Update test expected output.

Author: michaelnebel

go/test/security/CWE-078/cmdi.expected

@@ -1,6 +1,6 @@
 edges
-| main.go:20:14:20:20 | selection of URL | main.go:20:14:20:28 | call to Query | provenance | Src:MaD:1004 MaD:1065 |
-| main.go:20:14:20:28 | call to Query | main.go:27:22:27:28 | cmdName | provenance | Sink:MaD:1075 |
+| main.go:20:14:20:20 | selection of URL | main.go:20:14:20:28 | call to Query | provenance | Src:MaD:1639 MaD:1700 |
+| main.go:20:14:20:28 | call to Query | main.go:27:22:27:28 | cmdName | provenance | Sink:MaD:1710 |
 nodes
 | main.go:20:14:20:20 | selection of URL | semmle.label | selection of URL |
 | main.go:20:14:20:28 | call to Query | semmle.label | call to Query |

java/test/security/CWE-020/Log4jInjectionTest.expected

@@ -5,22 +5,22 @@
 | FilePathInjection.java:182:30:182:33 | file | FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:182:30:182:33 | file | External control of file name or path due to $@. | FilePathInjection.java:205:17:205:44 | getParameter(...) | user-provided value |
 | FilePathInjection.java:210:23:210:26 | file | FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:210:23:210:26 | file | External control of file name or path due to $@. | FilePathInjection.java:205:17:205:44 | getParameter(...) | user-provided value |
 edges
-| FilePathInjection.java:21:21:21:34 | getPara(...) : String | FilePathInjection.java:26:47:26:59 | finalFilePath | provenance | Src:MaD:6 Sink:MaD:3 |
-| FilePathInjection.java:64:21:64:34 | getPara(...) : String | FilePathInjection.java:72:47:72:59 | finalFilePath | provenance | Src:MaD:6 AdditionalValueStep Sink:MaD:3 |
-| FilePathInjection.java:87:21:87:34 | getPara(...) : String | FilePathInjection.java:95:47:95:59 | finalFilePath | provenance | Src:MaD:6 AdditionalValueStep Sink:MaD:3 |
+| FilePathInjection.java:21:21:21:34 | getPara(...) : String | FilePathInjection.java:26:47:26:59 | finalFilePath | provenance | Src:MaD:4 Sink:MaD:3 |
+| FilePathInjection.java:64:21:64:34 | getPara(...) : String | FilePathInjection.java:72:47:72:59 | finalFilePath | provenance | Src:MaD:4 AdditionalValueStep Sink:MaD:3 |
+| FilePathInjection.java:87:21:87:34 | getPara(...) : String | FilePathInjection.java:95:47:95:59 | finalFilePath | provenance | Src:MaD:4 AdditionalValueStep Sink:MaD:3 |
 | FilePathInjection.java:177:50:177:58 | file : File | FilePathInjection.java:182:30:182:33 | file | provenance | Sink:MaD:2 |
 | FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:209:24:209:31 | filePath : String | provenance | Src:MaD:5  |
 | FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:210:23:210:26 | file | provenance | Sink:MaD:1 |
 | FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:217:19:217:22 | file : File | provenance |  |
-| FilePathInjection.java:209:24:209:31 | filePath : String | FilePathInjection.java:209:15:209:32 | new File(...) : File | provenance | MaD:4 |
+| FilePathInjection.java:209:24:209:31 | filePath : String | FilePathInjection.java:209:15:209:32 | new File(...) : File | provenance | MaD:6 |
 | FilePathInjection.java:217:19:217:22 | file : File | FilePathInjection.java:177:50:177:58 | file : File | provenance |  |
 models
 | 1 | Sink: java.io; File; true; exists; (); ; Argument[this]; path-injection; manual |
 | 2 | Sink: java.io; FileInputStream; true; FileInputStream; (File); ; Argument[0]; path-injection; ai-manual |
 | 3 | Sink: java.io; FileOutputStream; false; FileOutputStream; ; ; Argument[0]; path-injection; manual |
-| 4 | Summary: java.io; File; false; File; ; ; Argument[0]; Argument[this]; taint; manual |
+| 4 | Source: com.jfinal.core; Controller; true; getPara; ; ; ReturnValue; remote; manual |
 | 5 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
-| 6 | Source: com.jfinal.core; Controller; true; getPara; ; ; ReturnValue; remote; manual |
+| 6 | Summary: java.io; File; false; File; ; ; Argument[0]; Argument[this]; taint; manual |
 nodes
 | FilePathInjection.java:21:21:21:34 | getPara(...) : String | semmle.label | getPara(...) : String |
 | FilePathInjection.java:26:47:26:59 | finalFilePath | semmle.label | finalFilePath |

java/test/security/CWE-073/FilePathInjection.expected

@@ -26,9 +26,9 @@ edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:32:28:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:32:29:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance | MaD:5 Sink:MaD:1 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:4 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance | MaD:4 Sink:MaD:1 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:5 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
@@ -43,17 +43,17 @@ edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:52:66:52:71 | script : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:52:42:52:72 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:58:17:58:29 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:59:43:59:55 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:58:36:58:41 | script : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:58:17:58:29 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:21 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:44 | toArray(...) | provenance | MaD:5 Sink:MaD:1 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:25:65:59 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:21 | concat(...) : Stream [<element>] : String | provenance | MaD:4 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:39:65:58 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:25:65:59 | stream(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:21 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:44 | toArray(...) | provenance | MaD:4 Sink:MaD:1 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:25:65:59 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:21 | concat(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:39:65:58 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:25:65:59 | stream(...) : Stream [<element>] : String | provenance | MaD:5 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:39:65:58 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:39:65:58 | new String[] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:52:65:57 | script : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:39:65:58 | {...} : String[] [[]] : String | provenance |  |
 models
 | 1 | Sink: java.lang; Runtime; true; exec; (String[]); ; Argument[0]; command-injection; ai-manual |
 | 2 | Source: java.lang; System; false; getenv; ; ; ReturnValue; environment; manual |
-| 3 | Summary: java.util; Arrays; false; stream; ; ; Argument[0].ArrayElement; ReturnValue.Element; value; manual |
-| 4 | Summary: java.util.stream; Stream; true; concat; (Stream,Stream); ; Argument[0..1].Element; ReturnValue.Element; value; manual |
-| 5 | Summary: java.util.stream; Stream; true; toArray; ; ; Argument[this].Element; ReturnValue.ArrayElement; value; manual |
+| 3 | Summary: java.util.stream; Stream; true; concat; (Stream,Stream); ; Argument[0..1].Element; ReturnValue.Element; value; manual |
+| 4 | Summary: java.util.stream; Stream; true; toArray; ; ; Argument[this].Element; ReturnValue.ArrayElement; value; manual |
+| 5 | Summary: java.util; Arrays; false; stream; ; ; Argument[0].ArrayElement; ReturnValue.Element; value; manual |
 nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | semmle.label | args : String[] |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | semmle.label | {...} : String[] [[]] : String |

java/test/security/CWE-078/CommandInjectionRuntimeExecLocal.expected

@@ -26,9 +26,9 @@ edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:32:28:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:32:29:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance | MaD:5 Sink:MaD:1 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:4 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance | MaD:4 Sink:MaD:1 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:5 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
@@ -43,17 +43,17 @@ edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:52:66:52:71 | script : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:52:42:52:72 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:58:17:58:29 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:59:43:59:55 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:58:36:58:41 | script : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:58:17:58:29 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:21 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:44 | toArray(...) | provenance | MaD:5 Sink:MaD:1 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:25:65:59 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:21 | concat(...) : Stream [<element>] : String | provenance | MaD:4 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:39:65:58 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:25:65:59 | stream(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:21 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:44 | toArray(...) | provenance | MaD:4 Sink:MaD:1 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:25:65:59 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:63:21:66:21 | concat(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:39:65:58 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:25:65:59 | stream(...) : Stream [<element>] : String | provenance | MaD:5 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:39:65:58 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:39:65:58 | new String[] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:52:65:57 | script : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:65:39:65:58 | {...} : String[] [[]] : String | provenance |  |
 models
 | 1 | Sink: java.lang; Runtime; true; exec; (String[]); ; Argument[0]; command-injection; ai-manual |
 | 2 | Source: java.lang; System; false; getenv; ; ; ReturnValue; environment; manual |
-| 3 | Summary: java.util; Arrays; false; stream; ; ; Argument[0].ArrayElement; ReturnValue.Element; value; manual |
-| 4 | Summary: java.util.stream; Stream; true; concat; (Stream,Stream); ; Argument[0..1].Element; ReturnValue.Element; value; manual |
-| 5 | Summary: java.util.stream; Stream; true; toArray; ; ; Argument[this].Element; ReturnValue.ArrayElement; value; manual |
+| 3 | Summary: java.util.stream; Stream; true; concat; (Stream,Stream); ; Argument[0..1].Element; ReturnValue.Element; value; manual |
+| 4 | Summary: java.util.stream; Stream; true; toArray; ; ; Argument[this].Element; ReturnValue.ArrayElement; value; manual |
+| 5 | Summary: java.util; Arrays; false; stream; ; ; Argument[0].ArrayElement; ReturnValue.Element; value; manual |
 nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | semmle.label | args : String[] |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | semmle.label | {...} : String[] [[]] : String |