Updated the .expected file accordingly

Sim4n6 · Sim4n6 · commit 90c174de4e62 · 2023-05-23T17:36:50.000+01:00
diff --git a/ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected b/ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected
@@ -1,56 +1,75 @@
 edges
-| unicode_normalization.rb:3:5:3:17 | unicode_input | unicode_normalization.rb:4:23:4:35 | unicode_input |
-| unicode_normalization.rb:3:5:3:17 | unicode_input | unicode_normalization.rb:5:22:5:34 | unicode_input |
-| unicode_normalization.rb:3:21:3:26 | call to params | unicode_normalization.rb:3:21:3:42 | ...[...] |
-| unicode_normalization.rb:3:21:3:42 | ...[...] | unicode_normalization.rb:3:5:3:17 | unicode_input |
-| unicode_normalization.rb:11:5:11:17 | unicode_input | unicode_normalization.rb:12:27:12:39 | unicode_input |
-| unicode_normalization.rb:11:5:11:17 | unicode_input | unicode_normalization.rb:12:27:12:39 | unicode_input |
-| unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:11:21:11:42 | ...[...] |
-| unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:11:21:11:42 | ...[...] |
-| unicode_normalization.rb:11:21:11:42 | ...[...] | unicode_normalization.rb:11:5:11:17 | unicode_input |
-| unicode_normalization.rb:11:21:11:42 | ...[...] | unicode_normalization.rb:11:5:11:17 | unicode_input |
-| unicode_normalization.rb:12:5:12:23 | unicode_input_manip | unicode_normalization.rb:13:23:13:41 | unicode_input_manip |
-| unicode_normalization.rb:12:5:12:23 | unicode_input_manip | unicode_normalization.rb:14:22:14:40 | unicode_input_manip |
-| unicode_normalization.rb:12:27:12:39 | unicode_input | unicode_normalization.rb:12:27:12:59 | call to sub |
-| unicode_normalization.rb:12:27:12:39 | unicode_input | unicode_normalization.rb:12:27:12:59 | call to sub |
-| unicode_normalization.rb:12:27:12:59 | call to sub | unicode_normalization.rb:12:5:12:23 | unicode_input_manip |
-| unicode_normalization.rb:20:5:20:17 | unicode_input | unicode_normalization.rb:21:25:21:37 | unicode_input |
-| unicode_normalization.rb:20:21:20:26 | call to params | unicode_normalization.rb:20:21:20:42 | ...[...] |
-| unicode_normalization.rb:20:21:20:42 | ...[...] | unicode_normalization.rb:20:5:20:17 | unicode_input |
-| unicode_normalization.rb:21:5:21:21 | unicode_html_safe | unicode_normalization.rb:22:23:22:39 | unicode_html_safe |
-| unicode_normalization.rb:21:5:21:21 | unicode_html_safe | unicode_normalization.rb:23:22:23:38 | unicode_html_safe |
-| unicode_normalization.rb:21:25:21:37 | unicode_input | unicode_normalization.rb:21:25:21:47 | call to html_safe |
-| unicode_normalization.rb:21:25:21:47 | call to html_safe | unicode_normalization.rb:21:5:21:21 | unicode_html_safe |
+| unicode_normalization.rb:7:5:7:17 | unicode_input | unicode_normalization.rb:8:23:8:35 | unicode_input |
+| unicode_normalization.rb:7:5:7:17 | unicode_input | unicode_normalization.rb:9:22:9:34 | unicode_input |
+| unicode_normalization.rb:7:21:7:26 | call to params | unicode_normalization.rb:7:21:7:42 | ...[...] |
+| unicode_normalization.rb:7:21:7:42 | ...[...] | unicode_normalization.rb:7:5:7:17 | unicode_input |
+| unicode_normalization.rb:15:5:15:17 | unicode_input | unicode_normalization.rb:16:27:16:39 | unicode_input |
+| unicode_normalization.rb:15:5:15:17 | unicode_input | unicode_normalization.rb:16:27:16:39 | unicode_input |
+| unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:15:21:15:42 | ...[...] |
+| unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:15:21:15:42 | ...[...] |
+| unicode_normalization.rb:15:21:15:42 | ...[...] | unicode_normalization.rb:15:5:15:17 | unicode_input |
+| unicode_normalization.rb:15:21:15:42 | ...[...] | unicode_normalization.rb:15:5:15:17 | unicode_input |
+| unicode_normalization.rb:16:5:16:23 | unicode_input_manip | unicode_normalization.rb:17:23:17:41 | unicode_input_manip |
+| unicode_normalization.rb:16:5:16:23 | unicode_input_manip | unicode_normalization.rb:18:22:18:40 | unicode_input_manip |
+| unicode_normalization.rb:16:27:16:39 | unicode_input | unicode_normalization.rb:16:27:16:59 | call to sub |
+| unicode_normalization.rb:16:27:16:39 | unicode_input | unicode_normalization.rb:16:27:16:59 | call to sub |
+| unicode_normalization.rb:16:27:16:59 | call to sub | unicode_normalization.rb:16:5:16:23 | unicode_input_manip |
+| unicode_normalization.rb:24:5:24:17 | unicode_input | unicode_normalization.rb:25:37:25:49 | unicode_input |
+| unicode_normalization.rb:24:21:24:26 | call to params | unicode_normalization.rb:24:21:24:42 | ...[...] |
+| unicode_normalization.rb:24:21:24:42 | ...[...] | unicode_normalization.rb:24:5:24:17 | unicode_input |
+| unicode_normalization.rb:25:5:25:21 | unicode_html_safe | unicode_normalization.rb:26:23:26:39 | unicode_html_safe |
+| unicode_normalization.rb:25:5:25:21 | unicode_html_safe | unicode_normalization.rb:27:22:27:38 | unicode_html_safe |
+| unicode_normalization.rb:25:25:25:50 | call to html_escape | unicode_normalization.rb:25:5:25:21 | unicode_html_safe |
+| unicode_normalization.rb:25:37:25:49 | unicode_input | unicode_normalization.rb:25:25:25:50 | call to html_escape |
+| unicode_normalization.rb:33:5:33:17 | unicode_input | unicode_normalization.rb:34:40:34:52 | unicode_input |
+| unicode_normalization.rb:33:21:33:26 | call to params | unicode_normalization.rb:33:21:33:42 | ...[...] |
+| unicode_normalization.rb:33:21:33:42 | ...[...] | unicode_normalization.rb:33:5:33:17 | unicode_input |
+| unicode_normalization.rb:34:5:34:21 | unicode_html_safe | unicode_normalization.rb:35:23:35:39 | unicode_html_safe |
+| unicode_normalization.rb:34:5:34:21 | unicode_html_safe | unicode_normalization.rb:36:22:36:38 | unicode_html_safe |
+| unicode_normalization.rb:34:25:34:53 | call to escapeHTML | unicode_normalization.rb:34:25:34:63 | call to html_safe |
+| unicode_normalization.rb:34:25:34:63 | call to html_safe | unicode_normalization.rb:34:5:34:21 | unicode_html_safe |
+| unicode_normalization.rb:34:40:34:52 | unicode_input | unicode_normalization.rb:34:25:34:53 | call to escapeHTML |
 nodes
-| unicode_normalization.rb:3:5:3:17 | unicode_input | semmle.label | unicode_input |
-| unicode_normalization.rb:3:21:3:26 | call to params | semmle.label | call to params |
-| unicode_normalization.rb:3:21:3:42 | ...[...] | semmle.label | ...[...] |
-| unicode_normalization.rb:4:23:4:35 | unicode_input | semmle.label | unicode_input |
-| unicode_normalization.rb:5:22:5:34 | unicode_input | semmle.label | unicode_input |
-| unicode_normalization.rb:11:5:11:17 | unicode_input | semmle.label | unicode_input |
-| unicode_normalization.rb:11:5:11:17 | unicode_input | semmle.label | unicode_input |
-| unicode_normalization.rb:11:21:11:26 | call to params | semmle.label | call to params |
-| unicode_normalization.rb:11:21:11:42 | ...[...] | semmle.label | ...[...] |
-| unicode_normalization.rb:11:21:11:42 | ...[...] | semmle.label | ...[...] |
-| unicode_normalization.rb:12:5:12:23 | unicode_input_manip | semmle.label | unicode_input_manip |
-| unicode_normalization.rb:12:27:12:39 | unicode_input | semmle.label | unicode_input |
-| unicode_normalization.rb:12:27:12:39 | unicode_input | semmle.label | unicode_input |
-| unicode_normalization.rb:12:27:12:59 | call to sub | semmle.label | call to sub |
-| unicode_normalization.rb:13:23:13:41 | unicode_input_manip | semmle.label | unicode_input_manip |
-| unicode_normalization.rb:14:22:14:40 | unicode_input_manip | semmle.label | unicode_input_manip |
-| unicode_normalization.rb:20:5:20:17 | unicode_input | semmle.label | unicode_input |
-| unicode_normalization.rb:20:21:20:26 | call to params | semmle.label | call to params |
-| unicode_normalization.rb:20:21:20:42 | ...[...] | semmle.label | ...[...] |
-| unicode_normalization.rb:21:5:21:21 | unicode_html_safe | semmle.label | unicode_html_safe |
-| unicode_normalization.rb:21:25:21:37 | unicode_input | semmle.label | unicode_input |
-| unicode_normalization.rb:21:25:21:47 | call to html_safe | semmle.label | call to html_safe |
-| unicode_normalization.rb:22:23:22:39 | unicode_html_safe | semmle.label | unicode_html_safe |
-| unicode_normalization.rb:23:22:23:38 | unicode_html_safe | semmle.label | unicode_html_safe |
+| unicode_normalization.rb:7:5:7:17 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:7:21:7:26 | call to params | semmle.label | call to params |
+| unicode_normalization.rb:7:21:7:42 | ...[...] | semmle.label | ...[...] |
+| unicode_normalization.rb:8:23:8:35 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:9:22:9:34 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:15:5:15:17 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:15:5:15:17 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:15:21:15:26 | call to params | semmle.label | call to params |
+| unicode_normalization.rb:15:21:15:42 | ...[...] | semmle.label | ...[...] |
+| unicode_normalization.rb:15:21:15:42 | ...[...] | semmle.label | ...[...] |
+| unicode_normalization.rb:16:5:16:23 | unicode_input_manip | semmle.label | unicode_input_manip |
+| unicode_normalization.rb:16:27:16:39 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:16:27:16:39 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:16:27:16:59 | call to sub | semmle.label | call to sub |
+| unicode_normalization.rb:17:23:17:41 | unicode_input_manip | semmle.label | unicode_input_manip |
+| unicode_normalization.rb:18:22:18:40 | unicode_input_manip | semmle.label | unicode_input_manip |
+| unicode_normalization.rb:24:5:24:17 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:24:21:24:26 | call to params | semmle.label | call to params |
+| unicode_normalization.rb:24:21:24:42 | ...[...] | semmle.label | ...[...] |
+| unicode_normalization.rb:25:5:25:21 | unicode_html_safe | semmle.label | unicode_html_safe |
+| unicode_normalization.rb:25:25:25:50 | call to html_escape | semmle.label | call to html_escape |
+| unicode_normalization.rb:25:37:25:49 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:26:23:26:39 | unicode_html_safe | semmle.label | unicode_html_safe |
+| unicode_normalization.rb:27:22:27:38 | unicode_html_safe | semmle.label | unicode_html_safe |
+| unicode_normalization.rb:33:5:33:17 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:33:21:33:26 | call to params | semmle.label | call to params |
+| unicode_normalization.rb:33:21:33:42 | ...[...] | semmle.label | ...[...] |
+| unicode_normalization.rb:34:5:34:21 | unicode_html_safe | semmle.label | unicode_html_safe |
+| unicode_normalization.rb:34:25:34:53 | call to escapeHTML | semmle.label | call to escapeHTML |
+| unicode_normalization.rb:34:25:34:63 | call to html_safe | semmle.label | call to html_safe |
+| unicode_normalization.rb:34:40:34:52 | unicode_input | semmle.label | unicode_input |
+| unicode_normalization.rb:35:23:35:39 | unicode_html_safe | semmle.label | unicode_html_safe |
+| unicode_normalization.rb:36:22:36:38 | unicode_html_safe | semmle.label | unicode_html_safe |
 subpaths
 #select
-| unicode_normalization.rb:4:23:4:35 | unicode_input | unicode_normalization.rb:3:21:3:26 | call to params | unicode_normalization.rb:4:23:4:35 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:4:23:4:35 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:3:21:3:26 | call to params | remote user-controlled data |
-| unicode_normalization.rb:5:22:5:34 | unicode_input | unicode_normalization.rb:3:21:3:26 | call to params | unicode_normalization.rb:5:22:5:34 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:5:22:5:34 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:3:21:3:26 | call to params | remote user-controlled data |
-| unicode_normalization.rb:13:23:13:41 | unicode_input_manip | unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:11:21:11:26 | call to params | remote user-controlled data |
-| unicode_normalization.rb:14:22:14:40 | unicode_input_manip | unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:11:21:11:26 | call to params | remote user-controlled data |
-| unicode_normalization.rb:22:23:22:39 | unicode_html_safe | unicode_normalization.rb:20:21:20:26 | call to params | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:20:21:20:26 | call to params | remote user-controlled data |
-| unicode_normalization.rb:23:22:23:38 | unicode_html_safe | unicode_normalization.rb:20:21:20:26 | call to params | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:20:21:20:26 | call to params | remote user-controlled data |
+| unicode_normalization.rb:8:23:8:35 | unicode_input | unicode_normalization.rb:7:21:7:26 | call to params | unicode_normalization.rb:8:23:8:35 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:8:23:8:35 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:7:21:7:26 | call to params | remote user-controlled data |
+| unicode_normalization.rb:9:22:9:34 | unicode_input | unicode_normalization.rb:7:21:7:26 | call to params | unicode_normalization.rb:9:22:9:34 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:9:22:9:34 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:7:21:7:26 | call to params | remote user-controlled data |
+| unicode_normalization.rb:17:23:17:41 | unicode_input_manip | unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:17:23:17:41 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:17:23:17:41 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:15:21:15:26 | call to params | remote user-controlled data |
+| unicode_normalization.rb:18:22:18:40 | unicode_input_manip | unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:18:22:18:40 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:18:22:18:40 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:15:21:15:26 | call to params | remote user-controlled data |
+| unicode_normalization.rb:26:23:26:39 | unicode_html_safe | unicode_normalization.rb:24:21:24:26 | call to params | unicode_normalization.rb:26:23:26:39 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:26:23:26:39 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:24:21:24:26 | call to params | remote user-controlled data |
+| unicode_normalization.rb:27:22:27:38 | unicode_html_safe | unicode_normalization.rb:24:21:24:26 | call to params | unicode_normalization.rb:27:22:27:38 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:27:22:27:38 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:24:21:24:26 | call to params | remote user-controlled data |
+| unicode_normalization.rb:35:23:35:39 | unicode_html_safe | unicode_normalization.rb:33:21:33:26 | call to params | unicode_normalization.rb:35:23:35:39 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:35:23:35:39 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:33:21:33:26 | call to params | remote user-controlled data |
+| unicode_normalization.rb:36:22:36:38 | unicode_html_safe | unicode_normalization.rb:33:21:33:26 | call to params | unicode_normalization.rb:36:22:36:38 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:36:22:36:38 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:33:21:33:26 | call to params | remote user-controlled data |
