Go: Add empty provenance column to expected files.

Author: aschackmull

go/ql/test/experimental/CWE-090/LDAPInjection.expected

@@ -1,24 +1,24 @@
 edges
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted |
-| LDAPInjection.go:62:3:62:33 | slice literal [array] | LDAPInjection.go:62:3:62:33 | slice literal |
-| LDAPInjection.go:62:24:62:32 | untrusted | LDAPInjection.go:62:3:62:33 | slice literal [array] |
-| LDAPInjection.go:69:3:69:33 | slice literal [array] | LDAPInjection.go:69:3:69:33 | slice literal |
-| LDAPInjection.go:69:24:69:32 | untrusted | LDAPInjection.go:69:3:69:33 | slice literal [array] |
-| LDAPInjection.go:76:3:76:33 | slice literal [array] | LDAPInjection.go:76:3:76:33 | slice literal |
-| LDAPInjection.go:76:24:76:32 | untrusted | LDAPInjection.go:76:3:76:33 | slice literal [array] |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance |  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance |  |
+| LDAPInjection.go:62:3:62:33 | slice literal [array] | LDAPInjection.go:62:3:62:33 | slice literal | provenance |  |
+| LDAPInjection.go:62:24:62:32 | untrusted | LDAPInjection.go:62:3:62:33 | slice literal [array] | provenance |  |
+| LDAPInjection.go:69:3:69:33 | slice literal [array] | LDAPInjection.go:69:3:69:33 | slice literal | provenance |  |
+| LDAPInjection.go:69:24:69:32 | untrusted | LDAPInjection.go:69:3:69:33 | slice literal [array] | provenance |  |
+| LDAPInjection.go:76:3:76:33 | slice literal [array] | LDAPInjection.go:76:3:76:33 | slice literal | provenance |  |
+| LDAPInjection.go:76:24:76:32 | untrusted | LDAPInjection.go:76:3:76:33 | slice literal [array] | provenance |  |
 nodes
 | LDAPInjection.go:57:15:57:29 | call to UserAgent | semmle.label | call to UserAgent |
 | LDAPInjection.go:59:3:59:11 | untrusted | semmle.label | untrusted |

go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected

@@ -1,10 +1,10 @@
 edges
-| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get |
-| timing.go:15:18:15:45 | call to Get | timing.go:17:31:17:42 | headerSecret |
-| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get |
-| timing.go:28:18:28:45 | call to Get | timing.go:30:47:30:58 | headerSecret |
-| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get |
-| timing.go:41:18:41:45 | call to Get | timing.go:42:25:42:36 | headerSecret |
+| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance |  |
+| timing.go:15:18:15:45 | call to Get | timing.go:17:31:17:42 | headerSecret | provenance |  |
+| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance |  |
+| timing.go:28:18:28:45 | call to Get | timing.go:30:47:30:58 | headerSecret | provenance |  |
+| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance |  |
+| timing.go:41:18:41:45 | call to Get | timing.go:42:25:42:36 | headerSecret | provenance |  |
 nodes
 | timing.go:15:18:15:27 | selection of Header | semmle.label | selection of Header |
 | timing.go:15:18:15:45 | call to Get | semmle.label | call to Get |

go/ql/test/experimental/CWE-203/Timing.expected

@@ -1,7 +1,7 @@
 edges
-| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query |
-| ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword |
-| ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword |
+| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance |  |
+| ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword | provenance |  |
+| ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | provenance |  |
 nodes
 | ImproperLdapAuth.go:18:18:18:24 | selection of URL | semmle.label | selection of URL |
 | ImproperLdapAuth.go:18:18:18:32 | call to Query | semmle.label | call to Query |

go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected

@@ -1,8 +1,8 @@
 edges
-| go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey |
-| go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:13:14:13:34 | type conversion |
-| golang-jwt-v5.go:19:15:19:35 | type conversion | golang-jwt-v5.go:27:9:27:15 | JwtKey1 |
-| golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:19:15:19:35 | type conversion |
+| go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance |  |
+| go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:13:14:13:34 | type conversion | provenance |  |
+| golang-jwt-v5.go:19:15:19:35 | type conversion | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | provenance |  |
+| golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:19:15:19:35 | type conversion | provenance |  |
 nodes
 | go-jose.v3.go:13:14:13:34 | type conversion | semmle.label | type conversion |
 | go-jose.v3.go:13:21:13:33 | "AllYourBase" | semmle.label | "AllYourBase" |

go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected

@@ -1,44 +1,44 @@
 edges
-| HardcodedKeysBad.go:11:18:11:38 | type conversion | HardcodedKeysBad.go:19:28:19:39 | mySigningKey |
-| HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | HardcodedKeysBad.go:11:18:11:38 | type conversion |
-| main.go:33:18:33:31 | type conversion | main.go:42:28:42:39 | mySigningKey |
-| main.go:33:25:33:30 | "key1" | main.go:33:18:33:31 | type conversion |
-| main.go:50:23:50:28 | "key2" | main.go:50:16:50:29 | type conversion |
-| main.go:68:9:68:22 | type conversion | main.go:69:44:69:46 | key |
-| main.go:68:16:68:21 | `key3` | main.go:68:9:68:22 | type conversion |
-| main.go:73:9:73:22 | type conversion | main.go:74:66:74:68 | key |
-| main.go:73:16:73:21 | "key4" | main.go:73:9:73:22 | type conversion |
-| main.go:77:10:77:23 | type conversion | main.go:82:15:82:18 | key2 |
-| main.go:77:17:77:22 | "key5" | main.go:77:10:77:23 | type conversion |
-| main.go:88:9:88:22 | type conversion | main.go:92:41:92:43 | key |
-| main.go:88:16:88:21 | "key6" | main.go:88:9:88:22 | type conversion |
-| main.go:97:10:97:23 | type conversion | main.go:99:66:99:69 | key2 |
-| main.go:97:17:97:22 | "key7" | main.go:97:10:97:23 | type conversion |
-| main.go:105:9:105:22 | type conversion | main.go:110:30:110:32 | key |
-| main.go:105:16:105:21 | "key8" | main.go:105:9:105:22 | type conversion |
-| main.go:114:15:114:28 | type conversion | main.go:115:16:115:24 | sharedKey |
-| main.go:114:22:114:27 | "key9" | main.go:114:15:114:28 | type conversion |
-| main.go:118:23:118:37 | type conversion | main.go:121:16:121:30 | sharedKeyglobal |
-| main.go:118:30:118:36 | "key10" | main.go:118:23:118:37 | type conversion |
-| main.go:127:27:127:33 | "key11" | main.go:127:20:127:34 | type conversion |
-| main.go:142:14:142:28 | type conversion | main.go:144:39:144:46 | mySecret |
-| main.go:142:21:142:27 | "key12" | main.go:142:14:142:28 | type conversion |
-| main.go:149:14:149:28 | type conversion | main.go:153:11:153:18 | mySecret |
-| main.go:149:21:149:27 | "key13" | main.go:149:14:149:28 | type conversion |
-| main.go:160:12:160:26 | type conversion | main.go:161:34:161:39 | secret |
-| main.go:160:19:160:25 | "key14" | main.go:160:12:160:26 | type conversion |
-| main.go:166:12:166:26 | type conversion | main.go:167:32:167:37 | secret |
-| main.go:166:19:166:25 | "key15" | main.go:166:12:166:26 | type conversion |
-| main.go:172:12:172:26 | type conversion | main.go:173:41:173:46 | secret |
-| main.go:172:19:172:25 | "key16" | main.go:172:12:172:26 | type conversion |
-| main.go:178:12:178:26 | type conversion | main.go:179:51:179:56 | secret |
-| main.go:178:19:178:25 | "key17" | main.go:178:12:178:26 | type conversion |
-| main.go:184:12:184:26 | type conversion | main.go:185:42:185:47 | secret |
-| main.go:184:19:184:25 | "key18" | main.go:184:12:184:26 | type conversion |
-| main.go:190:12:190:26 | type conversion | main.go:193:33:193:38 | secret |
-| main.go:190:19:190:25 | "key19" | main.go:190:12:190:26 | type conversion |
-| sanitizer.go:17:9:17:21 | type conversion | sanitizer.go:18:44:18:46 | key |
-| sanitizer.go:17:16:17:20 | `key` | sanitizer.go:17:9:17:21 | type conversion |
+| HardcodedKeysBad.go:11:18:11:38 | type conversion | HardcodedKeysBad.go:19:28:19:39 | mySigningKey | provenance |  |
+| HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | HardcodedKeysBad.go:11:18:11:38 | type conversion | provenance |  |
+| main.go:33:18:33:31 | type conversion | main.go:42:28:42:39 | mySigningKey | provenance |  |
+| main.go:33:25:33:30 | "key1" | main.go:33:18:33:31 | type conversion | provenance |  |
+| main.go:50:23:50:28 | "key2" | main.go:50:16:50:29 | type conversion | provenance |  |
+| main.go:68:9:68:22 | type conversion | main.go:69:44:69:46 | key | provenance |  |
+| main.go:68:16:68:21 | `key3` | main.go:68:9:68:22 | type conversion | provenance |  |
+| main.go:73:9:73:22 | type conversion | main.go:74:66:74:68 | key | provenance |  |
+| main.go:73:16:73:21 | "key4" | main.go:73:9:73:22 | type conversion | provenance |  |
+| main.go:77:10:77:23 | type conversion | main.go:82:15:82:18 | key2 | provenance |  |
+| main.go:77:17:77:22 | "key5" | main.go:77:10:77:23 | type conversion | provenance |  |
+| main.go:88:9:88:22 | type conversion | main.go:92:41:92:43 | key | provenance |  |
+| main.go:88:16:88:21 | "key6" | main.go:88:9:88:22 | type conversion | provenance |  |
+| main.go:97:10:97:23 | type conversion | main.go:99:66:99:69 | key2 | provenance |  |
+| main.go:97:17:97:22 | "key7" | main.go:97:10:97:23 | type conversion | provenance |  |
+| main.go:105:9:105:22 | type conversion | main.go:110:30:110:32 | key | provenance |  |
+| main.go:105:16:105:21 | "key8" | main.go:105:9:105:22 | type conversion | provenance |  |
+| main.go:114:15:114:28 | type conversion | main.go:115:16:115:24 | sharedKey | provenance |  |
+| main.go:114:22:114:27 | "key9" | main.go:114:15:114:28 | type conversion | provenance |  |
+| main.go:118:23:118:37 | type conversion | main.go:121:16:121:30 | sharedKeyglobal | provenance |  |
+| main.go:118:30:118:36 | "key10" | main.go:118:23:118:37 | type conversion | provenance |  |
+| main.go:127:27:127:33 | "key11" | main.go:127:20:127:34 | type conversion | provenance |  |
+| main.go:142:14:142:28 | type conversion | main.go:144:39:144:46 | mySecret | provenance |  |
+| main.go:142:21:142:27 | "key12" | main.go:142:14:142:28 | type conversion | provenance |  |
+| main.go:149:14:149:28 | type conversion | main.go:153:11:153:18 | mySecret | provenance |  |
+| main.go:149:21:149:27 | "key13" | main.go:149:14:149:28 | type conversion | provenance |  |
+| main.go:160:12:160:26 | type conversion | main.go:161:34:161:39 | secret | provenance |  |
+| main.go:160:19:160:25 | "key14" | main.go:160:12:160:26 | type conversion | provenance |  |
+| main.go:166:12:166:26 | type conversion | main.go:167:32:167:37 | secret | provenance |  |
+| main.go:166:19:166:25 | "key15" | main.go:166:12:166:26 | type conversion | provenance |  |
+| main.go:172:12:172:26 | type conversion | main.go:173:41:173:46 | secret | provenance |  |
+| main.go:172:19:172:25 | "key16" | main.go:172:12:172:26 | type conversion | provenance |  |
+| main.go:178:12:178:26 | type conversion | main.go:179:51:179:56 | secret | provenance |  |
+| main.go:178:19:178:25 | "key17" | main.go:178:12:178:26 | type conversion | provenance |  |
+| main.go:184:12:184:26 | type conversion | main.go:185:42:185:47 | secret | provenance |  |
+| main.go:184:19:184:25 | "key18" | main.go:184:12:184:26 | type conversion | provenance |  |
+| main.go:190:12:190:26 | type conversion | main.go:193:33:193:38 | secret | provenance |  |
+| main.go:190:19:190:25 | "key19" | main.go:190:12:190:26 | type conversion | provenance |  |
+| sanitizer.go:17:9:17:21 | type conversion | sanitizer.go:18:44:18:46 | key | provenance |  |
+| sanitizer.go:17:16:17:20 | `key` | sanitizer.go:17:9:17:21 | type conversion | provenance |  |
 nodes
 | HardcodedKeysBad.go:11:18:11:38 | type conversion | semmle.label | type conversion |
 | HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | semmle.label | "AllYourBase" |

go/ql/test/experimental/CWE-321/HardcodedKeys.expected

@@ -1,16 +1,16 @@
 edges
-| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query |
-| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get |
-| go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken |
-| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken |
-| go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken |
-| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken |
-| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] |
-| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query |
-| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get |
-| golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken |
-| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken |
-| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken |
+| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance |  |
+| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance |  |
+| go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | provenance |  |
+| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken | provenance |  |
+| go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken | provenance |  |
+| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance |  |
+| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance |  |
+| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance |  |
+| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance |  |
+| golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | provenance |  |
+| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance |  |
+| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance |  |
 nodes
 | go-jose.v3.go:25:16:25:20 | selection of URL | semmle.label | selection of URL |
 | go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query |