JS: Update test output after merging in 'main'

- Paths are now relative to the test case, not the qlpack
- Paths going through an implicit reads have changed slightly

Author: asgerf

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected

@@ -38,9 +38,9 @@ legacyDataFlowDifference
 | spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library |
 consistencyIssue
-| library-tests/TaintTracking/nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency |
-| library-tests/TaintTracking/stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency |
-| library-tests/TaintTracking/stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency |
+| nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency |
+| stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency |
+| stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency |
 flow
 | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x |
 | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x |

javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected

@@ -13,10 +13,8 @@ edges
 | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | provenance |  |
 | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | provenance |  |
 | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | provenance |  |
-| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance |  |
-| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | provenance |  |
-| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n      ... }\\n    } [y, z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n      ... }\\n    } | provenance |  |
-| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n      ...       } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n      ... }\\n    } [y, z] | provenance |  |
+| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance |  |
+| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n      ...       } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n      ... }\\n    } | provenance |  |
 | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n      ...       } [z] | provenance |  |
 | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n    x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance |  |
 | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n    x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n    x ... usted\\n} | provenance |  |
@@ -36,11 +34,9 @@ nodes
 | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | semmle.label | untrusted |
 | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | semmle.label | untrusted |
 | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | semmle.label | ['x', u ... d, 'y'] |
-| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | semmle.label | ['x', u ... d, 'y'] [1] |
 | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | semmle.label | untrusted |
 | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | semmle.label | untrusted |
 | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n      ... }\\n    } | semmle.label | {\\n      ... }\\n    } |
-| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n      ... }\\n    } [y, z] | semmle.label | {\\n      ... }\\n    } [y, z] |
 | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n      ...       } [z] | semmle.label | {\\n      ...       } [z] |
 | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | semmle.label | untrusted |
 | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | semmle.label | untrusted |

javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected

@@ -30,15 +30,10 @@ edges
 | child_process-test.js:46:9:46:17 | args [1] | child_process-test.js:49:15:49:18 | args [1] | provenance |  |
 | child_process-test.js:48:5:48:8 | [post update] args [1] | child_process-test.js:46:9:46:17 | args [1] | provenance |  |
 | child_process-test.js:48:15:48:17 | cmd | child_process-test.js:48:5:48:8 | [post update] args [1] | provenance |  |
-| child_process-test.js:49:15:49:18 | args [1] | child_process-test.js:66:19:66:22 | args [1] | provenance |  |
-| child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) [ArrayElement] | child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) | provenance |  |
+| child_process-test.js:49:15:49:18 | args [1] | child_process-test.js:66:19:66:22 | args | provenance |  |
 | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) | provenance |  |
-| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) [ArrayElement] | provenance |  |
 | child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | provenance |  |
-| child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) [ArrayElement] | child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) | provenance |  |
 | child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) | provenance |  |
-| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) [ArrayElement] | provenance |  |
-| child_process-test.js:66:19:66:22 | args [1] | child_process-test.js:66:19:66:22 | args | provenance |  |
 | child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | provenance |  |
 | child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:9:73:49 | cmd | provenance |  |
 | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | provenance |  |
@@ -133,15 +128,12 @@ nodes
 | child_process-test.js:49:15:49:18 | args [1] | semmle.label | args [1] |
 | child_process-test.js:53:15:53:17 | cmd | semmle.label | cmd |
 | child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) | semmle.label | ['/C',  ... , cmd]) |
-| child_process-test.js:56:25:56:58 | ['/C',  ... , cmd]) [ArrayElement] | semmle.label | ['/C',  ... , cmd]) [ArrayElement] |
 | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | semmle.label | ["bar", cmd] [1] |
 | child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd |
 | child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd |
 | child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) | semmle.label | ['/C',  ... at(cmd) |
-| child_process-test.js:57:25:57:49 | ['/C',  ... at(cmd) [ArrayElement] | semmle.label | ['/C',  ... at(cmd) [ArrayElement] |
 | child_process-test.js:57:46:57:48 | cmd | semmle.label | cmd |
 | child_process-test.js:66:19:66:22 | args | semmle.label | args |
-| child_process-test.js:66:19:66:22 | args [1] | semmle.label | args [1] |
 | child_process-test.js:73:9:73:49 | cmd | semmle.label | cmd |
 | child_process-test.js:73:15:73:38 | url.par ... , true) | semmle.label | url.par ... , true) |
 | child_process-test.js:73:25:73:31 | req.url | semmle.label | req.url |

javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected

@@ -90,15 +90,12 @@ edges
 | lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | provenance |  |
 | lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | provenance |  |
 | lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | provenance |  |
-| lib/lib.js:425:6:425:13 | arr [ArrayElement] | lib/lib.js:427:14:427:16 | arr [ArrayElement] | provenance |  |
+| lib/lib.js:425:6:425:13 | arr [ArrayElement] | lib/lib.js:427:14:427:16 | arr | provenance |  |
 | lib/lib.js:426:2:426:4 | [post update] arr | lib/lib.js:425:6:425:13 | arr | provenance |  |
 | lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | lib/lib.js:425:6:425:13 | arr [ArrayElement] | provenance |  |
 | lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr | provenance |  |
 | lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | provenance |  |
-| lib/lib.js:427:14:427:16 | arr [ArrayElement] | lib/lib.js:427:14:427:16 | arr | provenance |  |
-| lib/lib.js:428:14:428:58 | build(" ...  + '-') [ArrayElement] | lib/lib.js:428:14:428:58 | build(" ...  + '-') | provenance |  |
 | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ...  + '-') | provenance |  |
-| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ...  + '-') [ArrayElement] | provenance |  |
 | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | provenance |  |
 | lib/lib.js:428:36:428:39 | name | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | provenance |  |
 | lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance |  |
@@ -125,8 +122,7 @@ edges
 | lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | provenance |  |
 | lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | provenance |  |
 | lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | provenance |  |
-| lib/lib.js:551:33:551:36 | args [1] | lib/lib.js:552:23:552:26 | args [1] | provenance |  |
-| lib/lib.js:552:23:552:26 | args [1] | lib/lib.js:552:23:552:26 | args | provenance |  |
+| lib/lib.js:551:33:551:36 | args [1] | lib/lib.js:552:23:552:26 | args | provenance |  |
 | lib/lib.js:555:25:555:37 | ["-rf", name] [1] | lib/lib.js:551:33:551:36 | args [1] | provenance |  |
 | lib/lib.js:555:33:555:36 | name | lib/lib.js:555:25:555:37 | ["-rf", name] [1] | provenance |  |
 | lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | provenance |  |
@@ -283,9 +279,7 @@ nodes
 | lib/lib.js:426:11:426:14 | name | semmle.label | name |
 | lib/lib.js:426:11:426:14 | name | semmle.label | name |
 | lib/lib.js:427:14:427:16 | arr | semmle.label | arr |
-| lib/lib.js:427:14:427:16 | arr [ArrayElement] | semmle.label | arr [ArrayElement] |
 | lib/lib.js:428:14:428:58 | build(" ...  + '-') | semmle.label | build(" ...  + '-') |
-| lib/lib.js:428:14:428:58 | build(" ...  + '-') [ArrayElement] | semmle.label | build(" ...  + '-') [ArrayElement] |
 | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | semmle.label | (name ? ... ) + '-' |
 | lib/lib.js:428:36:428:39 | name | semmle.label | name |
 | lib/lib.js:431:23:431:26 | last | semmle.label | last |
@@ -320,7 +314,6 @@ nodes
 | lib/lib.js:550:39:550:42 | name | semmle.label | name |
 | lib/lib.js:551:33:551:36 | args [1] | semmle.label | args [1] |
 | lib/lib.js:552:23:552:26 | args | semmle.label | args |
-| lib/lib.js:552:23:552:26 | args [1] | semmle.label | args [1] |
 | lib/lib.js:555:25:555:37 | ["-rf", name] [1] | semmle.label | ["-rf", name] [1] |
 | lib/lib.js:555:33:555:36 | name | semmle.label | name |
 | lib/lib.js:555:33:555:36 | name | semmle.label | name |
@@ -359,7 +352,7 @@ subpaths
 | lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | lib/lib.js:251:16:251:31 | cleanInput(name) |
 | lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) |
 | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | lib/lib.js:437:9:437:11 | arr | lib/lib.js:428:14:428:58 | build(" ...  + '-') |
-| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | lib/lib.js:437:9:437:11 | arr [ArrayElement] | lib/lib.js:428:14:428:58 | build(" ...  + '-') [ArrayElement] |
+| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | lib/lib.js:437:9:437:11 | arr [ArrayElement] | lib/lib.js:428:14:428:58 | build(" ...  + '-') |
 #select
 | lib/isImported.js:6:10:6:25 | "rm -rf " + name | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/isImported.js:5:49:5:52 | name | library input | lib/isImported.js:6:2:6:26 | cp.exec ... + name) | shell command |
 | lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:3:28:3:31 | name | library input | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command |