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root | provenance | | | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | provenance | | | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | provenance | | +| xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | provenance | | -| xsltInjection.py:35:17:35:23 | ControlFlowNode for request | xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute | provenance | | -| xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute | xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | provenance | | +| xsltInjection.py:35:17:35:23 | ControlFlowNode for request | xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute | xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | provenance | dict.get | | xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | provenance | | | xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root | provenance | | | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | provenance | | | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | provenance | | +| xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | provenance | | -| xsltInjection.py:44:17:44:23 | ControlFlowNode for request | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | provenance | | -| xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | provenance | | +| xsltInjection.py:44:17:44:23 | ControlFlowNode for request | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | provenance | dict.get | | xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | provenance | | | xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | provenance | | | xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | provenance | | | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | provenance | | | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | | +| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | nodes | xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | xslt.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected index 67144ed11995..ae54d0fe0c16 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected @@ -9,13 +9,13 @@ edges | flask_bad.py:1:29:1:35 | ControlFlowNode for request | flask_bad.py:27:18:27:24 | ControlFlowNode for request | provenance | | | flask_bad.py:1:29:1:35 | ControlFlowNode for request | flask_bad.py:35:18:35:24 | ControlFlowNode for request | provenance | | | flask_bad.py:9:5:9:14 | ControlFlowNode for rfs_header | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header | provenance | | -| flask_bad.py:9:18:9:24 | ControlFlowNode for request | flask_bad.py:9:5:9:14 | ControlFlowNode for rfs_header | provenance | | +| flask_bad.py:9:18:9:24 | ControlFlowNode for request | flask_bad.py:9:5:9:14 | ControlFlowNode for rfs_header | provenance | AdditionalTaintStep | | flask_bad.py:19:5:19:14 | ControlFlowNode for rfs_header | flask_bad.py:21:38:21:47 | ControlFlowNode for rfs_header | provenance | | -| flask_bad.py:19:18:19:24 | ControlFlowNode for request | flask_bad.py:19:5:19:14 | ControlFlowNode for rfs_header | provenance | | +| flask_bad.py:19:18:19:24 | ControlFlowNode for request | flask_bad.py:19:5:19:14 | ControlFlowNode for rfs_header | provenance | AdditionalTaintStep | | flask_bad.py:27:5:27:14 | ControlFlowNode for rfs_header | flask_bad.py:29:34:29:43 | ControlFlowNode for rfs_header | provenance | | -| flask_bad.py:27:18:27:24 | ControlFlowNode for request | flask_bad.py:27:5:27:14 | ControlFlowNode for rfs_header | provenance | | +| flask_bad.py:27:18:27:24 | ControlFlowNode for request | flask_bad.py:27:5:27:14 | ControlFlowNode for rfs_header | provenance | AdditionalTaintStep | | flask_bad.py:35:5:35:14 | ControlFlowNode for rfs_header | flask_bad.py:38:24:38:33 | ControlFlowNode for rfs_header | provenance | | -| flask_bad.py:35:18:35:24 | ControlFlowNode for request | flask_bad.py:35:5:35:14 | ControlFlowNode for rfs_header | provenance | | +| flask_bad.py:35:18:35:24 | ControlFlowNode for request | flask_bad.py:35:5:35:14 | ControlFlowNode for rfs_header | provenance | AdditionalTaintStep | nodes | django_bad.py:5:5:5:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header | | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-1236/CsvInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-1236/CsvInjection.expected index 170dda187e93..5152f7353f25 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-1236/CsvInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-1236/CsvInjection.expected @@ -4,12 +4,12 @@ edges | csv_bad.py:9:19:9:25 | ControlFlowNode for request | csv_bad.py:24:16:24:22 | ControlFlowNode for request | provenance | | | csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data | csv_bad.py:18:24:18:31 | ControlFlowNode for csv_data | provenance | | | csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data | csv_bad.py:19:25:19:32 | ControlFlowNode for csv_data | provenance | | -| csv_bad.py:16:16:16:22 | ControlFlowNode for request | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | provenance | | -| csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() | provenance | | +| csv_bad.py:16:16:16:22 | ControlFlowNode for request | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() | provenance | dict.get | | csv_bad.py:16:16:16:38 | ControlFlowNode for Attribute() | csv_bad.py:16:5:16:12 | ControlFlowNode for csv_data | provenance | | | csv_bad.py:24:5:24:12 | ControlFlowNode for csv_data | csv_bad.py:25:46:25:53 | ControlFlowNode for csv_data | provenance | | -| csv_bad.py:24:16:24:22 | ControlFlowNode for request | csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute | provenance | | -| csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute | csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() | provenance | | +| csv_bad.py:24:16:24:22 | ControlFlowNode for request | csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute | csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() | provenance | dict.get | | csv_bad.py:24:16:24:38 | ControlFlowNode for Attribute() | csv_bad.py:24:5:24:12 | ControlFlowNode for csv_data | provenance | | nodes | csv_bad.py:9:19:9:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected b/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected index aabdf46044eb..d3e625200fa0 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected @@ -4,13 +4,13 @@ edges | samples.py:2:26:2:32 | ControlFlowNode for request | samples.py:16:25:16:31 | ControlFlowNode for request | provenance | | | samples.py:9:5:9:14 | ControlFlowNode for user_input | samples.py:10:59:10:68 | ControlFlowNode for user_input | provenance | | | samples.py:9:18:9:47 | ControlFlowNode for escape() | samples.py:9:5:9:14 | ControlFlowNode for user_input | provenance | | -| samples.py:9:25:9:31 | ControlFlowNode for request | samples.py:9:25:9:36 | ControlFlowNode for Attribute | provenance | | -| samples.py:9:25:9:36 | ControlFlowNode for Attribute | samples.py:9:25:9:46 | ControlFlowNode for Attribute() | provenance | | +| samples.py:9:25:9:31 | ControlFlowNode for request | samples.py:9:25:9:36 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| samples.py:9:25:9:36 | ControlFlowNode for Attribute | samples.py:9:25:9:46 | ControlFlowNode for Attribute() | provenance | dict.get | | samples.py:9:25:9:46 | ControlFlowNode for Attribute() | samples.py:9:18:9:47 | ControlFlowNode for escape() | provenance | | | samples.py:16:5:16:14 | ControlFlowNode for user_input | samples.py:20:62:20:71 | ControlFlowNode for user_input | provenance | | | samples.py:16:18:16:47 | ControlFlowNode for escape() | samples.py:16:5:16:14 | ControlFlowNode for user_input | provenance | | -| samples.py:16:25:16:31 | ControlFlowNode for request | samples.py:16:25:16:36 | ControlFlowNode for Attribute | provenance | | -| samples.py:16:25:16:36 | ControlFlowNode for Attribute | samples.py:16:25:16:46 | ControlFlowNode for Attribute() | provenance | | +| samples.py:16:25:16:31 | ControlFlowNode for request | samples.py:16:25:16:36 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| samples.py:16:25:16:36 | ControlFlowNode for Attribute | samples.py:16:25:16:46 | ControlFlowNode for Attribute() | provenance | dict.get | | samples.py:16:25:16:46 | ControlFlowNode for Attribute() | samples.py:16:18:16:47 | ControlFlowNode for escape() | provenance | | nodes | samples.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-287-ConstantSecretKey/ConstantSecretKey.expected b/python/ql/test/experimental/query-tests/Security/CWE-287-ConstantSecretKey/ConstantSecretKey.expected index d339e0adc215..2a2d0c85ee0e 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-287-ConstantSecretKey/ConstantSecretKey.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-287-ConstantSecretKey/ConstantSecretKey.expected @@ -11,9 +11,9 @@ edges | config.py:7:13:7:23 | ControlFlowNode for Str | config.py:7:1:7:9 | ControlFlowNode for aConstant | provenance | | | config.py:12:18:12:26 | ControlFlowNode for aConstant | config.py:17:38:17:46 | ControlFlowNode for aConstant | provenance | | | config.py:12:18:12:26 | ControlFlowNode for aConstant | config.py:18:43:18:51 | ControlFlowNode for aConstant | provenance | | -| config.py:17:38:17:46 | ControlFlowNode for aConstant | config.py:17:18:17:47 | ControlFlowNode for Attribute() | provenance | | +| config.py:17:38:17:46 | ControlFlowNode for aConstant | config.py:17:18:17:47 | ControlFlowNode for Attribute() | provenance | os.getenv | | config.py:17:38:17:46 | ControlFlowNode for aConstant | config.py:18:43:18:51 | ControlFlowNode for aConstant | provenance | | -| config.py:18:43:18:51 | ControlFlowNode for aConstant | config.py:18:18:18:52 | ControlFlowNode for Attribute() | provenance | | +| config.py:18:43:18:51 | ControlFlowNode for aConstant | config.py:18:18:18:52 | ControlFlowNode for Attribute() | provenance | dict.get | nodes | app_safe.py:5:28:5:37 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str | | app_unsafe.py:4:1:4:9 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-522/LdapInsecureAuth.expected b/python/ql/test/experimental/query-tests/Security/CWE-522/LdapInsecureAuth.expected index 6ca5069e476d..b07d47c203c5 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-522/LdapInsecureAuth.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-522/LdapInsecureAuth.expected @@ -8,7 +8,7 @@ edges | ldap3_remote.py:126:5:126:8 | ControlFlowNode for host | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host | provenance | | | ldap3_remote.py:126:12:126:31 | ControlFlowNode for BinaryExpr | ldap3_remote.py:126:5:126:8 | ControlFlowNode for host | provenance | | | ldap3_remote.py:138:5:138:8 | ControlFlowNode for host | ldap3_remote.py:139:18:139:21 | ControlFlowNode for host | provenance | | -| ldap3_remote.py:138:21:138:27 | ControlFlowNode for request | ldap3_remote.py:138:5:138:8 | ControlFlowNode for host | provenance | | +| ldap3_remote.py:138:21:138:27 | ControlFlowNode for request | ldap3_remote.py:138:5:138:8 | ControlFlowNode for host | provenance | AdditionalTaintStep | nodes | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-614/CookieInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-614/CookieInjection.expected index 36e0074c7848..80dcbae21773 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-614/CookieInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-614/CookieInjection.expected @@ -6,11 +6,11 @@ edges | flask_bad.py:1:26:1:32 | ControlFlowNode for request | flask_bad.py:24:49:24:55 | ControlFlowNode for request | provenance | | | flask_bad.py:1:26:1:32 | ControlFlowNode for request | flask_bad.py:32:37:32:43 | ControlFlowNode for request | provenance | | | flask_bad.py:1:26:1:32 | ControlFlowNode for request | flask_bad.py:32:60:32:66 | ControlFlowNode for request | provenance | | -| flask_bad.py:24:21:24:27 | ControlFlowNode for request | flask_bad.py:24:21:24:40 | ControlFlowNode for Subscript | provenance | | -| flask_bad.py:24:21:24:27 | ControlFlowNode for request | flask_bad.py:24:49:24:69 | ControlFlowNode for Subscript | provenance | | -| flask_bad.py:24:49:24:55 | ControlFlowNode for request | flask_bad.py:24:49:24:69 | ControlFlowNode for Subscript | provenance | | -| flask_bad.py:32:37:32:43 | ControlFlowNode for request | flask_bad.py:32:34:32:98 | ControlFlowNode for Fstring | provenance | | -| flask_bad.py:32:60:32:66 | ControlFlowNode for request | flask_bad.py:32:34:32:98 | ControlFlowNode for Fstring | provenance | | +| flask_bad.py:24:21:24:27 | ControlFlowNode for request | flask_bad.py:24:21:24:40 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | +| flask_bad.py:24:21:24:27 | ControlFlowNode for request | flask_bad.py:24:49:24:69 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | +| flask_bad.py:24:49:24:55 | ControlFlowNode for request | flask_bad.py:24:49:24:69 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | +| flask_bad.py:32:37:32:43 | ControlFlowNode for request | flask_bad.py:32:34:32:98 | ControlFlowNode for Fstring | provenance | AdditionalTaintStep | +| flask_bad.py:32:60:32:66 | ControlFlowNode for request | flask_bad.py:32:34:32:98 | ControlFlowNode for Fstring | provenance | AdditionalTaintStep | nodes | django_bad.py:19:21:19:55 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | | django_bad.py:20:21:20:56 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-770/UnicodeDoS.expected b/python/ql/test/experimental/query-tests/Security/CWE-770/UnicodeDoS.expected index f98487ba7dad..430e7558fdc6 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-770/UnicodeDoS.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-770/UnicodeDoS.expected @@ -7,28 +7,28 @@ edges | tests.py:1:35:1:41 | ControlFlowNode for request | tests.py:60:9:60:15 | ControlFlowNode for request | provenance | | | tests.py:1:35:1:41 | ControlFlowNode for request | tests.py:72:9:72:15 | ControlFlowNode for request | provenance | | | tests.py:12:5:12:13 | ControlFlowNode for file_path | tests.py:16:39:16:47 | ControlFlowNode for file_path | provenance | | -| tests.py:12:17:12:23 | ControlFlowNode for request | tests.py:12:17:12:28 | ControlFlowNode for Attribute | provenance | | -| tests.py:12:17:12:28 | ControlFlowNode for Attribute | tests.py:12:17:12:49 | ControlFlowNode for Attribute() | provenance | | +| tests.py:12:17:12:23 | ControlFlowNode for request | tests.py:12:17:12:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| tests.py:12:17:12:28 | ControlFlowNode for Attribute | tests.py:12:17:12:49 | ControlFlowNode for Attribute() | provenance | dict.get | | tests.py:12:17:12:49 | ControlFlowNode for Attribute() | tests.py:12:5:12:13 | ControlFlowNode for file_path | provenance | | | tests.py:24:5:24:5 | ControlFlowNode for r | tests.py:28:43:28:43 | ControlFlowNode for r | provenance | | -| tests.py:24:9:24:15 | ControlFlowNode for request | tests.py:24:9:24:20 | ControlFlowNode for Attribute | provenance | | -| tests.py:24:9:24:20 | ControlFlowNode for Attribute | tests.py:24:9:24:33 | ControlFlowNode for Attribute() | provenance | | +| tests.py:24:9:24:15 | ControlFlowNode for request | tests.py:24:9:24:20 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| tests.py:24:9:24:20 | ControlFlowNode for Attribute | tests.py:24:9:24:33 | ControlFlowNode for Attribute() | provenance | dict.get | | tests.py:24:9:24:33 | ControlFlowNode for Attribute() | tests.py:24:5:24:5 | ControlFlowNode for r | provenance | | | tests.py:36:5:36:5 | ControlFlowNode for r | tests.py:40:43:40:43 | ControlFlowNode for r | provenance | | -| tests.py:36:9:36:15 | ControlFlowNode for request | tests.py:36:9:36:20 | ControlFlowNode for Attribute | provenance | | -| tests.py:36:9:36:20 | ControlFlowNode for Attribute | tests.py:36:9:36:33 | ControlFlowNode for Attribute() | provenance | | +| tests.py:36:9:36:15 | ControlFlowNode for request | tests.py:36:9:36:20 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| tests.py:36:9:36:20 | ControlFlowNode for Attribute | tests.py:36:9:36:33 | ControlFlowNode for Attribute() | provenance | dict.get | | tests.py:36:9:36:33 | ControlFlowNode for Attribute() | tests.py:36:5:36:5 | ControlFlowNode for r | provenance | | | tests.py:48:5:48:5 | ControlFlowNode for r | tests.py:52:43:52:43 | ControlFlowNode for r | provenance | | -| tests.py:48:9:48:15 | ControlFlowNode for request | tests.py:48:9:48:20 | ControlFlowNode for Attribute | provenance | | -| tests.py:48:9:48:20 | ControlFlowNode for Attribute | tests.py:48:9:48:33 | ControlFlowNode for Attribute() | provenance | | +| tests.py:48:9:48:15 | ControlFlowNode for request | tests.py:48:9:48:20 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| tests.py:48:9:48:20 | ControlFlowNode for Attribute | tests.py:48:9:48:33 | ControlFlowNode for Attribute() | provenance | dict.get | | tests.py:48:9:48:33 | ControlFlowNode for Attribute() | tests.py:48:5:48:5 | ControlFlowNode for r | provenance | | | tests.py:60:5:60:5 | ControlFlowNode for r | tests.py:64:43:64:43 | ControlFlowNode for r | provenance | | -| tests.py:60:9:60:15 | ControlFlowNode for request | tests.py:60:9:60:20 | ControlFlowNode for Attribute | provenance | | -| tests.py:60:9:60:20 | ControlFlowNode for Attribute | tests.py:60:9:60:33 | ControlFlowNode for Attribute() | provenance | | +| tests.py:60:9:60:15 | ControlFlowNode for request | tests.py:60:9:60:20 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| tests.py:60:9:60:20 | ControlFlowNode for Attribute | tests.py:60:9:60:33 | ControlFlowNode for Attribute() | provenance | dict.get | | tests.py:60:9:60:33 | ControlFlowNode for Attribute() | tests.py:60:5:60:5 | ControlFlowNode for r | provenance | | | tests.py:72:5:72:5 | ControlFlowNode for r | tests.py:76:43:76:43 | ControlFlowNode for r | provenance | | -| tests.py:72:9:72:15 | ControlFlowNode for request | tests.py:72:9:72:20 | ControlFlowNode for Attribute | provenance | | -| tests.py:72:9:72:20 | ControlFlowNode for Attribute | tests.py:72:9:72:33 | ControlFlowNode for Attribute() | provenance | | +| tests.py:72:9:72:15 | ControlFlowNode for request | tests.py:72:9:72:20 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| tests.py:72:9:72:20 | ControlFlowNode for Attribute | tests.py:72:9:72:33 | ControlFlowNode for Attribute() | provenance | dict.get | | tests.py:72:9:72:33 | ControlFlowNode for Attribute() | tests.py:72:5:72:5 | ControlFlowNode for r | provenance | | nodes | tests.py:1:35:1:41 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | diff --git a/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected b/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected index b93c133cd5a0..fb9a00ca1803 100644 --- a/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected +++ b/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected @@ -3,8 +3,8 @@ edges | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | testapp/orm_security_tests.py:51:14:51:53 | ControlFlowNode for Attribute() [Attribute age] | provenance | | | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute name] | provenance | | | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | testapp/orm_security_tests.py:47:14:47:53 | ControlFlowNode for Attribute() [Attribute name] | provenance | | -| testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:22:23:22:42 | ControlFlowNode for Subscript | provenance | | -| testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:23:22:23:40 | ControlFlowNode for Subscript | provenance | | +| testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:22:23:22:42 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | +| testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:23:22:23:40 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | | testapp/orm_security_tests.py:22:9:22:14 | [post] ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:23:9:23:14 | ControlFlowNode for person [Attribute name] | provenance | | | testapp/orm_security_tests.py:22:23:22:42 | ControlFlowNode for Subscript | testapp/orm_security_tests.py:22:9:22:14 | [post] ControlFlowNode for person [Attribute name] | provenance | | | testapp/orm_security_tests.py:23:9:23:14 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute name] | provenance | | @@ -31,7 +31,7 @@ edges | testapp/orm_security_tests.py:55:45:55:50 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:55:45:55:54 | ControlFlowNode for Attribute | provenance | | | testapp/orm_security_tests.py:55:45:55:54 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | provenance | | | testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | testapp/orm_security_tests.py:101:15:101:52 | ControlFlowNode for Attribute() [Attribute text] | provenance | | -| testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | testapp/orm_security_tests.py:96:44:96:63 | ControlFlowNode for Subscript | provenance | | +| testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | testapp/orm_security_tests.py:96:44:96:63 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | | testapp/orm_security_tests.py:96:5:96:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:97:5:97:11 | ControlFlowNode for comment [Attribute text] | provenance | | | testapp/orm_security_tests.py:96:15:96:64 | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] | testapp/orm_security_tests.py:96:5:96:11 | ControlFlowNode for comment [Attribute text] | provenance | | | testapp/orm_security_tests.py:96:44:96:63 | ControlFlowNode for Subscript | testapp/orm_security_tests.py:96:15:96:64 | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] | provenance | | @@ -40,7 +40,7 @@ edges | testapp/orm_security_tests.py:101:15:101:52 | ControlFlowNode for Attribute() [Attribute text] | testapp/orm_security_tests.py:101:5:101:11 | ControlFlowNode for comment [Attribute text] | provenance | | | testapp/orm_security_tests.py:102:25:102:31 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | provenance | | | testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | testapp/orm_security_tests.py:120:15:120:49 | ControlFlowNode for Attribute() [Attribute text] | provenance | | -| testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | testapp/orm_security_tests.py:115:41:115:60 | ControlFlowNode for Subscript | provenance | | +| testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | testapp/orm_security_tests.py:115:41:115:60 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | | testapp/orm_security_tests.py:115:5:115:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:117:5:117:11 | ControlFlowNode for comment [Attribute text] | provenance | | | testapp/orm_security_tests.py:115:15:115:61 | ControlFlowNode for CommentValidatorUsed() [Attribute text] | testapp/orm_security_tests.py:115:5:115:11 | ControlFlowNode for comment [Attribute text] | provenance | | | testapp/orm_security_tests.py:115:41:115:60 | ControlFlowNode for Subscript | testapp/orm_security_tests.py:115:15:115:61 | ControlFlowNode for CommentValidatorUsed() [Attribute text] | provenance | | diff --git a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected index b1347bde3fb7..178f63b4aabb 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected +++ b/python/ql/test/library-tests/frameworks/modeling-example/NaiveModel.expected @@ -1,19 +1,19 @@ edges -| test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | provenance | | -| test.py:29:11:29:18 | ControlFlowNode for source() | test.py:32:5:32:7 | ControlFlowNode for val | provenance | | +| test.py:21:11:21:18 | ControlFlowNode for source() | test.py:22:10:22:24 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| test.py:29:11:29:18 | ControlFlowNode for source() | test.py:32:5:32:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | | test.py:32:5:32:7 | ControlFlowNode for val | test.py:33:10:33:12 | ControlFlowNode for val | provenance | | | test.py:40:5:40:7 | ControlFlowNode for val | test.py:41:10:41:12 | ControlFlowNode for val | provenance | | | test.py:40:11:40:25 | ControlFlowNode for Attribute() | test.py:40:5:40:7 | ControlFlowNode for val | provenance | | -| test.py:45:11:45:18 | ControlFlowNode for source() | test.py:40:11:40:25 | ControlFlowNode for Attribute() | provenance | | +| test.py:45:11:45:18 | ControlFlowNode for source() | test.py:40:11:40:25 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | test.py:53:5:53:7 | ControlFlowNode for val | test.py:54:10:54:12 | ControlFlowNode for val | provenance | | | test.py:53:11:53:25 | ControlFlowNode for Attribute() | test.py:53:5:53:7 | ControlFlowNode for val | provenance | | -| test.py:70:11:70:18 | ControlFlowNode for source() | test.py:53:11:53:25 | ControlFlowNode for Attribute() | provenance | | +| test.py:70:11:70:18 | ControlFlowNode for source() | test.py:53:11:53:25 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | test.py:78:5:78:7 | ControlFlowNode for val | test.py:79:10:79:12 | ControlFlowNode for val | provenance | | | test.py:78:11:78:14 | ControlFlowNode for bm() | test.py:78:5:78:7 | ControlFlowNode for val | provenance | | -| test.py:83:11:83:18 | ControlFlowNode for source() | test.py:78:11:78:14 | ControlFlowNode for bm() | provenance | | +| test.py:83:11:83:18 | ControlFlowNode for source() | test.py:78:11:78:14 | ControlFlowNode for bm() | provenance | AdditionalTaintStep | | test.py:90:5:90:7 | ControlFlowNode for val | test.py:91:10:91:12 | ControlFlowNode for val | provenance | | | test.py:90:11:90:14 | ControlFlowNode for bm() | test.py:90:5:90:7 | ControlFlowNode for val | provenance | | -| test.py:107:11:107:18 | ControlFlowNode for source() | test.py:90:11:90:14 | ControlFlowNode for bm() | provenance | | +| test.py:107:11:107:18 | ControlFlowNode for source() | test.py:90:11:90:14 | ControlFlowNode for bm() | provenance | AdditionalTaintStep | nodes | test.py:21:11:21:18 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() | | test.py:22:10:22:24 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() | diff --git a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected index 1d3e33431134..86e0a1958f28 100644 --- a/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected +++ b/python/ql/test/library-tests/frameworks/modeling-example/ProperModel.expected @@ -1,17 +1,17 @@ edges -| test.py:21:5:21:7 | ControlFlowNode for src | test.py:22:10:22:24 | ControlFlowNode for Attribute() | provenance | | +| test.py:21:5:21:7 | ControlFlowNode for src | test.py:22:10:22:24 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | | test.py:21:11:21:18 | ControlFlowNode for source() | test.py:21:5:21:7 | ControlFlowNode for src | provenance | | | test.py:29:5:29:7 | ControlFlowNode for src | test.py:30:5:30:7 | ControlFlowNode for foo | provenance | | | test.py:29:11:29:18 | ControlFlowNode for source() | test.py:29:5:29:7 | ControlFlowNode for src | provenance | | -| test.py:30:5:30:7 | ControlFlowNode for foo | test.py:31:5:31:16 | ControlFlowNode for bound_method | provenance | | -| test.py:31:5:31:16 | ControlFlowNode for bound_method | test.py:32:5:32:7 | ControlFlowNode for val | provenance | | +| test.py:30:5:30:7 | ControlFlowNode for foo | test.py:31:5:31:16 | ControlFlowNode for bound_method | provenance | AdditionalTaintStep | +| test.py:31:5:31:16 | ControlFlowNode for bound_method | test.py:32:5:32:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | | test.py:32:5:32:7 | ControlFlowNode for val | test.py:33:10:33:12 | ControlFlowNode for val | provenance | | -| test.py:39:15:39:17 | ControlFlowNode for arg | test.py:40:5:40:7 | ControlFlowNode for val | provenance | | +| test.py:39:15:39:17 | ControlFlowNode for arg | test.py:40:5:40:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | | test.py:40:5:40:7 | ControlFlowNode for val | test.py:41:10:41:12 | ControlFlowNode for val | provenance | | | test.py:45:5:45:7 | ControlFlowNode for src | test.py:46:15:46:17 | ControlFlowNode for src | provenance | | | test.py:45:11:45:18 | ControlFlowNode for source() | test.py:45:5:45:7 | ControlFlowNode for src | provenance | | | test.py:46:15:46:17 | ControlFlowNode for src | test.py:39:15:39:17 | ControlFlowNode for arg | provenance | | -| test.py:52:24:52:26 | ControlFlowNode for arg | test.py:53:5:53:7 | ControlFlowNode for val | provenance | | +| test.py:52:24:52:26 | ControlFlowNode for arg | test.py:53:5:53:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | | test.py:53:5:53:7 | ControlFlowNode for val | test.py:54:10:54:12 | ControlFlowNode for val | provenance | | | test.py:57:33:57:35 | ControlFlowNode for arg | test.py:58:24:58:26 | ControlFlowNode for arg | provenance | | | test.py:58:24:58:26 | ControlFlowNode for arg | test.py:52:24:52:26 | ControlFlowNode for arg | provenance | | @@ -22,12 +22,12 @@ edges | test.py:70:5:70:7 | ControlFlowNode for src | test.py:71:33:71:35 | ControlFlowNode for src | provenance | | | test.py:70:11:70:18 | ControlFlowNode for source() | test.py:70:5:70:7 | ControlFlowNode for src | provenance | | | test.py:71:33:71:35 | ControlFlowNode for src | test.py:65:33:65:35 | ControlFlowNode for arg | provenance | | -| test.py:77:23:77:24 | ControlFlowNode for bm | test.py:78:5:78:7 | ControlFlowNode for val | provenance | | +| test.py:77:23:77:24 | ControlFlowNode for bm | test.py:78:5:78:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | | test.py:78:5:78:7 | ControlFlowNode for val | test.py:79:10:79:12 | ControlFlowNode for val | provenance | | -| test.py:83:5:83:7 | ControlFlowNode for src | test.py:84:23:84:35 | ControlFlowNode for Attribute | provenance | | +| test.py:83:5:83:7 | ControlFlowNode for src | test.py:84:23:84:35 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | | test.py:83:11:83:18 | ControlFlowNode for source() | test.py:83:5:83:7 | ControlFlowNode for src | provenance | | | test.py:84:23:84:35 | ControlFlowNode for Attribute | test.py:77:23:77:24 | ControlFlowNode for bm | provenance | | -| test.py:89:37:89:38 | ControlFlowNode for bm | test.py:90:5:90:7 | ControlFlowNode for val | provenance | | +| test.py:89:37:89:38 | ControlFlowNode for bm | test.py:90:5:90:7 | ControlFlowNode for val | provenance | AdditionalTaintStep | | test.py:90:5:90:7 | ControlFlowNode for val | test.py:91:10:91:12 | ControlFlowNode for val | provenance | | | test.py:94:46:94:47 | ControlFlowNode for bm | test.py:95:37:95:38 | ControlFlowNode for bm | provenance | | | test.py:95:37:95:38 | ControlFlowNode for bm | test.py:89:37:89:38 | ControlFlowNode for bm | provenance | | @@ -35,7 +35,7 @@ edges | test.py:99:46:99:47 | ControlFlowNode for bm | test.py:94:46:94:47 | ControlFlowNode for bm | provenance | | | test.py:102:46:102:47 | ControlFlowNode for bm | test.py:103:46:103:47 | ControlFlowNode for bm | provenance | | | test.py:103:46:103:47 | ControlFlowNode for bm | test.py:98:46:98:47 | ControlFlowNode for bm | provenance | | -| test.py:107:5:107:7 | ControlFlowNode for src | test.py:108:46:108:58 | ControlFlowNode for Attribute | provenance | | +| test.py:107:5:107:7 | ControlFlowNode for src | test.py:108:46:108:58 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | | test.py:107:11:107:18 | ControlFlowNode for source() | test.py:107:5:107:7 | ControlFlowNode for src | provenance | | | test.py:108:46:108:58 | ControlFlowNode for Attribute | test.py:102:46:102:47 | ControlFlowNode for bm | provenance | | nodes diff --git a/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected b/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected index 1f820cfa5e11..6177b9eba62d 100644 --- a/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected +++ b/python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected @@ -5,30 +5,30 @@ edges | test.py:5:26:5:32 | ControlFlowNode for request | test.py:34:12:34:18 | ControlFlowNode for request | provenance | | | test.py:5:26:5:32 | ControlFlowNode for request | test.py:42:12:42:18 | ControlFlowNode for request | provenance | | | test.py:5:26:5:32 | ControlFlowNode for request | test.py:54:12:54:18 | ControlFlowNode for request | provenance | | -| test.py:13:5:13:12 | ControlFlowNode for data_raw | test.py:14:5:14:8 | ControlFlowNode for data | provenance | | -| test.py:13:16:13:22 | ControlFlowNode for request | test.py:13:16:13:27 | ControlFlowNode for Attribute | provenance | | -| test.py:13:16:13:27 | ControlFlowNode for Attribute | test.py:13:16:13:39 | ControlFlowNode for Attribute() | provenance | | +| test.py:13:5:13:12 | ControlFlowNode for data_raw | test.py:14:5:14:8 | ControlFlowNode for data | provenance | AdditionalTaintStep | +| test.py:13:16:13:22 | ControlFlowNode for request | test.py:13:16:13:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:13:16:13:27 | ControlFlowNode for Attribute | test.py:13:16:13:39 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:13:16:13:39 | ControlFlowNode for Attribute() | test.py:13:5:13:12 | ControlFlowNode for data_raw | provenance | | | test.py:14:5:14:8 | ControlFlowNode for data | test.py:15:36:15:39 | ControlFlowNode for data | provenance | | -| test.py:23:5:23:12 | ControlFlowNode for data_raw | test.py:24:5:24:8 | ControlFlowNode for data | provenance | | -| test.py:23:16:23:22 | ControlFlowNode for request | test.py:23:16:23:27 | ControlFlowNode for Attribute | provenance | | -| test.py:23:16:23:27 | ControlFlowNode for Attribute | test.py:23:16:23:39 | ControlFlowNode for Attribute() | provenance | | +| test.py:23:5:23:12 | ControlFlowNode for data_raw | test.py:24:5:24:8 | ControlFlowNode for data | provenance | AdditionalTaintStep | +| test.py:23:16:23:22 | ControlFlowNode for request | test.py:23:16:23:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:23:16:23:27 | ControlFlowNode for Attribute | test.py:23:16:23:39 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:23:16:23:39 | ControlFlowNode for Attribute() | test.py:23:5:23:12 | ControlFlowNode for data_raw | provenance | | | test.py:24:5:24:8 | ControlFlowNode for data | test.py:25:44:25:47 | ControlFlowNode for data | provenance | | | test.py:34:5:34:8 | ControlFlowNode for data | test.py:35:10:35:13 | ControlFlowNode for data | provenance | | | test.py:34:5:34:8 | ControlFlowNode for data | test.py:36:13:36:16 | ControlFlowNode for data | provenance | | -| test.py:34:12:34:18 | ControlFlowNode for request | test.py:34:12:34:23 | ControlFlowNode for Attribute | provenance | | -| test.py:34:12:34:23 | ControlFlowNode for Attribute | test.py:34:12:34:35 | ControlFlowNode for Attribute() | provenance | | +| test.py:34:12:34:18 | ControlFlowNode for request | test.py:34:12:34:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:34:12:34:23 | ControlFlowNode for Attribute | test.py:34:12:34:35 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:34:12:34:35 | ControlFlowNode for Attribute() | test.py:34:5:34:8 | ControlFlowNode for data | provenance | | | test.py:42:5:42:8 | ControlFlowNode for data | test.py:43:22:43:25 | ControlFlowNode for data | provenance | | | test.py:42:5:42:8 | ControlFlowNode for data | test.py:44:25:44:28 | ControlFlowNode for data | provenance | | -| test.py:42:12:42:18 | ControlFlowNode for request | test.py:42:12:42:23 | ControlFlowNode for Attribute | provenance | | -| test.py:42:12:42:23 | ControlFlowNode for Attribute | test.py:42:12:42:35 | ControlFlowNode for Attribute() | provenance | | +| test.py:42:12:42:18 | ControlFlowNode for request | test.py:42:12:42:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:42:12:42:23 | ControlFlowNode for Attribute | test.py:42:12:42:35 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:42:12:42:35 | ControlFlowNode for Attribute() | test.py:42:5:42:8 | ControlFlowNode for data | provenance | | | test.py:47:17:47:19 | ControlFlowNode for arg | test.py:50:32:50:34 | ControlFlowNode for arg | provenance | | | test.py:54:5:54:8 | ControlFlowNode for data | test.py:55:17:55:20 | ControlFlowNode for data | provenance | | -| test.py:54:12:54:18 | ControlFlowNode for request | test.py:54:12:54:23 | ControlFlowNode for Attribute | provenance | | -| test.py:54:12:54:23 | ControlFlowNode for Attribute | test.py:54:12:54:35 | ControlFlowNode for Attribute() | provenance | | +| test.py:54:12:54:18 | ControlFlowNode for request | test.py:54:12:54:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:54:12:54:23 | ControlFlowNode for Attribute | test.py:54:12:54:35 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:54:12:54:35 | ControlFlowNode for Attribute() | test.py:54:5:54:8 | ControlFlowNode for data | provenance | | | test.py:55:17:55:20 | ControlFlowNode for data | test.py:47:17:47:19 | ControlFlowNode for arg | provenance | | nodes diff --git a/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected b/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected index 4fe7b60580ca..2cfcdc6bc99f 100644 --- a/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected @@ -2,8 +2,8 @@ edges | flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_path_injection.py:1:26:1:32 | ControlFlowNode for request | provenance | | | flask_path_injection.py:1:26:1:32 | ControlFlowNode for request | flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | provenance | | | flask_path_injection.py:19:5:19:11 | ControlFlowNode for dirname | flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | provenance | | -| flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | provenance | | -| flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | flask_path_injection.py:19:15:19:45 | ControlFlowNode for Attribute() | provenance | | +| flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | flask_path_injection.py:19:15:19:45 | ControlFlowNode for Attribute() | provenance | dict.get | | flask_path_injection.py:19:15:19:45 | ControlFlowNode for Attribute() | flask_path_injection.py:19:5:19:11 | ControlFlowNode for dirname | provenance | | | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:3:26:3:32 | ControlFlowNode for request | provenance | | | path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:12:16:12:22 | ControlFlowNode for request | provenance | | @@ -17,88 +17,88 @@ edges | path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:129:16:129:22 | ControlFlowNode for request | provenance | | | path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:138:16:138:22 | ControlFlowNode for request | provenance | | | path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:149:16:149:22 | ControlFlowNode for request | provenance | | -| path_injection.py:12:5:12:12 | ControlFlowNode for filename | path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | provenance | | -| path_injection.py:12:16:12:22 | ControlFlowNode for request | path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | path_injection.py:12:16:12:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:12:5:12:12 | ControlFlowNode for filename | path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| path_injection.py:12:16:12:22 | ControlFlowNode for request | path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | path_injection.py:12:16:12:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:12:16:12:47 | ControlFlowNode for Attribute() | path_injection.py:12:5:12:12 | ControlFlowNode for filename | provenance | | -| path_injection.py:19:5:19:12 | ControlFlowNode for filename | path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | provenance | | -| path_injection.py:19:16:19:22 | ControlFlowNode for request | path_injection.py:19:16:19:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:19:16:19:27 | ControlFlowNode for Attribute | path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:19:5:19:12 | ControlFlowNode for filename | path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| path_injection.py:19:16:19:22 | ControlFlowNode for request | path_injection.py:19:16:19:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:19:16:19:27 | ControlFlowNode for Attribute | path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | path_injection.py:19:5:19:12 | ControlFlowNode for filename | provenance | | | path_injection.py:20:5:20:9 | ControlFlowNode for npath | path_injection.py:21:14:21:18 | ControlFlowNode for npath | provenance | | | path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | path_injection.py:20:5:20:9 | ControlFlowNode for npath | provenance | | | path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | provenance | | -| path_injection.py:27:5:27:12 | ControlFlowNode for filename | path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | provenance | | -| path_injection.py:27:16:27:22 | ControlFlowNode for request | path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:27:5:27:12 | ControlFlowNode for filename | path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| path_injection.py:27:16:27:22 | ControlFlowNode for request | path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | path_injection.py:27:5:27:12 | ControlFlowNode for filename | provenance | | | path_injection.py:28:5:28:9 | ControlFlowNode for npath | path_injection.py:31:14:31:18 | ControlFlowNode for npath | provenance | | | path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | path_injection.py:28:5:28:9 | ControlFlowNode for npath | provenance | | | path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | provenance | | -| path_injection.py:46:5:46:12 | ControlFlowNode for filename | path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | provenance | | -| path_injection.py:46:16:46:22 | ControlFlowNode for request | path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:46:5:46:12 | ControlFlowNode for filename | path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| path_injection.py:46:16:46:22 | ControlFlowNode for request | path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | path_injection.py:46:5:46:12 | ControlFlowNode for filename | provenance | | | path_injection.py:47:5:47:9 | ControlFlowNode for npath | path_injection.py:48:14:48:18 | ControlFlowNode for npath | provenance | | | path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | path_injection.py:47:5:47:9 | ControlFlowNode for npath | provenance | | | path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | provenance | | -| path_injection.py:63:5:63:12 | ControlFlowNode for filename | path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | provenance | | -| path_injection.py:63:16:63:22 | ControlFlowNode for request | path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:63:5:63:12 | ControlFlowNode for filename | path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| path_injection.py:63:16:63:22 | ControlFlowNode for request | path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | path_injection.py:63:5:63:12 | ControlFlowNode for filename | provenance | | | path_injection.py:64:5:64:9 | ControlFlowNode for npath | path_injection.py:65:14:65:18 | ControlFlowNode for npath | provenance | | | path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | path_injection.py:64:5:64:9 | ControlFlowNode for npath | provenance | | | path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | provenance | | -| path_injection.py:84:5:84:12 | ControlFlowNode for filename | path_injection.py:85:5:85:24 | ControlFlowNode for possibly_unsafe_path | provenance | | -| path_injection.py:84:16:84:22 | ControlFlowNode for request | path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:84:5:84:12 | ControlFlowNode for filename | path_injection.py:85:5:85:24 | ControlFlowNode for possibly_unsafe_path | provenance | AdditionalTaintStep | +| path_injection.py:84:16:84:22 | ControlFlowNode for request | path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | path_injection.py:84:5:84:12 | ControlFlowNode for filename | provenance | | | path_injection.py:85:5:85:24 | ControlFlowNode for possibly_unsafe_path | path_injection.py:86:24:86:43 | ControlFlowNode for possibly_unsafe_path | provenance | | | path_injection.py:86:24:86:43 | ControlFlowNode for possibly_unsafe_path | path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | provenance | | -| path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | path_injection.py:93:5:93:8 | ControlFlowNode for path | provenance | | +| path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | path_injection.py:93:5:93:8 | ControlFlowNode for path | provenance | AdditionalTaintStep | | path_injection.py:93:5:93:8 | ControlFlowNode for path | path_injection.py:94:14:94:17 | ControlFlowNode for path | provenance | | -| path_injection.py:98:20:98:22 | ControlFlowNode for foo | path_injection.py:101:5:101:8 | ControlFlowNode for path | provenance | | +| path_injection.py:98:20:98:22 | ControlFlowNode for foo | path_injection.py:101:5:101:8 | ControlFlowNode for path | provenance | AdditionalTaintStep | | path_injection.py:101:5:101:8 | ControlFlowNode for path | path_injection.py:102:14:102:17 | ControlFlowNode for path | provenance | | -| path_injection.py:107:5:107:12 | ControlFlowNode for filename | path_injection.py:108:5:108:8 | ControlFlowNode for path | provenance | | -| path_injection.py:107:16:107:22 | ControlFlowNode for request | path_injection.py:107:16:107:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:107:16:107:27 | ControlFlowNode for Attribute | path_injection.py:107:16:107:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:107:5:107:12 | ControlFlowNode for filename | path_injection.py:108:5:108:8 | ControlFlowNode for path | provenance | AdditionalTaintStep | +| path_injection.py:107:16:107:22 | ControlFlowNode for request | path_injection.py:107:16:107:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:107:16:107:27 | ControlFlowNode for Attribute | path_injection.py:107:16:107:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:107:16:107:47 | ControlFlowNode for Attribute() | path_injection.py:107:5:107:12 | ControlFlowNode for filename | provenance | | | path_injection.py:108:5:108:8 | ControlFlowNode for path | path_injection.py:113:14:113:17 | ControlFlowNode for path | provenance | | -| path_injection.py:118:5:118:12 | ControlFlowNode for filename | path_injection.py:119:5:119:8 | ControlFlowNode for path | provenance | | -| path_injection.py:118:16:118:22 | ControlFlowNode for request | path_injection.py:118:16:118:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:118:16:118:27 | ControlFlowNode for Attribute | path_injection.py:118:16:118:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:118:5:118:12 | ControlFlowNode for filename | path_injection.py:119:5:119:8 | ControlFlowNode for path | provenance | AdditionalTaintStep | +| path_injection.py:118:16:118:22 | ControlFlowNode for request | path_injection.py:118:16:118:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:118:16:118:27 | ControlFlowNode for Attribute | path_injection.py:118:16:118:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:118:16:118:47 | ControlFlowNode for Attribute() | path_injection.py:118:5:118:12 | ControlFlowNode for filename | provenance | | | path_injection.py:119:5:119:8 | ControlFlowNode for path | path_injection.py:124:14:124:17 | ControlFlowNode for path | provenance | | -| path_injection.py:129:5:129:12 | ControlFlowNode for filename | path_injection.py:130:5:130:8 | ControlFlowNode for path | provenance | | -| path_injection.py:129:16:129:22 | ControlFlowNode for request | path_injection.py:129:16:129:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:129:16:129:27 | ControlFlowNode for Attribute | path_injection.py:129:16:129:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:129:5:129:12 | ControlFlowNode for filename | path_injection.py:130:5:130:8 | ControlFlowNode for path | provenance | AdditionalTaintStep | +| path_injection.py:129:16:129:22 | ControlFlowNode for request | path_injection.py:129:16:129:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:129:16:129:27 | ControlFlowNode for Attribute | path_injection.py:129:16:129:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:129:16:129:47 | ControlFlowNode for Attribute() | path_injection.py:129:5:129:12 | ControlFlowNode for filename | provenance | | | path_injection.py:130:5:130:8 | ControlFlowNode for path | path_injection.py:131:5:131:13 | ControlFlowNode for sanitized | provenance | | | path_injection.py:131:5:131:13 | ControlFlowNode for sanitized | path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | provenance | | -| path_injection.py:138:5:138:12 | ControlFlowNode for filename | path_injection.py:139:5:139:8 | ControlFlowNode for path | provenance | | -| path_injection.py:138:16:138:22 | ControlFlowNode for request | path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | path_injection.py:138:16:138:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:138:5:138:12 | ControlFlowNode for filename | path_injection.py:139:5:139:8 | ControlFlowNode for path | provenance | AdditionalTaintStep | +| path_injection.py:138:16:138:22 | ControlFlowNode for request | path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | path_injection.py:138:16:138:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:138:16:138:47 | ControlFlowNode for Attribute() | path_injection.py:138:5:138:12 | ControlFlowNode for filename | provenance | | | path_injection.py:139:5:139:8 | ControlFlowNode for path | path_injection.py:140:47:140:50 | ControlFlowNode for path | provenance | | | path_injection.py:140:47:140:50 | ControlFlowNode for path | path_injection.py:142:14:142:17 | ControlFlowNode for path | provenance | | -| path_injection.py:149:5:149:12 | ControlFlowNode for filename | path_injection.py:151:9:151:12 | ControlFlowNode for path | provenance | | -| path_injection.py:149:16:149:22 | ControlFlowNode for request | path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | provenance | | -| path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | path_injection.py:149:16:149:47 | ControlFlowNode for Attribute() | provenance | | +| path_injection.py:149:5:149:12 | ControlFlowNode for filename | path_injection.py:151:9:151:12 | ControlFlowNode for path | provenance | AdditionalTaintStep | +| path_injection.py:149:16:149:22 | ControlFlowNode for request | path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | path_injection.py:149:16:149:47 | ControlFlowNode for Attribute() | provenance | dict.get | | path_injection.py:149:16:149:47 | ControlFlowNode for Attribute() | path_injection.py:149:5:149:12 | ControlFlowNode for filename | provenance | | | path_injection.py:151:9:151:12 | ControlFlowNode for path | path_injection.py:152:18:152:21 | ControlFlowNode for path | provenance | | | pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | pathlib_use.py:3:26:3:32 | ControlFlowNode for request | provenance | | | pathlib_use.py:3:26:3:32 | ControlFlowNode for request | pathlib_use.py:12:16:12:22 | ControlFlowNode for request | provenance | | -| pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | pathlib_use.py:13:5:13:5 | ControlFlowNode for p | provenance | | -| pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | pathlib_use.py:16:5:16:6 | ControlFlowNode for p2 | provenance | | -| pathlib_use.py:12:16:12:22 | ControlFlowNode for request | pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | provenance | | -| pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | pathlib_use.py:12:16:12:47 | ControlFlowNode for Attribute() | provenance | | +| pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | pathlib_use.py:13:5:13:5 | ControlFlowNode for p | provenance | AdditionalTaintStep | +| pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | pathlib_use.py:16:5:16:6 | ControlFlowNode for p2 | provenance | AdditionalTaintStep | +| pathlib_use.py:12:16:12:22 | ControlFlowNode for request | pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | pathlib_use.py:12:16:12:47 | ControlFlowNode for Attribute() | provenance | dict.get | | pathlib_use.py:12:16:12:47 | ControlFlowNode for Attribute() | pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | provenance | | | pathlib_use.py:13:5:13:5 | ControlFlowNode for p | pathlib_use.py:14:5:14:5 | ControlFlowNode for p | provenance | | | pathlib_use.py:16:5:16:6 | ControlFlowNode for p2 | pathlib_use.py:17:5:17:6 | ControlFlowNode for p2 | provenance | | | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:3:26:3:32 | ControlFlowNode for request | provenance | | | test.py:3:26:3:32 | ControlFlowNode for request | test.py:9:12:9:18 | ControlFlowNode for request | provenance | | -| test.py:9:12:9:18 | ControlFlowNode for request | test.py:9:12:9:23 | ControlFlowNode for Attribute | provenance | | -| test.py:9:12:9:23 | ControlFlowNode for Attribute | test.py:9:12:9:39 | ControlFlowNode for Attribute() | provenance | | +| test.py:9:12:9:18 | ControlFlowNode for request | test.py:9:12:9:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:9:12:9:23 | ControlFlowNode for Attribute | test.py:9:12:9:39 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:18:9:18:16 | ControlFlowNode for source() | provenance | | | test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:24:9:24:16 | ControlFlowNode for source() | provenance | | | test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:31:9:31:16 | ControlFlowNode for source() | provenance | | diff --git a/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected b/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected index 469559c02581..563a0ac74aec 100644 --- a/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected @@ -10,8 +10,8 @@ edges | command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:27:19:27:31 | ControlFlowNode for BinaryExpr | provenance | | | command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr | provenance | | | command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr | provenance | | -| command_injection.py:18:13:18:19 | ControlFlowNode for request | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | provenance | | -| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | provenance | | +| command_injection.py:18:13:18:19 | ControlFlowNode for request | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | provenance | dict.get | | command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | command_injection.py:18:5:18:9 | ControlFlowNode for files | provenance | | nodes | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | diff --git a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected index 3031876928f0..1e75c67db66b 100644 --- a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected @@ -9,41 +9,41 @@ edges | command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:71:12:71:18 | ControlFlowNode for request | provenance | | | command_injection.py:5:26:5:32 | ControlFlowNode for request | command_injection.py:78:12:78:18 | ControlFlowNode for request | provenance | | | command_injection.py:11:5:11:9 | ControlFlowNode for files | command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr | provenance | | -| command_injection.py:11:13:11:19 | ControlFlowNode for request | command_injection.py:11:13:11:24 | ControlFlowNode for Attribute | provenance | | -| command_injection.py:11:13:11:24 | ControlFlowNode for Attribute | command_injection.py:11:13:11:41 | ControlFlowNode for Attribute() | provenance | | +| command_injection.py:11:13:11:19 | ControlFlowNode for request | command_injection.py:11:13:11:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| command_injection.py:11:13:11:24 | ControlFlowNode for Attribute | command_injection.py:11:13:11:41 | ControlFlowNode for Attribute() | provenance | dict.get | | command_injection.py:11:13:11:41 | ControlFlowNode for Attribute() | command_injection.py:11:5:11:9 | ControlFlowNode for files | provenance | | | command_injection.py:18:5:18:9 | ControlFlowNode for files | command_injection.py:20:22:20:34 | ControlFlowNode for BinaryExpr | provenance | | -| command_injection.py:18:13:18:19 | ControlFlowNode for request | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | provenance | | -| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | provenance | | +| command_injection.py:18:13:18:19 | ControlFlowNode for request | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | provenance | dict.get | | command_injection.py:18:13:18:41 | ControlFlowNode for Attribute() | command_injection.py:18:5:18:9 | ControlFlowNode for files | provenance | | | command_injection.py:25:5:25:7 | ControlFlowNode for cmd | command_injection.py:26:23:26:25 | ControlFlowNode for cmd | provenance | | -| command_injection.py:25:11:25:17 | ControlFlowNode for request | command_injection.py:25:11:25:22 | ControlFlowNode for Attribute | provenance | | -| command_injection.py:25:11:25:22 | ControlFlowNode for Attribute | command_injection.py:25:11:25:37 | ControlFlowNode for Attribute() | provenance | | +| command_injection.py:25:11:25:17 | ControlFlowNode for request | command_injection.py:25:11:25:22 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| command_injection.py:25:11:25:22 | ControlFlowNode for Attribute | command_injection.py:25:11:25:37 | ControlFlowNode for Attribute() | provenance | dict.get | | command_injection.py:25:11:25:37 | ControlFlowNode for Attribute() | command_injection.py:25:5:25:7 | ControlFlowNode for cmd | provenance | | | command_injection.py:31:5:31:9 | ControlFlowNode for files | command_injection.py:33:14:33:26 | ControlFlowNode for BinaryExpr | provenance | | -| command_injection.py:31:13:31:19 | ControlFlowNode for request | command_injection.py:31:13:31:24 | ControlFlowNode for Attribute | provenance | | -| command_injection.py:31:13:31:24 | ControlFlowNode for Attribute | command_injection.py:31:13:31:41 | ControlFlowNode for Attribute() | provenance | | +| command_injection.py:31:13:31:19 | ControlFlowNode for request | command_injection.py:31:13:31:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| command_injection.py:31:13:31:24 | ControlFlowNode for Attribute | command_injection.py:31:13:31:41 | ControlFlowNode for Attribute() | provenance | dict.get | | command_injection.py:31:13:31:41 | ControlFlowNode for Attribute() | command_injection.py:31:5:31:9 | ControlFlowNode for files | provenance | | | command_injection.py:38:5:38:11 | ControlFlowNode for command | command_injection.py:41:15:41:21 | ControlFlowNode for command | provenance | | | command_injection.py:38:5:38:11 | ControlFlowNode for command | command_injection.py:42:15:42:21 | ControlFlowNode for command | provenance | | -| command_injection.py:38:15:38:21 | ControlFlowNode for request | command_injection.py:38:15:38:26 | ControlFlowNode for Attribute | provenance | | -| command_injection.py:38:15:38:26 | ControlFlowNode for Attribute | command_injection.py:38:15:38:45 | ControlFlowNode for Attribute() | provenance | | +| command_injection.py:38:15:38:21 | ControlFlowNode for request | command_injection.py:38:15:38:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| command_injection.py:38:15:38:26 | ControlFlowNode for Attribute | command_injection.py:38:15:38:45 | ControlFlowNode for Attribute() | provenance | dict.get | | command_injection.py:38:15:38:45 | ControlFlowNode for Attribute() | command_injection.py:38:5:38:11 | ControlFlowNode for command | provenance | | | command_injection.py:54:5:54:11 | ControlFlowNode for command | command_injection.py:55:15:55:21 | ControlFlowNode for command | provenance | | | command_injection.py:54:5:54:11 | ControlFlowNode for command | command_injection.py:56:14:56:20 | ControlFlowNode for command | provenance | | | command_injection.py:54:5:54:11 | ControlFlowNode for command | command_injection.py:57:21:57:27 | ControlFlowNode for command | provenance | | | command_injection.py:54:5:54:11 | ControlFlowNode for command | command_injection.py:58:27:58:33 | ControlFlowNode for command | provenance | | | command_injection.py:54:5:54:11 | ControlFlowNode for command | command_injection.py:59:20:59:26 | ControlFlowNode for command | provenance | | -| command_injection.py:54:15:54:21 | ControlFlowNode for request | command_injection.py:54:15:54:26 | ControlFlowNode for Attribute | provenance | | -| command_injection.py:54:15:54:26 | ControlFlowNode for Attribute | command_injection.py:54:15:54:45 | ControlFlowNode for Attribute() | provenance | | +| command_injection.py:54:15:54:21 | ControlFlowNode for request | command_injection.py:54:15:54:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| command_injection.py:54:15:54:26 | ControlFlowNode for Attribute | command_injection.py:54:15:54:45 | ControlFlowNode for Attribute() | provenance | dict.get | | command_injection.py:54:15:54:45 | ControlFlowNode for Attribute() | command_injection.py:54:5:54:11 | ControlFlowNode for command | provenance | | | command_injection.py:71:5:71:8 | ControlFlowNode for path | command_injection.py:73:19:73:30 | ControlFlowNode for BinaryExpr | provenance | | -| command_injection.py:71:12:71:18 | ControlFlowNode for request | command_injection.py:71:12:71:23 | ControlFlowNode for Attribute | provenance | | -| command_injection.py:71:12:71:23 | ControlFlowNode for Attribute | command_injection.py:71:12:71:39 | ControlFlowNode for Attribute() | provenance | | +| command_injection.py:71:12:71:18 | ControlFlowNode for request | command_injection.py:71:12:71:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| command_injection.py:71:12:71:23 | ControlFlowNode for Attribute | command_injection.py:71:12:71:39 | ControlFlowNode for Attribute() | provenance | dict.get | | command_injection.py:71:12:71:39 | ControlFlowNode for Attribute() | command_injection.py:71:5:71:8 | ControlFlowNode for path | provenance | | | command_injection.py:78:5:78:8 | ControlFlowNode for path | command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr | provenance | | -| command_injection.py:78:12:78:18 | ControlFlowNode for request | command_injection.py:78:12:78:23 | ControlFlowNode for Attribute | provenance | | -| command_injection.py:78:12:78:23 | ControlFlowNode for Attribute | command_injection.py:78:12:78:39 | ControlFlowNode for Attribute() | provenance | | +| command_injection.py:78:12:78:18 | ControlFlowNode for request | command_injection.py:78:12:78:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| command_injection.py:78:12:78:23 | ControlFlowNode for Attribute | command_injection.py:78:12:78:39 | ControlFlowNode for Attribute() | provenance | dict.get | | command_injection.py:78:12:78:39 | ControlFlowNode for Attribute() | command_injection.py:78:5:78:8 | ControlFlowNode for path | provenance | | nodes | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | diff --git a/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected b/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected index 26ac30701840..2e6c5c33fbcd 100644 --- a/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected +++ b/python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected @@ -4,13 +4,13 @@ edges | reflected_xss.py:2:26:2:32 | ControlFlowNode for request | reflected_xss.py:21:23:21:29 | ControlFlowNode for request | provenance | | | reflected_xss.py:2:26:2:32 | ControlFlowNode for request | reflected_xss.py:27:23:27:29 | ControlFlowNode for request | provenance | | | reflected_xss.py:9:5:9:14 | ControlFlowNode for first_name | reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr | provenance | | -| reflected_xss.py:9:18:9:24 | ControlFlowNode for request | reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute | provenance | | -| reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute | reflected_xss.py:9:18:9:45 | ControlFlowNode for Attribute() | provenance | | +| reflected_xss.py:9:18:9:24 | ControlFlowNode for request | reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute | reflected_xss.py:9:18:9:45 | ControlFlowNode for Attribute() | provenance | dict.get | | reflected_xss.py:9:18:9:45 | ControlFlowNode for Attribute() | reflected_xss.py:9:5:9:14 | ControlFlowNode for first_name | provenance | | -| reflected_xss.py:21:5:21:8 | ControlFlowNode for data | reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | provenance | | -| reflected_xss.py:21:23:21:29 | ControlFlowNode for request | reflected_xss.py:21:5:21:8 | ControlFlowNode for data | provenance | | -| reflected_xss.py:27:5:27:8 | ControlFlowNode for data | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | provenance | | -| reflected_xss.py:27:23:27:29 | ControlFlowNode for request | reflected_xss.py:27:5:27:8 | ControlFlowNode for data | provenance | | +| reflected_xss.py:21:5:21:8 | ControlFlowNode for data | reflected_xss.py:22:26:22:41 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| reflected_xss.py:21:23:21:29 | ControlFlowNode for request | reflected_xss.py:21:5:21:8 | ControlFlowNode for data | provenance | AdditionalTaintStep | +| reflected_xss.py:27:5:27:8 | ControlFlowNode for data | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep | +| reflected_xss.py:27:23:27:29 | ControlFlowNode for request | reflected_xss.py:27:5:27:8 | ControlFlowNode for data | provenance | AdditionalTaintStep | nodes | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | reflected_xss.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | diff --git a/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected b/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected index 295e2e889554..20170029899e 100644 --- a/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected @@ -8,17 +8,17 @@ edges | ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | provenance | | | ldap3_bad.py:1:19:1:25 | ControlFlowNode for request | ldap3_bad.py:31:21:31:27 | ControlFlowNode for request | provenance | | | ldap3_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | ldap3_bad.py:16:5:16:6 | ControlFlowNode for dn | provenance | | -| ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | ldap3_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | provenance | | -| ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | ldap3_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | provenance | | +| ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | ldap3_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | provenance | AdditionalTaintStep | +| ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | ldap3_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | provenance | AdditionalTaintStep | | ldap3_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | ldap3_bad.py:17:5:17:17 | ControlFlowNode for search_filter | provenance | | -| ldap3_bad.py:14:21:14:27 | ControlFlowNode for request | ldap3_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | provenance | | +| ldap3_bad.py:14:21:14:27 | ControlFlowNode for request | ldap3_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | provenance | AdditionalTaintStep | | ldap3_bad.py:16:5:16:6 | ControlFlowNode for dn | ldap3_bad.py:21:17:21:18 | ControlFlowNode for dn | provenance | | | ldap3_bad.py:17:5:17:17 | ControlFlowNode for search_filter | ldap3_bad.py:21:21:21:33 | ControlFlowNode for search_filter | provenance | | | ldap3_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | ldap3_bad.py:33:5:33:6 | ControlFlowNode for dn | provenance | | -| ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | ldap3_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | provenance | | -| ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | ldap3_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | provenance | | +| ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | ldap3_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | provenance | AdditionalTaintStep | +| ldap3_bad.py:30:17:30:23 | ControlFlowNode for request | ldap3_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | provenance | AdditionalTaintStep | | ldap3_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | ldap3_bad.py:34:5:34:17 | ControlFlowNode for search_filter | provenance | | -| ldap3_bad.py:31:21:31:27 | ControlFlowNode for request | ldap3_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | provenance | | +| ldap3_bad.py:31:21:31:27 | ControlFlowNode for request | ldap3_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | provenance | AdditionalTaintStep | | ldap3_bad.py:33:5:33:6 | ControlFlowNode for dn | ldap3_bad.py:38:9:38:10 | ControlFlowNode for dn | provenance | | | ldap3_bad.py:34:5:34:17 | ControlFlowNode for search_filter | ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter | provenance | | | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:1:19:1:25 | ControlFlowNode for request | provenance | | @@ -33,24 +33,24 @@ edges | ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:47:17:47:23 | ControlFlowNode for request | provenance | | | ldap_bad.py:1:19:1:25 | ControlFlowNode for request | ldap_bad.py:48:21:48:27 | ControlFlowNode for request | provenance | | | ldap_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | ldap_bad.py:16:5:16:6 | ControlFlowNode for dn | provenance | | -| ldap_bad.py:13:17:13:23 | ControlFlowNode for request | ldap_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | provenance | | -| ldap_bad.py:13:17:13:23 | ControlFlowNode for request | ldap_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | provenance | | +| ldap_bad.py:13:17:13:23 | ControlFlowNode for request | ldap_bad.py:13:5:13:13 | ControlFlowNode for unsafe_dc | provenance | AdditionalTaintStep | +| ldap_bad.py:13:17:13:23 | ControlFlowNode for request | ldap_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | provenance | AdditionalTaintStep | | ldap_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | ldap_bad.py:17:5:17:17 | ControlFlowNode for search_filter | provenance | | -| ldap_bad.py:14:21:14:27 | ControlFlowNode for request | ldap_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | provenance | | +| ldap_bad.py:14:21:14:27 | ControlFlowNode for request | ldap_bad.py:14:5:14:17 | ControlFlowNode for unsafe_filter | provenance | AdditionalTaintStep | | ldap_bad.py:16:5:16:6 | ControlFlowNode for dn | ldap_bad.py:21:9:21:10 | ControlFlowNode for dn | provenance | | | ldap_bad.py:17:5:17:17 | ControlFlowNode for search_filter | ldap_bad.py:21:33:21:45 | ControlFlowNode for search_filter | provenance | | | ldap_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | ldap_bad.py:33:5:33:6 | ControlFlowNode for dn | provenance | | -| ldap_bad.py:30:17:30:23 | ControlFlowNode for request | ldap_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | provenance | | -| ldap_bad.py:30:17:30:23 | ControlFlowNode for request | ldap_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | provenance | | +| ldap_bad.py:30:17:30:23 | ControlFlowNode for request | ldap_bad.py:30:5:30:13 | ControlFlowNode for unsafe_dc | provenance | AdditionalTaintStep | +| ldap_bad.py:30:17:30:23 | ControlFlowNode for request | ldap_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | provenance | AdditionalTaintStep | | ldap_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | ldap_bad.py:34:5:34:17 | ControlFlowNode for search_filter | provenance | | -| ldap_bad.py:31:21:31:27 | ControlFlowNode for request | ldap_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | provenance | | +| ldap_bad.py:31:21:31:27 | ControlFlowNode for request | ldap_bad.py:31:5:31:17 | ControlFlowNode for unsafe_filter | provenance | AdditionalTaintStep | | ldap_bad.py:33:5:33:6 | ControlFlowNode for dn | ldap_bad.py:37:9:37:10 | ControlFlowNode for dn | provenance | | | ldap_bad.py:34:5:34:17 | ControlFlowNode for search_filter | ldap_bad.py:37:33:37:45 | ControlFlowNode for search_filter | provenance | | | ldap_bad.py:47:5:47:13 | ControlFlowNode for unsafe_dc | ldap_bad.py:50:5:50:6 | ControlFlowNode for dn | provenance | | -| ldap_bad.py:47:17:47:23 | ControlFlowNode for request | ldap_bad.py:47:5:47:13 | ControlFlowNode for unsafe_dc | provenance | | -| ldap_bad.py:47:17:47:23 | ControlFlowNode for request | ldap_bad.py:48:5:48:17 | ControlFlowNode for unsafe_filter | provenance | | +| ldap_bad.py:47:17:47:23 | ControlFlowNode for request | ldap_bad.py:47:5:47:13 | ControlFlowNode for unsafe_dc | provenance | AdditionalTaintStep | +| ldap_bad.py:47:17:47:23 | ControlFlowNode for request | ldap_bad.py:48:5:48:17 | ControlFlowNode for unsafe_filter | provenance | AdditionalTaintStep | | ldap_bad.py:48:5:48:17 | ControlFlowNode for unsafe_filter | ldap_bad.py:51:5:51:17 | ControlFlowNode for search_filter | provenance | | -| ldap_bad.py:48:21:48:27 | ControlFlowNode for request | ldap_bad.py:48:5:48:17 | ControlFlowNode for unsafe_filter | provenance | | +| ldap_bad.py:48:21:48:27 | ControlFlowNode for request | ldap_bad.py:48:5:48:17 | ControlFlowNode for unsafe_filter | provenance | AdditionalTaintStep | | ldap_bad.py:50:5:50:6 | ControlFlowNode for dn | ldap_bad.py:55:9:55:10 | ControlFlowNode for dn | provenance | | | ldap_bad.py:51:5:51:17 | ControlFlowNode for search_filter | ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter | provenance | | nodes diff --git a/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected b/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected index ff55d1689067..506659aa8256 100644 --- a/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected @@ -4,14 +4,14 @@ edges | code_injection.py:1:26:1:32 | ControlFlowNode for request | code_injection.py:18:16:18:22 | ControlFlowNode for request | provenance | | | code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:7:10:7:13 | ControlFlowNode for code | provenance | | | code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:8:10:8:13 | ControlFlowNode for code | provenance | | -| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:9:5:9:7 | ControlFlowNode for cmd | provenance | | -| code_injection.py:6:12:6:18 | ControlFlowNode for request | code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | provenance | | -| code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | provenance | | +| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:9:5:9:7 | ControlFlowNode for cmd | provenance | AdditionalTaintStep | +| code_injection.py:6:12:6:18 | ControlFlowNode for request | code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | provenance | dict.get | | code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | code_injection.py:6:5:6:8 | ControlFlowNode for code | provenance | | | code_injection.py:9:5:9:7 | ControlFlowNode for cmd | code_injection.py:10:10:10:12 | ControlFlowNode for cmd | provenance | | | code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | provenance | | -| code_injection.py:18:16:18:22 | ControlFlowNode for request | code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | provenance | | -| code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | provenance | | +| code_injection.py:18:16:18:22 | ControlFlowNode for request | code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | provenance | dict.get | | code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | provenance | | nodes | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | diff --git a/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected b/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected index d0e05dd24212..fd9b5fe6bb65 100644 --- a/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjection.expected @@ -5,20 +5,20 @@ edges | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for request | LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | provenance | | | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for request | LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | provenance | | | LogInjectionBad.py:17:5:17:8 | ControlFlowNode for name | LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | provenance | | -| LogInjectionBad.py:17:12:17:18 | ControlFlowNode for request | LogInjectionBad.py:17:12:17:23 | ControlFlowNode for Attribute | provenance | | -| LogInjectionBad.py:17:12:17:23 | ControlFlowNode for Attribute | LogInjectionBad.py:17:12:17:35 | ControlFlowNode for Attribute() | provenance | | +| LogInjectionBad.py:17:12:17:18 | ControlFlowNode for request | LogInjectionBad.py:17:12:17:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| LogInjectionBad.py:17:12:17:23 | ControlFlowNode for Attribute | LogInjectionBad.py:17:12:17:35 | ControlFlowNode for Attribute() | provenance | dict.get | | LogInjectionBad.py:17:12:17:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:17:5:17:8 | ControlFlowNode for name | provenance | | | LogInjectionBad.py:23:5:23:8 | ControlFlowNode for name | LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | provenance | | -| LogInjectionBad.py:23:12:23:18 | ControlFlowNode for request | LogInjectionBad.py:23:12:23:23 | ControlFlowNode for Attribute | provenance | | -| LogInjectionBad.py:23:12:23:23 | ControlFlowNode for Attribute | LogInjectionBad.py:23:12:23:35 | ControlFlowNode for Attribute() | provenance | | +| LogInjectionBad.py:23:12:23:18 | ControlFlowNode for request | LogInjectionBad.py:23:12:23:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| LogInjectionBad.py:23:12:23:23 | ControlFlowNode for Attribute | LogInjectionBad.py:23:12:23:35 | ControlFlowNode for Attribute() | provenance | dict.get | | LogInjectionBad.py:23:12:23:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:23:5:23:8 | ControlFlowNode for name | provenance | | | LogInjectionBad.py:29:5:29:8 | ControlFlowNode for name | LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | provenance | | -| LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | LogInjectionBad.py:29:12:29:23 | ControlFlowNode for Attribute | provenance | | -| LogInjectionBad.py:29:12:29:23 | ControlFlowNode for Attribute | LogInjectionBad.py:29:12:29:35 | ControlFlowNode for Attribute() | provenance | | +| LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | LogInjectionBad.py:29:12:29:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| LogInjectionBad.py:29:12:29:23 | ControlFlowNode for Attribute | LogInjectionBad.py:29:12:29:35 | ControlFlowNode for Attribute() | provenance | dict.get | | LogInjectionBad.py:29:12:29:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:29:5:29:8 | ControlFlowNode for name | provenance | | | LogInjectionBad.py:35:5:35:8 | ControlFlowNode for name | LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | provenance | | -| LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | LogInjectionBad.py:35:12:35:23 | ControlFlowNode for Attribute | provenance | | -| LogInjectionBad.py:35:12:35:23 | ControlFlowNode for Attribute | LogInjectionBad.py:35:12:35:35 | ControlFlowNode for Attribute() | provenance | | +| LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | LogInjectionBad.py:35:12:35:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| LogInjectionBad.py:35:12:35:23 | ControlFlowNode for Attribute | LogInjectionBad.py:35:12:35:35 | ControlFlowNode for Attribute() | provenance | dict.get | | LogInjectionBad.py:35:12:35:35 | ControlFlowNode for Attribute() | LogInjectionBad.py:35:5:35:8 | ControlFlowNode for name | provenance | | nodes | LogInjectionBad.py:7:19:7:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | diff --git a/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected b/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected index 132383876f6e..9f2b394e1e6d 100644 --- a/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected +++ b/python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected @@ -2,8 +2,8 @@ edges | pam_test.py:4:26:4:32 | ControlFlowNode for ImportMember | pam_test.py:4:26:4:32 | ControlFlowNode for request | provenance | | | pam_test.py:4:26:4:32 | ControlFlowNode for request | pam_test.py:71:16:71:22 | ControlFlowNode for request | provenance | | | pam_test.py:71:5:71:12 | ControlFlowNode for username | pam_test.py:74:33:74:40 | ControlFlowNode for username | provenance | | -| pam_test.py:71:16:71:22 | ControlFlowNode for request | pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | provenance | | -| pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | pam_test.py:71:16:71:47 | ControlFlowNode for Attribute() | provenance | | +| pam_test.py:71:16:71:22 | ControlFlowNode for request | pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | pam_test.py:71:16:71:47 | ControlFlowNode for Attribute() | provenance | dict.get | | pam_test.py:71:16:71:47 | ControlFlowNode for Attribute() | pam_test.py:71:5:71:12 | ControlFlowNode for username | provenance | | | pam_test.py:74:33:74:40 | ControlFlowNode for username | pam_test.py:74:62:74:67 | ControlFlowNode for handle | provenance | | | pam_test.py:74:62:74:67 | ControlFlowNode for handle | pam_test.py:76:31:76:36 | ControlFlowNode for handle | provenance | | diff --git a/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected b/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected index 44fb2a8e9619..bab1e34c912b 100644 --- a/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected +++ b/python/ql/test/query-tests/Security/CWE-502-UnsafeDeserialization/UnsafeDeserialization.expected @@ -6,8 +6,8 @@ edges | unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | unsafe_deserialization.py:18:19:18:25 | ControlFlowNode for payload | provenance | | | unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | unsafe_deserialization.py:21:16:21:22 | ControlFlowNode for payload | provenance | | | unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | unsafe_deserialization.py:24:24:24:30 | ControlFlowNode for payload | provenance | | -| unsafe_deserialization.py:14:15:14:21 | ControlFlowNode for request | unsafe_deserialization.py:14:15:14:26 | ControlFlowNode for Attribute | provenance | | -| unsafe_deserialization.py:14:15:14:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:14:15:14:41 | ControlFlowNode for Attribute() | provenance | | +| unsafe_deserialization.py:14:15:14:21 | ControlFlowNode for request | unsafe_deserialization.py:14:15:14:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| unsafe_deserialization.py:14:15:14:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:14:15:14:41 | ControlFlowNode for Attribute() | provenance | dict.get | | unsafe_deserialization.py:14:15:14:41 | ControlFlowNode for Attribute() | unsafe_deserialization.py:14:5:14:11 | ControlFlowNode for payload | provenance | | nodes | unsafe_deserialization.py:8:26:8:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | diff --git a/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected b/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected index d77c850b2a47..551299a64dc4 100644 --- a/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected +++ b/python/ql/test/query-tests/Security/CWE-601-UrlRedirect/UrlRedirect.expected @@ -13,59 +13,59 @@ edges | test.py:1:26:1:32 | ControlFlowNode for request | test.py:137:17:137:23 | ControlFlowNode for request | provenance | | | test.py:1:26:1:32 | ControlFlowNode for request | test.py:145:17:145:23 | ControlFlowNode for request | provenance | | | test.py:7:5:7:10 | ControlFlowNode for target | test.py:8:21:8:26 | ControlFlowNode for target | provenance | | -| test.py:7:14:7:20 | ControlFlowNode for request | test.py:7:14:7:25 | ControlFlowNode for Attribute | provenance | | -| test.py:7:14:7:25 | ControlFlowNode for Attribute | test.py:7:14:7:43 | ControlFlowNode for Attribute() | provenance | | +| test.py:7:14:7:20 | ControlFlowNode for request | test.py:7:14:7:25 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:7:14:7:25 | ControlFlowNode for Attribute | test.py:7:14:7:43 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:7:14:7:43 | ControlFlowNode for Attribute() | test.py:7:5:7:10 | ControlFlowNode for target | provenance | | | test.py:30:5:30:13 | ControlFlowNode for untrusted | test.py:31:5:31:8 | ControlFlowNode for safe | provenance | | -| test.py:30:17:30:23 | ControlFlowNode for request | test.py:30:17:30:28 | ControlFlowNode for Attribute | provenance | | -| test.py:30:17:30:28 | ControlFlowNode for Attribute | test.py:30:17:30:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:30:17:30:23 | ControlFlowNode for request | test.py:30:17:30:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:30:17:30:28 | ControlFlowNode for Attribute | test.py:30:17:30:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:30:17:30:46 | ControlFlowNode for Attribute() | test.py:30:5:30:13 | ControlFlowNode for untrusted | provenance | | | test.py:31:5:31:8 | ControlFlowNode for safe | test.py:32:21:32:24 | ControlFlowNode for safe | provenance | | | test.py:37:5:37:13 | ControlFlowNode for untrusted | test.py:38:5:38:8 | ControlFlowNode for safe | provenance | | -| test.py:37:17:37:23 | ControlFlowNode for request | test.py:37:17:37:28 | ControlFlowNode for Attribute | provenance | | -| test.py:37:17:37:28 | ControlFlowNode for Attribute | test.py:37:17:37:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:37:17:37:23 | ControlFlowNode for request | test.py:37:17:37:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:37:17:37:28 | ControlFlowNode for Attribute | test.py:37:17:37:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:37:17:37:46 | ControlFlowNode for Attribute() | test.py:37:5:37:13 | ControlFlowNode for untrusted | provenance | | | test.py:38:5:38:8 | ControlFlowNode for safe | test.py:39:21:39:24 | ControlFlowNode for safe | provenance | | | test.py:44:5:44:13 | ControlFlowNode for untrusted | test.py:45:5:45:8 | ControlFlowNode for safe | provenance | | -| test.py:44:17:44:23 | ControlFlowNode for request | test.py:44:17:44:28 | ControlFlowNode for Attribute | provenance | | -| test.py:44:17:44:28 | ControlFlowNode for Attribute | test.py:44:17:44:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:44:17:44:23 | ControlFlowNode for request | test.py:44:17:44:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:44:17:44:28 | ControlFlowNode for Attribute | test.py:44:17:44:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:44:17:44:46 | ControlFlowNode for Attribute() | test.py:44:5:44:13 | ControlFlowNode for untrusted | provenance | | | test.py:45:5:45:8 | ControlFlowNode for safe | test.py:46:21:46:24 | ControlFlowNode for safe | provenance | | | test.py:60:5:60:13 | ControlFlowNode for untrusted | test.py:61:5:61:10 | ControlFlowNode for unsafe | provenance | | -| test.py:60:17:60:23 | ControlFlowNode for request | test.py:60:17:60:28 | ControlFlowNode for Attribute | provenance | | -| test.py:60:17:60:28 | ControlFlowNode for Attribute | test.py:60:17:60:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:60:17:60:23 | ControlFlowNode for request | test.py:60:17:60:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:60:17:60:28 | ControlFlowNode for Attribute | test.py:60:17:60:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:60:17:60:46 | ControlFlowNode for Attribute() | test.py:60:5:60:13 | ControlFlowNode for untrusted | provenance | | | test.py:61:5:61:10 | ControlFlowNode for unsafe | test.py:62:21:62:26 | ControlFlowNode for unsafe | provenance | | | test.py:67:5:67:13 | ControlFlowNode for untrusted | test.py:68:5:68:10 | ControlFlowNode for unsafe | provenance | | -| test.py:67:17:67:23 | ControlFlowNode for request | test.py:67:17:67:28 | ControlFlowNode for Attribute | provenance | | -| test.py:67:17:67:28 | ControlFlowNode for Attribute | test.py:67:17:67:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:67:17:67:23 | ControlFlowNode for request | test.py:67:17:67:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:67:17:67:28 | ControlFlowNode for Attribute | test.py:67:17:67:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:67:17:67:46 | ControlFlowNode for Attribute() | test.py:67:5:67:13 | ControlFlowNode for untrusted | provenance | | | test.py:68:5:68:10 | ControlFlowNode for unsafe | test.py:69:21:69:26 | ControlFlowNode for unsafe | provenance | | | test.py:74:5:74:13 | ControlFlowNode for untrusted | test.py:75:5:75:10 | ControlFlowNode for unsafe | provenance | | -| test.py:74:17:74:23 | ControlFlowNode for request | test.py:74:17:74:28 | ControlFlowNode for Attribute | provenance | | -| test.py:74:17:74:28 | ControlFlowNode for Attribute | test.py:74:17:74:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:74:17:74:23 | ControlFlowNode for request | test.py:74:17:74:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:74:17:74:28 | ControlFlowNode for Attribute | test.py:74:17:74:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:74:17:74:46 | ControlFlowNode for Attribute() | test.py:74:5:74:13 | ControlFlowNode for untrusted | provenance | | | test.py:75:5:75:10 | ControlFlowNode for unsafe | test.py:76:21:76:26 | ControlFlowNode for unsafe | provenance | | | test.py:81:5:81:13 | ControlFlowNode for untrusted | test.py:82:5:82:10 | ControlFlowNode for unsafe | provenance | | -| test.py:81:17:81:23 | ControlFlowNode for request | test.py:81:17:81:28 | ControlFlowNode for Attribute | provenance | | -| test.py:81:17:81:28 | ControlFlowNode for Attribute | test.py:81:17:81:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:81:17:81:23 | ControlFlowNode for request | test.py:81:17:81:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:81:17:81:28 | ControlFlowNode for Attribute | test.py:81:17:81:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:81:17:81:46 | ControlFlowNode for Attribute() | test.py:81:5:81:13 | ControlFlowNode for untrusted | provenance | | | test.py:82:5:82:10 | ControlFlowNode for unsafe | test.py:83:21:83:26 | ControlFlowNode for unsafe | provenance | | | test.py:90:5:90:13 | ControlFlowNode for untrusted | test.py:93:18:93:26 | ControlFlowNode for untrusted | provenance | | -| test.py:90:17:90:23 | ControlFlowNode for request | test.py:90:17:90:28 | ControlFlowNode for Attribute | provenance | | -| test.py:90:17:90:28 | ControlFlowNode for Attribute | test.py:90:17:90:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:90:17:90:23 | ControlFlowNode for request | test.py:90:17:90:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:90:17:90:28 | ControlFlowNode for Attribute | test.py:90:17:90:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:90:17:90:46 | ControlFlowNode for Attribute() | test.py:90:5:90:13 | ControlFlowNode for untrusted | provenance | | | test.py:111:5:111:13 | ControlFlowNode for untrusted | test.py:114:25:114:33 | ControlFlowNode for untrusted | provenance | | -| test.py:111:17:111:23 | ControlFlowNode for request | test.py:111:17:111:28 | ControlFlowNode for Attribute | provenance | | -| test.py:111:17:111:28 | ControlFlowNode for Attribute | test.py:111:17:111:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:111:17:111:23 | ControlFlowNode for request | test.py:111:17:111:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:111:17:111:28 | ControlFlowNode for Attribute | test.py:111:17:111:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:111:17:111:46 | ControlFlowNode for Attribute() | test.py:111:5:111:13 | ControlFlowNode for untrusted | provenance | | | test.py:137:5:137:13 | ControlFlowNode for untrusted | test.py:140:25:140:33 | ControlFlowNode for untrusted | provenance | | -| test.py:137:17:137:23 | ControlFlowNode for request | test.py:137:17:137:28 | ControlFlowNode for Attribute | provenance | | -| test.py:137:17:137:28 | ControlFlowNode for Attribute | test.py:137:17:137:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:137:17:137:23 | ControlFlowNode for request | test.py:137:17:137:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:137:17:137:28 | ControlFlowNode for Attribute | test.py:137:17:137:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:137:17:137:46 | ControlFlowNode for Attribute() | test.py:137:5:137:13 | ControlFlowNode for untrusted | provenance | | | test.py:145:5:145:13 | ControlFlowNode for untrusted | test.py:148:25:148:33 | ControlFlowNode for untrusted | provenance | | -| test.py:145:17:145:23 | ControlFlowNode for request | test.py:145:17:145:28 | ControlFlowNode for Attribute | provenance | | -| test.py:145:17:145:28 | ControlFlowNode for Attribute | test.py:145:17:145:46 | ControlFlowNode for Attribute() | provenance | | +| test.py:145:17:145:23 | ControlFlowNode for request | test.py:145:17:145:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:145:17:145:28 | ControlFlowNode for Attribute | test.py:145:17:145:46 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:145:17:145:46 | ControlFlowNode for Attribute() | test.py:145:5:145:13 | ControlFlowNode for untrusted | provenance | | nodes | test.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | diff --git a/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected b/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected index 9f37afb885e5..b33d39f50718 100644 --- a/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected +++ b/python/ql/test/query-tests/Security/CWE-611-Xxe/Xxe.expected @@ -3,9 +3,9 @@ edges | test.py:1:26:1:32 | ControlFlowNode for request | test.py:9:19:9:25 | ControlFlowNode for request | provenance | | | test.py:1:26:1:32 | ControlFlowNode for request | test.py:20:19:20:25 | ControlFlowNode for request | provenance | | | test.py:9:5:9:15 | ControlFlowNode for xml_content | test.py:10:34:10:44 | ControlFlowNode for xml_content | provenance | | -| test.py:9:19:9:25 | ControlFlowNode for request | test.py:9:5:9:15 | ControlFlowNode for xml_content | provenance | | +| test.py:9:19:9:25 | ControlFlowNode for request | test.py:9:5:9:15 | ControlFlowNode for xml_content | provenance | AdditionalTaintStep | | test.py:20:5:20:15 | ControlFlowNode for xml_content | test.py:31:34:31:44 | ControlFlowNode for xml_content | provenance | | -| test.py:20:19:20:25 | ControlFlowNode for request | test.py:20:5:20:15 | ControlFlowNode for xml_content | provenance | | +| test.py:20:19:20:25 | ControlFlowNode for request | test.py:20:5:20:15 | ControlFlowNode for xml_content | provenance | AdditionalTaintStep | nodes | test.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | test.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | diff --git a/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected b/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected index efd2576dd71a..4b1a2c40f7cf 100644 --- a/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-643-XPathInjection/XpathInjection.expected @@ -1,5 +1,5 @@ edges -| xpathBad.py:9:7:9:13 | ControlFlowNode for request | xpathBad.py:10:5:10:9 | ControlFlowNode for value | provenance | | +| xpathBad.py:9:7:9:13 | ControlFlowNode for request | xpathBad.py:10:5:10:9 | ControlFlowNode for value | provenance | AdditionalTaintStep | | xpathBad.py:10:5:10:9 | ControlFlowNode for value | xpathBad.py:13:20:13:43 | ControlFlowNode for BinaryExpr | provenance | | | xpathFlow.py:2:26:2:32 | ControlFlowNode for ImportMember | xpathFlow.py:2:26:2:32 | ControlFlowNode for request | provenance | | | xpathFlow.py:2:26:2:32 | ControlFlowNode for request | xpathFlow.py:11:18:11:24 | ControlFlowNode for request | provenance | | @@ -8,24 +8,24 @@ edges | xpathFlow.py:2:26:2:32 | ControlFlowNode for request | xpathFlow.py:39:18:39:24 | ControlFlowNode for request | provenance | | | xpathFlow.py:2:26:2:32 | ControlFlowNode for request | xpathFlow.py:47:18:47:24 | ControlFlowNode for request | provenance | | | xpathFlow.py:11:5:11:14 | ControlFlowNode for xpathQuery | xpathFlow.py:14:20:14:29 | ControlFlowNode for xpathQuery | provenance | | -| xpathFlow.py:11:18:11:24 | ControlFlowNode for request | xpathFlow.py:11:18:11:29 | ControlFlowNode for Attribute | provenance | | -| xpathFlow.py:11:18:11:29 | ControlFlowNode for Attribute | xpathFlow.py:11:18:11:44 | ControlFlowNode for Attribute() | provenance | | +| xpathFlow.py:11:18:11:24 | ControlFlowNode for request | xpathFlow.py:11:18:11:29 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xpathFlow.py:11:18:11:29 | ControlFlowNode for Attribute | xpathFlow.py:11:18:11:44 | ControlFlowNode for Attribute() | provenance | dict.get | | xpathFlow.py:11:18:11:44 | ControlFlowNode for Attribute() | xpathFlow.py:11:5:11:14 | ControlFlowNode for xpathQuery | provenance | | | xpathFlow.py:20:5:20:14 | ControlFlowNode for xpathQuery | xpathFlow.py:23:29:23:38 | ControlFlowNode for xpathQuery | provenance | | -| xpathFlow.py:20:18:20:24 | ControlFlowNode for request | xpathFlow.py:20:18:20:29 | ControlFlowNode for Attribute | provenance | | -| xpathFlow.py:20:18:20:29 | ControlFlowNode for Attribute | xpathFlow.py:20:18:20:44 | ControlFlowNode for Attribute() | provenance | | +| xpathFlow.py:20:18:20:24 | ControlFlowNode for request | xpathFlow.py:20:18:20:29 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xpathFlow.py:20:18:20:29 | ControlFlowNode for Attribute | xpathFlow.py:20:18:20:44 | ControlFlowNode for Attribute() | provenance | dict.get | | xpathFlow.py:20:18:20:44 | ControlFlowNode for Attribute() | xpathFlow.py:20:5:20:14 | ControlFlowNode for xpathQuery | provenance | | | xpathFlow.py:30:5:30:14 | ControlFlowNode for xpathQuery | xpathFlow.py:32:29:32:38 | ControlFlowNode for xpathQuery | provenance | | -| xpathFlow.py:30:18:30:24 | ControlFlowNode for request | xpathFlow.py:30:18:30:29 | ControlFlowNode for Attribute | provenance | | -| xpathFlow.py:30:18:30:29 | ControlFlowNode for Attribute | xpathFlow.py:30:18:30:44 | ControlFlowNode for Attribute() | provenance | | +| xpathFlow.py:30:18:30:24 | ControlFlowNode for request | xpathFlow.py:30:18:30:29 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xpathFlow.py:30:18:30:29 | ControlFlowNode for Attribute | xpathFlow.py:30:18:30:44 | ControlFlowNode for Attribute() | provenance | dict.get | | xpathFlow.py:30:18:30:44 | ControlFlowNode for Attribute() | xpathFlow.py:30:5:30:14 | ControlFlowNode for xpathQuery | provenance | | | xpathFlow.py:39:5:39:14 | ControlFlowNode for xpathQuery | xpathFlow.py:41:31:41:40 | ControlFlowNode for xpathQuery | provenance | | -| xpathFlow.py:39:18:39:24 | ControlFlowNode for request | xpathFlow.py:39:18:39:29 | ControlFlowNode for Attribute | provenance | | -| xpathFlow.py:39:18:39:29 | ControlFlowNode for Attribute | xpathFlow.py:39:18:39:44 | ControlFlowNode for Attribute() | provenance | | +| xpathFlow.py:39:18:39:24 | ControlFlowNode for request | xpathFlow.py:39:18:39:29 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xpathFlow.py:39:18:39:29 | ControlFlowNode for Attribute | xpathFlow.py:39:18:39:44 | ControlFlowNode for Attribute() | provenance | dict.get | | xpathFlow.py:39:18:39:44 | ControlFlowNode for Attribute() | xpathFlow.py:39:5:39:14 | ControlFlowNode for xpathQuery | provenance | | | xpathFlow.py:47:5:47:14 | ControlFlowNode for xpathQuery | xpathFlow.py:49:29:49:38 | ControlFlowNode for xpathQuery | provenance | | -| xpathFlow.py:47:18:47:24 | ControlFlowNode for request | xpathFlow.py:47:18:47:29 | ControlFlowNode for Attribute | provenance | | -| xpathFlow.py:47:18:47:29 | ControlFlowNode for Attribute | xpathFlow.py:47:18:47:44 | ControlFlowNode for Attribute() | provenance | | +| xpathFlow.py:47:18:47:24 | ControlFlowNode for request | xpathFlow.py:47:18:47:29 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| xpathFlow.py:47:18:47:29 | ControlFlowNode for Attribute | xpathFlow.py:47:18:47:44 | ControlFlowNode for Attribute() | provenance | dict.get | | xpathFlow.py:47:18:47:44 | ControlFlowNode for Attribute() | xpathFlow.py:47:5:47:14 | ControlFlowNode for xpathQuery | provenance | | nodes | xpathBad.py:9:7:9:13 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected index 6a8e36aef704..aa8cea07ed16 100644 --- a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected +++ b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected @@ -6,8 +6,8 @@ edges | test.py:7:5:7:8 | ControlFlowNode for text | test.py:12:17:12:20 | ControlFlowNode for text | provenance | | | test.py:7:5:7:8 | ControlFlowNode for text | test.py:18:28:18:31 | ControlFlowNode for text | provenance | | | test.py:7:5:7:8 | ControlFlowNode for text | test.py:21:18:21:21 | ControlFlowNode for text | provenance | | -| test.py:7:12:7:18 | ControlFlowNode for request | test.py:7:12:7:23 | ControlFlowNode for Attribute | provenance | | -| test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:7:12:7:35 | ControlFlowNode for Attribute() | provenance | | +| test.py:7:12:7:18 | ControlFlowNode for request | test.py:7:12:7:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep | +| test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:7:12:7:35 | ControlFlowNode for Attribute() | provenance | dict.get | | test.py:7:12:7:35 | ControlFlowNode for Attribute() | test.py:7:5:7:8 | ControlFlowNode for text | provenance | | | test.py:14:33:14:39 | ControlFlowNode for my_text | test.py:16:24:16:30 | ControlFlowNode for my_text | provenance | | | test.py:18:28:18:31 | ControlFlowNode for text | test.py:14:33:14:39 | ControlFlowNode for my_text | provenance | | diff --git a/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected b/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected index 48bbda48416b..16d29401f785 100644 --- a/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-730-RegexInjection/RegexInjection.expected @@ -4,11 +4,11 @@ edges | re_bad.py:1:19:1:25 | ControlFlowNode for request | re_bad.py:24:22:24:28 | ControlFlowNode for request | provenance | | | re_bad.py:1:19:1:25 | ControlFlowNode for request | re_bad.py:36:22:36:28 | ControlFlowNode for request | provenance | | | re_bad.py:13:5:13:18 | ControlFlowNode for unsafe_pattern | re_bad.py:14:15:14:28 | ControlFlowNode for unsafe_pattern | provenance | | -| re_bad.py:13:22:13:28 | ControlFlowNode for request | re_bad.py:13:5:13:18 | ControlFlowNode for unsafe_pattern | provenance | | +| re_bad.py:13:22:13:28 | ControlFlowNode for request | re_bad.py:13:5:13:18 | ControlFlowNode for unsafe_pattern | provenance | AdditionalTaintStep | | re_bad.py:24:5:24:18 | ControlFlowNode for unsafe_pattern | re_bad.py:25:35:25:48 | ControlFlowNode for unsafe_pattern | provenance | | -| re_bad.py:24:22:24:28 | ControlFlowNode for request | re_bad.py:24:5:24:18 | ControlFlowNode for unsafe_pattern | provenance | | +| re_bad.py:24:22:24:28 | ControlFlowNode for request | re_bad.py:24:5:24:18 | ControlFlowNode for unsafe_pattern | provenance | AdditionalTaintStep | | re_bad.py:36:5:36:18 | ControlFlowNode for unsafe_pattern | re_bad.py:37:16:37:29 | ControlFlowNode for unsafe_pattern | provenance | | -| re_bad.py:36:22:36:28 | ControlFlowNode for request | re_bad.py:36:5:36:18 | ControlFlowNode for unsafe_pattern | provenance | | +| re_bad.py:36:22:36:28 | ControlFlowNode for request | re_bad.py:36:5:36:18 | ControlFlowNode for unsafe_pattern | provenance | AdditionalTaintStep | nodes | re_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | re_bad.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | diff --git a/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected b/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected index 944856ca0db6..8a7d7bc75e3d 100644 --- a/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected +++ b/python/ql/test/query-tests/Security/CWE-776-XmlBomb/XmlBomb.expected @@ -2,7 +2,7 @@ edges | test.py:1:26:1:32 | ControlFlowNode for ImportMember | test.py:1:26:1:32 | ControlFlowNode for request | provenance | | | test.py:1:26:1:32 | ControlFlowNode for request | test.py:19:19:19:25 | ControlFlowNode for request | provenance | | | test.py:19:5:19:15 | ControlFlowNode for xml_content | test.py:30:34:30:44 | ControlFlowNode for xml_content | provenance | | -| test.py:19:19:19:25 | ControlFlowNode for request | test.py:19:5:19:15 | ControlFlowNode for xml_content | provenance | | +| test.py:19:19:19:25 | ControlFlowNode for request | test.py:19:5:19:15 | ControlFlowNode for xml_content | provenance | AdditionalTaintStep | nodes | test.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | test.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected index cc0a986aedba..0d4a39689301 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected @@ -8,7 +8,7 @@ edges | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:12:5:12:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:18:5:18:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:12:5:12:7 | ControlFlowNode for url | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:18:5:18:7 | ControlFlowNode for url | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | provenance | | @@ -17,7 +17,7 @@ edges | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:50:5:50:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:41:5:41:7 | ControlFlowNode for url | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:44:5:44:7 | ControlFlowNode for url | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | provenance | | @@ -25,13 +25,13 @@ edges | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:64:5:64:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:64:5:64:7 | ControlFlowNode for url | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:75:5:75:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:75:5:75:7 | ControlFlowNode for url | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | provenance | | @@ -41,16 +41,16 @@ edges | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | provenance | | | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | provenance | | | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | provenance | | -| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | provenance | | -| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | | +| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | provenance | AdditionalTaintStep | +| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | AdditionalTaintStep | | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | provenance | | | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | provenance | | | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | provenance | | -| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | | +| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | AdditionalTaintStep | | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:1:19:1:25 | ControlFlowNode for request | provenance | | | test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:6:18:6:24 | ControlFlowNode for request | provenance | | | test_requests.py:6:5:6:14 | ControlFlowNode for user_input | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | provenance | | -| test_requests.py:6:18:6:24 | ControlFlowNode for request | test_requests.py:6:5:6:14 | ControlFlowNode for user_input | provenance | | +| test_requests.py:6:18:6:24 | ControlFlowNode for request | test_requests.py:6:5:6:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | nodes | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected index 33f6bc363e42..7a7f8a3366b4 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected @@ -18,10 +18,10 @@ edges | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:12:5:12:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:18:5:18:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | provenance | | -| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | provenance | | +| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | | full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:8:17:8:23 | ControlFlowNode for request | full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | provenance | | +| full_partial_test.py:8:17:8:23 | ControlFlowNode for request | full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | | full_partial_test.py:12:5:12:7 | ControlFlowNode for url | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:18:5:18:7 | ControlFlowNode for url | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | provenance | | @@ -30,10 +30,10 @@ edges | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:50:5:50:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | provenance | | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | provenance | | +| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | | full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:38:17:38:23 | ControlFlowNode for request | full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | provenance | | +| full_partial_test.py:38:17:38:23 | ControlFlowNode for request | full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | | full_partial_test.py:41:5:41:7 | ControlFlowNode for url | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:44:5:44:7 | ControlFlowNode for url | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | provenance | | @@ -42,40 +42,40 @@ edges | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:64:5:64:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:67:5:67:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | provenance | | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | provenance | | +| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | | full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | full_partial_test.py:67:5:67:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:58:17:58:23 | ControlFlowNode for request | full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | provenance | | +| full_partial_test.py:58:17:58:23 | ControlFlowNode for request | full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:64:5:64:7 | ControlFlowNode for url | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:67:5:67:7 | ControlFlowNode for url | full_partial_test.py:68:18:68:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:75:5:75:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | provenance | | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | provenance | | +| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | | full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:72:17:72:23 | ControlFlowNode for request | full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | provenance | | +| full_partial_test.py:72:17:72:23 | ControlFlowNode for request | full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | | full_partial_test.py:75:5:75:7 | ControlFlowNode for url | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:86:5:86:14 | ControlFlowNode for user_input | full_partial_test.py:88:5:88:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:86:18:86:24 | ControlFlowNode for request | full_partial_test.py:86:5:86:14 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:86:18:86:24 | ControlFlowNode for request | full_partial_test.py:86:5:86:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:88:5:88:7 | ControlFlowNode for url | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:92:5:92:14 | ControlFlowNode for user_input | full_partial_test.py:94:5:94:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:92:18:92:24 | ControlFlowNode for request | full_partial_test.py:92:5:92:14 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:92:18:92:24 | ControlFlowNode for request | full_partial_test.py:92:5:92:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:94:5:94:7 | ControlFlowNode for url | full_partial_test.py:95:18:95:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:98:5:98:14 | ControlFlowNode for user_input | full_partial_test.py:100:5:100:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:98:18:98:24 | ControlFlowNode for request | full_partial_test.py:98:5:98:14 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:98:18:98:24 | ControlFlowNode for request | full_partial_test.py:98:5:98:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:100:5:100:7 | ControlFlowNode for url | full_partial_test.py:101:18:101:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:104:5:104:14 | ControlFlowNode for user_input | full_partial_test.py:106:5:106:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:104:18:104:24 | ControlFlowNode for request | full_partial_test.py:104:5:104:14 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:104:18:104:24 | ControlFlowNode for request | full_partial_test.py:104:5:104:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:106:5:106:7 | ControlFlowNode for url | full_partial_test.py:107:18:107:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:110:5:110:14 | ControlFlowNode for user_input | full_partial_test.py:115:5:115:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:110:18:110:24 | ControlFlowNode for request | full_partial_test.py:110:5:110:14 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:110:18:110:24 | ControlFlowNode for request | full_partial_test.py:110:5:110:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:115:5:115:7 | ControlFlowNode for url | full_partial_test.py:116:18:116:20 | ControlFlowNode for url | provenance | | | full_partial_test.py:119:5:119:14 | ControlFlowNode for user_input | full_partial_test.py:121:5:121:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:119:18:119:24 | ControlFlowNode for request | full_partial_test.py:119:5:119:14 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:119:18:119:24 | ControlFlowNode for request | full_partial_test.py:119:5:119:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:121:5:121:7 | ControlFlowNode for url | full_partial_test.py:122:18:122:20 | ControlFlowNode for url | provenance | | | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:1:26:1:32 | ControlFlowNode for request | provenance | | | test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:9:19:9:25 | ControlFlowNode for request | provenance | | @@ -84,23 +84,23 @@ edges | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | provenance | | | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | provenance | | | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | provenance | | -| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | provenance | | -| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | | -| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | provenance | | +| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | provenance | AdditionalTaintStep | +| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | AdditionalTaintStep | +| test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | provenance | | | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | provenance | | | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | provenance | | -| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | | -| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | provenance | | +| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | AdditionalTaintStep | +| test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | test_http_client.py:31:5:31:8 | ControlFlowNode for path | provenance | | | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | test_http_client.py:35:5:35:8 | ControlFlowNode for path | provenance | | -| test_http_client.py:11:18:11:24 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | provenance | | +| test_http_client.py:11:18:11:24 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | test_http_client.py:31:5:31:8 | ControlFlowNode for path | test_http_client.py:33:25:33:28 | ControlFlowNode for path | provenance | | | test_http_client.py:35:5:35:8 | ControlFlowNode for path | test_http_client.py:37:25:37:28 | ControlFlowNode for path | provenance | | | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:1:19:1:25 | ControlFlowNode for request | provenance | | | test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:6:18:6:24 | ControlFlowNode for request | provenance | | | test_requests.py:6:5:6:14 | ControlFlowNode for user_input | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | provenance | | -| test_requests.py:6:18:6:24 | ControlFlowNode for request | test_requests.py:6:5:6:14 | ControlFlowNode for user_input | provenance | | +| test_requests.py:6:18:6:24 | ControlFlowNode for request | test_requests.py:6:5:6:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | nodes | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | diff --git a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected index 9604e8b92c6d..61b22979229d 100644 --- a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected +++ b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected @@ -6,46 +6,46 @@ edges | PoC/server.py:1:26:1:32 | ControlFlowNode for request | PoC/server.py:77:14:77:20 | ControlFlowNode for request | provenance | | | PoC/server.py:1:26:1:32 | ControlFlowNode for request | PoC/server.py:98:14:98:20 | ControlFlowNode for request | provenance | | | PoC/server.py:26:5:26:17 | ControlFlowNode for author_string | PoC/server.py:27:25:27:37 | ControlFlowNode for author_string | provenance | | -| PoC/server.py:26:21:26:27 | ControlFlowNode for request | PoC/server.py:26:5:26:17 | ControlFlowNode for author_string | provenance | | +| PoC/server.py:26:21:26:27 | ControlFlowNode for request | PoC/server.py:26:5:26:17 | ControlFlowNode for author_string | provenance | AdditionalTaintStep | | PoC/server.py:27:5:27:10 | ControlFlowNode for author | PoC/server.py:30:27:30:44 | ControlFlowNode for Dict | provenance | | | PoC/server.py:27:5:27:10 | ControlFlowNode for author | PoC/server.py:31:34:31:51 | ControlFlowNode for Dict | provenance | | | PoC/server.py:27:14:27:38 | ControlFlowNode for Attribute() | PoC/server.py:27:5:27:10 | ControlFlowNode for author | provenance | | | PoC/server.py:27:25:27:37 | ControlFlowNode for author_string | PoC/server.py:27:14:27:38 | ControlFlowNode for Attribute() | provenance | | | PoC/server.py:43:5:43:10 | ControlFlowNode for author | PoC/server.py:47:38:47:67 | ControlFlowNode for BinaryExpr | provenance | | -| PoC/server.py:43:14:43:20 | ControlFlowNode for request | PoC/server.py:43:5:43:10 | ControlFlowNode for author | provenance | | +| PoC/server.py:43:14:43:20 | ControlFlowNode for request | PoC/server.py:43:5:43:10 | ControlFlowNode for author | provenance | AdditionalTaintStep | | PoC/server.py:47:38:47:67 | ControlFlowNode for BinaryExpr | PoC/server.py:47:27:47:68 | ControlFlowNode for Dict | provenance | | | PoC/server.py:52:5:52:10 | ControlFlowNode for author | PoC/server.py:54:17:54:70 | ControlFlowNode for BinaryExpr | provenance | | -| PoC/server.py:52:14:52:20 | ControlFlowNode for request | PoC/server.py:52:5:52:10 | ControlFlowNode for author | provenance | | +| PoC/server.py:52:14:52:20 | ControlFlowNode for request | PoC/server.py:52:5:52:10 | ControlFlowNode for author | provenance | AdditionalTaintStep | | PoC/server.py:53:5:53:10 | ControlFlowNode for search | PoC/server.py:61:27:61:58 | ControlFlowNode for Dict | provenance | | | PoC/server.py:53:14:57:5 | ControlFlowNode for Dict | PoC/server.py:53:5:53:10 | ControlFlowNode for search | provenance | | | PoC/server.py:54:17:54:70 | ControlFlowNode for BinaryExpr | PoC/server.py:53:14:57:5 | ControlFlowNode for Dict | provenance | | | PoC/server.py:77:5:77:10 | ControlFlowNode for author | PoC/server.py:80:23:80:101 | ControlFlowNode for BinaryExpr | provenance | | -| PoC/server.py:77:14:77:20 | ControlFlowNode for request | PoC/server.py:77:5:77:10 | ControlFlowNode for author | provenance | | +| PoC/server.py:77:14:77:20 | ControlFlowNode for request | PoC/server.py:77:5:77:10 | ControlFlowNode for author | provenance | AdditionalTaintStep | | PoC/server.py:78:5:78:15 | ControlFlowNode for accumulator | PoC/server.py:84:5:84:9 | ControlFlowNode for group | provenance | | | PoC/server.py:78:19:83:5 | ControlFlowNode for Dict | PoC/server.py:78:5:78:15 | ControlFlowNode for accumulator | provenance | | | PoC/server.py:80:23:80:101 | ControlFlowNode for BinaryExpr | PoC/server.py:78:19:83:5 | ControlFlowNode for Dict | provenance | | | PoC/server.py:84:5:84:9 | ControlFlowNode for group | PoC/server.py:91:29:91:47 | ControlFlowNode for Dict | provenance | | | PoC/server.py:84:5:84:9 | ControlFlowNode for group | PoC/server.py:92:38:92:56 | ControlFlowNode for Dict | provenance | | | PoC/server.py:98:5:98:10 | ControlFlowNode for author | PoC/server.py:99:5:99:10 | ControlFlowNode for mapper | provenance | | -| PoC/server.py:98:14:98:20 | ControlFlowNode for request | PoC/server.py:98:5:98:10 | ControlFlowNode for author | provenance | | +| PoC/server.py:98:14:98:20 | ControlFlowNode for request | PoC/server.py:98:5:98:10 | ControlFlowNode for author | provenance | AdditionalTaintStep | | PoC/server.py:99:5:99:10 | ControlFlowNode for mapper | PoC/server.py:102:9:102:14 | ControlFlowNode for mapper | provenance | | | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | provenance | | | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | provenance | | | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | provenance | | | flask_mongoengine_bad.py:19:5:19:17 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:20:30:20:42 | ControlFlowNode for unsafe_search | provenance | | -| flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_bad.py:19:5:19:17 | ControlFlowNode for unsafe_search | provenance | | +| flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_bad.py:19:5:19:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep | | flask_mongoengine_bad.py:20:5:20:15 | ControlFlowNode for json_search | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | provenance | | | flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:20:5:20:15 | ControlFlowNode for json_search | provenance | | | flask_mongoengine_bad.py:20:30:20:42 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | provenance | | | flask_mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | provenance | | -| flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | flask_mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | provenance | | +| flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | flask_mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep | | flask_mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | provenance | | | flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | provenance | | | flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | provenance | | | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for request | provenance | | | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for request | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | provenance | | | flask_pymongo_bad.py:11:5:11:17 | ControlFlowNode for unsafe_search | flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | provenance | | -| flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | flask_pymongo_bad.py:11:5:11:17 | ControlFlowNode for unsafe_search | provenance | | +| flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | flask_pymongo_bad.py:11:5:11:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep | | flask_pymongo_bad.py:12:5:12:15 | ControlFlowNode for json_search | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | provenance | | | flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | flask_pymongo_bad.py:12:5:12:15 | ControlFlowNode for json_search | provenance | | | flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | provenance | | @@ -57,32 +57,32 @@ edges | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | provenance | | | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | provenance | | | mongoengine_bad.py:18:5:18:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:19:30:19:42 | ControlFlowNode for unsafe_search | provenance | | -| mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_bad.py:18:5:18:17 | ControlFlowNode for unsafe_search | provenance | | +| mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_bad.py:18:5:18:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep | | mongoengine_bad.py:19:5:19:15 | ControlFlowNode for json_search | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | provenance | | | mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:19:5:19:15 | ControlFlowNode for json_search | provenance | | | mongoengine_bad.py:19:30:19:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | provenance | | | mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | provenance | | -| mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | provenance | | +| mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep | | mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | provenance | | | mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | provenance | | | mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | provenance | | | mongoengine_bad.py:34:5:34:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:35:30:35:42 | ControlFlowNode for unsafe_search | provenance | | -| mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | mongoengine_bad.py:34:5:34:17 | ControlFlowNode for unsafe_search | provenance | | +| mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | mongoengine_bad.py:34:5:34:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep | | mongoengine_bad.py:35:5:35:15 | ControlFlowNode for json_search | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | provenance | | | mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:35:5:35:15 | ControlFlowNode for json_search | provenance | | | mongoengine_bad.py:35:30:35:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | provenance | | | mongoengine_bad.py:42:5:42:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:43:30:43:42 | ControlFlowNode for unsafe_search | provenance | | -| mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | mongoengine_bad.py:42:5:42:17 | ControlFlowNode for unsafe_search | provenance | | +| mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | mongoengine_bad.py:42:5:42:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep | | mongoengine_bad.py:43:5:43:15 | ControlFlowNode for json_search | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | provenance | | | mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:43:5:43:15 | ControlFlowNode for json_search | provenance | | | mongoengine_bad.py:43:30:43:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | provenance | | | mongoengine_bad.py:50:5:50:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:51:30:51:42 | ControlFlowNode for unsafe_search | provenance | | -| mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | mongoengine_bad.py:50:5:50:17 | ControlFlowNode for unsafe_search | provenance | | +| mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | mongoengine_bad.py:50:5:50:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep | | mongoengine_bad.py:51:5:51:15 | ControlFlowNode for json_search | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | provenance | | | mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:51:5:51:15 | ControlFlowNode for json_search | provenance | | | mongoengine_bad.py:51:30:51:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | provenance | | | mongoengine_bad.py:57:5:57:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | provenance | | -| mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | mongoengine_bad.py:57:5:57:17 | ControlFlowNode for unsafe_search | provenance | | +| mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | mongoengine_bad.py:57:5:57:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep | | mongoengine_bad.py:58:5:58:15 | ControlFlowNode for json_search | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | provenance | | | mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:58:5:58:15 | ControlFlowNode for json_search | provenance | | | mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | provenance | | @@ -92,27 +92,30 @@ edges | pymongo_test.py:1:26:1:32 | ControlFlowNode for request | pymongo_test.py:39:27:39:33 | ControlFlowNode for request | provenance | | | pymongo_test.py:1:26:1:32 | ControlFlowNode for request | pymongo_test.py:52:26:52:32 | ControlFlowNode for request | provenance | | | pymongo_test.py:12:5:12:17 | ControlFlowNode for unsafe_search | pymongo_test.py:13:30:13:42 | ControlFlowNode for unsafe_search | provenance | | -| pymongo_test.py:12:21:12:27 | ControlFlowNode for request | pymongo_test.py:12:5:12:17 | ControlFlowNode for unsafe_search | provenance | | +| pymongo_test.py:12:21:12:27 | ControlFlowNode for request | pymongo_test.py:12:5:12:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep | | pymongo_test.py:13:5:13:15 | ControlFlowNode for json_search | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | provenance | | | pymongo_test.py:13:19:13:43 | ControlFlowNode for Attribute() | pymongo_test.py:13:5:13:15 | ControlFlowNode for json_search | provenance | | | pymongo_test.py:13:30:13:42 | ControlFlowNode for unsafe_search | pymongo_test.py:13:19:13:43 | ControlFlowNode for Attribute() | provenance | | | pymongo_test.py:29:5:29:12 | ControlFlowNode for event_id | pymongo_test.py:33:45:33:72 | ControlFlowNode for Fstring | provenance | | | pymongo_test.py:29:16:29:51 | ControlFlowNode for Attribute() | pymongo_test.py:29:5:29:12 | ControlFlowNode for event_id | provenance | | -| pymongo_test.py:29:27:29:33 | ControlFlowNode for request | pymongo_test.py:29:27:29:50 | ControlFlowNode for Subscript | provenance | | +| pymongo_test.py:29:27:29:33 | ControlFlowNode for request | pymongo_test.py:29:27:29:50 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | | pymongo_test.py:29:27:29:50 | ControlFlowNode for Subscript | pymongo_test.py:29:16:29:51 | ControlFlowNode for Attribute() | provenance | | | pymongo_test.py:33:45:33:72 | ControlFlowNode for Fstring | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | provenance | | +| pymongo_test.py:33:45:33:72 | ControlFlowNode for Fstring | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | provenance | AdditionalTaintStep | | pymongo_test.py:39:5:39:12 | ControlFlowNode for event_id | pymongo_test.py:43:45:43:72 | ControlFlowNode for Fstring | provenance | | | pymongo_test.py:39:16:39:51 | ControlFlowNode for Attribute() | pymongo_test.py:39:5:39:12 | ControlFlowNode for event_id | provenance | | -| pymongo_test.py:39:27:39:33 | ControlFlowNode for request | pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript | provenance | | +| pymongo_test.py:39:27:39:33 | ControlFlowNode for request | pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | | pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript | pymongo_test.py:39:16:39:51 | ControlFlowNode for Attribute() | provenance | | | pymongo_test.py:43:45:43:72 | ControlFlowNode for Fstring | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | provenance | | +| pymongo_test.py:43:45:43:72 | ControlFlowNode for Fstring | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | provenance | AdditionalTaintStep | | pymongo_test.py:52:5:52:11 | ControlFlowNode for decoded | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | provenance | | | pymongo_test.py:52:15:52:50 | ControlFlowNode for Attribute() | pymongo_test.py:52:5:52:11 | ControlFlowNode for decoded | provenance | | -| pymongo_test.py:52:26:52:32 | ControlFlowNode for request | pymongo_test.py:52:26:52:49 | ControlFlowNode for Subscript | provenance | | +| pymongo_test.py:52:26:52:32 | ControlFlowNode for request | pymongo_test.py:52:26:52:49 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep | | pymongo_test.py:52:26:52:49 | ControlFlowNode for Subscript | pymongo_test.py:52:15:52:50 | ControlFlowNode for Attribute() | provenance | | | pymongo_test.py:54:5:54:10 | ControlFlowNode for search | pymongo_test.py:59:25:59:56 | ControlFlowNode for Dict | provenance | | | pymongo_test.py:54:14:58:5 | ControlFlowNode for Dict | pymongo_test.py:54:5:54:10 | ControlFlowNode for search | provenance | | | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | pymongo_test.py:54:14:58:5 | ControlFlowNode for Dict | provenance | | +| pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | pymongo_test.py:54:14:58:5 | ControlFlowNode for Dict | provenance | AdditionalTaintStep | | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | pymongo_test.py:61:25:61:57 | ControlFlowNode for Dict | provenance | | | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | pymongo_test.py:62:25:62:42 | ControlFlowNode for Dict | provenance | | | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | pymongo_test.py:63:25:63:31 | ControlFlowNode for decoded | provenance | | diff --git a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll index 5940266b07f5..73e4ca8dfec7 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll @@ -32,9 +32,22 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari * DEPRECATED: Use `propagatesFlow` instead. */ deprecated predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - this.propagatesFlow(input, output, preservesValue) + this.propagatesFlow(input, output, preservesValue, _) } + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { + this.propagatesFlow(input, output, preservesValue) and model = "" + } + + /** + * Holds if data may flow from `input` to `output` through this callable. + * + * `preservesValue` indicates whether this is a value-preserving step or a taint-step. + */ + predicate propagatesFlow(string input, string output, boolean preservesValue) { none() } + /** * Gets the synthesized parameter that results from an input specification * that starts with `Argument[s]` for this library callable. @@ -100,7 +113,9 @@ private module LibraryCallbackSummaries { libraryCallHasLambdaArg(result.getAControlFlowNode(), _) } - override predicate propagatesFlow(string input, string output, boolean preservesValue) { + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { ( input = "Argument[block]" and output = "Argument[block].Parameter[lambda-self]" @@ -111,7 +126,8 @@ private module LibraryCallbackSummaries { output = "Argument[" + i + "].Parameter[lambda-self]" ) ) and - preservesValue = true + preservesValue = true and + model = "heuristic-callback" } } } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index 0aa58d7d18a0..2760d3ee8fef 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -244,10 +244,11 @@ module LocalFlow { } predicate flowSummaryLocalStep( - FlowSummaryNode nodeFrom, FlowSummaryNode nodeTo, FlowSummaryImpl::Public::SummarizedCallable c + FlowSummaryNode nodeFrom, FlowSummaryNode nodeTo, FlowSummaryImpl::Public::SummarizedCallable c, + string model ) { FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.getSummaryNode(), - nodeTo.getSummaryNode(), true) and + nodeTo.getSummaryNode(), true, model) and c = nodeFrom.getSummarizedCallable() } @@ -271,7 +272,7 @@ module LocalFlow { node1 = unique(FlowSummaryNode n1 | FlowSummaryImpl::Private::Steps::summaryLocalStep(n1.getSummaryNode(), - node2.(FlowSummaryNode).getSummaryNode(), true) + node2.(FlowSummaryNode).getSummaryNode(), true, _) ) } } @@ -606,25 +607,28 @@ private module Cached { * data flow. */ cached - predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - LocalFlow::localFlowStepCommon(nodeFrom, nodeTo) - or - exists(SsaImpl::DefinitionExt def | - // captured variables are handled by the shared `VariableCapture` library - not def instanceof VariableCapture::CapturedSsaDefinitionExt - | - LocalFlow::localSsaFlowStep(def, nodeFrom, nodeTo) + predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { + ( + LocalFlow::localFlowStepCommon(nodeFrom, nodeTo) or - LocalFlow::localSsaFlowStepUseUse(def, nodeFrom, nodeTo) and - not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) + exists(SsaImpl::DefinitionExt def | + // captured variables are handled by the shared `VariableCapture` library + not def instanceof VariableCapture::CapturedSsaDefinitionExt + | + LocalFlow::localSsaFlowStep(def, nodeFrom, nodeTo) + or + LocalFlow::localSsaFlowStepUseUse(def, nodeFrom, nodeTo) and + not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) + or + LocalFlow::localFlowSsaInputFromRead(def, nodeFrom, nodeTo) and + not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) + ) or - LocalFlow::localFlowSsaInputFromRead(def, nodeFrom, nodeTo) and - not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) - ) + VariableCapture::valueStep(nodeFrom, nodeTo) + ) and + model = "" or - LocalFlow::flowSummaryLocalStep(nodeFrom, nodeTo, _) - or - VariableCapture::valueStep(nodeFrom, nodeTo) + LocalFlow::flowSummaryLocalStep(nodeFrom, nodeTo, _, model) } /** This is the local flow predicate that is exposed. */ @@ -656,7 +660,8 @@ private module Cached { or VariableCapture::flowInsensitiveStep(nodeFrom, nodeTo) or - LocalFlow::flowSummaryLocalStep(nodeFrom, nodeTo, any(LibraryCallableToIncludeInTypeTracking c)) + LocalFlow::flowSummaryLocalStep(nodeFrom, nodeTo, any(LibraryCallableToIncludeInTypeTracking c), + _) } /** Holds if `n` wraps an SSA definition without ingoing flow. */ @@ -752,7 +757,7 @@ private module Cached { // external model data. This, unfortunately, does not included any field names used // in models defined in QL code. exists(string input, string output | - ModelOutput::relevantSummaryModel(_, _, input, output, _) + ModelOutput::relevantSummaryModel(_, _, input, output, _, _) | name = [input, output].regexpFind("(?<=(^|\\.)Field\\[)[^\\]]+(?=\\])", _, _).trim() ) @@ -2241,6 +2246,14 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { /** Extra data-flow steps needed for lambda flow analysis. */ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } +predicate knownSourceModel(Node source, string model) { + source = ModelOutput::getASourceNode(_, model).asSource() +} + +predicate knownSinkModel(Node sink, string model) { + sink = ModelOutput::getASinkNode(_, model).asSink() +} + /** * Holds if flow is allowed to pass from parameter `p` and back to itself as a * side-effect, resulting in a summary from `p` to itself. diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll index 1f2e8188d725..903c8b562e76 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll @@ -77,38 +77,41 @@ private module Cached { * in all global taint flow configurations. */ cached - predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - // value of `case` expression into variables in patterns - exists( - CfgNodes::ExprNodes::CaseExprCfgNode case, CfgNodes::ExprCfgNode value, - CfgNodes::ExprNodes::InClauseCfgNode clause, Ssa::Definition def - | - nodeFrom.asExpr() = value and - value = case.getValue() and - clause = case.getBranch(_) and - def = nodeTo.(SsaDefinitionExtNode).getDefinitionExt() and - def.getControlFlowNode() = variablesInPattern(clause.getPattern()) and - not LocalFlow::ssaDefAssigns(def, value) - ) - or - // operation involving `nodeFrom` - exists(CfgNodes::ExprNodes::OperationCfgNode op | - op = nodeTo.asExpr() and - op.getAnOperand() = nodeFrom.asExpr() and - not op.getExpr() = - any(Expr e | - // included in normal data-flow - e instanceof AssignExpr or - e instanceof BinaryLogicalOperation or - // has flow summary - e instanceof SplatExpr - ) - ) + predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) { + ( + // value of `case` expression into variables in patterns + exists( + CfgNodes::ExprNodes::CaseExprCfgNode case, CfgNodes::ExprCfgNode value, + CfgNodes::ExprNodes::InClauseCfgNode clause, Ssa::Definition def + | + nodeFrom.asExpr() = value and + value = case.getValue() and + clause = case.getBranch(_) and + def = nodeTo.(SsaDefinitionExtNode).getDefinitionExt() and + def.getControlFlowNode() = variablesInPattern(clause.getPattern()) and + not LocalFlow::ssaDefAssigns(def, value) + ) + or + // operation involving `nodeFrom` + exists(CfgNodes::ExprNodes::OperationCfgNode op | + op = nodeTo.asExpr() and + op.getAnOperand() = nodeFrom.asExpr() and + not op.getExpr() = + any(Expr e | + // included in normal data-flow + e instanceof AssignExpr or + e instanceof BinaryLogicalOperation or + // has flow summary + e instanceof SplatExpr + ) + ) + ) and + model = "" or FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), - nodeTo.(FlowSummaryNode).getSummaryNode(), false) + nodeTo.(FlowSummaryNode).getSummaryNode(), false, model) or - any(FlowSteps::AdditionalTaintStep s).step(nodeFrom, nodeTo) + any(FlowSteps::AdditionalTaintStep s).step(nodeFrom, nodeTo) and model = "AdditionalTaintStep" or // Although flow through collections is modeled precisely using stores/reads, we still // allow flow out of a _tainted_ collection. This is needed in order to support taint- @@ -119,7 +122,8 @@ private module Cached { c.isKnownOrUnknownElement(_) or c.isAnyElement() - ) + ) and + model = "" } cached @@ -136,7 +140,7 @@ private module Cached { cached predicate localTaintStepCached(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { DataFlow::localFlowStep(nodeFrom, nodeTo) or - defaultAdditionalTaintStep(nodeFrom, nodeTo) or + defaultAdditionalTaintStep(nodeFrom, nodeTo, _) or // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural summaryThroughStepTaint(nodeFrom, nodeTo, _) diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll index 5e43dc5249a7..4d57191dc1ed 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll @@ -37,7 +37,7 @@ private class SummarizedCallableFromModel extends SummarizedCallable { string path; SummarizedCallableFromModel() { - ModelOutput::relevantSummaryModel(type, path, _, _, _) and + ModelOutput::relevantSummaryModel(type, path, _, _, _, _) and this = type + ";" + path } @@ -48,8 +48,10 @@ private class SummarizedCallableFromModel extends SummarizedCallable { ) } - override predicate propagatesFlow(string input, string output, boolean preservesValue) { - exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind) | + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { + exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind, model) | kind = "value" and preservesValue = true or diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll index dd4331527519..e04341adb940 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll @@ -229,41 +229,55 @@ private predicate typeModel(string row) { any(TypeModelCsv s).row(inversePad(row private predicate typeVariableModel(string row) { any(TypeVariableModelCsv s).row(inversePad(row)) } /** Holds if a source model exists for the given parameters. */ -predicate sourceModel(string type, string path, string kind) { +predicate sourceModel(string type, string path, string kind, string model) { exists(string row | sourceModel(row) and row.splitAt(";", 0) = type and row.splitAt(";", 1) = path and - row.splitAt(";", 2) = kind + row.splitAt(";", 2) = kind and + model = "SourceModelCsv" ) or - Extensions::sourceModel(type, path, kind) + exists(QlBuiltins::ExtensionId madId | + Extensions::sourceModel(type, path, kind, madId) and + model = "MaD:" + madId.toString() + ) } /** Holds if a sink model exists for the given parameters. */ -private predicate sinkModel(string type, string path, string kind) { +private predicate sinkModel(string type, string path, string kind, string model) { exists(string row | sinkModel(row) and row.splitAt(";", 0) = type and row.splitAt(";", 1) = path and - row.splitAt(";", 2) = kind + row.splitAt(";", 2) = kind and + model = "SinkModelCsv" ) or - Extensions::sinkModel(type, path, kind) + exists(QlBuiltins::ExtensionId madId | + Extensions::sinkModel(type, path, kind, madId) and + model = "MaD:" + madId.toString() + ) } /** Holds if a summary model `row` exists for the given parameters. */ -private predicate summaryModel(string type, string path, string input, string output, string kind) { +private predicate summaryModel( + string type, string path, string input, string output, string kind, string model +) { exists(string row | summaryModel(row) and row.splitAt(";", 0) = type and row.splitAt(";", 1) = path and row.splitAt(";", 2) = input and row.splitAt(";", 3) = output and - row.splitAt(";", 4) = kind + row.splitAt(";", 4) = kind and + model = "SummaryModelCsv" ) or - Extensions::summaryModel(type, path, input, output, kind) + exists(QlBuiltins::ExtensionId madId | + Extensions::summaryModel(type, path, input, output, kind, madId) and + model = "MaD:" + madId.toString() + ) } /** Holds if a type model exists for the given parameters. */ @@ -294,9 +308,9 @@ private predicate typeVariableModel(string name, string path) { */ predicate isRelevantType(string type) { ( - sourceModel(type, _, _) or - sinkModel(type, _, _) or - summaryModel(type, _, _, _, _) or + sourceModel(type, _, _, _) or + sinkModel(type, _, _, _) or + summaryModel(type, _, _, _, _, _) or typeModel(_, type, _) ) and ( @@ -319,9 +333,9 @@ pragma[nomagic] predicate isRelevantFullPath(string type, string path) { isRelevantType(type) and ( - sourceModel(type, path, _) or - sinkModel(type, path, _) or - summaryModel(type, path, _, _, _) or + sourceModel(type, path, _, _) or + sinkModel(type, path, _, _) or + summaryModel(type, path, _, _, _, _) or typeModel(_, type, path) ) } @@ -331,8 +345,8 @@ private predicate accessPathRange(string s) { isRelevantFullPath(_, s) or exists(string type | isRelevantType(type) | - summaryModel(type, _, s, _, _) or - summaryModel(type, _, _, s, _) + summaryModel(type, _, s, _, _, _) or + summaryModel(type, _, _, s, _, _) ) or typeVariableModel(_, s) @@ -543,7 +557,7 @@ private API::Node getNodeFromPath(string type, AccessPath path) { pragma[nomagic] private predicate typeStepModel(string type, AccessPath basePath, AccessPath output) { - summaryModel(type, basePath, "", output, "type") + summaryModel(type, basePath, "", output, "type", _) } pragma[nomagic] @@ -621,9 +635,9 @@ module ModelOutput { * Holds if a CSV source model contributed `source` with the given `kind`. */ cached - API::Node getASourceNode(string kind) { + API::Node getASourceNode(string kind, string model) { exists(string type, string path | - sourceModel(type, path, kind) and + sourceModel(type, path, kind, model) and result = getNodeFromPath(type, path) ) } @@ -632,9 +646,9 @@ module ModelOutput { * Holds if a CSV sink model contributed `sink` with the given `kind`. */ cached - API::Node getASinkNode(string kind) { + API::Node getASinkNode(string kind, string model) { exists(string type, string path | - sinkModel(type, path, kind) and + sinkModel(type, path, kind, model) and result = getNodeFromPath(type, path) ) } @@ -644,10 +658,10 @@ module ModelOutput { */ cached predicate relevantSummaryModel( - string type, string path, string input, string output, string kind + string type, string path, string input, string output, string kind, string model ) { isRelevantType(type) and - summaryModel(type, path, input, output, kind) + summaryModel(type, path, input, output, kind, model) } /** @@ -655,7 +669,7 @@ module ModelOutput { */ cached predicate resolvedSummaryBase(string type, string path, Specific::InvokeNode baseNode) { - summaryModel(type, path, _, _, _) and + summaryModel(type, path, _, _, _, _) and baseNode = getInvocationFromPath(type, path) } @@ -664,7 +678,7 @@ module ModelOutput { */ cached predicate resolvedSummaryRefBase(string type, string path, API::Node baseNode) { - summaryModel(type, path, _, _, _) and + summaryModel(type, path, _, _, _, _) and baseNode = getNodeFromPath(type, path) } @@ -680,12 +694,22 @@ module ModelOutput { import Specific::ModelOutputSpecific private import codeql.mad.ModelValidation as SharedModelVal + /** + * Holds if a CSV source model contributed `source` with the given `kind`. + */ + API::Node getASourceNode(string kind) { result = getASourceNode(kind, _) } + + /** + * Holds if a CSV sink model contributed `sink` with the given `kind`. + */ + API::Node getASinkNode(string kind) { result = getASinkNode(kind, _) } + private module KindValConfig implements SharedModelVal::KindValidationConfigSig { - predicate summaryKind(string kind) { summaryModel(_, _, _, _, kind) } + predicate summaryKind(string kind) { summaryModel(_, _, _, _, kind, _) } - predicate sinkKind(string kind) { sinkModel(_, _, kind) } + predicate sinkKind(string kind) { sinkModel(_, _, kind, _) } - predicate sourceKind(string kind) { sourceModel(_, _, kind) } + predicate sourceKind(string kind) { sourceModel(_, _, kind, _) } } private module KindVal = SharedModelVal::KindValidation; diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll index f0edf1702d3c..51e71f68b1ee 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll @@ -8,13 +8,15 @@ * * The kind `remote` represents a general remote flow source. */ -extensible predicate sourceModel(string type, string path, string kind); +extensible predicate sourceModel( + string type, string path, string kind, QlBuiltins::ExtensionId madId +); /** * Holds if the value at `(type, path)` should be seen as a sink * of the given `kind`. */ -extensible predicate sinkModel(string type, string path, string kind); +extensible predicate sinkModel(string type, string path, string kind, QlBuiltins::ExtensionId madId); /** * Holds if in calls to `(type, path)`, the value referred to by `input` @@ -23,7 +25,9 @@ extensible predicate sinkModel(string type, string path, string kind); * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps, * respectively. */ -extensible predicate summaryModel(string type, string path, string input, string output, string kind); +extensible predicate summaryModel( + string type, string path, string input, string output, string kind, QlBuiltins::ExtensionId madId +); /** * Holds if calls to `(type, path)` should be considered neutral. The meaning of this depends on the `kind`. diff --git a/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeQuery.qll b/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeQuery.qll index 09238116dd8d..a3e58f43e43a 100644 --- a/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeQuery.qll @@ -38,7 +38,7 @@ deprecated class Configuration extends DataFlow::Configuration { DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo, DataFlow::FlowState stateTo ) { - defaultAdditionalTaintStep(nodeFrom, nodeTo) and + defaultAdditionalTaintStep(nodeFrom, nodeTo, _) and // This is a taint step, so the flow state becomes `taint`. stateFrom = [FlowState::data(), FlowState::taint()] and stateTo = FlowState::taint() @@ -57,7 +57,7 @@ private module Config implements DataFlow::StateConfigSig { predicate isAdditionalFlowStep( DataFlow::Node nodeFrom, FlowState stateFrom, DataFlow::Node nodeTo, FlowState stateTo ) { - defaultAdditionalTaintStep(nodeFrom, nodeTo) and + defaultAdditionalTaintStep(nodeFrom, nodeTo, _) and // TODO: propagate provenance // This is a taint step, so the flow state becomes `taint`. ( stateFrom = FlowState::Taint() diff --git a/ruby/ql/lib/codeql/ruby/typetracking/internal/TypeTrackingImpl.qll b/ruby/ql/lib/codeql/ruby/typetracking/internal/TypeTrackingImpl.qll index 419fcf621b2f..4ad1723249b6 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/internal/TypeTrackingImpl.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/internal/TypeTrackingImpl.qll @@ -217,7 +217,15 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input { predicate return = FlowSummaryImpl::Private::SummaryComponent::return/0; // Callables - class SummarizedCallable = FlowSummaryImpl::Private::SummarizedCallableImpl; + class SummarizedCallable instanceof FlowSummaryImpl::Private::SummarizedCallableImpl { + string toString() { result = super.toString() } + + predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + super.propagatesFlow(input, output, preservesValue, _) + } + } // Relating nodes to summaries Node argumentOf(Node call, SummaryComponent arg, boolean isPostUpdate) { diff --git a/ruby/ql/src/utils/modeleditor/ModelEditor.qll b/ruby/ql/src/utils/modeleditor/ModelEditor.qll index 020a5f6177cb..90a8a5c75b92 100644 --- a/ruby/ql/src/utils/modeleditor/ModelEditor.qll +++ b/ruby/ql/src/utils/modeleditor/ModelEditor.qll @@ -179,7 +179,7 @@ class SinkCallable extends DataFlow::MethodNode { exists(string type, string path, string method | method = path.regexpCapture("(Method\\[[^\\]]+\\]).*", 1) and Util::pathToMethod(this, type, method) and - sinkModel(type, path, _) + sinkModel(type, path, _, _) ) } } @@ -192,7 +192,7 @@ class SourceCallable extends DataFlow::CallableNode { exists(string type, string path, string method | method = path.regexpCapture("(Method\\[[^\\]]+\\]).*", 1) and Util::pathToMethod(this, type, method) and - sourceModel(type, path, _) + sourceModel(type, path, _, _) ) } } @@ -204,7 +204,7 @@ class SummaryCallable extends DataFlow::CallableNode { SummaryCallable() { exists(string type, string path | Util::pathToMethod(this, type, path) and - summaryModel(type, path, _, _, _) + summaryModel(type, path, _, _, _, _) ) } } diff --git a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected index b13c31dbc78a..35d702bb83a0 100644 --- a/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected +++ b/ruby/ql/test/library-tests/dataflow/call-sensitivity/call-sensitivity.expected @@ -30,6 +30,7 @@ edges | call_sensitivity.rb:70:30:70:30 | x | call_sensitivity.rb:71:10:71:10 | x | provenance | | | call_sensitivity.rb:74:18:74:18 | y | call_sensitivity.rb:75:20:77:7 | do ... end [captured y] | provenance | | | call_sensitivity.rb:75:20:77:7 | do ... end [captured y] | call_sensitivity.rb:76:17:76:17 | y | provenance | | +| call_sensitivity.rb:75:20:77:7 | do ... end [captured y] | call_sensitivity.rb:76:17:76:17 | y | provenance | heuristic-callback | | call_sensitivity.rb:76:17:76:17 | y | call_sensitivity.rb:50:15:50:15 | x | provenance | | | call_sensitivity.rb:80:15:80:15 | x | call_sensitivity.rb:81:18:81:18 | x | provenance | | | call_sensitivity.rb:81:18:81:18 | x | call_sensitivity.rb:50:15:50:15 | x | provenance | | diff --git a/ruby/ql/test/library-tests/dataflow/global/Flow.expected b/ruby/ql/test/library-tests/dataflow/global/Flow.expected index 22d5fd7d18ba..e10b8e9a7c66 100644 --- a/ruby/ql/test/library-tests/dataflow/global/Flow.expected +++ b/ruby/ql/test/library-tests/dataflow/global/Flow.expected @@ -10,11 +10,11 @@ edges | captured_variables.rb:20:25:20:34 | call to taint | captured_variables.rb:15:28:15:28 | x | provenance | | | captured_variables.rb:20:25:20:34 | call to taint | captured_variables.rb:20:2:20:34 | call to capture_escape_return1 [captured x] | provenance | | | captured_variables.rb:22:28:22:28 | x | captured_variables.rb:23:5:25:5 | -> { ... } [captured x] | provenance | | -| captured_variables.rb:27:25:27:57 | call to capture_escape_return2 [captured x] | captured_variables.rb:24:14:24:14 | x | provenance | | +| captured_variables.rb:27:25:27:57 | call to capture_escape_return2 [captured x] | captured_variables.rb:24:14:24:14 | x | provenance | heuristic-callback | | captured_variables.rb:27:48:27:57 | call to taint | captured_variables.rb:22:28:22:28 | x | provenance | | | captured_variables.rb:27:48:27:57 | call to taint | captured_variables.rb:27:25:27:57 | call to capture_escape_return2 [captured x] | provenance | | | captured_variables.rb:29:33:29:33 | x | captured_variables.rb:33:29:33:30 | fn [captured x] | provenance | | -| captured_variables.rb:33:29:33:30 | fn [captured x] | captured_variables.rb:31:14:31:14 | x | provenance | | +| captured_variables.rb:33:29:33:30 | fn [captured x] | captured_variables.rb:31:14:31:14 | x | provenance | heuristic-callback | | captured_variables.rb:35:29:35:38 | call to taint | captured_variables.rb:29:33:29:33 | x | provenance | | | captured_variables.rb:37:13:37:14 | fn [captured x] | captured_variables.rb:38:5:38:6 | fn [captured x] | provenance | | | captured_variables.rb:38:5:38:6 | fn [captured x] | captured_variables.rb:42:14:42:14 | x | provenance | | @@ -25,7 +25,9 @@ edges | captured_variables.rb:48:5:48:12 | call to taint | captured_variables.rb:54:6:54:6 | x | provenance | | | captured_variables.rb:49:16:52:3 | [post] do ... end [captured x] | captured_variables.rb:54:6:54:6 | x | provenance | | | captured_variables.rb:49:16:52:3 | do ... end [captured x] | captured_variables.rb:50:10:50:10 | x | provenance | | +| captured_variables.rb:49:16:52:3 | do ... end [captured x] | captured_variables.rb:50:10:50:10 | x | provenance | heuristic-callback | | captured_variables.rb:51:9:51:16 | call to taint | captured_variables.rb:49:16:52:3 | [post] do ... end [captured x] | provenance | | +| captured_variables.rb:51:9:51:16 | call to taint | captured_variables.rb:49:16:52:3 | [post] do ... end [captured x] | provenance | heuristic-callback | | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:58:18:58:18 | x | provenance | | | captured_variables.rb:58:18:58:18 | x | captured_variables.rb:58:9:58:14 | [post] self [@field] | provenance | | | captured_variables.rb:60:5:62:7 | self in get_field [@field] | captured_variables.rb:61:16:61:21 | self [@field] | provenance | | @@ -38,10 +40,12 @@ edges | captured_variables.rb:66:15:66:22 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | | captured_variables.rb:67:16:70:3 | [post] do ... end [captured foo, @field] | captured_variables.rb:72:6:72:8 | foo [@field] | provenance | | | captured_variables.rb:67:16:70:3 | do ... end [captured foo, @field] | captured_variables.rb:68:10:68:12 | foo [@field] | provenance | | +| captured_variables.rb:67:16:70:3 | do ... end [captured foo, @field] | captured_variables.rb:68:10:68:12 | foo [@field] | provenance | heuristic-callback | | captured_variables.rb:68:10:68:12 | foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field [@field] | provenance | | | captured_variables.rb:68:10:68:12 | foo [@field] | captured_variables.rb:68:10:68:22 | call to get_field | provenance | | | captured_variables.rb:68:10:68:12 | foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field [@field] | provenance | | | captured_variables.rb:69:5:69:7 | [post] foo [@field] | captured_variables.rb:67:16:70:3 | [post] do ... end [captured foo, @field] | provenance | | +| captured_variables.rb:69:5:69:7 | [post] foo [@field] | captured_variables.rb:67:16:70:3 | [post] do ... end [captured foo, @field] | provenance | heuristic-callback | | captured_variables.rb:69:19:69:26 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | captured_variables.rb:69:19:69:26 | call to taint | captured_variables.rb:69:5:69:7 | [post] foo [@field] | provenance | | | captured_variables.rb:69:19:69:26 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | @@ -50,6 +54,7 @@ edges | captured_variables.rb:72:6:72:8 | foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field [@field] | provenance | | | captured_variables.rb:78:20:80:7 | [post] do ... end [captured foo, @field] | captured_variables.rb:83:6:83:8 | foo [@field] | provenance | | | captured_variables.rb:79:9:79:11 | [post] foo [@field] | captured_variables.rb:78:20:80:7 | [post] do ... end [captured foo, @field] | provenance | | +| captured_variables.rb:79:9:79:11 | [post] foo [@field] | captured_variables.rb:78:20:80:7 | [post] do ... end [captured foo, @field] | provenance | heuristic-callback | | captured_variables.rb:79:23:79:30 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | captured_variables.rb:79:23:79:30 | call to taint | captured_variables.rb:79:9:79:11 | [post] foo [@field] | provenance | | | captured_variables.rb:79:23:79:30 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected index dab6b18e8cfb..0cc646231a18 100644 --- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected +++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected @@ -10,14 +10,14 @@ edges | summaries.rb:1:11:1:36 | call to identity | summaries.rb:26:31:26:37 | tainted | provenance | | | summaries.rb:1:11:1:36 | call to identity | summaries.rb:30:24:30:30 | tainted | provenance | | | summaries.rb:1:11:1:36 | call to identity | summaries.rb:31:27:31:33 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:34:16:34:22 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:34:16:34:22 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:35:16:35:22 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:35:16:35:22 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:36:21:36:27 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:36:21:36:27 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:37:36:37:42 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:37:36:37:42 | tainted | provenance | | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:34:16:34:22 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:34:16:34:22 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:35:16:35:22 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:35:16:35:22 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:36:21:36:27 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:36:21:36:27 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:37:36:37:42 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:37:36:37:42 | tainted | provenance | Sink:SinkModelCsv | | summaries.rb:1:11:1:36 | call to identity | summaries.rb:51:24:51:30 | tainted | provenance | | | summaries.rb:1:11:1:36 | call to identity | summaries.rb:56:22:56:28 | tainted | provenance | | | summaries.rb:1:11:1:36 | call to identity | summaries.rb:57:17:57:23 | tainted | provenance | | @@ -27,30 +27,30 @@ edges | summaries.rb:1:11:1:36 | call to identity | summaries.rb:122:16:122:22 | tainted | provenance | | | summaries.rb:1:11:1:36 | call to identity | summaries.rb:128:14:128:20 | tainted | provenance | | | summaries.rb:1:11:1:36 | call to identity | summaries.rb:131:16:131:22 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:131:16:131:22 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:131:16:131:22 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:132:21:132:27 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:132:21:132:27 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:135:26:135:32 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:135:26:135:32 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:137:23:137:29 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:137:23:137:29 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:140:19:140:25 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:140:19:140:25 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:141:19:141:25 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:141:19:141:25 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:145:26:145:32 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:145:26:145:32 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:147:16:147:22 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:147:16:147:22 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:150:39:150:45 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:150:39:150:45 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:154:20:154:26 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:154:20:154:26 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:155:28:155:34 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:155:28:155:34 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:156:27:156:33 | tainted | provenance | | -| summaries.rb:1:11:1:36 | call to identity | summaries.rb:156:27:156:33 | tainted | provenance | | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:131:16:131:22 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:131:16:131:22 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:132:21:132:27 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:132:21:132:27 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:135:26:135:32 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:135:26:135:32 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:137:23:137:29 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:137:23:137:29 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:140:19:140:25 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:140:19:140:25 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:141:19:141:25 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:141:19:141:25 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:145:26:145:32 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:145:26:145:32 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:147:16:147:22 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:147:16:147:22 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:150:39:150:45 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:150:39:150:45 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:154:20:154:26 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:154:20:154:26 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:155:28:155:34 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:155:28:155:34 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:156:27:156:33 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:1:11:1:36 | call to identity | summaries.rb:156:27:156:33 | tainted | provenance | Sink:SinkModelCsv | | summaries.rb:1:11:1:36 | call to identity | summaries.rb:157:14:160:3 | do ... end [captured tainted] | provenance | | | summaries.rb:1:11:1:36 | call to identity | summaries.rb:157:14:160:3 | do ... end [captured tainted] | provenance | | | summaries.rb:1:20:1:36 | call to source | summaries.rb:1:11:1:36 | call to identity | provenance | | @@ -81,34 +81,34 @@ edges | summaries.rb:16:36:16:42 | tainted | summaries.rb:16:12:16:43 | call to apply_lambda | provenance | | | summaries.rb:20:1:20:8 | tainted4 | summaries.rb:21:6:21:13 | tainted4 | provenance | | | summaries.rb:20:12:20:32 | call to firstArg | summaries.rb:20:1:20:8 | tainted4 | provenance | | -| summaries.rb:20:25:20:31 | tainted | summaries.rb:20:12:20:32 | call to firstArg | provenance | | +| summaries.rb:20:25:20:31 | tainted | summaries.rb:20:12:20:32 | call to firstArg | provenance | SummaryModelCsv | | summaries.rb:26:1:26:8 | tainted5 | summaries.rb:27:6:27:13 | tainted5 | provenance | | | summaries.rb:26:12:26:38 | call to secondArg | summaries.rb:26:1:26:8 | tainted5 | provenance | | -| summaries.rb:26:31:26:37 | tainted | summaries.rb:26:12:26:38 | call to secondArg | provenance | | -| summaries.rb:30:24:30:30 | tainted | summaries.rb:30:6:30:42 | call to onlyWithBlock | provenance | | -| summaries.rb:31:27:31:33 | tainted | summaries.rb:31:6:31:34 | call to onlyWithoutBlock | provenance | | +| summaries.rb:26:31:26:37 | tainted | summaries.rb:26:12:26:38 | call to secondArg | provenance | SummaryModelCsv | +| summaries.rb:30:24:30:30 | tainted | summaries.rb:30:6:30:42 | call to onlyWithBlock | provenance | SummaryModelCsv | +| summaries.rb:31:27:31:33 | tainted | summaries.rb:31:6:31:34 | call to onlyWithoutBlock | provenance | SummaryModelCsv | | summaries.rb:40:3:40:3 | t | summaries.rb:41:24:41:24 | t | provenance | | | summaries.rb:40:3:40:3 | t | summaries.rb:42:24:42:24 | t | provenance | | | summaries.rb:40:3:40:3 | t | summaries.rb:44:8:44:8 | t | provenance | | | summaries.rb:40:7:40:17 | call to source | summaries.rb:40:3:40:3 | t | provenance | | -| summaries.rb:41:24:41:24 | t | summaries.rb:41:8:41:25 | call to matchedByName | provenance | | -| summaries.rb:42:24:42:24 | t | summaries.rb:42:8:42:25 | call to matchedByName | provenance | | -| summaries.rb:44:8:44:8 | t | summaries.rb:44:8:44:27 | call to matchedByNameRcv | provenance | | -| summaries.rb:48:24:48:41 | call to source | summaries.rb:48:8:48:42 | call to preserveTaint | provenance | | -| summaries.rb:51:24:51:30 | tainted | summaries.rb:51:6:51:31 | call to namedArg | provenance | | +| summaries.rb:41:24:41:24 | t | summaries.rb:41:8:41:25 | call to matchedByName | provenance | SummaryModelCsv | +| summaries.rb:42:24:42:24 | t | summaries.rb:42:8:42:25 | call to matchedByName | provenance | SummaryModelCsv | +| summaries.rb:44:8:44:8 | t | summaries.rb:44:8:44:27 | call to matchedByNameRcv | provenance | SummaryModelCsv | +| summaries.rb:48:24:48:41 | call to source | summaries.rb:48:8:48:42 | call to preserveTaint | provenance | SummaryModelCsv | +| summaries.rb:51:24:51:30 | tainted | summaries.rb:51:6:51:31 | call to namedArg | provenance | SummaryModelCsv | | summaries.rb:53:1:53:4 | args [element :foo] | summaries.rb:54:21:54:24 | args [element :foo] | provenance | | | summaries.rb:53:8:53:33 | call to [] [element :foo] | summaries.rb:53:1:53:4 | args [element :foo] | provenance | | | summaries.rb:53:15:53:31 | call to source | summaries.rb:53:8:53:33 | call to [] [element :foo] | provenance | | -| summaries.rb:54:19:54:24 | ** ... [element :foo] | summaries.rb:54:6:54:25 | call to namedArg | provenance | | +| summaries.rb:54:19:54:24 | ** ... [element :foo] | summaries.rb:54:6:54:25 | call to namedArg | provenance | SummaryModelCsv | | summaries.rb:54:21:54:24 | args [element :foo] | summaries.rb:54:19:54:24 | ** ... [element :foo] | provenance | | -| summaries.rb:56:22:56:28 | tainted | summaries.rb:56:6:56:29 | call to anyArg | provenance | | -| summaries.rb:57:17:57:23 | tainted | summaries.rb:57:6:57:24 | call to anyArg | provenance | | -| summaries.rb:59:27:59:33 | tainted | summaries.rb:59:6:59:34 | call to anyNamedArg | provenance | | -| summaries.rb:63:32:63:38 | tainted | summaries.rb:63:6:63:39 | call to anyPositionFromOne | provenance | | -| summaries.rb:65:23:65:29 | tainted | summaries.rb:65:40:65:40 | x | provenance | | +| summaries.rb:56:22:56:28 | tainted | summaries.rb:56:6:56:29 | call to anyArg | provenance | SummaryModelCsv | +| summaries.rb:57:17:57:23 | tainted | summaries.rb:57:6:57:24 | call to anyArg | provenance | SummaryModelCsv | +| summaries.rb:59:27:59:33 | tainted | summaries.rb:59:6:59:34 | call to anyNamedArg | provenance | SummaryModelCsv | +| summaries.rb:63:32:63:38 | tainted | summaries.rb:63:6:63:39 | call to anyPositionFromOne | provenance | SummaryModelCsv | +| summaries.rb:65:23:65:29 | tainted | summaries.rb:65:40:65:40 | x | provenance | SummaryModelCsv | | summaries.rb:65:40:65:40 | x | summaries.rb:66:8:66:8 | x | provenance | | -| summaries.rb:73:24:73:53 | call to source | summaries.rb:73:8:73:54 | call to preserveTaint | provenance | | -| summaries.rb:76:26:76:56 | call to source | summaries.rb:76:8:76:57 | call to preserveTaint | provenance | | +| summaries.rb:73:24:73:53 | call to source | summaries.rb:73:8:73:54 | call to preserveTaint | provenance | SummaryModelCsv | +| summaries.rb:76:26:76:56 | call to source | summaries.rb:76:8:76:57 | call to preserveTaint | provenance | SummaryModelCsv | | summaries.rb:79:1:79:1 | a [element 1] | summaries.rb:82:6:82:6 | a [element 1] | provenance | | | summaries.rb:79:1:79:1 | a [element 1] | summaries.rb:82:6:82:6 | a [element 1] | provenance | | | summaries.rb:79:1:79:1 | a [element 1] | summaries.rb:83:6:83:6 | a [element 1] | provenance | | @@ -145,12 +145,12 @@ edges | summaries.rb:81:1:81:1 | [post] a [element] | summaries.rb:95:1:95:1 | a [element] | provenance | | | summaries.rb:81:13:81:27 | call to source | summaries.rb:81:1:81:1 | [post] a [element] | provenance | | | summaries.rb:81:13:81:27 | call to source | summaries.rb:81:1:81:1 | [post] a [element] | provenance | | -| summaries.rb:82:6:82:6 | a [element 1] | summaries.rb:82:6:82:24 | call to readElementOne | provenance | | -| summaries.rb:82:6:82:6 | a [element 1] | summaries.rb:82:6:82:24 | call to readElementOne | provenance | | -| summaries.rb:82:6:82:6 | a [element] | summaries.rb:82:6:82:24 | call to readElementOne | provenance | | -| summaries.rb:82:6:82:6 | a [element] | summaries.rb:82:6:82:24 | call to readElementOne | provenance | | -| summaries.rb:83:6:83:6 | a [element 1] | summaries.rb:83:6:83:31 | call to readExactlyElementOne | provenance | | -| summaries.rb:83:6:83:6 | a [element 1] | summaries.rb:83:6:83:31 | call to readExactlyElementOne | provenance | | +| summaries.rb:82:6:82:6 | a [element 1] | summaries.rb:82:6:82:24 | call to readElementOne | provenance | SummaryModelCsv | +| summaries.rb:82:6:82:6 | a [element 1] | summaries.rb:82:6:82:24 | call to readElementOne | provenance | SummaryModelCsv | +| summaries.rb:82:6:82:6 | a [element] | summaries.rb:82:6:82:24 | call to readElementOne | provenance | SummaryModelCsv | +| summaries.rb:82:6:82:6 | a [element] | summaries.rb:82:6:82:24 | call to readElementOne | provenance | SummaryModelCsv | +| summaries.rb:83:6:83:6 | a [element 1] | summaries.rb:83:6:83:31 | call to readExactlyElementOne | provenance | SummaryModelCsv | +| summaries.rb:83:6:83:6 | a [element 1] | summaries.rb:83:6:83:31 | call to readExactlyElementOne | provenance | SummaryModelCsv | | summaries.rb:84:6:84:6 | a [element] | summaries.rb:84:6:84:9 | ...[...] | provenance | | | summaries.rb:84:6:84:6 | a [element] | summaries.rb:84:6:84:9 | ...[...] | provenance | | | summaries.rb:85:6:85:6 | a [element 1] | summaries.rb:85:6:85:9 | ...[...] | provenance | | @@ -169,10 +169,10 @@ edges | summaries.rb:87:1:87:1 | b [element] | summaries.rb:89:6:89:6 | b [element] | provenance | | | summaries.rb:87:1:87:1 | b [element] | summaries.rb:90:6:90:6 | b [element] | provenance | | | summaries.rb:87:1:87:1 | b [element] | summaries.rb:90:6:90:6 | b [element] | provenance | | -| summaries.rb:87:5:87:5 | a [element 1] | summaries.rb:87:5:87:22 | call to withElementOne [element 1] | provenance | | -| summaries.rb:87:5:87:5 | a [element 1] | summaries.rb:87:5:87:22 | call to withElementOne [element 1] | provenance | | -| summaries.rb:87:5:87:5 | a [element] | summaries.rb:87:5:87:22 | call to withElementOne [element] | provenance | | -| summaries.rb:87:5:87:5 | a [element] | summaries.rb:87:5:87:22 | call to withElementOne [element] | provenance | | +| summaries.rb:87:5:87:5 | a [element 1] | summaries.rb:87:5:87:22 | call to withElementOne [element 1] | provenance | SummaryModelCsv | +| summaries.rb:87:5:87:5 | a [element 1] | summaries.rb:87:5:87:22 | call to withElementOne [element 1] | provenance | SummaryModelCsv | +| summaries.rb:87:5:87:5 | a [element] | summaries.rb:87:5:87:22 | call to withElementOne [element] | provenance | SummaryModelCsv | +| summaries.rb:87:5:87:5 | a [element] | summaries.rb:87:5:87:22 | call to withElementOne [element] | provenance | SummaryModelCsv | | summaries.rb:87:5:87:22 | call to withElementOne [element 1] | summaries.rb:87:1:87:1 | b [element 1] | provenance | | | summaries.rb:87:5:87:22 | call to withElementOne [element 1] | summaries.rb:87:1:87:1 | b [element 1] | provenance | | | summaries.rb:87:5:87:22 | call to withElementOne [element] | summaries.rb:87:1:87:1 | b [element] | provenance | | @@ -187,8 +187,8 @@ edges | summaries.rb:90:6:90:6 | b [element] | summaries.rb:90:6:90:9 | ...[...] | provenance | | | summaries.rb:91:1:91:1 | c [element 1] | summaries.rb:93:6:93:6 | c [element 1] | provenance | | | summaries.rb:91:1:91:1 | c [element 1] | summaries.rb:93:6:93:6 | c [element 1] | provenance | | -| summaries.rb:91:5:91:5 | a [element 1] | summaries.rb:91:5:91:29 | call to withExactlyElementOne [element 1] | provenance | | -| summaries.rb:91:5:91:5 | a [element 1] | summaries.rb:91:5:91:29 | call to withExactlyElementOne [element 1] | provenance | | +| summaries.rb:91:5:91:5 | a [element 1] | summaries.rb:91:5:91:29 | call to withExactlyElementOne [element 1] | provenance | SummaryModelCsv | +| summaries.rb:91:5:91:5 | a [element 1] | summaries.rb:91:5:91:29 | call to withExactlyElementOne [element 1] | provenance | SummaryModelCsv | | summaries.rb:91:5:91:29 | call to withExactlyElementOne [element 1] | summaries.rb:91:1:91:1 | c [element 1] | provenance | | | summaries.rb:91:5:91:29 | call to withExactlyElementOne [element 1] | summaries.rb:91:1:91:1 | c [element 1] | provenance | | | summaries.rb:93:6:93:6 | c [element 1] | summaries.rb:93:6:93:9 | ...[...] | provenance | | @@ -203,10 +203,10 @@ edges | summaries.rb:95:1:95:1 | [post] a [element] | summaries.rb:97:6:97:6 | a [element] | provenance | | | summaries.rb:95:1:95:1 | [post] a [element] | summaries.rb:98:6:98:6 | a [element] | provenance | | | summaries.rb:95:1:95:1 | [post] a [element] | summaries.rb:98:6:98:6 | a [element] | provenance | | -| summaries.rb:95:1:95:1 | a [element 2] | summaries.rb:95:1:95:1 | [post] a [element 2] | provenance | | -| summaries.rb:95:1:95:1 | a [element 2] | summaries.rb:95:1:95:1 | [post] a [element 2] | provenance | | -| summaries.rb:95:1:95:1 | a [element] | summaries.rb:95:1:95:1 | [post] a [element] | provenance | | -| summaries.rb:95:1:95:1 | a [element] | summaries.rb:95:1:95:1 | [post] a [element] | provenance | | +| summaries.rb:95:1:95:1 | a [element 2] | summaries.rb:95:1:95:1 | [post] a [element 2] | provenance | SummaryModelCsv | +| summaries.rb:95:1:95:1 | a [element 2] | summaries.rb:95:1:95:1 | [post] a [element 2] | provenance | SummaryModelCsv | +| summaries.rb:95:1:95:1 | a [element] | summaries.rb:95:1:95:1 | [post] a [element] | provenance | SummaryModelCsv | +| summaries.rb:95:1:95:1 | a [element] | summaries.rb:95:1:95:1 | [post] a [element] | provenance | SummaryModelCsv | | summaries.rb:96:6:96:6 | a [element] | summaries.rb:96:6:96:9 | ...[...] | provenance | | | summaries.rb:96:6:96:6 | a [element] | summaries.rb:96:6:96:9 | ...[...] | provenance | | | summaries.rb:97:6:97:6 | a [element] | summaries.rb:97:6:97:9 | ...[...] | provenance | | @@ -217,8 +217,8 @@ edges | summaries.rb:98:6:98:6 | a [element] | summaries.rb:98:6:98:9 | ...[...] | provenance | | | summaries.rb:99:1:99:1 | [post] a [element 2] | summaries.rb:102:6:102:6 | a [element 2] | provenance | | | summaries.rb:99:1:99:1 | [post] a [element 2] | summaries.rb:102:6:102:6 | a [element 2] | provenance | | -| summaries.rb:99:1:99:1 | a [element 2] | summaries.rb:99:1:99:1 | [post] a [element 2] | provenance | | -| summaries.rb:99:1:99:1 | a [element 2] | summaries.rb:99:1:99:1 | [post] a [element 2] | provenance | | +| summaries.rb:99:1:99:1 | a [element 2] | summaries.rb:99:1:99:1 | [post] a [element 2] | provenance | SummaryModelCsv | +| summaries.rb:99:1:99:1 | a [element 2] | summaries.rb:99:1:99:1 | [post] a [element 2] | provenance | SummaryModelCsv | | summaries.rb:102:6:102:6 | a [element 2] | summaries.rb:102:6:102:9 | ...[...] | provenance | | | summaries.rb:102:6:102:6 | a [element 2] | summaries.rb:102:6:102:9 | ...[...] | provenance | | | summaries.rb:103:1:103:1 | [post] d [element 3] | summaries.rb:104:1:104:1 | d [element 3] | provenance | | @@ -227,41 +227,41 @@ edges | summaries.rb:103:8:103:22 | call to source | summaries.rb:103:1:103:1 | [post] d [element 3] | provenance | | | summaries.rb:104:1:104:1 | [post] d [element 3] | summaries.rb:108:6:108:6 | d [element 3] | provenance | | | summaries.rb:104:1:104:1 | [post] d [element 3] | summaries.rb:108:6:108:6 | d [element 3] | provenance | | -| summaries.rb:104:1:104:1 | d [element 3] | summaries.rb:104:1:104:1 | [post] d [element 3] | provenance | | -| summaries.rb:104:1:104:1 | d [element 3] | summaries.rb:104:1:104:1 | [post] d [element 3] | provenance | | +| summaries.rb:104:1:104:1 | d [element 3] | summaries.rb:104:1:104:1 | [post] d [element 3] | provenance | SummaryModelCsv | +| summaries.rb:104:1:104:1 | d [element 3] | summaries.rb:104:1:104:1 | [post] d [element 3] | provenance | SummaryModelCsv | | summaries.rb:108:6:108:6 | d [element 3] | summaries.rb:108:6:108:9 | ...[...] | provenance | | | summaries.rb:108:6:108:6 | d [element 3] | summaries.rb:108:6:108:9 | ...[...] | provenance | | | summaries.rb:111:1:111:1 | [post] x [@value] | summaries.rb:112:6:112:6 | x [@value] | provenance | | | summaries.rb:111:1:111:1 | [post] x [@value] | summaries.rb:112:6:112:6 | x [@value] | provenance | | -| summaries.rb:111:13:111:26 | call to source | summaries.rb:111:1:111:1 | [post] x [@value] | provenance | | -| summaries.rb:111:13:111:26 | call to source | summaries.rb:111:1:111:1 | [post] x [@value] | provenance | | -| summaries.rb:112:6:112:6 | x [@value] | summaries.rb:112:6:112:16 | call to get_value | provenance | | -| summaries.rb:112:6:112:6 | x [@value] | summaries.rb:112:6:112:16 | call to get_value | provenance | | +| summaries.rb:111:13:111:26 | call to source | summaries.rb:111:1:111:1 | [post] x [@value] | provenance | SummaryModelCsv | +| summaries.rb:111:13:111:26 | call to source | summaries.rb:111:1:111:1 | [post] x [@value] | provenance | SummaryModelCsv | +| summaries.rb:112:6:112:6 | x [@value] | summaries.rb:112:6:112:16 | call to get_value | provenance | SummaryModelCsv | +| summaries.rb:112:6:112:6 | x [@value] | summaries.rb:112:6:112:16 | call to get_value | provenance | SummaryModelCsv | | summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:128:14:128:20 | tainted | provenance | | | summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:131:16:131:22 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:131:16:131:22 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:132:21:132:27 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:135:26:135:32 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:137:23:137:29 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:140:19:140:25 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:141:19:141:25 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:145:26:145:32 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:147:16:147:22 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:150:39:150:45 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:154:20:154:26 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:155:28:155:34 | tainted | provenance | | -| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:156:27:156:33 | tainted | provenance | | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:131:16:131:22 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:132:21:132:27 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:135:26:135:32 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:137:23:137:29 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:140:19:140:25 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:141:19:141:25 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:145:26:145:32 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:147:16:147:22 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:150:39:150:45 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:154:20:154:26 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:155:28:155:34 | tainted | provenance | Sink:SinkModelCsv | +| summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:156:27:156:33 | tainted | provenance | Sink:SinkModelCsv | | summaries.rb:122:16:122:22 | [post] tainted | summaries.rb:157:14:160:3 | do ... end [captured tainted] | provenance | | -| summaries.rb:122:16:122:22 | tainted | summaries.rb:122:16:122:22 | [post] tainted | provenance | | -| summaries.rb:122:16:122:22 | tainted | summaries.rb:122:25:122:25 | [post] y | provenance | | -| summaries.rb:122:16:122:22 | tainted | summaries.rb:122:33:122:33 | [post] z | provenance | | +| summaries.rb:122:16:122:22 | tainted | summaries.rb:122:16:122:22 | [post] tainted | provenance | SummaryModelCsv | +| summaries.rb:122:16:122:22 | tainted | summaries.rb:122:25:122:25 | [post] y | provenance | SummaryModelCsv | +| summaries.rb:122:16:122:22 | tainted | summaries.rb:122:33:122:33 | [post] z | provenance | SummaryModelCsv | | summaries.rb:122:25:122:25 | [post] y | summaries.rb:124:6:124:6 | y | provenance | | | summaries.rb:122:33:122:33 | [post] z | summaries.rb:125:6:125:6 | z | provenance | | | summaries.rb:128:1:128:1 | [post] x | summaries.rb:129:6:129:6 | x | provenance | | -| summaries.rb:128:14:128:20 | tainted | summaries.rb:128:1:128:1 | [post] x | provenance | | -| summaries.rb:131:16:131:22 | tainted | summaries.rb:131:1:131:23 | synthetic splat argument | provenance | | -| summaries.rb:157:14:160:3 | do ... end [captured tainted] | summaries.rb:158:15:158:21 | tainted | provenance | | -| summaries.rb:157:14:160:3 | do ... end [captured tainted] | summaries.rb:158:15:158:21 | tainted | provenance | | +| summaries.rb:128:14:128:20 | tainted | summaries.rb:128:1:128:1 | [post] x | provenance | SummaryModelCsv | +| summaries.rb:131:16:131:22 | tainted | summaries.rb:131:1:131:23 | synthetic splat argument | provenance | Sink:SinkModelCsv | +| summaries.rb:157:14:160:3 | do ... end [captured tainted] | summaries.rb:158:15:158:21 | tainted | provenance | heuristic-callback | +| summaries.rb:157:14:160:3 | do ... end [captured tainted] | summaries.rb:158:15:158:21 | tainted | provenance | heuristic-callback | nodes | summaries.rb:1:11:1:36 | call to identity | semmle.label | call to identity | | summaries.rb:1:11:1:36 | call to identity | semmle.label | call to identity | diff --git a/ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.expected b/ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.expected index a12400cf123e..97d5edc337f8 100644 --- a/ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.expected +++ b/ruby/ql/test/library-tests/frameworks/json/JsonDataFlow.expected @@ -1,15 +1,15 @@ testFailures edges -| json.rb:1:17:1:26 | call to source | json.rb:1:6:1:27 | call to parse | provenance | | -| json.rb:2:18:2:27 | call to source | json.rb:2:6:2:28 | call to parse! | provenance | | -| json.rb:3:16:3:25 | call to source | json.rb:3:6:3:26 | call to load | provenance | | -| json.rb:4:19:4:28 | call to source | json.rb:4:6:4:29 | call to restore | provenance | | -| json.rb:6:20:6:29 | call to source | json.rb:6:6:6:30 | call to generate | provenance | | -| json.rb:7:25:7:34 | call to source | json.rb:7:6:7:35 | call to fast_generate | provenance | | -| json.rb:8:27:8:36 | call to source | json.rb:8:6:8:37 | call to pretty_generate | provenance | | -| json.rb:9:16:9:25 | call to source | json.rb:9:6:9:26 | call to dump | provenance | | -| json.rb:10:19:10:28 | call to source | json.rb:10:6:10:29 | call to unparse | provenance | | -| json.rb:11:24:11:33 | call to source | json.rb:11:6:11:34 | call to fast_unparse | provenance | | +| json.rb:1:17:1:26 | call to source | json.rb:1:6:1:27 | call to parse | provenance | SummaryModelCsv | +| json.rb:2:18:2:27 | call to source | json.rb:2:6:2:28 | call to parse! | provenance | SummaryModelCsv | +| json.rb:3:16:3:25 | call to source | json.rb:3:6:3:26 | call to load | provenance | SummaryModelCsv | +| json.rb:4:19:4:28 | call to source | json.rb:4:6:4:29 | call to restore | provenance | SummaryModelCsv | +| json.rb:6:20:6:29 | call to source | json.rb:6:6:6:30 | call to generate | provenance | SummaryModelCsv | +| json.rb:7:25:7:34 | call to source | json.rb:7:6:7:35 | call to fast_generate | provenance | SummaryModelCsv | +| json.rb:8:27:8:36 | call to source | json.rb:8:6:8:37 | call to pretty_generate | provenance | SummaryModelCsv | +| json.rb:9:16:9:25 | call to source | json.rb:9:6:9:26 | call to dump | provenance | SummaryModelCsv | +| json.rb:10:19:10:28 | call to source | json.rb:10:6:10:29 | call to unparse | provenance | SummaryModelCsv | +| json.rb:11:24:11:33 | call to source | json.rb:11:6:11:34 | call to fast_unparse | provenance | SummaryModelCsv | nodes | json.rb:1:6:1:27 | call to parse | semmle.label | call to parse | | json.rb:1:17:1:26 | call to source | semmle.label | call to source | diff --git a/ruby/ql/test/query-tests/experimental/LdapInjection/Ldapinjection.expected b/ruby/ql/test/query-tests/experimental/LdapInjection/Ldapinjection.expected index f4858a7017d3..089f173080ec 100644 --- a/ruby/ql/test/query-tests/experimental/LdapInjection/Ldapinjection.expected +++ b/ruby/ql/test/query-tests/experimental/LdapInjection/Ldapinjection.expected @@ -1,8 +1,8 @@ edges -| LdapInjection.rb:5:5:5:6 | dc | LdapInjection.rb:25:23:25:49 | "ou=people,dc=#{...},dc=com" | provenance | | +| LdapInjection.rb:5:5:5:6 | dc | LdapInjection.rb:25:23:25:49 | "ou=people,dc=#{...},dc=com" | provenance | AdditionalTaintStep | | LdapInjection.rb:5:10:5:15 | call to params | LdapInjection.rb:5:10:5:20 | ...[...] | provenance | | | LdapInjection.rb:5:10:5:20 | ...[...] | LdapInjection.rb:5:5:5:6 | dc | provenance | | -| LdapInjection.rb:9:5:9:8 | name | LdapInjection.rb:29:62:29:73 | "cn=#{...}" | provenance | | +| LdapInjection.rb:9:5:9:8 | name | LdapInjection.rb:29:62:29:73 | "cn=#{...}" | provenance | AdditionalTaintStep | | LdapInjection.rb:9:5:9:8 | name | LdapInjection.rb:33:88:33:91 | name | provenance | | | LdapInjection.rb:9:12:9:17 | call to params | LdapInjection.rb:9:12:9:29 | ...[...] | provenance | | | LdapInjection.rb:9:12:9:29 | ...[...] | LdapInjection.rb:9:5:9:8 | name | provenance | | diff --git a/ruby/ql/test/query-tests/experimental/TemplateInjection/TemplateInjection.expected b/ruby/ql/test/query-tests/experimental/TemplateInjection/TemplateInjection.expected index bf51b4340622..fe4bad4c9578 100644 --- a/ruby/ql/test/query-tests/experimental/TemplateInjection/TemplateInjection.expected +++ b/ruby/ql/test/query-tests/experimental/TemplateInjection/TemplateInjection.expected @@ -9,13 +9,13 @@ edges | ErbInjection.rb:11:11:11:14 | name | ErbInjection.rb:8:16:11:14 | ... % ... | provenance | | | SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:11:11:11:14 | name | provenance | | | SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:14:23:14:34 | { ... } [captured bad_text] | provenance | | -| SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:23:23:23:35 | { ... } [captured bad2_text] | provenance | | +| SlimInjection.rb:5:5:5:8 | name | SlimInjection.rb:23:23:23:35 | { ... } [captured bad2_text] | provenance | AdditionalTaintStep | | SlimInjection.rb:5:12:5:17 | call to params | SlimInjection.rb:5:12:5:24 | ...[...] | provenance | | | SlimInjection.rb:5:12:5:24 | ...[...] | SlimInjection.rb:5:5:5:8 | name | provenance | | | SlimInjection.rb:8:16:11:14 | ... % ... | SlimInjection.rb:14:23:14:34 | { ... } [captured bad_text] | provenance | | | SlimInjection.rb:11:11:11:14 | name | SlimInjection.rb:8:16:11:14 | ... % ... | provenance | | -| SlimInjection.rb:14:23:14:34 | { ... } [captured bad_text] | SlimInjection.rb:14:25:14:32 | bad_text | provenance | | -| SlimInjection.rb:23:23:23:35 | { ... } [captured bad2_text] | SlimInjection.rb:23:25:23:33 | bad2_text | provenance | | +| SlimInjection.rb:14:23:14:34 | { ... } [captured bad_text] | SlimInjection.rb:14:25:14:32 | bad_text | provenance | heuristic-callback | +| SlimInjection.rb:23:23:23:35 | { ... } [captured bad2_text] | SlimInjection.rb:23:25:23:33 | bad2_text | provenance | heuristic-callback | nodes | ErbInjection.rb:5:5:5:8 | name | semmle.label | name | | ErbInjection.rb:5:12:5:17 | call to params | semmle.label | call to params | diff --git a/ruby/ql/test/query-tests/experimental/XPathInjection/XPathInjection.expected b/ruby/ql/test/query-tests/experimental/XPathInjection/XPathInjection.expected index d6c6f0b34bc8..66ef14da3d7f 100644 --- a/ruby/ql/test/query-tests/experimental/XPathInjection/XPathInjection.expected +++ b/ruby/ql/test/query-tests/experimental/XPathInjection/XPathInjection.expected @@ -1,18 +1,18 @@ edges -| LibxmlInjection.rb:5:5:5:8 | name | LibxmlInjection.rb:21:31:21:41 | "//#{...}" | provenance | | -| LibxmlInjection.rb:5:5:5:8 | name | LibxmlInjection.rb:27:25:27:35 | "//#{...}" | provenance | | +| LibxmlInjection.rb:5:5:5:8 | name | LibxmlInjection.rb:21:31:21:41 | "//#{...}" | provenance | AdditionalTaintStep | +| LibxmlInjection.rb:5:5:5:8 | name | LibxmlInjection.rb:27:25:27:35 | "//#{...}" | provenance | AdditionalTaintStep | | LibxmlInjection.rb:5:12:5:17 | call to params | LibxmlInjection.rb:5:12:5:29 | ...[...] | provenance | | | LibxmlInjection.rb:5:12:5:29 | ...[...] | LibxmlInjection.rb:5:5:5:8 | name | provenance | | -| NokogiriInjection.rb:5:5:5:8 | name | NokogiriInjection.rb:21:23:21:33 | "//#{...}" | provenance | | -| NokogiriInjection.rb:5:5:5:8 | name | NokogiriInjection.rb:27:26:27:36 | "//#{...}" | provenance | | -| NokogiriInjection.rb:5:5:5:8 | name | NokogiriInjection.rb:33:29:33:39 | "//#{...}" | provenance | | -| NokogiriInjection.rb:5:5:5:8 | name | NokogiriInjection.rb:41:15:41:25 | "//#{...}" | provenance | | -| NokogiriInjection.rb:5:5:5:8 | name | NokogiriInjection.rb:51:16:51:26 | "//#{...}" | provenance | | +| NokogiriInjection.rb:5:5:5:8 | name | NokogiriInjection.rb:21:23:21:33 | "//#{...}" | provenance | AdditionalTaintStep | +| NokogiriInjection.rb:5:5:5:8 | name | NokogiriInjection.rb:27:26:27:36 | "//#{...}" | provenance | AdditionalTaintStep | +| NokogiriInjection.rb:5:5:5:8 | name | NokogiriInjection.rb:33:29:33:39 | "//#{...}" | provenance | AdditionalTaintStep | +| NokogiriInjection.rb:5:5:5:8 | name | NokogiriInjection.rb:41:15:41:25 | "//#{...}" | provenance | AdditionalTaintStep | +| NokogiriInjection.rb:5:5:5:8 | name | NokogiriInjection.rb:51:16:51:26 | "//#{...}" | provenance | AdditionalTaintStep | | NokogiriInjection.rb:5:12:5:17 | call to params | NokogiriInjection.rb:5:12:5:29 | ...[...] | provenance | | | NokogiriInjection.rb:5:12:5:29 | ...[...] | NokogiriInjection.rb:5:5:5:8 | name | provenance | | -| RexmlInjection.rb:5:5:5:8 | name | RexmlInjection.rb:21:40:21:50 | "//#{...}" | provenance | | -| RexmlInjection.rb:5:5:5:8 | name | RexmlInjection.rb:27:40:27:50 | "//#{...}" | provenance | | -| RexmlInjection.rb:5:5:5:8 | name | RexmlInjection.rb:35:28:35:38 | "//#{...}" | provenance | | +| RexmlInjection.rb:5:5:5:8 | name | RexmlInjection.rb:21:40:21:50 | "//#{...}" | provenance | AdditionalTaintStep | +| RexmlInjection.rb:5:5:5:8 | name | RexmlInjection.rb:27:40:27:50 | "//#{...}" | provenance | AdditionalTaintStep | +| RexmlInjection.rb:5:5:5:8 | name | RexmlInjection.rb:35:28:35:38 | "//#{...}" | provenance | AdditionalTaintStep | | RexmlInjection.rb:5:12:5:17 | call to params | RexmlInjection.rb:5:12:5:29 | ...[...] | provenance | | | RexmlInjection.rb:5:12:5:29 | ...[...] | RexmlInjection.rb:5:5:5:8 | name | provenance | | nodes diff --git a/ruby/ql/test/query-tests/experimental/cwe-502/UnsafeYamlDeserialization.expected b/ruby/ql/test/query-tests/experimental/cwe-502/UnsafeYamlDeserialization.expected index c0bf81ce21ab..0fa5f9158300 100644 --- a/ruby/ql/test/query-tests/experimental/cwe-502/UnsafeYamlDeserialization.expected +++ b/ruby/ql/test/query-tests/experimental/cwe-502/UnsafeYamlDeserialization.expected @@ -8,10 +8,10 @@ edges | UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:33:32:33:40 | yaml_data | provenance | | | UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:34:37:34:45 | yaml_data | provenance | | | UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:35:32:35:40 | yaml_data | provenance | | -| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:37:14:37:33 | call to to_ruby | provenance | | -| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:38:14:38:43 | call to to_ruby | provenance | | -| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:39:14:39:48 | call to to_ruby | provenance | | -| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:49:14:49:32 | call to to_ruby | provenance | | +| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:37:14:37:33 | call to to_ruby | provenance | AdditionalTaintStep | +| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:38:14:38:43 | call to to_ruby | provenance | AdditionalTaintStep | +| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:39:14:39:48 | call to to_ruby | provenance | AdditionalTaintStep | +| UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | UnsafeYamlDeserialization.rb:49:14:49:32 | call to to_ruby | provenance | AdditionalTaintStep | | UnsafeYamlDeserialization.rb:32:17:32:22 | call to params | UnsafeYamlDeserialization.rb:32:17:32:28 | ...[...] | provenance | | | UnsafeYamlDeserialization.rb:32:17:32:28 | ...[...] | UnsafeYamlDeserialization.rb:32:5:32:13 | yaml_data | provenance | | nodes diff --git a/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected b/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected index fe9751e6585c..ec500f22ded4 100644 --- a/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected @@ -6,8 +6,9 @@ edges | ArchiveApiPathTraversal.rb:15:9:15:14 | call to params | ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] | provenance | | | ArchiveApiPathTraversal.rb:15:9:15:25 | ...[...] | ArchiveApiPathTraversal.rb:75:11:75:18 | filename | provenance | | | ArchiveApiPathTraversal.rb:49:17:49:27 | destination | ArchiveApiPathTraversal.rb:50:36:64:7 | do ... end [captured destination] | provenance | | -| ArchiveApiPathTraversal.rb:50:36:64:7 | do ... end [captured destination] | ArchiveApiPathTraversal.rb:51:16:63:9 | do ... end [captured destination] | provenance | | +| ArchiveApiPathTraversal.rb:50:36:64:7 | do ... end [captured destination] | ArchiveApiPathTraversal.rb:51:16:63:9 | do ... end [captured destination] | provenance | heuristic-callback | | ArchiveApiPathTraversal.rb:51:16:63:9 | do ... end [captured destination] | ArchiveApiPathTraversal.rb:52:38:52:48 | destination | provenance | | +| ArchiveApiPathTraversal.rb:51:16:63:9 | do ... end [captured destination] | ArchiveApiPathTraversal.rb:52:38:52:48 | destination | provenance | heuristic-callback | | ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | provenance | | | ArchiveApiPathTraversal.rb:52:28:52:67 | call to join | ArchiveApiPathTraversal.rb:52:9:52:24 | destination_file | provenance | | | ArchiveApiPathTraversal.rb:52:38:52:48 | destination | ArchiveApiPathTraversal.rb:52:28:52:67 | call to join | provenance | | @@ -21,7 +22,7 @@ edges | tainted_path.rb:10:31:10:36 | call to params | tainted_path.rb:10:31:10:43 | ...[...] | provenance | | | tainted_path.rb:10:31:10:43 | ...[...] | tainted_path.rb:10:12:10:43 | call to absolute_path | provenance | | | tainted_path.rb:16:5:16:8 | path | tainted_path.rb:17:26:17:29 | path | provenance | | -| tainted_path.rb:16:15:16:41 | call to dirname | tainted_path.rb:16:5:16:8 | path | provenance | | +| tainted_path.rb:16:15:16:41 | call to dirname | tainted_path.rb:16:5:16:8 | path | provenance | AdditionalTaintStep | | tainted_path.rb:16:28:16:33 | call to params | tainted_path.rb:16:28:16:40 | ...[...] | provenance | | | tainted_path.rb:16:28:16:40 | ...[...] | tainted_path.rb:16:15:16:41 | call to dirname | provenance | | | tainted_path.rb:22:5:22:8 | path | tainted_path.rb:23:26:23:29 | path | provenance | | @@ -47,25 +48,25 @@ edges | tainted_path.rb:59:5:59:8 | path | tainted_path.rb:60:26:60:29 | path | provenance | | | tainted_path.rb:59:12:59:53 | call to new | tainted_path.rb:59:5:59:8 | path | provenance | | | tainted_path.rb:59:40:59:45 | call to params | tainted_path.rb:59:40:59:52 | ...[...] | provenance | | -| tainted_path.rb:59:40:59:52 | ...[...] | tainted_path.rb:59:12:59:53 | call to new | provenance | | +| tainted_path.rb:59:40:59:52 | ...[...] | tainted_path.rb:59:12:59:53 | call to new | provenance | SummaryModelCsv | | tainted_path.rb:71:5:71:8 | path | tainted_path.rb:72:15:72:18 | path | provenance | | | tainted_path.rb:71:12:71:53 | call to new | tainted_path.rb:71:5:71:8 | path | provenance | | | tainted_path.rb:71:40:71:45 | call to params | tainted_path.rb:71:40:71:52 | ...[...] | provenance | | -| tainted_path.rb:71:40:71:52 | ...[...] | tainted_path.rb:71:12:71:53 | call to new | provenance | | +| tainted_path.rb:71:40:71:52 | ...[...] | tainted_path.rb:71:12:71:53 | call to new | provenance | SummaryModelCsv | | tainted_path.rb:77:5:77:8 | path | tainted_path.rb:78:19:78:22 | path | provenance | | | tainted_path.rb:77:5:77:8 | path | tainted_path.rb:79:14:79:17 | path | provenance | | | tainted_path.rb:77:12:77:53 | call to new | tainted_path.rb:77:5:77:8 | path | provenance | | | tainted_path.rb:77:40:77:45 | call to params | tainted_path.rb:77:40:77:52 | ...[...] | provenance | | -| tainted_path.rb:77:40:77:52 | ...[...] | tainted_path.rb:77:12:77:53 | call to new | provenance | | +| tainted_path.rb:77:40:77:52 | ...[...] | tainted_path.rb:77:12:77:53 | call to new | provenance | SummaryModelCsv | | tainted_path.rb:84:5:84:8 | path | tainted_path.rb:85:10:85:13 | path | provenance | | | tainted_path.rb:84:5:84:8 | path | tainted_path.rb:86:25:86:28 | path | provenance | | | tainted_path.rb:84:12:84:53 | call to new | tainted_path.rb:84:5:84:8 | path | provenance | | | tainted_path.rb:84:40:84:45 | call to params | tainted_path.rb:84:40:84:52 | ...[...] | provenance | | -| tainted_path.rb:84:40:84:52 | ...[...] | tainted_path.rb:84:12:84:53 | call to new | provenance | | +| tainted_path.rb:84:40:84:52 | ...[...] | tainted_path.rb:84:12:84:53 | call to new | provenance | SummaryModelCsv | | tainted_path.rb:90:5:90:8 | path | tainted_path.rb:92:11:92:14 | path | provenance | | | tainted_path.rb:90:12:90:53 | call to new | tainted_path.rb:90:5:90:8 | path | provenance | | | tainted_path.rb:90:40:90:45 | call to params | tainted_path.rb:90:40:90:52 | ...[...] | provenance | | -| tainted_path.rb:90:40:90:52 | ...[...] | tainted_path.rb:90:12:90:53 | call to new | provenance | | +| tainted_path.rb:90:40:90:52 | ...[...] | tainted_path.rb:90:12:90:53 | call to new | provenance | SummaryModelCsv | nodes | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | semmle.label | call to params | | ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] | semmle.label | ...[...] | diff --git a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected index 0ca6e123e7b9..176f76e4a2ae 100644 --- a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected @@ -5,25 +5,25 @@ edges | CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:11:17:11:22 | #{...} | provenance | | | CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:13:9:13:14 | #{...} | provenance | | | CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:29:19:29:24 | #{...} | provenance | | -| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:33:24:33:36 | "echo #{...}" | provenance | | -| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:34:39:34:51 | "grep #{...}" | provenance | | +| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:33:24:33:36 | "echo #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:34:39:34:51 | "grep #{...}" | provenance | AdditionalTaintStep | | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:6:15:6:26 | ...[...] | provenance | | | CommandInjection.rb:6:15:6:26 | ...[...] | CommandInjection.rb:6:9:6:11 | cmd | provenance | | -| CommandInjection.rb:46:9:46:11 | cmd | CommandInjection.rb:50:24:50:36 | "echo #{...}" | provenance | | +| CommandInjection.rb:46:9:46:11 | cmd | CommandInjection.rb:50:24:50:36 | "echo #{...}" | provenance | AdditionalTaintStep | | CommandInjection.rb:46:15:46:20 | call to params | CommandInjection.rb:46:15:46:26 | ...[...] | provenance | | | CommandInjection.rb:46:15:46:26 | ...[...] | CommandInjection.rb:46:9:46:11 | cmd | provenance | | | CommandInjection.rb:54:7:54:9 | cmd | CommandInjection.rb:59:14:59:16 | cmd | provenance | | | CommandInjection.rb:54:13:54:18 | call to params | CommandInjection.rb:54:13:54:24 | ...[...] | provenance | | | CommandInjection.rb:54:13:54:24 | ...[...] | CommandInjection.rb:54:7:54:9 | cmd | provenance | | -| CommandInjection.rb:73:18:73:23 | number | CommandInjection.rb:74:14:74:29 | "echo #{...}" | provenance | | -| CommandInjection.rb:81:23:81:33 | blah_number | CommandInjection.rb:82:14:82:34 | "echo #{...}" | provenance | | -| CommandInjection.rb:91:22:91:37 | ...[...] | CommandInjection.rb:91:14:91:39 | "echo #{...}" | provenance | | -| CommandInjection.rb:103:9:103:12 | file | CommandInjection.rb:104:16:104:28 | "cat #{...}" | provenance | | +| CommandInjection.rb:73:18:73:23 | number | CommandInjection.rb:74:14:74:29 | "echo #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:81:23:81:33 | blah_number | CommandInjection.rb:82:14:82:34 | "echo #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:91:22:91:37 | ...[...] | CommandInjection.rb:91:14:91:39 | "echo #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:103:9:103:12 | file | CommandInjection.rb:104:16:104:28 | "cat #{...}" | provenance | AdditionalTaintStep | | CommandInjection.rb:103:16:103:21 | call to params | CommandInjection.rb:103:16:103:28 | ...[...] | provenance | | | CommandInjection.rb:103:16:103:28 | ...[...] | CommandInjection.rb:103:9:103:12 | file | provenance | | -| CommandInjection.rb:111:33:111:38 | call to params | CommandInjection.rb:111:33:111:44 | ...[...] | provenance | | +| CommandInjection.rb:111:33:111:38 | call to params | CommandInjection.rb:111:33:111:44 | ...[...] | provenance | Sink:MaD:0 | | CommandInjection.rb:113:44:113:49 | call to params | CommandInjection.rb:113:44:113:54 | ...[...] | provenance | | -| CommandInjection.rb:113:44:113:54 | ...[...] | CommandInjection.rb:113:41:113:56 | "#{...}" | provenance | | +| CommandInjection.rb:113:44:113:54 | ...[...] | CommandInjection.rb:113:41:113:56 | "#{...}" | provenance | AdditionalTaintStep Sink:MaD:1 | nodes | CommandInjection.rb:6:9:6:11 | cmd | semmle.label | cmd | | CommandInjection.rb:6:15:6:20 | call to params | semmle.label | call to params | diff --git a/ruby/ql/test/query-tests/security/cwe-079/StoredXSS.expected b/ruby/ql/test/query-tests/security/cwe-079/StoredXSS.expected index 99d248f4884e..21648c86622c 100644 --- a/ruby/ql/test/query-tests/security/cwe-079/StoredXSS.expected +++ b/ruby/ql/test/query-tests/security/cwe-079/StoredXSS.expected @@ -25,7 +25,7 @@ edges | app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... [element] | app/views/foo/stores/show.html.erb:40:48:40:89 | call to [] [element :display_text, element] | provenance | | | app/views/foo/stores/show.html.erb:40:76:40:87 | call to display_text | app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... | provenance | | | app/views/foo/stores/show.html.erb:40:76:40:87 | call to display_text | app/views/foo/stores/show.html.erb:40:64:40:87 | ... + ... [element] | provenance | | -| app/views/foo/stores/show.html.erb:86:17:86:28 | call to handle | app/views/foo/stores/show.html.erb:86:3:86:29 | call to sprintf | provenance | | +| app/views/foo/stores/show.html.erb:86:17:86:28 | call to handle | app/views/foo/stores/show.html.erb:86:3:86:29 | call to sprintf | provenance | AdditionalTaintStep | nodes | app/controllers/foo/stores_controller.rb:8:5:8:6 | dt | semmle.label | dt | | app/controllers/foo/stores_controller.rb:8:10:8:29 | call to read | semmle.label | call to read | diff --git a/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected b/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected index 6593e7606da0..a6b5c9600198 100644 --- a/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected @@ -1,47 +1,47 @@ edges -| ActiveRecordInjection.rb:8:25:8:28 | name | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | provenance | | -| ActiveRecordInjection.rb:8:31:8:34 | pass | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | provenance | | +| ActiveRecordInjection.rb:8:25:8:28 | name | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:8:31:8:34 | pass | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:20:22:20:30 | condition | ActiveRecordInjection.rb:23:16:23:24 | condition | provenance | | | ActiveRecordInjection.rb:35:30:35:35 | call to params | ActiveRecordInjection.rb:35:30:35:44 | ...[...] | provenance | | | ActiveRecordInjection.rb:39:18:39:23 | call to params | ActiveRecordInjection.rb:39:18:39:32 | ...[...] | provenance | | | ActiveRecordInjection.rb:43:29:43:34 | call to params | ActiveRecordInjection.rb:43:29:43:39 | ...[...] | provenance | | -| ActiveRecordInjection.rb:43:29:43:39 | ...[...] | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | provenance | | +| ActiveRecordInjection.rb:43:29:43:39 | ...[...] | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:48:30:48:35 | call to params | ActiveRecordInjection.rb:48:30:48:40 | ...[...] | provenance | | -| ActiveRecordInjection.rb:48:30:48:40 | ...[...] | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | provenance | | +| ActiveRecordInjection.rb:48:30:48:40 | ...[...] | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:52:21:52:45 | call to [] [element 0] | ActiveRecordInjection.rb:52:21:52:45 | call to [] | provenance | | | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | ActiveRecordInjection.rb:52:21:52:45 | call to [] [element 0] | provenance | | | ActiveRecordInjection.rb:52:31:52:36 | call to params | ActiveRecordInjection.rb:52:31:52:41 | ...[...] | provenance | | -| ActiveRecordInjection.rb:52:31:52:41 | ...[...] | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | provenance | | +| ActiveRecordInjection.rb:52:31:52:41 | ...[...] | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:57:22:57:46 | call to [] [element 0] | ActiveRecordInjection.rb:57:22:57:46 | call to [] | provenance | | | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | ActiveRecordInjection.rb:57:22:57:46 | call to [] [element 0] | provenance | | | ActiveRecordInjection.rb:57:32:57:37 | call to params | ActiveRecordInjection.rb:57:32:57:42 | ...[...] | provenance | | -| ActiveRecordInjection.rb:57:32:57:42 | ...[...] | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | provenance | | +| ActiveRecordInjection.rb:57:32:57:42 | ...[...] | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:62:21:62:26 | call to params | ActiveRecordInjection.rb:62:21:62:35 | ...[...] | provenance | | -| ActiveRecordInjection.rb:62:21:62:35 | ...[...] | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | provenance | | +| ActiveRecordInjection.rb:62:21:62:35 | ...[...] | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:68:34:68:39 | call to params | ActiveRecordInjection.rb:68:34:68:44 | ...[...] | provenance | | -| ActiveRecordInjection.rb:68:34:68:44 | ...[...] | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | provenance | | +| ActiveRecordInjection.rb:68:34:68:44 | ...[...] | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:70:23:70:28 | call to params | ActiveRecordInjection.rb:70:23:70:35 | ...[...] | provenance | | | ActiveRecordInjection.rb:70:23:70:35 | ...[...] | ActiveRecordInjection.rb:8:25:8:28 | name | provenance | | | ActiveRecordInjection.rb:70:38:70:43 | call to params | ActiveRecordInjection.rb:70:38:70:50 | ...[...] | provenance | | | ActiveRecordInjection.rb:70:38:70:50 | ...[...] | ActiveRecordInjection.rb:8:31:8:34 | pass | provenance | | | ActiveRecordInjection.rb:74:41:74:46 | call to params | ActiveRecordInjection.rb:74:41:74:51 | ...[...] | provenance | | -| ActiveRecordInjection.rb:74:41:74:51 | ...[...] | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | provenance | | +| ActiveRecordInjection.rb:74:41:74:51 | ...[...] | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:79:23:79:28 | call to params | ActiveRecordInjection.rb:79:23:79:35 | ...[...] | provenance | | | ActiveRecordInjection.rb:83:17:83:22 | call to params | ActiveRecordInjection.rb:83:17:83:31 | ...[...] | provenance | | | ActiveRecordInjection.rb:84:19:84:24 | call to params | ActiveRecordInjection.rb:84:19:84:33 | ...[...] | provenance | | | ActiveRecordInjection.rb:88:18:88:23 | call to params | ActiveRecordInjection.rb:88:18:88:35 | ...[...] | provenance | | | ActiveRecordInjection.rb:92:21:92:26 | call to params | ActiveRecordInjection.rb:92:21:92:35 | ...[...] | provenance | | | ActiveRecordInjection.rb:100:31:100:36 | call to params | ActiveRecordInjection.rb:100:31:100:52 | ...[...] | provenance | | -| ActiveRecordInjection.rb:100:31:100:52 | ...[...] | ActiveRecordInjection.rb:100:20:100:55 | "name = '#{...}'" | provenance | | +| ActiveRecordInjection.rb:100:31:100:52 | ...[...] | ActiveRecordInjection.rb:100:20:100:55 | "name = '#{...}'" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:104:30:104:35 | call to params | ActiveRecordInjection.rb:104:30:104:51 | ...[...] | provenance | | -| ActiveRecordInjection.rb:104:30:104:51 | ...[...] | ActiveRecordInjection.rb:104:19:104:54 | "name = '#{...}'" | provenance | | +| ActiveRecordInjection.rb:104:30:104:51 | ...[...] | ActiveRecordInjection.rb:104:19:104:54 | "name = '#{...}'" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:106:18:106:23 | call to params | ActiveRecordInjection.rb:106:18:106:35 | ...[...] | provenance | | | ActiveRecordInjection.rb:108:26:108:31 | call to params | ActiveRecordInjection.rb:108:26:108:40 | ...[...] | provenance | | | ActiveRecordInjection.rb:109:28:109:33 | call to params | ActiveRecordInjection.rb:109:28:109:42 | ...[...] | provenance | | | ActiveRecordInjection.rb:110:30:110:35 | call to params | ActiveRecordInjection.rb:110:30:110:47 | ...[...] | provenance | | -| ActiveRecordInjection.rb:110:30:110:47 | ...[...] | ActiveRecordInjection.rb:110:25:110:49 | "b #{...}" | provenance | | +| ActiveRecordInjection.rb:110:30:110:47 | ...[...] | ActiveRecordInjection.rb:110:25:110:49 | "b #{...}" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:111:32:111:37 | call to params | ActiveRecordInjection.rb:111:32:111:49 | ...[...] | provenance | | -| ActiveRecordInjection.rb:111:32:111:49 | ...[...] | ActiveRecordInjection.rb:111:27:111:51 | "b #{...}" | provenance | | +| ActiveRecordInjection.rb:111:32:111:49 | ...[...] | ActiveRecordInjection.rb:111:27:111:51 | "b #{...}" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:112:21:112:26 | call to params | ActiveRecordInjection.rb:112:21:112:35 | ...[...] | provenance | | | ActiveRecordInjection.rb:113:21:113:26 | call to params | ActiveRecordInjection.rb:113:21:113:35 | ...[...] | provenance | | | ActiveRecordInjection.rb:114:20:114:25 | call to params | ActiveRecordInjection.rb:114:20:114:34 | ...[...] | provenance | | @@ -50,7 +50,7 @@ edges | ActiveRecordInjection.rb:122:29:122:34 | call to params | ActiveRecordInjection.rb:122:29:122:39 | ...[...] | provenance | | | ActiveRecordInjection.rb:128:5:128:6 | ps | ActiveRecordInjection.rb:129:11:129:12 | ps | provenance | | | ActiveRecordInjection.rb:128:10:128:15 | call to params | ActiveRecordInjection.rb:128:5:128:6 | ps | provenance | | -| ActiveRecordInjection.rb:129:5:129:7 | uid | ActiveRecordInjection.rb:130:5:130:9 | uidEq | provenance | | +| ActiveRecordInjection.rb:129:5:129:7 | uid | ActiveRecordInjection.rb:130:5:130:9 | uidEq | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:129:11:129:12 | ps | ActiveRecordInjection.rb:129:11:129:17 | ...[...] | provenance | | | ActiveRecordInjection.rb:129:11:129:17 | ...[...] | ActiveRecordInjection.rb:129:5:129:7 | uid | provenance | | | ActiveRecordInjection.rb:130:5:130:9 | uidEq | ActiveRecordInjection.rb:134:20:134:32 | ... + ... | provenance | | @@ -61,32 +61,32 @@ edges | ActiveRecordInjection.rb:167:21:167:26 | call to params | ActiveRecordInjection.rb:167:21:167:44 | ...[...] | provenance | | | ActiveRecordInjection.rb:167:21:167:44 | ...[...] | ActiveRecordInjection.rb:20:22:20:30 | condition | provenance | | | ActiveRecordInjection.rb:181:59:181:64 | call to params | ActiveRecordInjection.rb:181:59:181:74 | ...[...] | provenance | | -| ActiveRecordInjection.rb:181:59:181:74 | ...[...] | ActiveRecordInjection.rb:181:27:181:76 | "this is an unsafe annotation:..." | provenance | | +| ActiveRecordInjection.rb:181:59:181:74 | ...[...] | ActiveRecordInjection.rb:181:27:181:76 | "this is an unsafe annotation:..." | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:192:5:192:13 | my_params | ActiveRecordInjection.rb:193:47:193:55 | my_params | provenance | | | ActiveRecordInjection.rb:192:17:192:32 | call to permitted_params | ActiveRecordInjection.rb:192:5:192:13 | my_params | provenance | | | ActiveRecordInjection.rb:193:5:193:9 | query | ActiveRecordInjection.rb:194:37:194:41 | query | provenance | | | ActiveRecordInjection.rb:193:47:193:55 | my_params | ActiveRecordInjection.rb:193:47:193:65 | ...[...] | provenance | | -| ActiveRecordInjection.rb:193:47:193:65 | ...[...] | ActiveRecordInjection.rb:193:5:193:9 | query | provenance | | +| ActiveRecordInjection.rb:193:47:193:65 | ...[...] | ActiveRecordInjection.rb:193:5:193:9 | query | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:199:5:199:10 | call to params | ActiveRecordInjection.rb:199:5:199:27 | call to require | provenance | | | ActiveRecordInjection.rb:199:5:199:27 | call to require | ActiveRecordInjection.rb:199:5:199:59 | call to permit | provenance | | | ActiveRecordInjection.rb:199:5:199:59 | call to permit | ActiveRecordInjection.rb:192:17:192:32 | call to permitted_params | provenance | | | ActiveRecordInjection.rb:199:5:199:59 | call to permit | ActiveRecordInjection.rb:203:77:203:92 | call to permitted_params | provenance | | | ActiveRecordInjection.rb:199:5:199:59 | call to permit | ActiveRecordInjection.rb:204:69:204:84 | call to permitted_params | provenance | | | ActiveRecordInjection.rb:203:77:203:92 | call to permitted_params | ActiveRecordInjection.rb:203:77:203:102 | ...[...] | provenance | | -| ActiveRecordInjection.rb:203:77:203:102 | ...[...] | ActiveRecordInjection.rb:203:43:203:104 | "SELECT * FROM users WHERE id ..." | provenance | | +| ActiveRecordInjection.rb:203:77:203:102 | ...[...] | ActiveRecordInjection.rb:203:43:203:104 | "SELECT * FROM users WHERE id ..." | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:204:69:204:84 | call to permitted_params | ActiveRecordInjection.rb:204:69:204:94 | ...[...] | provenance | | -| ActiveRecordInjection.rb:204:69:204:94 | ...[...] | ActiveRecordInjection.rb:204:35:204:96 | "SELECT * FROM users WHERE id ..." | provenance | | -| ActiveRecordInjection.rb:209:24:209:27 | role | ActiveRecordInjection.rb:209:38:209:53 | "role = #{...}" | provenance | | +| ActiveRecordInjection.rb:204:69:204:94 | ...[...] | ActiveRecordInjection.rb:204:35:204:96 | "SELECT * FROM users WHERE id ..." | provenance | AdditionalTaintStep | +| ActiveRecordInjection.rb:209:24:209:27 | role | ActiveRecordInjection.rb:209:38:209:53 | "role = #{...}" | provenance | AdditionalTaintStep | | ActiveRecordInjection.rb:215:29:215:34 | call to params | ActiveRecordInjection.rb:215:29:215:41 | ...[...] | provenance | | | ActiveRecordInjection.rb:215:29:215:41 | ...[...] | ActiveRecordInjection.rb:209:24:209:27 | role | provenance | | -| ArelInjection.rb:4:5:4:8 | name | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | provenance | | -| ArelInjection.rb:4:5:4:8 | name | ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | provenance | | +| ArelInjection.rb:4:5:4:8 | name | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | provenance | AdditionalTaintStep | +| ArelInjection.rb:4:5:4:8 | name | ArelInjection.rb:7:39:7:80 | "SELECT * FROM users WHERE nam..." | provenance | AdditionalTaintStep | | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:4:12:4:29 | ...[...] | provenance | | | ArelInjection.rb:4:12:4:29 | ...[...] | ArelInjection.rb:4:5:4:8 | name | provenance | | -| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:13:5:13:8 | qry1 | provenance | | -| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:19:5:19:8 | qry2 | provenance | | -| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:31:5:31:8 | qry3 | provenance | | -| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:43:5:43:8 | qry3 | provenance | | +| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:13:5:13:8 | qry1 | provenance | AdditionalTaintStep | +| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:19:5:19:8 | qry2 | provenance | AdditionalTaintStep | +| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:31:5:31:8 | qry3 | provenance | AdditionalTaintStep | +| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:43:5:43:8 | qry3 | provenance | AdditionalTaintStep | | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:6:12:6:24 | ...[...] | provenance | | | PgInjection.rb:6:12:6:24 | ...[...] | PgInjection.rb:6:5:6:8 | name | provenance | | | PgInjection.rb:13:5:13:8 | qry1 | PgInjection.rb:14:15:14:18 | qry1 | provenance | | diff --git a/ruby/ql/test/query-tests/security/cwe-094/CodeInjection/CodeInjection.expected b/ruby/ql/test/query-tests/security/cwe-094/CodeInjection/CodeInjection.expected index b3f6dfcd5e5f..b22a707e289f 100644 --- a/ruby/ql/test/query-tests/security/cwe-094/CodeInjection/CodeInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-094/CodeInjection/CodeInjection.expected @@ -14,13 +14,13 @@ edges | CodeInjection.rb:5:12:5:17 | call to params | CodeInjection.rb:5:12:5:24 | ...[...] | provenance | | | CodeInjection.rb:5:12:5:24 | ...[...] | CodeInjection.rb:5:5:5:8 | code | provenance | | | CodeInjection.rb:5:12:5:24 | ...[...] | CodeInjection.rb:5:5:5:8 | code | provenance | | -| CodeInjection.rb:38:24:38:27 | code | CodeInjection.rb:38:10:38:28 | call to escape | provenance | | -| CodeInjection.rb:38:24:38:27 | code | CodeInjection.rb:38:10:38:28 | call to escape | provenance | | +| CodeInjection.rb:38:24:38:27 | code | CodeInjection.rb:38:10:38:28 | call to escape | provenance | SummaryModelCsv | +| CodeInjection.rb:38:24:38:27 | code | CodeInjection.rb:38:10:38:28 | call to escape | provenance | SummaryModelCsv | | CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:80:16:80:19 | code | provenance | | | CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:86:10:86:25 | ... + ... | provenance | | | CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:86:10:86:37 | ... + ... | provenance | | | CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:86:22:86:25 | code | provenance | | -| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | provenance | | +| CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:88:10:88:32 | "prefix_#{...}_suffix" | provenance | AdditionalTaintStep | | CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:90:10:90:13 | code | provenance | | | CodeInjection.rb:78:5:78:8 | code | CodeInjection.rb:90:10:90:13 | code | provenance | | | CodeInjection.rb:78:12:78:17 | call to params | CodeInjection.rb:78:12:78:24 | ...[...] | provenance | | diff --git a/ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected b/ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected index e0d5101f150f..573ec810a60a 100644 --- a/ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-117/LogInjection.expected @@ -11,14 +11,14 @@ edges | app/controllers/users_controller.rb:23:20:23:44 | call to sub | app/controllers/users_controller.rb:24:18:26:7 | do ... end [captured unsanitized2] | provenance | | | app/controllers/users_controller.rb:23:20:23:44 | call to sub | app/controllers/users_controller.rb:27:16:27:39 | ... + ... | provenance | | | app/controllers/users_controller.rb:23:20:23:44 | call to sub | app/controllers/users_controller.rb:27:28:27:39 | unsanitized2 | provenance | | -| app/controllers/users_controller.rb:24:18:26:7 | do ... end [captured unsanitized2] | app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | provenance | | +| app/controllers/users_controller.rb:24:18:26:7 | do ... end [captured unsanitized2] | app/controllers/users_controller.rb:25:7:25:18 | unsanitized2 | provenance | heuristic-callback | | app/controllers/users_controller.rb:27:16:27:39 | ... + ... [element] | app/controllers/users_controller.rb:27:16:27:39 | ... + ... | provenance | | | app/controllers/users_controller.rb:27:28:27:39 | unsanitized2 | app/controllers/users_controller.rb:27:16:27:39 | ... + ... [element] | provenance | | | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | app/controllers/users_controller.rb:33:19:33:31 | ...[...] | provenance | | | app/controllers/users_controller.rb:33:19:33:31 | ...[...] | app/controllers/users_controller.rb:34:31:34:45 | { ... } [captured unsanitized] | provenance | | | app/controllers/users_controller.rb:33:19:33:31 | ...[...] | app/controllers/users_controller.rb:35:31:35:57 | { ... } [captured unsanitized] | provenance | | -| app/controllers/users_controller.rb:34:31:34:45 | { ... } [captured unsanitized] | app/controllers/users_controller.rb:34:33:34:43 | unsanitized | provenance | | -| app/controllers/users_controller.rb:35:31:35:57 | { ... } [captured unsanitized] | app/controllers/users_controller.rb:35:45:35:55 | unsanitized | provenance | | +| app/controllers/users_controller.rb:34:31:34:45 | { ... } [captured unsanitized] | app/controllers/users_controller.rb:34:33:34:43 | unsanitized | provenance | heuristic-callback | +| app/controllers/users_controller.rb:35:31:35:57 | { ... } [captured unsanitized] | app/controllers/users_controller.rb:35:45:35:55 | unsanitized | provenance | heuristic-callback | | app/controllers/users_controller.rb:35:33:35:55 | ... + ... [element] | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | provenance | | | app/controllers/users_controller.rb:35:45:35:55 | unsanitized | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | provenance | | | app/controllers/users_controller.rb:35:45:35:55 | unsanitized | app/controllers/users_controller.rb:35:33:35:55 | ... + ... [element] | provenance | | diff --git a/ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected b/ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected index dff126abec1d..a6c8636a5cfb 100644 --- a/ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected @@ -1,8 +1,8 @@ edges -| RegExpInjection.rb:4:5:4:8 | name | RegExpInjection.rb:5:13:5:21 | /#{...}/ | provenance | | +| RegExpInjection.rb:4:5:4:8 | name | RegExpInjection.rb:5:13:5:21 | /#{...}/ | provenance | AdditionalTaintStep | | RegExpInjection.rb:4:12:4:17 | call to params | RegExpInjection.rb:4:12:4:24 | ...[...] | provenance | | | RegExpInjection.rb:4:12:4:24 | ...[...] | RegExpInjection.rb:4:5:4:8 | name | provenance | | -| RegExpInjection.rb:10:5:10:8 | name | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | provenance | | +| RegExpInjection.rb:10:5:10:8 | name | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | provenance | AdditionalTaintStep | | RegExpInjection.rb:10:12:10:17 | call to params | RegExpInjection.rb:10:12:10:24 | ...[...] | provenance | | | RegExpInjection.rb:10:12:10:24 | ...[...] | RegExpInjection.rb:10:5:10:8 | name | provenance | | | RegExpInjection.rb:16:5:16:8 | name | RegExpInjection.rb:17:24:17:27 | name | provenance | | diff --git a/ruby/ql/test/query-tests/security/cwe-134/TaintedFormatString.expected b/ruby/ql/test/query-tests/security/cwe-134/TaintedFormatString.expected index a84a886c7783..635dfaf82c01 100644 --- a/ruby/ql/test/query-tests/security/cwe-134/TaintedFormatString.expected +++ b/ruby/ql/test/query-tests/security/cwe-134/TaintedFormatString.expected @@ -13,11 +13,11 @@ edges | tainted_format_string.rb:33:32:33:46 | ...[...] | tainted_format_string.rb:33:12:33:46 | ... + ... | provenance | | | tainted_format_string.rb:33:32:33:46 | ...[...] | tainted_format_string.rb:33:12:33:46 | ... + ... [element] | provenance | | | tainted_format_string.rb:36:30:36:35 | call to params | tainted_format_string.rb:36:30:36:44 | ...[...] | provenance | | -| tainted_format_string.rb:36:30:36:44 | ...[...] | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | provenance | | +| tainted_format_string.rb:36:30:36:44 | ...[...] | tainted_format_string.rb:36:12:36:46 | "A log message: #{...}" | provenance | AdditionalTaintStep | | tainted_format_string.rb:39:22:39:27 | call to params | tainted_format_string.rb:39:22:39:36 | ...[...] | provenance | | -| tainted_format_string.rb:39:22:39:36 | ...[...] | tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" | provenance | | +| tainted_format_string.rb:39:22:39:36 | ...[...] | tainted_format_string.rb:39:5:39:45 | "A log message #{...} %{foo}" | provenance | AdditionalTaintStep | | tainted_format_string.rb:42:22:42:27 | call to params | tainted_format_string.rb:42:22:42:36 | ...[...] | provenance | | -| tainted_format_string.rb:42:22:42:36 | ...[...] | tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" | provenance | | +| tainted_format_string.rb:42:22:42:36 | ...[...] | tainted_format_string.rb:42:5:42:43 | "A log message #{...} %08x" | provenance | AdditionalTaintStep | nodes | tainted_format_string.rb:4:12:4:17 | call to params | semmle.label | call to params | | tainted_format_string.rb:4:12:4:26 | ...[...] | semmle.label | ...[...] | diff --git a/ruby/ql/test/query-tests/security/cwe-312/CleartextLogging.expected b/ruby/ql/test/query-tests/security/cwe-312/CleartextLogging.expected index bf95f4641177..e0552212db17 100644 --- a/ruby/ql/test/query-tests/security/cwe-312/CleartextLogging.expected +++ b/ruby/ql/test/query-tests/security/cwe-312/CleartextLogging.expected @@ -8,7 +8,7 @@ edges | logging.rb:3:1:3:8 | password | logging.rb:19:33:19:40 | password | provenance | | | logging.rb:3:1:3:8 | password | logging.rb:21:44:21:51 | password | provenance | | | logging.rb:3:1:3:8 | password | logging.rb:23:33:23:40 | password | provenance | | -| logging.rb:3:1:3:8 | password | logging.rb:26:18:26:34 | "pw: #{...}" | provenance | | +| logging.rb:3:1:3:8 | password | logging.rb:26:18:26:34 | "pw: #{...}" | provenance | AdditionalTaintStep | | logging.rb:3:1:3:8 | password | logging.rb:28:26:28:33 | password | provenance | | | logging.rb:3:12:3:45 | "043697b96909e03ca907599d6420555f" | logging.rb:3:1:3:8 | password | provenance | | | logging.rb:30:1:30:4 | hsh1 [element :password] | logging.rb:38:20:38:23 | hsh1 [element :password] | provenance | | diff --git a/ruby/ql/test/query-tests/security/cwe-312/CleartextStorage.expected b/ruby/ql/test/query-tests/security/cwe-312/CleartextStorage.expected index f740990bceda..bad0c52a26d7 100644 --- a/ruby/ql/test/query-tests/security/cwe-312/CleartextStorage.expected +++ b/ruby/ql/test/query-tests/security/cwe-312/CleartextStorage.expected @@ -20,8 +20,8 @@ edges | app/controllers/users_controller.rb:35:20:35:53 | "ff295f8648a406c37fbe378377320e4c" | app/controllers/users_controller.rb:35:5:35:16 | new_password | provenance | | | app/controllers/users_controller.rb:42:5:42:16 | new_password | app/controllers/users_controller.rb:44:21:44:32 | new_password | provenance | | | app/controllers/users_controller.rb:42:20:42:53 | "78ffbec583b546bd073efd898f833184" | app/controllers/users_controller.rb:42:5:42:16 | new_password | provenance | | -| app/controllers/users_controller.rb:58:5:58:16 | new_password | app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | provenance | | -| app/controllers/users_controller.rb:58:5:58:16 | new_password | app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | provenance | | +| app/controllers/users_controller.rb:58:5:58:16 | new_password | app/controllers/users_controller.rb:61:25:61:53 | "password: #{...}\\n" | provenance | AdditionalTaintStep | +| app/controllers/users_controller.rb:58:5:58:16 | new_password | app/controllers/users_controller.rb:64:35:64:61 | "password: #{...}" | provenance | AdditionalTaintStep | | app/controllers/users_controller.rb:58:20:58:53 | "0157af7c38cbdd24f1616de4e5321861" | app/controllers/users_controller.rb:58:5:58:16 | new_password | provenance | | | app/models/user.rb:3:5:3:16 | new_password | app/models/user.rb:5:27:5:38 | new_password | provenance | | | app/models/user.rb:3:20:3:53 | "06c38c6a8a9c11a9d3b209a3193047b4" | app/models/user.rb:3:5:3:16 | new_password | provenance | | diff --git a/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected b/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected index 71e206901b93..b99b2e7c7810 100644 --- a/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected +++ b/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected @@ -44,9 +44,9 @@ edges | UnsafeDeserialization.rb:137:5:137:13 | yaml_data | UnsafeDeserialization.rb:138:32:138:40 | yaml_data | provenance | | | UnsafeDeserialization.rb:137:5:137:13 | yaml_data | UnsafeDeserialization.rb:139:37:139:45 | yaml_data | provenance | | | UnsafeDeserialization.rb:137:5:137:13 | yaml_data | UnsafeDeserialization.rb:140:32:140:40 | yaml_data | provenance | | -| UnsafeDeserialization.rb:137:5:137:13 | yaml_data | UnsafeDeserialization.rb:142:14:142:33 | call to to_ruby | provenance | | -| UnsafeDeserialization.rb:137:5:137:13 | yaml_data | UnsafeDeserialization.rb:143:14:143:43 | call to to_ruby | provenance | | -| UnsafeDeserialization.rb:137:5:137:13 | yaml_data | UnsafeDeserialization.rb:144:14:144:48 | call to to_ruby | provenance | | +| UnsafeDeserialization.rb:137:5:137:13 | yaml_data | UnsafeDeserialization.rb:142:14:142:33 | call to to_ruby | provenance | AdditionalTaintStep | +| UnsafeDeserialization.rb:137:5:137:13 | yaml_data | UnsafeDeserialization.rb:143:14:143:43 | call to to_ruby | provenance | AdditionalTaintStep | +| UnsafeDeserialization.rb:137:5:137:13 | yaml_data | UnsafeDeserialization.rb:144:14:144:48 | call to to_ruby | provenance | AdditionalTaintStep | | UnsafeDeserialization.rb:137:17:137:22 | call to params | UnsafeDeserialization.rb:137:17:137:28 | ...[...] | provenance | | | UnsafeDeserialization.rb:137:17:137:28 | ...[...] | UnsafeDeserialization.rb:137:5:137:13 | yaml_data | provenance | | | UnsafeDeserialization.rb:149:5:149:14 | plist_data | UnsafeDeserialization.rb:150:30:150:39 | plist_data | provenance | | diff --git a/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected b/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected index 3dfe8be90bf4..c4e857a50c2a 100644 --- a/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected +++ b/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected @@ -5,7 +5,7 @@ edges | UrlRedirect.rb:24:31:24:36 | call to params | UrlRedirect.rb:24:17:24:37 | call to filter_params | provenance | | | UrlRedirect.rb:24:31:24:36 | call to params | UrlRedirect.rb:93:21:93:32 | input_params | provenance | | | UrlRedirect.rb:34:20:34:25 | call to params | UrlRedirect.rb:34:20:34:31 | ...[...] | provenance | | -| UrlRedirect.rb:34:20:34:31 | ...[...] | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | provenance | | +| UrlRedirect.rb:34:20:34:31 | ...[...] | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | provenance | AdditionalTaintStep | | UrlRedirect.rb:58:17:58:22 | call to params | UrlRedirect.rb:58:17:58:28 | ...[...] | provenance | | | UrlRedirect.rb:63:38:63:43 | call to params | UrlRedirect.rb:63:38:63:49 | ...[...] | provenance | | | UrlRedirect.rb:68:38:68:43 | call to params | UrlRedirect.rb:68:38:68:49 | ...[...] | provenance | | diff --git a/ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected b/ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected index 7ca144f69edd..c97ff12fc3d0 100644 --- a/ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected +++ b/ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected @@ -1,5 +1,5 @@ edges -| ServerSideRequestForgery.rb:10:9:10:28 | users_service_domain | ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" | provenance | | +| ServerSideRequestForgery.rb:10:9:10:28 | users_service_domain | ServerSideRequestForgery.rb:11:31:11:62 | "#{...}/logins" | provenance | AdditionalTaintStep | | ServerSideRequestForgery.rb:10:32:10:37 | call to params | ServerSideRequestForgery.rb:10:32:10:60 | ...[...] | provenance | | | ServerSideRequestForgery.rb:10:32:10:60 | ...[...] | ServerSideRequestForgery.rb:10:9:10:28 | users_service_domain | provenance | | | ServerSideRequestForgery.rb:15:33:15:38 | call to params | ServerSideRequestForgery.rb:15:33:15:44 | ...[...] | provenance | | diff --git a/shared/dataflow/change-notes/2024-04-09-alert-provenance.md b/shared/dataflow/change-notes/2024-04-09-alert-provenance.md new file mode 100644 index 000000000000..9319c134e440 --- /dev/null +++ b/shared/dataflow/change-notes/2024-04-09-alert-provenance.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* The `PathGraph` result of a data flow computation has been augmented with model provenance information for each of the flow steps. diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 8df2a8eca52f..4943fc9790dd 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -208,7 +208,7 @@ signature module InputSig { * Holds if there is a simple local flow step from `node1` to `node2`. These * are the value-preserving intra-callable flow steps. */ - predicate simpleLocalFlowStep(Node node1, Node node2); + predicate simpleLocalFlowStep(Node node1, Node node2, string model); /** * Holds if the data-flow step from `node1` to `node2` can be used to @@ -289,6 +289,10 @@ signature module InputSig { /** Extra data-flow steps needed for lambda flow analysis. */ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue); + predicate knownSourceModel(Node sink, string model); + + predicate knownSinkModel(Node sink, string model); + /** * Holds if `n` should never be skipped over in the `PathGraph` and in path * explanations. @@ -585,6 +589,10 @@ module DataFlowMake Lang> { import Config predicate accessPathLimit = Config::accessPathLimit/0; + + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2) and model = "" + } } import Impl @@ -603,6 +611,10 @@ module DataFlowMake Lang> { import Config predicate accessPathLimit = Config::accessPathLimit/0; + + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2) and model = "" + } } import Impl diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index c7d4f6bf505a..f76939333f54 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -21,7 +21,7 @@ signature module InputSig Lang> { * Holds if the additional step from `src` to `sink` should be included in all * global taint flow configurations. */ - predicate defaultAdditionalTaintStep(Lang::Node src, Lang::Node sink); + predicate defaultAdditionalTaintStep(Lang::Node src, Lang::Node sink, string model); /** * Holds if taint flow configurations should allow implicit reads of `c` at sinks @@ -51,9 +51,9 @@ module TaintFlowMake< Config::isBarrier(node) or defaultTaintSanitizer(node) } - predicate isAdditionalFlowStep(DataFlowLang::Node node1, DataFlowLang::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + predicate isAdditionalFlowStep(DataFlowLang::Node node1, DataFlowLang::Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2, model) or + defaultAdditionalTaintStep(node1, node2, model) } predicate allowImplicitRead(DataFlowLang::Node node, DataFlowLang::ContentSet c) { @@ -62,7 +62,7 @@ module TaintFlowMake< ( Config::isSink(node) or Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or + Config::isAdditionalFlowStep(node, _, _) or Config::isAdditionalFlowStep(node, _, _, _) ) and defaultImplicitTaintRead(node, c) @@ -76,6 +76,12 @@ module TaintFlowMake< private module Config0 implements DataFlowInternal::FullStateConfigSig { import DataFlowInternal::DefaultState import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "" + } } private module C implements DataFlowInternal::FullStateConfigSig { @@ -96,6 +102,12 @@ module TaintFlowMake< module GlobalWithState implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "" + } } private module C implements DataFlowInternal::FullStateConfigSig { diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index e6ce90089358..d445fa6237ee 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -67,7 +67,7 @@ module MakeImpl Lang> { /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ - predicate isAdditionalFlowStep(Node node1, Node node2); + predicate isAdditionalFlowStep(Node node1, Node node2, string model); /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. @@ -332,11 +332,11 @@ module MakeImpl Lang> { /** * Holds if data can flow in one local step from `node1` to `node2`. */ - private predicate localFlowStepEx(NodeEx node1, NodeEx node2) { + private predicate localFlowStepEx(NodeEx node1, NodeEx node2, string model) { exists(Node n1, Node n2 | node1.asNode() = n1 and node2.asNode() = n2 and - simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and + simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2), model) and stepFilter(node1, node2) ) or @@ -344,18 +344,19 @@ module MakeImpl Lang> { Config::allowImplicitRead(n, _) and node1.asNode() = n and node2.isImplicitReadNode(n, false) and - not fullBarrier(node1) + not fullBarrier(node1) and + model = "" ) } /** * Holds if the additional step from `node1` to `node2` does not jump between callables. */ - private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2) { + private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, string model) { exists(Node n1, Node n2 | node1.asNode() = n1 and node2.asNode() = n2 and - Config::isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and + Config::isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2), model) and getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and stepFilter(node1, node2) ) @@ -364,7 +365,8 @@ module MakeImpl Lang> { Config::allowImplicitRead(n, _) and node1.isImplicitReadNode(n, true) and node2.asNode() = n and - not fullBarrier(node2) + not fullBarrier(node2) and + model = "" ) } @@ -396,11 +398,11 @@ module MakeImpl Lang> { /** * Holds if the additional step from `node1` to `node2` jumps between callables. */ - private predicate additionalJumpStep(NodeEx node1, NodeEx node2) { + private predicate additionalJumpStep(NodeEx node1, NodeEx node2, string model) { exists(Node n1, Node n2 | node1.asNode() = n1 and node2.asNode() = n2 and - Config::isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and + Config::isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2), model) and getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and stepFilter(node1, node2) and not Config::getAFeature() instanceof FeatureEqualSourceSinkCallContext @@ -538,14 +540,14 @@ module MakeImpl Lang> { if hasSourceCallCtx() then cc = true else cc = false or exists(NodeEx mid | fwdFlow(mid, cc) | - localFlowStepEx(mid, node) or - additionalLocalFlowStep(mid, node) or + localFlowStepEx(mid, node, _) or + additionalLocalFlowStep(mid, node, _) or additionalLocalStateStep(mid, _, node, _) ) or exists(NodeEx mid | fwdFlow(mid, _) and cc = false | jumpStepEx(mid, node) or - additionalJumpStep(mid, node) or + additionalJumpStep(mid, node, _) or additionalJumpStateStep(mid, _, node, _) ) or @@ -731,14 +733,14 @@ module MakeImpl Lang> { if hasSinkCallCtx() then toReturn = true else toReturn = false or exists(NodeEx mid | revFlow(mid, toReturn) | - localFlowStepEx(node, mid) or - additionalLocalFlowStep(node, mid) or + localFlowStepEx(node, mid, _) or + additionalLocalFlowStep(node, mid, _) or additionalLocalStateStep(node, _, mid, _) ) or exists(NodeEx mid | revFlow(mid, _) and toReturn = false | jumpStepEx(node, mid) or - additionalJumpStep(node, mid) or + additionalJumpStep(node, mid, _) or additionalJumpStateStep(node, _, mid, _) ) or @@ -1018,16 +1020,43 @@ module MakeImpl Lang> { private predicate sinkNode = Stage1::sinkNode/2; + private predicate sourceModel(NodeEx node, string model) { + sourceNode(node, _) and + exists(Node n | n = node.asNode() | + knownSourceModel(n, model) + or + not knownSourceModel(n, _) and model = "" + ) + } + + private predicate sinkModel(NodeEx node, string model) { + sinkNode(node, _) and + exists(Node n | n = node.asNode() | + knownSinkModel(n, model) + or + not knownSinkModel(n, _) and model = "" + ) + } + + bindingset[label1, label2] + pragma[inline_late] + private string mergeLabels(string label1, string label2) { + // Big-step, hidden nodes, and summaries all may need to merge labels. + // These cases are expected to involve at most one non-empty label, so + // we'll just discard the 2nd+ label for now. + if label1 = "" then result = label2 else result = label1 + } + pragma[noinline] - private predicate localFlowStepNodeCand1(NodeEx node1, NodeEx node2) { + private predicate localFlowStepNodeCand1(NodeEx node1, NodeEx node2, string model) { Stage1::revFlow(node2) and - localFlowStepEx(node1, node2) + localFlowStepEx(node1, node2, model) } pragma[noinline] - private predicate additionalLocalFlowStepNodeCand1(NodeEx node1, NodeEx node2) { + private predicate additionalLocalFlowStepNodeCand1(NodeEx node1, NodeEx node2, string model) { Stage1::revFlow(node2) and - additionalLocalFlowStep(node1, node2) + additionalLocalFlowStep(node1, node2, model) } pragma[nomagic] @@ -1416,7 +1445,7 @@ module MakeImpl Lang> { or exists(NodeEx mid | fwdFlow(mid, state, _, _, _, _, _, ap, apa) and - additionalJumpStep(mid, node) and + additionalJumpStep(mid, node, _) and t = getNodeTyp(node) and ap instanceof ApNil ) @@ -2044,7 +2073,7 @@ module MakeImpl Lang> { ) or exists(NodeEx mid | - additionalJumpStep(node, mid) and + additionalJumpStep(node, mid, _) and revFlow(pragma[only_bind_into](mid), state, _, _, ap) and ap instanceof ApNil ) @@ -2565,11 +2594,11 @@ module MakeImpl Lang> { ) { ( preservesValue = true and - localFlowStepNodeCand1(node1, node2) and + localFlowStepNodeCand1(node1, node2, _) and state1 = state2 or preservesValue = false and - additionalLocalFlowStepNodeCand1(node1, node2) and + additionalLocalFlowStepNodeCand1(node1, node2, _) and state1 = state2 or preservesValue = false and @@ -2654,7 +2683,7 @@ module MakeImpl Lang> { or jumpStepEx(_, node) or - additionalJumpStep(_, node) + additionalJumpStep(_, node, _) or additionalJumpStateStep(_, _, node, state) or @@ -2682,7 +2711,7 @@ module MakeImpl Lang> { private predicate localFlowExit(NodeEx node, FlowState state) { exists(NodeEx next | Stage2::revFlow(next, state) | jumpStepEx(node, next) or - additionalJumpStep(node, next) or + additionalJumpStep(node, next, _) or flowIntoCallNodeCand2(_, node, next, _) or flowOutOfCallNodeCand2(_, node, _, next, _) or Stage2::storeStepCand(node, _, _, next, _, _) or @@ -2704,14 +2733,15 @@ module MakeImpl Lang> { pragma[noinline] private predicate additionalLocalFlowStepNodeCand2( - NodeEx node1, FlowState state1, NodeEx node2, FlowState state2 + NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, string label ) { - additionalLocalFlowStepNodeCand1(node1, node2) and + additionalLocalFlowStepNodeCand1(node1, node2, label) and state1 = state2 and Stage2::revFlow(node1, pragma[only_bind_into](state1), false) and Stage2::revFlow(node2, pragma[only_bind_into](state2), false) or additionalLocalStateStep(node1, state1, node2, state2) and + label = "" and Stage2::revFlow(node1, state1, false) and Stage2::revFlow(node2, state2, false) } @@ -2726,7 +2756,7 @@ module MakeImpl Lang> { pragma[nomagic] private predicate localFlowStepPlus( NodeEx node1, FlowState state, NodeEx node2, boolean preservesValue, DataFlowType t, - LocalCallContext cc + LocalCallContext cc, string label ) { not isUnreachableInCall1(node2, cc) and not inBarrier(node2, state) and @@ -2734,12 +2764,12 @@ module MakeImpl Lang> { ( localFlowEntry(node1, pragma[only_bind_into](state)) and ( - localFlowStepNodeCand1(node1, node2) and + localFlowStepNodeCand1(node1, node2, label) and preservesValue = true and t = node1.getDataFlowType() and // irrelevant dummy value Stage2::revFlow(node2, pragma[only_bind_into](state)) or - additionalLocalFlowStepNodeCand2(node1, state, node2, state) and + additionalLocalFlowStepNodeCand2(node1, state, node2, state, label) and preservesValue = false and t = node2.getDataFlowType() ) and @@ -2748,21 +2778,24 @@ module MakeImpl Lang> { not isUnreachableInCall1(node1, cc) and not outBarrier(node1, state) or - exists(NodeEx mid | - localFlowStepPlus(node1, pragma[only_bind_into](state), mid, preservesValue, t, cc) and - localFlowStepNodeCand1(mid, node2) and + exists(NodeEx mid, string label1, string label2 | + localFlowStepPlus(node1, pragma[only_bind_into](state), mid, preservesValue, t, cc, + label1) and + localFlowStepNodeCand1(mid, node2, label2) and not outBarrier(mid, state) and not mid instanceof FlowCheckNode and - Stage2::revFlow(node2, pragma[only_bind_into](state)) + Stage2::revFlow(node2, pragma[only_bind_into](state)) and + label = mergeLabels(label1, label2) ) or - exists(NodeEx mid | - localFlowStepPlus(node1, state, mid, _, _, cc) and - additionalLocalFlowStepNodeCand2(mid, state, node2, state) and + exists(NodeEx mid, string label1, string label2 | + localFlowStepPlus(node1, state, mid, _, _, cc, label1) and + additionalLocalFlowStepNodeCand2(mid, state, node2, state, label2) and not outBarrier(mid, state) and not mid instanceof FlowCheckNode and preservesValue = false and - t = node2.getDataFlowType() + t = node2.getDataFlowType() and + label = mergeLabels(label1, label2) ) ) } @@ -2774,13 +2807,13 @@ module MakeImpl Lang> { pragma[nomagic] predicate localFlowBigStep( NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue, - DataFlowType t, LocalCallContext callContext + DataFlowType t, LocalCallContext callContext, string label ) { - localFlowStepPlus(node1, state1, node2, preservesValue, t, callContext) and + localFlowStepPlus(node1, state1, node2, preservesValue, t, callContext, label) and localFlowExit(node2, state1) and state1 = state2 or - additionalLocalFlowStepNodeCand2(node1, state1, node2, state2) and + additionalLocalFlowStepNodeCand2(node1, state1, node2, state2, label) and state1 != state2 and preservesValue = false and t = node2.getDataFlowType() and @@ -2847,7 +2880,7 @@ module MakeImpl Lang> { NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue, Typ t, LocalCc lcc ) { - localFlowBigStep(node1, state1, node2, state2, preservesValue, t, _) and + localFlowBigStep(node1, state1, node2, state2, preservesValue, t, _, _) and exists(lcc) } @@ -2934,7 +2967,7 @@ module MakeImpl Lang> { NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue, Typ t, LocalCc lcc ) { - localFlowBigStep(node1, state1, node2, state2, preservesValue, t, _) and + localFlowBigStep(node1, state1, node2, state2, preservesValue, t, _, _) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) and exists(lcc) @@ -3239,7 +3272,7 @@ module MakeImpl Lang> { NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue, Typ t, LocalCc lcc ) { - localFlowBigStep(node1, state1, node2, state2, preservesValue, t, lcc) and + localFlowBigStep(node1, state1, node2, state2, preservesValue, t, lcc, _) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) } @@ -3446,7 +3479,8 @@ module MakeImpl Lang> { private newtype TPathNode = TPathNodeMid( - NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, DataFlowType t, AccessPath ap + NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, DataFlowType t, AccessPath ap, + string summaryLabel ) { // A PathNode is introduced by a source ... Stage5::revFlow(node, state) and @@ -3454,14 +3488,15 @@ module MakeImpl Lang> { sourceCallCtx(cc) and sc instanceof SummaryCtxNone and t = node.getDataFlowType() and - ap = TAccessPathNil() + ap = TAccessPathNil() and + summaryLabel = "-" or // ... or a step from an existing PathNode to another node. - pathStep(_, node, state, cc, sc, t, ap) + pathStep(_, node, state, cc, sc, t, ap, summaryLabel, _) } or TPathNodeSink(NodeEx node, FlowState state) { exists(PathNodeMid sink | - sink.isAtSink() and + sink.isAtSink(_) and node = sink.getNodeEx() and state = sink.getState() ) @@ -3644,24 +3679,27 @@ module MakeImpl Lang> { abstract FlowState getState(); /** Holds if this node is a source. */ - abstract predicate isSource(); + abstract predicate isSource(string model); - abstract PathNodeImpl getASuccessorImpl(); + abstract PathNodeImpl getASuccessorImpl(string label); - private PathNodeImpl getASuccessorIfHidden() { + private PathNodeImpl getASuccessorIfHidden(string label) { this.isHidden() and - result = this.getASuccessorImpl() + result = this.getASuccessorImpl(label) } - pragma[nomagic] - private PathNodeImpl getANonHiddenSuccessor0() { - result = this.getASuccessorIfHidden*() and - not result.isHidden() + private PathNodeImpl getASuccessorFromNonHidden(string label) { + result = this.getASuccessorImpl(label) and + not this.isHidden() + or + exists(string l1, string l2 | + result = this.getASuccessorFromNonHidden(l1).getASuccessorIfHidden(l2) and + label = mergeLabels(l1, l2) + ) } - final PathNodeImpl getANonHiddenSuccessor() { - result = this.getASuccessorImpl().getANonHiddenSuccessor0() and - not this.isHidden() + final PathNodeImpl getANonHiddenSuccessor(string label) { + result = this.getASuccessorFromNonHidden(label) and not result.isHidden() } abstract NodeEx getNodeEx(); @@ -3670,7 +3708,7 @@ module MakeImpl Lang> { not Config::includeHiddenNodes() and ( hiddenNode(this.getNodeEx().asNode()) and - not this.isSource() and + not this.isSource(_) and not this instanceof PathNodeSink or this.getNodeEx() instanceof TNodeImplicitRead @@ -3678,12 +3716,12 @@ module MakeImpl Lang> { } string getSourceGroup() { - this.isSource() and + this.isSource(_) and Config::sourceGrouping(this.getNodeEx().asNode(), result) } predicate isFlowSource() { - this.isSource() and not exists(this.getSourceGroup()) + this.isSource(_) and not exists(this.getSourceGroup()) or this instanceof PathNodeSourceGroup } @@ -3743,7 +3781,7 @@ module MakeImpl Lang> { private predicate directReach(PathNodeImpl n) { n instanceof PathNodeSink or n instanceof PathNodeSinkGroup or - directReach(n.getANonHiddenSuccessor()) + directReach(n.getANonHiddenSuccessor(_)) } /** Holds if `n` can reach a sink or is used in a subpath that can reach a sink. */ @@ -3751,7 +3789,7 @@ module MakeImpl Lang> { /** Holds if `n1.getASuccessor() = n2` and `n2` can reach a sink. */ private predicate pathSucc(PathNodeImpl n1, PathNodeImpl n2) { - n1.getANonHiddenSuccessor() = n2 and directReach(n2) + n1.getANonHiddenSuccessor(_) = n2 and directReach(n2) } private predicate pathSuccPlus(PathNodeImpl n1, PathNodeImpl n2) = fastTC(pathSucc/2)(n1, n2) @@ -3796,10 +3834,10 @@ module MakeImpl Lang> { final FlowState getState() { result = super.getState() } /** Gets a successor of this node, if any. */ - final PathNode getASuccessor() { result = super.getANonHiddenSuccessor() } + final PathNode getASuccessor() { result = super.getANonHiddenSuccessor(_) } /** Holds if this node is a source. */ - final predicate isSource() { super.isSource() } + final predicate isSource() { super.isSource(_) } /** Holds if this node is a grouping of source nodes. */ final predicate isSourceGroup(string group) { this = TPathNodeSourceGroup(group) } @@ -3814,9 +3852,8 @@ module MakeImpl Lang> { module PathGraph implements PathGraphSig { /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */ query predicate edges(PathNode a, PathNode b, string key, string val) { - a.getASuccessor() = b and - key = "provenance" and - val = "" + a.(PathNodeImpl).getANonHiddenSuccessor(val) = b and + key = "provenance" } /** Holds if `n` is a node in the graph of data flow path explanations. */ @@ -3845,8 +3882,9 @@ module MakeImpl Lang> { SummaryCtx sc; DataFlowType t; AccessPath ap; + string summaryLabel; - PathNodeMid() { this = TPathNodeMid(node, state, cc, sc, t, ap) } + PathNodeMid() { this = TPathNodeMid(node, state, cc, sc, t, ap, summaryLabel) } override NodeEx getNodeEx() { result = node } @@ -3863,29 +3901,56 @@ module MakeImpl Lang> { AccessPath getAp() { result = ap } - private PathNodeMid getSuccMid() { + string getSummaryLabel() { result = summaryLabel } + + private PathNodeMid getSuccMid(string label) { pathStep(this, result.getNodeEx(), result.getState(), result.getCallContext(), - result.getSummaryCtx(), result.getType(), result.getAp()) + result.getSummaryCtx(), result.getType(), result.getAp(), _, label) } - override PathNodeImpl getASuccessorImpl() { + private predicate isSourceWithLabel(string labelprefix) { + exists(string model | + this.isSource(model) and + model != "" and + labelprefix = "Src:" + model + " " + ) + } + + override PathNodeImpl getASuccessorImpl(string label) { // an intermediate step to another intermediate node - result = this.getSuccMid() + exists(string l2 | result = this.getSuccMid(l2) | + not this.isSourceWithLabel(_) and label = l2 + or + exists(string l1 | + this.isSourceWithLabel(l1) and + label = l1 + l2 + ) + ) or // a final step to a sink - result = this.getSuccMid().projectToSink() + exists(string l2, string sinkmodel | result = this.getSuccMid(l2).projectToSink(sinkmodel) | + not this.isSourceWithLabel(_) and + if sinkmodel != "" then label = l2 + " Sink:" + sinkmodel else label = l2 + or + exists(string l1 | + this.isSourceWithLabel(l1) and + if sinkmodel != "" then label = l1 + l2 + " Sink:" + sinkmodel else label = l1 + l2 + ) + ) } - override predicate isSource() { + override predicate isSource(string model) { sourceNode(node, state) and + sourceModel(node, model) and sourceCallCtx(cc) and sc instanceof SummaryCtxNone and t = node.getDataFlowType() and ap = TAccessPathNil() } - predicate isAtSink() { + predicate isAtSink(string model) { sinkNode(node, state) and + sinkModel(node, model) and ap instanceof AccessPathNil and if hasSinkCallCtx() then @@ -3904,8 +3969,8 @@ module MakeImpl Lang> { else any() } - PathNodeSink projectToSink() { - this.isAtSink() and + PathNodeSink projectToSink(string model) { + this.isAtSink(model) and result.getNodeEx() = node and result.getState() = state } @@ -3926,9 +3991,13 @@ module MakeImpl Lang> { override FlowState getState() { result = state } - override PathNodeImpl getASuccessorImpl() { result = TPathNodeSinkGroup(this.getSinkGroup()) } + override PathNodeImpl getASuccessorImpl(string label) { + result = TPathNodeSinkGroup(this.getSinkGroup()) and label = "" + } - override predicate isSource() { sourceNode(node, state) } + override predicate isSource(string model) { + sourceNode(node, state) and sourceModel(node, model) + } string getSinkGroup() { Config::sinkGrouping(node.asNode(), result) } } @@ -3942,9 +4011,11 @@ module MakeImpl Lang> { override FlowState getState() { none() } - override PathNodeImpl getASuccessorImpl() { result.getSourceGroup() = sourceGroup } + override PathNodeImpl getASuccessorImpl(string label) { + result.getSourceGroup() = sourceGroup and label = "" + } - override predicate isSource() { none() } + override predicate isSource(string model) { none() } override string toString() { result = sourceGroup } @@ -3960,9 +4031,9 @@ module MakeImpl Lang> { override FlowState getState() { none() } - override PathNodeImpl getASuccessorImpl() { none() } + override PathNodeImpl getASuccessorImpl(string label) { none() } - override predicate isSource() { none() } + override predicate isSource(string model) { none() } override string toString() { result = sinkGroup } @@ -3971,7 +4042,7 @@ module MakeImpl Lang> { private predicate pathNode( PathNodeMid mid, NodeEx midnode, FlowState state, CallContext cc, SummaryCtx sc, - DataFlowType t, AccessPath ap, LocalCallContext localCC + DataFlowType t, AccessPath ap, string summaryLabel, LocalCallContext localCC ) { midnode = mid.getNodeEx() and state = mid.getState() and @@ -3981,16 +4052,17 @@ module MakeImpl Lang> { getLocalCallContext(pragma[only_bind_into](pragma[only_bind_out](cc)), midnode.getEnclosingCallable()) and t = mid.getType() and - ap = mid.getAp() + ap = mid.getAp() and + summaryLabel = mid.getSummaryLabel() } private predicate pathStep( PathNodeMid mid, NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, DataFlowType t, - AccessPath ap + AccessPath ap, string summaryLabel, string label ) { exists(DataFlowType t0, boolean isStoreStep | pathStep0(mid, pragma[only_bind_into](node), pragma[only_bind_into](state), cc, sc, t0, ap, - isStoreStep) and + isStoreStep, summaryLabel, label) and Stage5::revFlow(pragma[only_bind_into](node), pragma[only_bind_into](state), ap.getApprox()) and strengthenType(node, t0, t) and not inBarrier(node, state) and @@ -4005,19 +4077,21 @@ module MakeImpl Lang> { pragma[nomagic] private predicate pathStep0( PathNodeMid mid, NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, DataFlowType t, - AccessPath ap, boolean isStoreStep + AccessPath ap, boolean isStoreStep, string summaryLabel, string label ) { - exists(NodeEx midnode, FlowState state0, LocalCallContext localCC | - pathNode(mid, midnode, state0, cc, sc, t, ap, localCC) and - localFlowBigStep(midnode, state0, node, state, true, _, localCC) and - isStoreStep = false + exists(NodeEx midnode, FlowState state0, string sl, LocalCallContext localCC | + pathNode(mid, midnode, state0, cc, sc, t, ap, sl, localCC) and + localFlowBigStep(midnode, state0, node, state, true, _, localCC, label) and + isStoreStep = false and + summaryLabel = mergeLabels(sl, label) ) or - exists(NodeEx midnode, FlowState state0, LocalCallContext localCC | - pathNode(mid, midnode, state0, cc, sc, _, ap, localCC) and - localFlowBigStep(midnode, state0, node, state, false, t, localCC) and + exists(NodeEx midnode, FlowState state0, string sl, LocalCallContext localCC | + pathNode(mid, midnode, state0, cc, sc, _, ap, sl, localCC) and + localFlowBigStep(midnode, state0, node, state, false, t, localCC, label) and ap instanceof AccessPathNil and - isStoreStep = false + isStoreStep = false and + summaryLabel = mergeLabels(sl, label) ) or jumpStepEx(mid.getNodeExOutgoing(), node) and @@ -4026,16 +4100,19 @@ module MakeImpl Lang> { sc instanceof SummaryCtxNone and t = mid.getType() and ap = mid.getAp() and - isStoreStep = false + isStoreStep = false and + summaryLabel = "-" and + label = "" or - additionalJumpStep(mid.getNodeExOutgoing(), node) and + additionalJumpStep(mid.getNodeExOutgoing(), node, label) and state = mid.getState() and cc instanceof CallContextAny and sc instanceof SummaryCtxNone and mid.getAp() instanceof AccessPathNil and t = node.getDataFlowType() and ap = TAccessPathNil() and - isStoreStep = false + isStoreStep = false and + summaryLabel = "-" or additionalJumpStateStep(mid.getNodeExOutgoing(), mid.getState(), node, state) and cc instanceof CallContextAny and @@ -4043,36 +4120,47 @@ module MakeImpl Lang> { mid.getAp() instanceof AccessPathNil and t = node.getDataFlowType() and ap = TAccessPathNil() and - isStoreStep = false + isStoreStep = false and + summaryLabel = "-" and + label = "" or exists(Content c, DataFlowType t0, AccessPath ap0 | pathStoreStep(mid, node, state, t0, ap0, c, t, cc) and ap.isCons(c, t0, ap0) and sc = mid.getSummaryCtx() and - isStoreStep = true + isStoreStep = true and + summaryLabel = mid.getSummaryLabel() and + label = "" ) or exists(Content c, AccessPath ap0 | pathReadStep(mid, node, state, ap0, c, cc) and ap0.isCons(c, t, ap) and sc = mid.getSummaryCtx() and - isStoreStep = false + isStoreStep = false and + summaryLabel = mid.getSummaryLabel() and + label = "" ) or pathIntoCallable(mid, node, state, _, cc, sc, _) and t = mid.getType() and ap = mid.getAp() and - isStoreStep = false + isStoreStep = false and + (if sc instanceof SummaryCtxNone then summaryLabel = "-" else summaryLabel = "") and + label = "" or pathOutOfCallable(mid, node, state, cc) and t = mid.getType() and ap = mid.getAp() and sc instanceof SummaryCtxNone and - isStoreStep = false + isStoreStep = false and + summaryLabel = "-" and + label = "" or - pathThroughCallable(mid, node, state, cc, t, ap) and + pathThroughCallable(mid, node, state, cc, t, ap, label) and sc = mid.getSummaryCtx() and - isStoreStep = false + isStoreStep = false and + summaryLabel = mid.getSummaryLabel() } pragma[nomagic] @@ -4178,7 +4266,7 @@ module MakeImpl Lang> { DataFlowType t, AccessPath ap, AccessPathApprox apa ) { exists(ArgNodeEx arg, ArgumentPosition apos | - pathNode(mid, arg, state, cc, _, t, ap, _) and + pathNode(mid, arg, state, cc, _, t, ap, _, _) and not outBarrier(arg, state) and arg.asNode().(ArgNode).argumentOf(call, apos) and apa = ap.getApprox() and @@ -4244,10 +4332,10 @@ module MakeImpl Lang> { pragma[nomagic] private predicate paramFlowsThrough( ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, DataFlowType t, - AccessPath ap, AccessPathApprox apa + AccessPath ap, AccessPathApprox apa, string summaryLabel ) { exists(RetNodeEx ret | - pathNode(_, ret, state, cc, sc, t, ap, _) and + pathNode(_, ret, state, cc, sc, t, ap, summaryLabel, _) and kind = ret.getKind() and apa = ap.getApprox() and parameterFlowThroughAllowed(sc.getParamNode(), kind) and @@ -4258,11 +4346,11 @@ module MakeImpl Lang> { pragma[nomagic] private predicate pathThroughCallable0( DataFlowCall call, PathNodeMid mid, ReturnKindExt kind, FlowState state, CallContext cc, - DataFlowType t, AccessPath ap, AccessPathApprox apa + DataFlowType t, AccessPath ap, AccessPathApprox apa, string label ) { exists(CallContext innercc, SummaryCtx sc | pathIntoCallable(mid, _, _, cc, innercc, sc, call) and - paramFlowsThrough(kind, state, innercc, sc, t, ap, apa) + paramFlowsThrough(kind, state, innercc, sc, t, ap, apa, label) ) } @@ -4272,10 +4360,11 @@ module MakeImpl Lang> { */ pragma[noinline] private predicate pathThroughCallable( - PathNodeMid mid, NodeEx out, FlowState state, CallContext cc, DataFlowType t, AccessPath ap + PathNodeMid mid, NodeEx out, FlowState state, CallContext cc, DataFlowType t, AccessPath ap, + string label ) { exists(DataFlowCall call, ReturnKindExt kind, AccessPathApprox apa | - pathThroughCallable0(call, mid, kind, state, cc, t, ap, apa) and + pathThroughCallable0(call, mid, kind, state, cc, t, ap, apa, label) and out = getAnOutNodeFlow(kind, call, apa) ) } @@ -4291,10 +4380,10 @@ module MakeImpl Lang> { ReturnKindExt kind, NodeEx out, FlowState sout, DataFlowType t, AccessPath apout ) { pathThroughCallable(arg, out, pragma[only_bind_into](sout), _, pragma[only_bind_into](t), - pragma[only_bind_into](apout)) and + pragma[only_bind_into](apout), _) and pathIntoCallable(arg, par, _, _, innercc, sc, _) and paramFlowsThrough(kind, pragma[only_bind_into](sout), innercc, sc, - pragma[only_bind_into](t), pragma[only_bind_into](apout), _) + pragma[only_bind_into](t), pragma[only_bind_into](apout), _, _) } /** @@ -4320,25 +4409,25 @@ module MakeImpl Lang> { ) { exists(SummaryCtxSome sc, CallContext innercc, ReturnKindExt kind, RetNodeEx retnode | subpaths02(arg, par, sc, innercc, kind, out, sout, t, apout) and - pathNode(ret, retnode, sout, innercc, sc, t, apout, _) and + pathNode(ret, retnode, sout, innercc, sc, t, apout, _, _) and kind = retnode.getKind() ) } private PathNodeImpl localStep(PathNodeImpl n) { - n.getASuccessorImpl() = result and + n.getASuccessorImpl(_) = result and exists(NodeEx n1, NodeEx n2 | n1 = n.getNodeEx() and n2 = result.getNodeEx() | - localFlowBigStep(n1, _, n2, _, _, _, _) or + localFlowBigStep(n1, _, n2, _, _, _, _, _) or storeEx(n1, _, n2, _, _) or readSetEx(n1, _, n2) ) } private PathNodeImpl summaryCtxStep(PathNodeImpl n) { - n.getASuccessorImpl() = result and + n.getASuccessorImpl(_) = result and exists(SummaryCtxSome sc | - pathNode(n, _, _, _, pragma[only_bind_into](sc), _, _, _) and - pathNode(result, _, _, _, pragma[only_bind_into](sc), _, _, _) + pathNode(n, _, _, _, pragma[only_bind_into](sc), _, _, _, _) and + pathNode(result, _, _, _, pragma[only_bind_into](sc), _, _, _, _) ) } @@ -4354,7 +4443,7 @@ module MakeImpl Lang> { pragma[nomagic] private predicate hasSuccessor(PathNodeImpl pred, PathNodeMid succ, NodeEx succNode) { - succ = pred.getASuccessorImpl() and + succ = pred.getASuccessorImpl(_) and succNode = succ.getNodeEx() } @@ -4371,12 +4460,12 @@ module MakeImpl Lang> { ParamNodeEx p, NodeEx o, FlowState sout, DataFlowType t, AccessPath apout, PathNodeMid out0 | - pragma[only_bind_into](arg).getASuccessorImpl() = pragma[only_bind_into](out0) and + pragma[only_bind_into](arg).getASuccessorImpl(_) = pragma[only_bind_into](out0) and subpaths03(pragma[only_bind_into](arg), p, ret, o, sout, t, apout) and hasSuccessor(pragma[only_bind_into](arg), par, p) and - pathNode(out0, o, sout, _, _, t, apout, _) + pathNode(out0, o, sout, _, _, t, apout, _, _) | - out = out0 or out = out0.projectToSink() + out = out0 or out = out0.projectToSink(_) ) } @@ -4428,7 +4517,7 @@ module MakeImpl Lang> { or exists(PathNodeImpl mid | retReach(mid) and - n.getANonHiddenSuccessor() = mid and + n.getANonHiddenSuccessor(_) = mid and not subpaths(_, mid, _, _) ) } @@ -4454,7 +4543,7 @@ module MakeImpl Lang> { deprecated predicate hasFlowPath = flowPath/2; private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) { - flowsource.isSource() and + flowsource.isSource(_) and flowsource.getNodeEx().asNode() = source and (flowsource = flowsink or pathSuccPlus(flowsource, flowsink)) and flowsink.getNodeEx().asNode() = sink @@ -4597,7 +4686,7 @@ module MakeImpl Lang> { exists(NodeEx node1, NodeEx node2 | jumpStepEx(node1, node2) or - additionalJumpStep(node1, node2) + additionalJumpStep(node1, node2, _) or additionalJumpStateStep(node1, _, node2, _) or @@ -5031,7 +5120,7 @@ module MakeImpl Lang> { ) { not isUnreachableInCallCached(node.asNode(), cc.(CallContextSpecificCall).getCall()) and ( - localFlowStepEx(mid.getNodeEx(), node) and + localFlowStepEx(mid.getNodeEx(), node, _) and state = mid.getState() and cc = mid.getCallContext() and sc1 = mid.getSummaryCtx1() and @@ -5041,7 +5130,7 @@ module MakeImpl Lang> { t = mid.getType() and ap = mid.getAp() or - additionalLocalFlowStep(mid.getNodeEx(), node) and + additionalLocalFlowStep(mid.getNodeEx(), node, _) and state = mid.getState() and cc = mid.getCallContext() and sc1 = mid.getSummaryCtx1() and @@ -5075,7 +5164,7 @@ module MakeImpl Lang> { ap = mid.getAp() and isStoreStep = false or - additionalJumpStep(mid.getNodeEx(), node) and + additionalJumpStep(mid.getNodeEx(), node, _) and state = mid.getState() and cc instanceof CallContextAny and sc1 = TSummaryCtx1None() and @@ -5347,7 +5436,7 @@ module MakeImpl Lang> { PartialPathNodeRev mid, NodeEx node, FlowState state, TRevSummaryCtx1 sc1, TRevSummaryCtx2 sc2, TRevSummaryCtx3 sc3, PartialAccessPath ap, boolean isStoreStep ) { - localFlowStepEx(node, mid.getNodeEx()) and + localFlowStepEx(node, mid.getNodeEx(), _) and state = mid.getState() and sc1 = mid.getSummaryCtx1() and sc2 = mid.getSummaryCtx2() and @@ -5355,7 +5444,7 @@ module MakeImpl Lang> { ap = mid.getAp() and isStoreStep = false or - additionalLocalFlowStep(node, mid.getNodeEx()) and + additionalLocalFlowStep(node, mid.getNodeEx(), _) and state = mid.getState() and sc1 = mid.getSummaryCtx1() and sc2 = mid.getSummaryCtx2() and @@ -5380,7 +5469,7 @@ module MakeImpl Lang> { ap = mid.getAp() and isStoreStep = false or - additionalJumpStep(node, mid.getNodeEx()) and + additionalJumpStep(node, mid.getNodeEx(), _) and state = mid.getState() and sc1 = TRevSummaryCtx1None() and sc2 = TRevSummaryCtx2None() and diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll index 81091303ff4d..38c3bba3254f 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll @@ -105,12 +105,14 @@ module MakeImplCommon Lang> { storeContents.getAStoreContent() = loadContents.getAReadContent() } - predicate simpleLocalSmallStep = simpleLocalFlowStepExt/2; + predicate simpleLocalSmallStep(Node node1, Node node2) { + simpleLocalFlowStepExt(node1, node2, _) + } predicate levelStepNoCall(Node n1, LocalSourceNode n2) { none() } predicate levelStepCall(Node n1, LocalSourceNode n2) { - argumentValueFlowsThrough(n1, TReadStepTypesNone(), n2) + argumentValueFlowsThrough(n1, TReadStepTypesNone(), n2, _) } // TODO: support setters @@ -119,7 +121,7 @@ module MakeImplCommon Lang> { private predicate loadStep0(Node n1, Node n2, Content f) { readSet(n1, f, n2) or - argumentValueFlowsThrough(n1, TReadStepTypesSome(_, f, _), n2) + argumentValueFlowsThrough(n1, TReadStepTypesSome(_, f, _), n2, _) } predicate loadStep(Node n1, LocalSourceNode n2, Content f) { loadStep0(n1, n2, f) } @@ -293,7 +295,7 @@ module MakeImplCommon Lang> { exists(Node mid, DataFlowType t0 | revLambdaFlow(lambdaCall, kind, mid, t0, toReturn, toJump, lastCall) | - simpleLocalFlowStep(node, mid) and + simpleLocalFlowStep(node, mid, _) and t = t0 or exists(boolean preservesValue | @@ -870,7 +872,7 @@ module MakeImplCommon Lang> { // local flow exists(Node mid | parameterValueFlowCand(p, mid, read) and - simpleLocalFlowStep(mid, node) and + simpleLocalFlowStep(mid, node, _) and validParameterAliasStep(mid, node) ) or @@ -970,8 +972,8 @@ module MakeImplCommon Lang> { * If a read step was taken, then `read` captures the `Content`, the * container type, and the content type. */ - predicate parameterValueFlow(ParamNode p, Node node, ReadStepTypesOption read) { - parameterValueFlow0(p, node, read) and + predicate parameterValueFlow(ParamNode p, Node node, ReadStepTypesOption read, string model) { + parameterValueFlow0(p, node, read, model) and if node instanceof CastingNode then // normal flow through @@ -983,60 +985,75 @@ module MakeImplCommon Lang> { else any() } + bindingset[model1, model2] + pragma[inline_late] + private string mergeModels(string model1, string model2) { + if model1 = "" then result = model2 else result = model1 + } + pragma[nomagic] - private predicate parameterValueFlow0(ParamNode p, Node node, ReadStepTypesOption read) { + private predicate parameterValueFlow0( + ParamNode p, Node node, ReadStepTypesOption read, string model + ) { p = node and Cand::cand(p, _) and - read = TReadStepTypesNone() + read = TReadStepTypesNone() and + model = "" or // local flow - exists(Node mid | - parameterValueFlow(p, mid, read) and - simpleLocalFlowStep(mid, node) and - validParameterAliasStep(mid, node) + exists(Node mid, string model1, string model2 | + parameterValueFlow(p, mid, read, model1) and + simpleLocalFlowStep(mid, node, model2) and + validParameterAliasStep(mid, node) and + model = mergeModels(model1, model2) ) or // read exists(Node mid | - parameterValueFlow(p, mid, TReadStepTypesNone()) and + parameterValueFlow(p, mid, TReadStepTypesNone(), model) and readStepWithTypes(mid, read.getContainerType(), read.getContent(), node, read.getContentType()) and Cand::parameterValueFlowReturnCand(p, _, true) and compatibleTypes(getNodeDataFlowType(p), read.getContainerType()) ) or - parameterValueFlow0_0(TReadStepTypesNone(), p, node, read) + parameterValueFlow0_0(TReadStepTypesNone(), p, node, read, model) } pragma[nomagic] private predicate parameterValueFlow0_0( - ReadStepTypesOption mustBeNone, ParamNode p, Node node, ReadStepTypesOption read + ReadStepTypesOption mustBeNone, ParamNode p, Node node, ReadStepTypesOption read, + string model ) { // flow through: no prior read - exists(ArgNode arg | - parameterValueFlowArg(p, arg, mustBeNone) and - argumentValueFlowsThrough(arg, read, node) + exists(ArgNode arg, string model1, string model2 | + parameterValueFlowArg(p, arg, mustBeNone, model1) and + argumentValueFlowsThrough(arg, read, node, model2) and + model = mergeModels(model1, model2) ) or // flow through: no read inside method - exists(ArgNode arg | - parameterValueFlowArg(p, arg, read) and - argumentValueFlowsThrough(arg, mustBeNone, node) + exists(ArgNode arg, string model1, string model2 | + parameterValueFlowArg(p, arg, read, model1) and + argumentValueFlowsThrough(arg, mustBeNone, node, model2) and + model = mergeModels(model1, model2) ) } pragma[nomagic] - private predicate parameterValueFlowArg(ParamNode p, ArgNode arg, ReadStepTypesOption read) { - parameterValueFlow(p, arg, read) and + private predicate parameterValueFlowArg( + ParamNode p, ArgNode arg, ReadStepTypesOption read, string model + ) { + parameterValueFlow(p, arg, read, model) and Cand::argumentValueFlowsThroughCand(arg, _, _) } pragma[nomagic] private predicate argumentValueFlowsThrough0( - DataFlowCall call, ArgNode arg, ReturnKind kind, ReadStepTypesOption read + DataFlowCall call, ArgNode arg, ReturnKind kind, ReadStepTypesOption read, string model ) { exists(ParamNode param | viableParamArg(call, param, arg) | - parameterValueFlowReturn(param, kind, read) + parameterValueFlowReturn(param, kind, read, model) ) } @@ -1049,9 +1066,11 @@ module MakeImplCommon Lang> { * container type, and the content type. */ cached - predicate argumentValueFlowsThrough(ArgNode arg, ReadStepTypesOption read, Node out) { + predicate argumentValueFlowsThrough( + ArgNode arg, ReadStepTypesOption read, Node out, string model + ) { exists(DataFlowCall call, ReturnKind kind | - argumentValueFlowsThrough0(call, arg, kind, read) and + argumentValueFlowsThrough0(call, arg, kind, read, model) and out = getAnOutNode(call, kind) | // normal flow through @@ -1072,7 +1091,7 @@ module MakeImplCommon Lang> { * This predicate is exposed for testing only. */ predicate getterStep(ArgNode arg, ContentSet c, Node out) { - argumentValueFlowsThrough(arg, TReadStepTypesSome(_, c, _), out) + argumentValueFlowsThrough(arg, TReadStepTypesSome(_, c, _), out, _) } /** @@ -1084,10 +1103,10 @@ module MakeImplCommon Lang> { * container type, and the content type. */ private predicate parameterValueFlowReturn( - ParamNode p, ReturnKind kind, ReadStepTypesOption read + ParamNode p, ReturnKind kind, ReadStepTypesOption read, string model ) { exists(ReturnNode ret | - parameterValueFlow(p, ret, read) and + parameterValueFlow(p, ret, read, model) and kind = ret.getKind() ) } @@ -1103,7 +1122,7 @@ module MakeImplCommon Lang> { * node `n`, in the same callable, using only value-preserving steps. */ private predicate parameterValueFlowsToPreUpdate(ParamNode p, PostUpdateNode n) { - parameterValueFlow(p, n.getPreUpdateNode(), TReadStepTypesNone()) + parameterValueFlow(p, n.getPreUpdateNode(), TReadStepTypesNone(), _) } cached @@ -1121,7 +1140,7 @@ module MakeImplCommon Lang> { n1 = node1.(PostUpdateNode).getPreUpdateNode() and n2 = node2.(PostUpdateNode).getPreUpdateNode() | - argumentValueFlowsThrough(n2, TReadStepTypesSome(containerType, c, contentType), n1) + argumentValueFlowsThrough(n2, TReadStepTypesSome(containerType, c, contentType), n1, _) // TODO or readSet(n2, c, n1) and contentType = getNodeDataFlowType(n1) and @@ -1152,7 +1171,7 @@ module MakeImplCommon Lang> { * interface. */ private predicate reverseStepThroughInputOutputAlias( - PostUpdateNode fromNode, PostUpdateNode toNode + PostUpdateNode fromNode, PostUpdateNode toNode, string model ) { exists(Node fromPre, Node toPre | fromPre = fromNode.getPreUpdateNode() and @@ -1163,17 +1182,17 @@ module MakeImplCommon Lang> { // from function input to output? fromPre = getAnOutNode(c, _) and toPre.(ArgNode).argumentOf(c, _) and - simpleLocalFlowStep(toPre.(ArgNode), fromPre) + simpleLocalFlowStep(toPre.(ArgNode), fromPre, model) ) or - argumentValueFlowsThrough(toPre, TReadStepTypesNone(), fromPre) + argumentValueFlowsThrough(toPre, TReadStepTypesNone(), fromPre, model) ) } cached - predicate simpleLocalFlowStepExt(Node node1, Node node2) { - simpleLocalFlowStep(node1, node2) or - reverseStepThroughInputOutputAlias(node1, node2) + predicate simpleLocalFlowStepExt(Node node1, Node node2, string model) { + simpleLocalFlowStep(node1, node2, model) or + reverseStepThroughInputOutputAlias(node1, node2, model) } cached diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll index 1d0f8d1969d5..f78ab75caf9a 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll @@ -86,16 +86,16 @@ module MakeConsistency< this instanceof ParameterNode or this instanceof ReturnNode or this = getAnOutNode(_, _) or - simpleLocalFlowStep(this, _) or - simpleLocalFlowStep(_, this) or + simpleLocalFlowStep(this, _, _) or + simpleLocalFlowStep(_, this, _) or jumpStep(this, _) or jumpStep(_, this) or storeStep(this, _, _) or storeStep(_, _, this) or readStep(this, _, _) or readStep(_, _, this) or - defaultAdditionalTaintStep(this, _) or - defaultAdditionalTaintStep(_, this) + defaultAdditionalTaintStep(this, _, _) or + defaultAdditionalTaintStep(_, this, _) } } @@ -161,7 +161,7 @@ module MakeConsistency< } query predicate localFlowIsLocal(Node n1, Node n2, string msg) { - simpleLocalFlowStep(n1, n2) and + simpleLocalFlowStep(n1, n2, _) and nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and msg = "Local flow step does not preserve enclosing callable." } @@ -247,7 +247,7 @@ module MakeConsistency< query predicate postWithInFlow(PostUpdateNode n, string msg) { not clearsContent(n, _) and - simpleLocalFlowStep(_, n) and + simpleLocalFlowStep(_, n, _) and not Input::postWithInFlowExclude(n) and msg = "PostUpdateNode should not be the target of local flow." } @@ -296,7 +296,7 @@ module MakeConsistency< } query predicate identityLocalStep(Node n, string msg) { - simpleLocalFlowStep(n, n) and + simpleLocalFlowStep(n, n, _) and not Input::identityLocalStepExclude(n) and msg = "Node steps to itself" } diff --git a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll index a88259a506b7..89a2a23d53bb 100644 --- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll @@ -210,9 +210,14 @@ module Make< * Holds if data may flow from `input` to `output` through this callable. * * `preservesValue` indicates whether this is a value-preserving step or a taint-step. + * + * If `model` is non-empty then it indicates the provenance of the model + * defining this flow. */ pragma[nomagic] - abstract predicate propagatesFlow(string input, string output, boolean preservesValue); + abstract predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ); /** * Holds if there exists a generated summary that applies to this callable. @@ -398,9 +403,9 @@ module Make< private predicate summarySpec(string spec) { exists(SummarizedCallable c | - c.propagatesFlow(spec, _, _) + c.propagatesFlow(spec, _, _, _) or - c.propagatesFlow(_, spec, _) + c.propagatesFlow(_, spec, _, _) ) } @@ -555,7 +560,7 @@ module Make< * * ```ql * private class CAdapter extends SummarizedCallable instanceof C { - * override predicate propagatesFlow(string input, string output, boolean preservesValue) { + * override predicate propagatesFlow(string input, string output, boolean preservesValue, string model) { * none() * } * @@ -575,6 +580,9 @@ module Make< * `preservesValue` indicates whether this is a value-preserving step * or a taint-step. * + * If `model` is non-empty then it indicates the provenance of the model + * defining this flow. + * * Input specifications are restricted to stacks that end with * `SummaryComponent::argument(_)`, preceded by zero or more * `SummaryComponent::return(_)` or `SummaryComponent::content(_)` components. @@ -591,7 +599,8 @@ module Make< */ pragma[nomagic] abstract predicate propagatesFlow( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue, + string model ); /** @@ -604,19 +613,19 @@ module Make< pragma[nomagic] private predicate summary( SummarizedCallableImpl c, SummaryComponentStack input, SummaryComponentStack output, - boolean preservesValue + boolean preservesValue, string model ) { - c.propagatesFlow(input, output, preservesValue) + c.propagatesFlow(input, output, preservesValue, model) or // observe side effects of callbacks on input arguments - c.propagatesFlow(output, input, preservesValue) and + c.propagatesFlow(output, input, preservesValue, model) and preservesValue = true and isCallbackParameter(input) and isContentOfArgument(output, _) or // flow from the receiver of a callback into the instance-parameter exists(SummaryComponentStack s, SummaryComponentStack callbackRef | - c.propagatesFlow(s, _, _) or c.propagatesFlow(_, s, _) + c.propagatesFlow(s, _, _, model) or c.propagatesFlow(_, s, _, model) | callbackRef = s.drop(_) and (isCallbackParameter(callbackRef) or callbackRef.head() = TReturnSummaryComponent(_)) and @@ -626,7 +635,7 @@ module Make< ) or exists(SummaryComponentStack arg, SummaryComponentStack return | - derivedFluentFlow(c, input, arg, return, preservesValue) + derivedFluentFlow(c, input, arg, return, preservesValue, model) | arg.length() = 1 and output = return @@ -638,13 +647,17 @@ module Make< ) or // Chain together summaries where values get passed into callbacks along the way - exists(SummaryComponentStack mid, boolean preservesValue1, boolean preservesValue2 | - c.propagatesFlow(input, mid, preservesValue1) and - c.propagatesFlow(mid, output, preservesValue2) and + exists( + SummaryComponentStack mid, boolean preservesValue1, boolean preservesValue2, string model1, + string model2 + | + c.propagatesFlow(input, mid, preservesValue1, model1) and + c.propagatesFlow(mid, output, preservesValue2, model2) and mid.drop(mid.length() - 2) = SummaryComponentStack::push(TParameterSummaryComponent(_), SummaryComponentStack::singleton(TArgumentSummaryComponent(_))) and - preservesValue = preservesValue1.booleanAnd(preservesValue2) + preservesValue = preservesValue1.booleanAnd(preservesValue2) and + model = mergeModels(model1, model2) ) } @@ -665,22 +678,33 @@ module Make< pragma[nomagic] private predicate derivedFluentFlow( SummarizedCallable c, SummaryComponentStack input, SummaryComponentStack arg, - SummaryComponentStack return, boolean preservesValue + SummaryComponentStack return, boolean preservesValue, string model ) { - exists(ParameterPosition pos | - summary(c, input, arg, preservesValue) and + exists(ParameterPosition pos, string model1, string model2 | + summary(c, input, arg, preservesValue, model1) and isContentOfArgument(arg, pos) and - summary(c, SummaryComponentStack::argument(pos), return, true) and - return.bottom() = TReturnSummaryComponent(_) + summary(c, SummaryComponentStack::argument(pos), return, true, model2) and + return.bottom() = TReturnSummaryComponent(_) and + model = mergeModels(model1, model2) ) } + bindingset[model1, model2] + pragma[inline_late] + private string mergeModels(string model1, string model2) { + model1 = "" and result = model2 + or + model2 = "" and result = model1 + or + model1 != "" and model2 != "" and result = model1 + "+" + model2 + } + pragma[nomagic] private predicate derivedFluentFlowPush( SummarizedCallable c, SummaryComponentStack input, SummaryComponentStack arg, SummaryComponent head, SummaryComponentStack tail, int i ) { - derivedFluentFlow(c, input, arg, tail, _) and + derivedFluentFlow(c, input, arg, tail, _, _) and head = arg.drop(i).head() and i = arg.length() - 2 or @@ -702,7 +726,7 @@ module Make< } private predicate outputState(SummarizedCallable c, SummaryComponentStack s) { - summary(c, _, s, _) + summary(c, _, s, _, _) or exists(SummaryComponentStack out | outputState(c, out) and @@ -715,7 +739,7 @@ module Make< } private predicate inputState(SummarizedCallable c, SummaryComponentStack s) { - summary(c, s, _, _) + summary(c, s, _, _, _) or exists(SummaryComponentStack inp | inputState(c, inp) and s = inp.tail()) or @@ -742,7 +766,7 @@ module Make< * * ```ql * propagatesFlow( - * SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + * SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue, string model * ) * ``` * @@ -952,7 +976,7 @@ module Make< */ predicate summaryAllowParameterReturnInSelf(SummarizedCallable c, ParameterPosition ppos) { exists(SummaryComponentStack inputContents, SummaryComponentStack outputContents | - summary(c, inputContents, outputContents, _) and + summary(c, inputContents, outputContents, _, _) and inputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) and outputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) ) @@ -1077,25 +1101,28 @@ module Make< * Holds if there is a local step from `pred` to `succ`, which is synthesized * from a flow summary. */ - predicate summaryLocalStep(SummaryNode pred, SummaryNode succ, boolean preservesValue) { + predicate summaryLocalStep( + SummaryNode pred, SummaryNode succ, boolean preservesValue, string model + ) { exists( SummarizedCallable c, SummaryComponentStack inputContents, SummaryComponentStack outputContents | - summary(c, inputContents, outputContents, preservesValue) and + summary(c, inputContents, outputContents, preservesValue, model) and pred = summaryNodeInputState(pragma[only_bind_into](c), inputContents) and succ = summaryNodeOutputState(pragma[only_bind_into](c), outputContents) | preservesValue = true or - preservesValue = false and not summary(c, inputContents, outputContents, true) + preservesValue = false and not summary(c, inputContents, outputContents, true, _) ) or exists(SummarizedCallable c, SummaryComponentStack s | pred = summaryNodeInputState(c, s.tail()) and succ = summaryNodeInputState(c, s) and s.head() = [SummaryComponent::withContent(_), SummaryComponent::withoutContent(_)] and - preservesValue = true + preservesValue = true and + model = "" ) } @@ -1202,7 +1229,7 @@ module Make< or exists(SummaryNode mid, boolean clearsOrExpectsMid | paramReachesLocal(p, mid, clearsOrExpectsMid) and - summaryLocalStep(mid, n, true) and + summaryLocalStep(mid, n, true, _) and if summaryClearsContent(n, _) or summaryExpectsContent(n, _) @@ -1260,7 +1287,7 @@ module Make< */ predicate summaryThroughStepValue(ArgNode arg, Node out, SummarizedCallable sc) { exists(ReturnKind rk, SummaryNode ret, DataFlowCall call | - summaryLocalStep(summaryArgParam(call, arg, sc), ret, true) and + summaryLocalStep(summaryArgParam(call, arg, sc), ret, true, _) and summaryReturnNode(ret, pragma[only_bind_into](rk)) and out = getAnOutNode(call, pragma[only_bind_into](rk)) ) @@ -1275,7 +1302,7 @@ module Make< */ predicate summaryThroughStepTaint(ArgNode arg, Node out, SummarizedCallable sc) { exists(SummaryNode ret | - summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), ret, false) + summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), ret, false, _) ) } @@ -1289,7 +1316,7 @@ module Make< predicate summaryGetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) { exists(SummaryNode mid, SummaryNode ret | summaryReadStep(summaryArgParamRetOut(arg, ret, out, sc), c, mid) and - summaryLocalStep(mid, ret, _) + summaryLocalStep(mid, ret, _, _) ) } @@ -1302,7 +1329,7 @@ module Make< */ predicate summarySetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) { exists(SummaryNode mid, SummaryNode ret | - summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), mid, _) and + summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), mid, _, _) and summaryStoreStep(mid, c, ret) ) } @@ -1425,10 +1452,11 @@ module Make< private class SummarizedCallableImplAdapter extends SummarizedCallableImpl instanceof SummarizedCallable { override predicate propagatesFlow( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue, + string model ) { exists(AccessPath inSpec, AccessPath outSpec | - SummarizedCallable.super.propagatesFlow(inSpec, outSpec, preservesValue) and + SummarizedCallable.super.propagatesFlow(inSpec, outSpec, preservesValue, model) and interpretSpec(inSpec, input) and interpretSpec(outSpec, output) ) @@ -1470,13 +1498,17 @@ module Make< * Holds if an external source specification exists for `n` with output specification * `output` and kind `kind`. */ - predicate sourceElement(Element n, string output, string kind, Provenance provenance); + predicate sourceElement( + Element n, string output, string kind, Provenance provenance, string model + ); /** * Holds if an external sink specification exists for `n` with input specification * `input` and kind `kind`. */ - predicate sinkElement(Element n, string input, string kind, Provenance provenance); + predicate sinkElement( + Element n, string input, string kind, Provenance provenance, string model + ); class SourceOrSinkElement extends Element; @@ -1530,8 +1562,8 @@ module Make< private import SourceSinkInterpretationInput private predicate sourceSinkSpec(string spec) { - sourceElement(_, spec, _, _) or - sinkElement(_, spec, _, _) + sourceElement(_, spec, _, _, _) or + sinkElement(_, spec, _, _, _) } private module AccessPath = AccessPathSyntax::AccessPath; @@ -1560,10 +1592,10 @@ module Make< } private predicate sourceElementRef( - InterpretNode ref, SourceSinkAccessPath output, string kind + InterpretNode ref, SourceSinkAccessPath output, string kind, string model ) { exists(SourceOrSinkElement e | - sourceElement(e, output, kind, _) and + sourceElement(e, output, kind, _, model) and if outputNeedsReferenceExt(output.getToken(0)) then e = ref.getCallTarget() else e = ref.asElement() @@ -1575,9 +1607,11 @@ module Make< inputNeedsReference(c) } - private predicate sinkElementRef(InterpretNode ref, SourceSinkAccessPath input, string kind) { + private predicate sinkElementRef( + InterpretNode ref, SourceSinkAccessPath input, string kind, string model + ) { exists(SourceOrSinkElement e | - sinkElement(e, input, kind, _) and + sinkElement(e, input, kind, _, model) and if inputNeedsReferenceExt(input.getToken(0)) then e = ref.getCallTarget() else e = ref.asElement() @@ -1588,7 +1622,7 @@ module Make< private predicate interpretOutput( SourceSinkAccessPath output, int n, InterpretNode ref, InterpretNode node ) { - sourceElementRef(ref, output, _) and + sourceElementRef(ref, output, _, _) and n = 0 and ( if output = "" @@ -1638,7 +1672,7 @@ module Make< private predicate interpretInput( SourceSinkAccessPath input, int n, InterpretNode ref, InterpretNode node ) { - sinkElementRef(ref, input, _) and + sinkElementRef(ref, input, _, _) and n = 0 and ( if input = "" @@ -1675,9 +1709,9 @@ module Make< * Holds if `node` is specified as a source with the given kind in a MaD flow * model. */ - predicate isSourceNode(InterpretNode node, string kind) { + predicate isSourceNode(InterpretNode node, string kind, string model) { exists(InterpretNode ref, SourceSinkAccessPath output | - sourceElementRef(ref, output, kind) and + sourceElementRef(ref, output, kind, model) and interpretOutput(output, output.getNumToken(), ref, node) ) } @@ -1686,9 +1720,9 @@ module Make< * Holds if `node` is specified as a sink with the given kind in a MaD flow * model. */ - predicate isSinkNode(InterpretNode node, string kind) { + predicate isSinkNode(InterpretNode node, string kind, string model) { exists(InterpretNode ref, SourceSinkAccessPath input | - sinkElementRef(ref, input, kind) and + sinkElementRef(ref, input, kind, model) and interpretInput(input, input.getNumToken(), ref, node) ) } @@ -1711,7 +1745,7 @@ module Make< */ query predicate source(string csv) { exists(RelevantSource s, string output, string kind, Provenance provenance | - sourceElement(s, output, kind, provenance) and + sourceElement(s, output, kind, provenance, _) and csv = s.getCallableCsv() // Callable information + output + ";" // output @@ -1728,7 +1762,7 @@ module Make< */ query predicate sink(string csv) { exists(RelevantSink s, string input, string kind, Provenance provenance | - sinkElement(s, input, kind, provenance) and + sinkElement(s, input, kind, provenance, _) and csv = s.getCallableCsv() // Callable information + input + ";" // input @@ -1883,7 +1917,7 @@ module Make< private predicate edgesComponent(NodeOrCall a, NodeOrCall b, string value) { exists(boolean preservesValue | - PrivateSteps::summaryLocalStep(a.asNode(), b.asNode(), preservesValue) and + PrivateSteps::summaryLocalStep(a.asNode(), b.asNode(), preservesValue, _) and if preservesValue = true then value = "value" else value = "taint" ) or diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll index 9750b05fef1e..fb203eb6e811 100644 --- a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll +++ b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll @@ -490,9 +490,9 @@ private module Cached { * model. */ cached - predicate sourceNode(Node node, string kind) { + predicate sourceNode(Node node, string kind, string model) { exists(SourceSinkInterpretationInput::InterpretNode n | - isSourceNode(n, kind) and n.asNode() = node + isSourceNode(n, kind, model) and n.asNode() = node ) } @@ -501,57 +501,76 @@ private module Cached { * model. */ cached - predicate sinkNode(Node node, string kind) { + predicate sinkNode(Node node, string kind, string model) { exists(SourceSinkInterpretationInput::InterpretNode n | - isSinkNode(n, kind) and n.asNode() = node + isSinkNode(n, kind, model) and n.asNode() = node ) } } import Cached +/** + * Holds if `node` is specified as a source with the given kind in a MaD flow + * model. + */ +predicate sourceNode(Node node, string kind) { sourceNode(node, kind, _) } + +/** + * Holds if `node` is specified as a sink with the given kind in a MaD flow + * model. + */ +predicate sinkNode(Node node, string kind) { sinkNode(node, kind, _) } + private predicate interpretSummary( - Function f, string input, string output, string kind, string provenance + Function f, string input, string output, string kind, string provenance, string model ) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext | summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance) and + model = "" and // TODO: Insert MaD provenance from summaryModel f = interpretElement(namespace, type, subtypes, name, signature, ext) ) } // adapter class for converting Mad summaries to `SummarizedCallable`s private class SummarizedCallableAdapter extends SummarizedCallable { - SummarizedCallableAdapter() { interpretSummary(this, _, _, _, _) } + SummarizedCallableAdapter() { interpretSummary(this, _, _, _, _, _) } - private predicate relevantSummaryElementManual(string input, string output, string kind) { + private predicate relevantSummaryElementManual( + string input, string output, string kind, string model + ) { exists(Provenance provenance | - interpretSummary(this, input, output, kind, provenance) and + interpretSummary(this, input, output, kind, provenance, model) and provenance.isManual() ) } - private predicate relevantSummaryElementGenerated(string input, string output, string kind) { + private predicate relevantSummaryElementGenerated( + string input, string output, string kind, string model + ) { exists(Provenance provenance | - interpretSummary(this, input, output, kind, provenance) and + interpretSummary(this, input, output, kind, provenance, model) and provenance.isGenerated() ) } - override predicate propagatesFlow(string input, string output, boolean preservesValue) { + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { exists(string kind | - this.relevantSummaryElementManual(input, output, kind) + this.relevantSummaryElementManual(input, output, kind, model) or - not this.relevantSummaryElementManual(_, _, _) and - this.relevantSummaryElementGenerated(input, output, kind) + not this.relevantSummaryElementManual(_, _, _, _) and + this.relevantSummaryElementGenerated(input, output, kind, model) | if kind = "value" then preservesValue = true else preservesValue = false ) } override predicate hasProvenance(Provenance provenance) { - interpretSummary(this, _, _, _, provenance) + interpretSummary(this, _, _, _, provenance, _) } } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll index 9b92f961e6f1..c3ba9fb0014c 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll @@ -263,9 +263,10 @@ deprecated private module Config implements FullStateConfigSig { predicate isBarrierOut(Node node, FlowState state) { none() } - predicate isAdditionalFlowStep(Node node1, Node node2) { + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) + any(Configuration config).isAdditionalFlowStep(node1, node2) and + model = "" } predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll index d981ffee940b..acdd9bc7185c 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll @@ -7,6 +7,7 @@ private import codeql.swift.dataflow.Ssa private import codeql.swift.controlflow.BasicBlocks private import codeql.swift.dataflow.FlowSummary as FlowSummary private import codeql.swift.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl +private import codeql.swift.dataflow.ExternalFlow private import codeql.swift.frameworks.StandardLibrary.PointerTypes private import codeql.swift.frameworks.StandardLibrary.Array private import codeql.swift.frameworks.StandardLibrary.Dictionary @@ -184,127 +185,130 @@ private module Cached { nodeTo = getParameterDefNode(nodeFrom.asParameter()) } - private predicate localFlowStepCommon(Node nodeFrom, Node nodeTo) { - exists(Ssa::Definition def | - // Step from assignment RHS to def - def.(Ssa::WriteDefinition).assigns(nodeFrom.getCfgNode()) and - nodeTo.asDefinition() = def + private predicate localFlowStepCommon(Node nodeFrom, Node nodeTo, string model) { + ( + exists(Ssa::Definition def | + // Step from assignment RHS to def + def.(Ssa::WriteDefinition).assigns(nodeFrom.getCfgNode()) and + nodeTo.asDefinition() = def + or + // step from def to first read + nodeFrom.asDefinition() = def and + nodeTo.getCfgNode() = def.getAFirstRead() and + ( + nodeTo instanceof InoutReturnNodeImpl + implies + nodeTo.(InoutReturnNodeImpl).getParameter() = def.getSourceVariable().asVarDecl() + ) + or + // use-use flow + localSsaFlowStepUseUse(def, nodeFrom, nodeTo) + or + localSsaFlowStepUseUse(def, nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo) + or + // step from previous read to Phi node + localFlowSsaInput(nodeFrom, def, nodeTo.asDefinition()) + ) or - // step from def to first read - nodeFrom.asDefinition() = def and - nodeTo.getCfgNode() = def.getAFirstRead() and - ( - nodeTo instanceof InoutReturnNodeImpl - implies - nodeTo.(InoutReturnNodeImpl).getParameter() = def.getSourceVariable().asVarDecl() + localFlowSsaParamInput(nodeFrom, nodeTo) + or + // flow through `&` (inout argument) + nodeFrom.asExpr() = nodeTo.asExpr().(InOutExpr).getSubExpr() + or + // reverse flow through `&` (inout argument) + nodeFrom.(PostUpdateNode).getPreUpdateNode().asExpr().(InOutExpr).getSubExpr() = + nodeTo.(PostUpdateNode).getPreUpdateNode().asExpr() + or + // flow through `try!` and similar constructs + nodeFrom.asExpr() = nodeTo.asExpr().(AnyTryExpr).getSubExpr() + or + // flow through `!` + // note: there's a case in `readStep` that handles when the source is the + // `OptionalSomeContentSet` within the RHS. This case is for when the + // `Optional` itself is tainted (which it usually shouldn't be, but + // retaining this case increases robustness of flow). + nodeFrom.asExpr() = nodeTo.asExpr().(ForceValueExpr).getSubExpr() + or + // read of an optional .some member via `let x: T = y: T?` pattern matching + // note: similar to `ForceValueExpr` this is ideally a content `readStep` but + // in practice we sometimes have taint on the optional itself. + nodeTo.asPattern() = nodeFrom.asPattern().(OptionalSomePattern).getSubPattern() + or + // flow through `?` and `?.` + nodeFrom.asExpr() = nodeTo.asExpr().(BindOptionalExpr).getSubExpr() + or + nodeFrom.asExpr() = nodeTo.asExpr().(OptionalEvaluationExpr).getSubExpr() + or + // flow through unary `+` (which does nothing) + nodeFrom.asExpr() = nodeTo.asExpr().(UnaryPlusExpr).getOperand() + or + // flow through varargs expansions (that wrap an `ArrayExpr` where varargs enter a call) + nodeFrom.asExpr() = nodeTo.asExpr().(VarargExpansionExpr).getSubExpr() + or + // flow through nil-coalescing operator `??` + exists(BinaryExpr nco | + nco.getOperator().(FreeFunction).getName() = "??(_:_:)" and + nodeTo.asExpr() = nco + | + // value argument + nodeFrom.asExpr() = nco.getAnOperand() + or + // unpack closure (the second argument is an `AutoClosureExpr` argument) + nodeFrom.asExpr() = nco.getAnOperand().(AutoClosureExpr).getExpr() ) or - // use-use flow - localSsaFlowStepUseUse(def, nodeFrom, nodeTo) + // flow through ternary operator `? :` + exists(IfExpr ie | + nodeTo.asExpr() = ie and + nodeFrom.asExpr() = ie.getBranch(_) + ) or - localSsaFlowStepUseUse(def, nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo) + // flow through OpenExistentialExpr (compiler generated expression wrapper) + nodeFrom.asExpr() = nodeTo.asExpr().(OpenExistentialExpr).getSubExpr() or - // step from previous read to Phi node - localFlowSsaInput(nodeFrom, def, nodeTo.asDefinition()) - ) - or - localFlowSsaParamInput(nodeFrom, nodeTo) - or - // flow through `&` (inout argument) - nodeFrom.asExpr() = nodeTo.asExpr().(InOutExpr).getSubExpr() - or - // reverse flow through `&` (inout argument) - nodeFrom.(PostUpdateNode).getPreUpdateNode().asExpr().(InOutExpr).getSubExpr() = - nodeTo.(PostUpdateNode).getPreUpdateNode().asExpr() - or - // flow through `try!` and similar constructs - nodeFrom.asExpr() = nodeTo.asExpr().(AnyTryExpr).getSubExpr() - or - // flow through `!` - // note: there's a case in `readStep` that handles when the source is the - // `OptionalSomeContentSet` within the RHS. This case is for when the - // `Optional` itself is tainted (which it usually shouldn't be, but - // retaining this case increases robustness of flow). - nodeFrom.asExpr() = nodeTo.asExpr().(ForceValueExpr).getSubExpr() - or - // read of an optional .some member via `let x: T = y: T?` pattern matching - // note: similar to `ForceValueExpr` this is ideally a content `readStep` but - // in practice we sometimes have taint on the optional itself. - nodeTo.asPattern() = nodeFrom.asPattern().(OptionalSomePattern).getSubPattern() - or - // flow through `?` and `?.` - nodeFrom.asExpr() = nodeTo.asExpr().(BindOptionalExpr).getSubExpr() - or - nodeFrom.asExpr() = nodeTo.asExpr().(OptionalEvaluationExpr).getSubExpr() - or - // flow through unary `+` (which does nothing) - nodeFrom.asExpr() = nodeTo.asExpr().(UnaryPlusExpr).getOperand() - or - // flow through varargs expansions (that wrap an `ArrayExpr` where varargs enter a call) - nodeFrom.asExpr() = nodeTo.asExpr().(VarargExpansionExpr).getSubExpr() - or - // flow through nil-coalescing operator `??` - exists(BinaryExpr nco | - nco.getOperator().(FreeFunction).getName() = "??(_:_:)" and - nodeTo.asExpr() = nco - | - // value argument - nodeFrom.asExpr() = nco.getAnOperand() + // flow from Expr to Pattern + exists(Expr e, Pattern p | + nodeFrom.asExpr() = e and + nodeTo.asPattern() = p and + p.getImmediateMatchingExpr() = e + ) or - // unpack closure (the second argument is an `AutoClosureExpr` argument) - nodeFrom.asExpr() = nco.getAnOperand().(AutoClosureExpr).getExpr() - ) - or - // flow through ternary operator `? :` - exists(IfExpr ie | - nodeTo.asExpr() = ie and - nodeFrom.asExpr() = ie.getBranch(_) - ) - or - // flow through OpenExistentialExpr (compiler generated expression wrapper) - nodeFrom.asExpr() = nodeTo.asExpr().(OpenExistentialExpr).getSubExpr() - or - // flow from Expr to Pattern - exists(Expr e, Pattern p | - nodeFrom.asExpr() = e and - nodeTo.asPattern() = p and - p.getImmediateMatchingExpr() = e - ) - or - // flow from Pattern to an identity-preserving sub-Pattern: - nodeTo.asPattern() = - [ - nodeFrom.asPattern().(IsPattern).getSubPattern(), - nodeFrom.asPattern().(TypedPattern).getSubPattern() - ] - or - // Flow from the last component in a key path chain to - // the return node for the key path. - exists(KeyPathExpr keyPath | - nodeFrom.(KeyPathComponentNodeImpl).getComponent() = - keyPath.getComponent(keyPath.getNumberOfComponents() - 1) and - nodeTo.(KeyPathReturnNodeImpl).getKeyPathExpr() = keyPath - ) - or - exists(KeyPathExpr keyPath | - nodeTo.(KeyPathComponentPostUpdateNode).getComponent() = - keyPath.getComponent(keyPath.getNumberOfComponents() - 1) and - nodeFrom.(KeyPathReturnPostUpdateNode).getKeyPathExpr() = keyPath - ) - or - // Flow to the result of a keypath assignment - exists(KeyPathApplicationExpr apply, AssignExpr assign | - apply = assign.getDest() and - nodeTo.asExpr() = apply and - nodeFrom.asExpr() = assign.getSource() - ) + // flow from Pattern to an identity-preserving sub-Pattern: + nodeTo.asPattern() = + [ + nodeFrom.asPattern().(IsPattern).getSubPattern(), + nodeFrom.asPattern().(TypedPattern).getSubPattern() + ] + or + // Flow from the last component in a key path chain to + // the return node for the key path. + exists(KeyPathExpr keyPath | + nodeFrom.(KeyPathComponentNodeImpl).getComponent() = + keyPath.getComponent(keyPath.getNumberOfComponents() - 1) and + nodeTo.(KeyPathReturnNodeImpl).getKeyPathExpr() = keyPath + ) + or + exists(KeyPathExpr keyPath | + nodeTo.(KeyPathComponentPostUpdateNode).getComponent() = + keyPath.getComponent(keyPath.getNumberOfComponents() - 1) and + nodeFrom.(KeyPathReturnPostUpdateNode).getKeyPathExpr() = keyPath + ) + or + // Flow to the result of a keypath assignment + exists(KeyPathApplicationExpr apply, AssignExpr assign | + apply = assign.getDest() and + nodeTo.asExpr() = apply and + nodeFrom.asExpr() = assign.getSource() + ) + or + // flow step according to the closure capture library + captureValueStep(nodeFrom, nodeTo) + ) and + model = "" or // flow through a flow summary (extension of `SummaryModelCsv`) FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), - nodeTo.(FlowSummaryNode).getSummaryNode(), true) - or - // flow step according to the closure capture library - captureValueStep(nodeFrom, nodeTo) + nodeTo.(FlowSummaryNode).getSummaryNode(), true, model) } /** @@ -312,14 +316,14 @@ private module Cached { * data flow. */ cached - predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - localFlowStepCommon(nodeFrom, nodeTo) + predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { + localFlowStepCommon(nodeFrom, nodeTo, model) } /** This is the local flow predicate that is exposed. */ cached predicate localFlowStepImpl(Node nodeFrom, Node nodeTo) { - localFlowStepCommon(nodeFrom, nodeTo) or + localFlowStepCommon(nodeFrom, nodeTo, _) or FlowSummaryImpl::Private::Steps::summaryThroughStepValue(nodeFrom, nodeTo, _) } @@ -1396,6 +1400,10 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { /** Extra data-flow steps needed for lambda flow analysis. */ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } +predicate knownSourceModel(Node source, string model) { sourceNode(source, _, model) } + +predicate knownSinkModel(Node sink, string model) { sinkNode(sink, _, model) } + /** * Holds if flow is allowed to pass from parameter `p` and back to itself as a * side-effect, resulting in a summary from `p` to itself. diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll index 54c8370ed1da..394df81cdcc2 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll @@ -120,12 +120,13 @@ module SourceSinkInterpretationInput implements * `output`, kind `kind`, and provenance `provenance`. */ predicate sourceElement( - SourceOrSinkElement e, string output, string kind, Public::Provenance provenance + SourceOrSinkElement e, string output, string kind, Public::Provenance provenance, string model ) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext | sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance) and + model = "" and // TODO: Insert MaD provenance from sourceModel e = interpretElement(namespace, type, subtypes, name, signature, ext) ) } @@ -135,12 +136,13 @@ module SourceSinkInterpretationInput implements * `input`, kind `kind` and provenance `provenance`. */ predicate sinkElement( - SourceOrSinkElement e, string input, string kind, Public::Provenance provenance + SourceOrSinkElement e, string input, string kind, Public::Provenance provenance, string model ) { exists( string package, string type, boolean subtypes, string name, string signature, string ext | sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) and + model = "" and // TODO: Insert MaD provenance from sinkModel e = interpretElement(package, type, subtypes, name, signature, ext) ) } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll index 5b86d1ceb673..a6acdbc25ede 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll @@ -20,63 +20,66 @@ private module Cached { * in all global taint flow configurations. */ cached - predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - // Flow through one argument of `appendLiteral` and `appendInterpolation` and to the second argument. - // This is needed for string interpolation generated by the compiler. An interpolated string - // like `"I am \(n) years old."` is represented as - // ``` - // $interpolated = "" - // appendLiteral(&$interpolated, "I am ") - // appendInterpolation(&$interpolated, n) - // appendLiteral(&$interpolated, " years old.") - // ``` - exists(ApplyExpr apply, ExprCfgNode e | - nodeFrom.asExpr() = [apply.getAnArgument().getExpr(), apply.getQualifier()] and - apply.getStaticTarget().getName() = ["appendLiteral(_:)", "appendInterpolation(_:)"] and - e.getExpr() = apply.getQualifier() and - nodeTo.(PostUpdateNodeImpl).getPreUpdateNode().getCfgNode() = e - ) - or - // Flow from the computation of the interpolated string literal to the result of the interpolation. - exists(InterpolatedStringLiteralExpr interpolated | - nodeTo.asExpr() = interpolated and - nodeFrom.asExpr() = interpolated.getAppendingExpr() - ) - or - // allow flow through arithmetic (this case includes string concatenation) - nodeTo.asExpr().(ArithmeticOperation).getAnOperand() = nodeFrom.asExpr() - or - // allow flow through bitwise operations - nodeTo.asExpr().(BitwiseOperation).getAnOperand() = nodeFrom.asExpr() - or - // allow flow through assignment operations (e.g. `+=`) - exists(AssignOperation op | - nodeFrom.asExpr() = op.getSource() and - nodeTo.asExpr() = op.getDest() - ) - or - // flow through a subscript access - exists(SubscriptExpr se | - se.getBase() = nodeFrom.asExpr() and - se = nodeTo.asExpr() - ) - or - // flow through autoclosure expressions (which turn value arguments into closure arguments); - // if the value is tainted, it's helpful to consider the autoclosure itself to be tainted as - // well for the purposes of matching sink models. - nodeFrom.asExpr() = nodeTo.asExpr().(AutoClosureExpr).getExpr() - or - // flow through the read of a content that inherits taint - exists(DataFlow::ContentSet f | - readStep(nodeFrom, f, nodeTo) and - f.getAReadContent() instanceof TaintInheritingContent - ) + predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) { + ( + // Flow through one argument of `appendLiteral` and `appendInterpolation` and to the second argument. + // This is needed for string interpolation generated by the compiler. An interpolated string + // like `"I am \(n) years old."` is represented as + // ``` + // $interpolated = "" + // appendLiteral(&$interpolated, "I am ") + // appendInterpolation(&$interpolated, n) + // appendLiteral(&$interpolated, " years old.") + // ``` + exists(ApplyExpr apply, ExprCfgNode e | + nodeFrom.asExpr() = [apply.getAnArgument().getExpr(), apply.getQualifier()] and + apply.getStaticTarget().getName() = ["appendLiteral(_:)", "appendInterpolation(_:)"] and + e.getExpr() = apply.getQualifier() and + nodeTo.(PostUpdateNodeImpl).getPreUpdateNode().getCfgNode() = e + ) + or + // Flow from the computation of the interpolated string literal to the result of the interpolation. + exists(InterpolatedStringLiteralExpr interpolated | + nodeTo.asExpr() = interpolated and + nodeFrom.asExpr() = interpolated.getAppendingExpr() + ) + or + // allow flow through arithmetic (this case includes string concatenation) + nodeTo.asExpr().(ArithmeticOperation).getAnOperand() = nodeFrom.asExpr() + or + // allow flow through bitwise operations + nodeTo.asExpr().(BitwiseOperation).getAnOperand() = nodeFrom.asExpr() + or + // allow flow through assignment operations (e.g. `+=`) + exists(AssignOperation op | + nodeFrom.asExpr() = op.getSource() and + nodeTo.asExpr() = op.getDest() + ) + or + // flow through a subscript access + exists(SubscriptExpr se | + se.getBase() = nodeFrom.asExpr() and + se = nodeTo.asExpr() + ) + or + // flow through autoclosure expressions (which turn value arguments into closure arguments); + // if the value is tainted, it's helpful to consider the autoclosure itself to be tainted as + // well for the purposes of matching sink models. + nodeFrom.asExpr() = nodeTo.asExpr().(AutoClosureExpr).getExpr() + or + // flow through the read of a content that inherits taint + exists(DataFlow::ContentSet f | + readStep(nodeFrom, f, nodeTo) and + f.getAReadContent() instanceof TaintInheritingContent + ) + ) and + model = "" or // flow through a flow summary (extension of `SummaryModelCsv`) FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), - nodeTo.(FlowSummaryNode).getSummaryNode(), false) + nodeTo.(FlowSummaryNode).getSummaryNode(), false, model) or - any(AdditionalTaintStep a).step(nodeFrom, nodeTo) + any(AdditionalTaintStep a).step(nodeFrom, nodeTo) and model = "AdditionalTaintStep" } /** @@ -87,7 +90,7 @@ private module Cached { predicate localTaintStepCached(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { DataFlow::localFlowStep(nodeFrom, nodeTo) or - defaultAdditionalTaintStep(nodeFrom, nodeTo) + defaultAdditionalTaintStep(nodeFrom, nodeTo, _) or // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index a83d238918d8..75e7856fd261 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -127,7 +127,7 @@ abstract deprecated class Configuration extends DataFlow::Configuration { final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { this.isAdditionalTaintStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) + defaultAdditionalTaintStep(node1, node2, _) } /** diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index 0b3d8336874d..f7cc15bf8b1c 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -23,14 +23,23 @@ edges | testURL.swift:73:52:73:67 | call to get_secret_key() | testURL.swift:73:18:73:67 | ... .+(_:_:) ... | provenance | | | testURL.swift:75:53:75:69 | call to get_cert_string() | testURL.swift:75:18:75:69 | ... .+(_:_:) ... | provenance | | | testURL.swift:96:51:96:51 | certificate | testURL.swift:96:18:96:18 | "..." | provenance | | -| testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) | provenance | | +| testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) | provenance | AdditionalTaintStep | | testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | testURL.swift:105:32:105:32 | data | provenance | | -| testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | testURL.swift:106:20:106:20 | "..." | provenance | | +| testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | testURL.swift:106:20:106:20 | "..." | provenance | AdditionalTaintStep | +| testURL.swift:105:6:105:10 | let ...? [some:0] | testURL.swift:105:10:105:10 | string | provenance | | +| testURL.swift:105:6:105:10 | let ...? [some:0] | testURL.swift:105:10:105:10 | string | provenance | | +| testURL.swift:105:6:105:10 | let ...? [some:0] | testURL.swift:105:10:105:10 | string | provenance | | | testURL.swift:105:6:105:10 | let ...? [some:0] | testURL.swift:105:10:105:10 | string | provenance | | | testURL.swift:105:10:105:10 | string | testURL.swift:106:20:106:20 | "..." | provenance | | +| testURL.swift:105:10:105:10 | string | testURL.swift:106:20:106:20 | "..." | provenance | | +| testURL.swift:105:19:105:53 | call to String.init(data:encoding:) | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | provenance | | | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | provenance | | | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) | testURL.swift:106:20:106:20 | "..." | provenance | | | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | testURL.swift:105:6:105:10 | let ...? [some:0] | provenance | | +| testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | testURL.swift:105:6:105:10 | let ...? [some:0] | provenance | | +| testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | testURL.swift:105:6:105:10 | let ...? [some:0] | provenance | | +| testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | testURL.swift:105:6:105:10 | let ...? [some:0] | provenance | | +| testURL.swift:105:32:105:32 | data | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | provenance | | | testURL.swift:105:32:105:32 | data | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | provenance | | nodes | file://:0:0:0:0 | .value | semmle.label | .value | @@ -85,9 +94,12 @@ nodes | testURL.swift:96:51:96:51 | certificate | semmle.label | certificate | | testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | semmle.label | call to SecKeyCopyExternalRepresentation(_:_:) | | testURL.swift:105:6:105:10 | let ...? [some:0] | semmle.label | let ...? [some:0] | +| testURL.swift:105:6:105:10 | let ...? [some:0] | semmle.label | let ...? [some:0] | +| testURL.swift:105:10:105:10 | string | semmle.label | string | | testURL.swift:105:10:105:10 | string | semmle.label | string | | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) | semmle.label | call to String.init(data:encoding:) | | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | semmle.label | call to String.init(data:encoding:) [some:0] | +| testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | semmle.label | call to String.init(data:encoding:) [some:0] | | testURL.swift:105:32:105:32 | data | semmle.label | data | | testURL.swift:106:20:106:20 | "..." | semmle.label | "..." | subpaths