diff --git a/go/ql/lib/ext/github.com.antchfx.htmlquery.model.yml b/go/ql/lib/ext/github.com.antchfx.htmlquery.model.yml
new file mode 100644
index 000000000000..f8481e58cb99
--- /dev/null
+++ b/go/ql/lib/ext/github.com.antchfx.htmlquery.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/antchfx/htmlquery", "", True, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/htmlquery", "", True, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/htmlquery", "", True, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/htmlquery", "", True, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
diff --git a/go/ql/lib/ext/github.com.antchfx.jsonquery.model.yml b/go/ql/lib/ext/github.com.antchfx.jsonquery.model.yml
new file mode 100644
index 000000000000..436867a8ab5f
--- /dev/null
+++ b/go/ql/lib/ext/github.com.antchfx.jsonquery.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/antchfx/jsonquery", "", True, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/jsonquery", "", True, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/jsonquery", "", True, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/jsonquery", "", True, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
diff --git a/go/ql/lib/ext/github.com.antchfx.xmlquery.model.yml b/go/ql/lib/ext/github.com.antchfx.xmlquery.model.yml
new file mode 100644
index 000000000000..6da9327681d4
--- /dev/null
+++ b/go/ql/lib/ext/github.com.antchfx.xmlquery.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/antchfx/xmlquery", "", True, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", True, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", True, "FindEach", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", True, "FindEachWithBreak", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", True, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", True, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "Node", True, "SelectElement", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "Node", True, "SelectElements", "", "", "Argument[0]", "xpath-injection", "manual"]
diff --git a/go/ql/lib/ext/github.com.antchfx.xpath.model.yml b/go/ql/lib/ext/github.com.antchfx.xpath.model.yml
new file mode 100644
index 000000000000..dada694552f9
--- /dev/null
+++ b/go/ql/lib/ext/github.com.antchfx.xpath.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/antchfx/xpath", "", True, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xpath", "", True, "CompileWithNS", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xpath", "", True, "MustCompile", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xpath", "", True, "Select", "", "", "Argument[1]", "xpath-injection", "manual"]
diff --git a/go/ql/lib/ext/github.com.appleboy.gin-jwt.model.yml b/go/ql/lib/ext/github.com.appleboy.gin-jwt.model.yml
new file mode 100644
index 000000000000..8911b5d5346c
--- /dev/null
+++ b/go/ql/lib/ext/github.com.appleboy.gin-jwt.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/appleboy/gin-jwt", "GinJWTMiddleware", True, "Key", "", "", "", "credentials-key", "manual"]
diff --git a/go/ql/lib/ext/github.com.christrenkamp.goxpath.model.yml b/go/ql/lib/ext/github.com.christrenkamp.goxpath.model.yml
new file mode 100644
index 000000000000..6e527dd5d68c
--- /dev/null
+++ b/go/ql/lib/ext/github.com.christrenkamp.goxpath.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/ChrisTrenkamp/goxpath", "", True, "MustParse", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/ChrisTrenkamp/goxpath", "", True, "Parse", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/ChrisTrenkamp/goxpath", "", True, "ParseExec", "", "", "Argument[0]", "xpath-injection", "manual"]
diff --git a/go/ql/lib/ext/github.com.go-jose.go-jose.model.yml b/go/ql/lib/ext/github.com.go-jose.go-jose.model.yml
new file mode 100644
index 000000000000..84e4ecde5844
--- /dev/null
+++ b/go/ql/lib/ext/github.com.go-jose.go-jose.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: packageGrouping
+    data:
+      - ["go-jose", "github.com/go-jose/go-jose"]
+      - ["go-jose", "gopkg.in/square/go-jose"]
+      - ["go-jose", "github.com/square/go-jose"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:go-jose", "Recipient", True, "Key", "", "", "", "credentials-key", "manual"]
+      - ["group:go-jose", "SigningKey", True, "Key", "", "", "", "credentials-key", "manual"]
diff --git a/go/ql/lib/ext/github.com.go-xmlpath.xmlpath.model.yml b/go/ql/lib/ext/github.com.go-xmlpath.xmlpath.model.yml
new file mode 100644
index 000000000000..cb891323562e
--- /dev/null
+++ b/go/ql/lib/ext/github.com.go-xmlpath.xmlpath.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/go-xmlpath/xmlpath", "", True, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/go-xmlpath/xmlpath", "", True, "MustCompile", "", "", "Argument[0]", "xpath-injection", "manual"]
diff --git a/go/ql/lib/ext/github.com.gogf.gf-jwt.model.yml b/go/ql/lib/ext/github.com.gogf.gf-jwt.model.yml
new file mode 100644
index 000000000000..fd98d1446e2b
--- /dev/null
+++ b/go/ql/lib/ext/github.com.gogf.gf-jwt.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/gogf/gf-jwt", "GfJWTMiddleware", True, "Key", "", "", "", "credentials-key", "manual"]
diff --git a/go/ql/lib/ext/github.com.jbowtie.gokogiri.model.yml b/go/ql/lib/ext/github.com.jbowtie.gokogiri.model.yml
new file mode 100644
index 000000000000..216517cae080
--- /dev/null
+++ b/go/ql/lib/ext/github.com.jbowtie.gokogiri.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/jbowtie/gokogiri/xpath", "", True, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
diff --git a/go/ql/lib/ext/github.com.jbowtie.gokogiri.xml.model.yml b/go/ql/lib/ext/github.com.jbowtie.gokogiri.xml.model.yml
new file mode 100644
index 000000000000..7b88d31cb0d4
--- /dev/null
+++ b/go/ql/lib/ext/github.com.jbowtie.gokogiri.xml.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/jbowtie/gokogiri/xml", "Node", True, "Search", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/jbowtie/gokogiri/xml", "Node", True, "SearchWithVariables", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/jbowtie/gokogiri/xml", "Node", True, "EvalXPath", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/jbowtie/gokogiri/xml", "Node", True, "EvalXPathAsBoolean", "", "", "Argument[0]", "xpath-injection", "manual"]
diff --git a/go/ql/lib/ext/github.com.kataras.iris.middleware.jwt.model.yml b/go/ql/lib/ext/github.com.kataras.iris.middleware.jwt.model.yml
index fecaa05d357e..52e7beacaabb 100644
--- a/go/ql/lib/ext/github.com.kataras.iris.middleware.jwt.model.yml
+++ b/go/ql/lib/ext/github.com.kataras.iris.middleware.jwt.model.yml
@@ -4,3 +4,4 @@ extensions:
       extensible: sinkModel
     data:
       - ["github.com/kataras/iris/middleware/jwt", "", True, "NewSigner", "", "", "Argument[1]", "credentials-key", "manual"]
+      - ["github.com/kataras/iris/middleware/jwt", "Signer", True, "Key", "", "", "", "credentials-key", "manual"]
diff --git a/go/ql/lib/ext/github.com.lestrrat-go.libxml2.parser.model.yml b/go/ql/lib/ext/github.com.lestrrat-go.libxml2.parser.model.yml
new file mode 100644
index 000000000000..90a6b381b640
--- /dev/null
+++ b/go/ql/lib/ext/github.com.lestrrat-go.libxml2.parser.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/lestrrat-go/libxml2/parser", "Parser", True, "Parse", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/lestrrat-go/libxml2/parser", "Parser", True, "ParseReader", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/lestrrat-go/libxml2/parser", "Parser", True, "ParseString", "", "", "Argument[0]", "xpath-injection", "manual"]
diff --git a/go/ql/lib/ext/github.com.santhosh-tekuri.xpathparser.model.yml b/go/ql/lib/ext/github.com.santhosh-tekuri.xpathparser.model.yml
new file mode 100644
index 000000000000..8ac0e02cedfd
--- /dev/null
+++ b/go/ql/lib/ext/github.com.santhosh-tekuri.xpathparser.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/santhosh-tekuri/xpathparser", "", True, "Parse", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/santhosh-tekuri/xpathparser", "", True, "MustParse", "", "", "Argument[0]", "xpath-injection", "manual"]
diff --git a/go/ql/lib/ext/github.com.valyala.fasthttp.model.yml b/go/ql/lib/ext/github.com.valyala.fasthttp.model.yml
index 8299c115d382..7faa69493d4d 100644
--- a/go/ql/lib/ext/github.com.valyala.fasthttp.model.yml
+++ b/go/ql/lib/ext/github.com.valyala.fasthttp.model.yml
@@ -1,4 +1,33 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/valyala/fasthttp", "", True, "Get", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "", True, "GetDeadline", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "", True, "GetTimeout", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "", True, "Post", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "", True, "Dial", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
+      - ["github.com/valyala/fasthttp", "", True, "DialDualStack", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
+      - ["github.com/valyala/fasthttp", "", True, "DialDualStackTimeout", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
+      - ["github.com/valyala/fasthttp", "", True, "DialTimeout", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
+      - ["github.com/valyala/fasthttp", "Client", True, "Get", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "Client", True, "GetDeadline", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "Client", True, "GetTimeout", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "Client", True, "Post", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "HostClient", True, "Get", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "HostClient", True, "GetDeadline", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "HostClient", True, "GetTimeout", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "HostClient", True, "Post", "", "", "Argument[1]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "Request", True, "SetHost", "", "", "Argument[0]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "Request", True, "SetHostBytes", "", "", "Argument[0]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "Request", True, "SetRequestURI", "", "", "Argument[0]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "Request", True, "SetRequestURIBytes", "", "", "Argument[0]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "Request", True, "SetURI", "", "", "Argument[0]", "request-forgery", "manual"]
+      - ["github.com/valyala/fasthttp", "TCPDialer", True, "Dial", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
+      - ["github.com/valyala/fasthttp", "TCPDialer", True, "DialDualStack", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
+      - ["github.com/valyala/fasthttp", "TCPDialer", True, "DialDualStackTimeout", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
+      - ["github.com/valyala/fasthttp", "TCPDialer", True, "DialTimeout", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
@@ -8,7 +37,6 @@ extensions:
       - ["github.com/valyala/fasthttp", "URI", False, "Update", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
       - ["github.com/valyala/fasthttp", "URI", False, "UpdateBytes", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
       - ["github.com/valyala/fasthttp", "URI", False, "Parse", "", "", "Argument[0..1]", "Argument[receiver]", "taint", "manual"]
-
   - addsTo:
       pack: codeql/go-all
       extensible: sourceModel
diff --git a/go/ql/lib/go.qll b/go/ql/lib/go.qll
index 81fbb9c3264b..42da6af149ae 100644
--- a/go/ql/lib/go.qll
+++ b/go/ql/lib/go.qll
@@ -44,7 +44,6 @@ import semmle.go.frameworks.Fiber
 import semmle.go.frameworks.Gin
 import semmle.go.frameworks.GinCors
 import semmle.go.frameworks.Glog
-import semmle.go.frameworks.Gogf
 import semmle.go.frameworks.GoJose
 import semmle.go.frameworks.GoKit
 import semmle.go.frameworks.GoMicro
diff --git a/go/ql/lib/semmle/go/frameworks/Fasthttp.qll b/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
index adc55547bb78..e0ec0293ef2a 100644
--- a/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
@@ -213,13 +213,15 @@ module Fasthttp {
     }
 
     /**
+     * DEPRECATED: Use `RequestForgery::Sink` instead.
+     *
      * A function that sends HTTP requests.
      *
      * Get* send a HTTP GET request.
      * Post send a HTTP POST request.
      * These functions first argument is a URL.
      */
-    class RequestForgerySink extends RequestForgery::Sink {
+    deprecated class RequestForgerySink extends RequestForgery::Sink {
       RequestForgerySink() {
         exists(Function f |
           f.hasQualifiedName(packagePath(), ["Get", "GetDeadline", "GetTimeout", "Post"]) and
@@ -233,10 +235,12 @@ module Fasthttp {
     }
 
     /**
+     * DEPRECATED: Use `RequestForgery::Sink` instead.
+     *
      * A function that create initial connection to a TCP address.
      * Following Functions only accept TCP address + Port in their first argument.
      */
-    class RequestForgerySinkDial extends RequestForgery::Sink {
+    deprecated class RequestForgerySinkDial extends RequestForgery::Sink {
       RequestForgerySinkDial() {
         exists(Function f |
           f.hasQualifiedName(packagePath(),
@@ -308,15 +312,19 @@ module Fasthttp {
   }
 
   /**
+   * DEPRECATED
+   *
    * Provide modeling for fasthttp.TCPDialer Type.
    */
-  module TcpDialer {
+  deprecated module TcpDialer {
     /**
+     * DEPRECATED: Use `RequestForgery::Sink` instead.
+     *
      * A method that create initial connection to a TCP address.
      * Provide Methods which can be used as dangerous RequestForgery Sinks.
      * Following Methods only accept TCP address + Port in their first argument.
      */
-    class RequestForgerySinkDial extends RequestForgery::Sink {
+    deprecated class RequestForgerySinkDial extends RequestForgery::Sink {
       RequestForgerySinkDial() {
         exists(Method m |
           m.hasQualifiedName(packagePath(), "TCPDialer",
@@ -332,16 +340,20 @@ module Fasthttp {
   }
 
   /**
+   * DEPRECATED
+   *
    * Provide modeling for fasthttp.Client Type.
    */
-  module Client {
+  deprecated module Client {
     /**
+     * DEPRECATED: Use `RequestForgery::Sink` instead.
+     *
      * A method that sends HTTP requests.
      * Get* send a HTTP GET request.
      * Post send a HTTP POST request.
      * these Functions first arguments is a URL.
      */
-    class RequestForgerySink extends RequestForgery::Sink {
+    deprecated class RequestForgerySink extends RequestForgery::Sink {
       RequestForgerySink() {
         exists(Method m |
           m.hasQualifiedName(packagePath(), "Client", ["Get", "GetDeadline", "GetTimeout", "Post"]) and
@@ -356,16 +368,20 @@ module Fasthttp {
   }
 
   /**
+   * DEPRECATED
+   *
    * Provide modeling for fasthttp.HostClient Type.
    */
-  module HostClient {
+  deprecated module HostClient {
     /**
+     * DEPRECATED: Use `RequestForgery::Sink` instead.
+     *
      * A method that sends HTTP requests.
      * Get* send a HTTP GET request.
      * Post send a HTTP POST request.
      * these Functions first arguments is a URL.
      */
-    class RequestForgerySink extends RequestForgery::Sink {
+    deprecated class RequestForgerySink extends RequestForgery::Sink {
       RequestForgerySink() {
         exists(Method m |
           m.hasQualifiedName(packagePath(), "HostClient",
@@ -434,12 +450,14 @@ module Fasthttp {
     }
 
     /**
+     * DEPRECATED: Use `RequestForgery::Sink` instead.
+     *
      * A method that create the URL and Host parts of a `Request` type.
      *
      * This instance of `Request` type can be used in some functions/methods
      * like `func Do(req *Request, resp *Response) error` that will lead to server side request forgery vulnerability.
      */
-    class RequestForgerySink extends RequestForgery::Sink {
+    deprecated class RequestForgerySink extends RequestForgery::Sink {
       RequestForgerySink() {
         exists(Method m |
           m.hasQualifiedName(packagePath(), "Request",
diff --git a/go/ql/lib/semmle/go/frameworks/Gin.qll b/go/ql/lib/semmle/go/frameworks/Gin.qll
index 7773c8f9a134..e91ef2565d05 100644
--- a/go/ql/lib/semmle/go/frameworks/Gin.qll
+++ b/go/ql/lib/semmle/go/frameworks/Gin.qll
@@ -3,7 +3,6 @@
  */
 
 import go
-private import semmle.go.security.HardcodedCredentials
 
 private module Gin {
   /** Gets the package name `github.com/gin-gonic/gin`. */
@@ -30,13 +29,4 @@ private module Gin {
 
     override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) }
   }
-
-  private class GinJwtSign extends HardcodedCredentials::Sink {
-    GinJwtSign() {
-      exists(Field f |
-        f.hasQualifiedName(package("github.com/appleboy/gin-jwt", ""), "GinJWTMiddleware", "Key") and
-        f.getAWrite().getRhs() = this
-      )
-    }
-  }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/GoJose.qll b/go/ql/lib/semmle/go/frameworks/GoJose.qll
index faae97b2d9f1..1d74735ebfab 100644
--- a/go/ql/lib/semmle/go/frameworks/GoJose.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoJose.qll
@@ -4,26 +4,8 @@
  */
 
 import go
-private import semmle.go.security.HardcodedCredentials
 
 private module GoJose {
-  private class GoJoseKey extends HardcodedCredentials::Sink {
-    GoJoseKey() {
-      exists(Field f |
-        f.hasQualifiedName(goJosePackage(), ["Recipient", "SigningKey"], "Key") and
-        f.getAWrite().getRhs() = this
-      )
-    }
-  }
-
-  private string goJosePackage() {
-    result =
-      [
-        package("github.com/square/go-jose", ""), package("github.com/go-jose/go-jose", ""),
-        "gopkg.in/square/go-jose.v2"
-      ]
-  }
-
   /**
    * Provides classes and predicates for working with the `gopkg.in/square/go-jose/jwt` and
    * `github.com/go-jose/go-jose/jwt` packages.
diff --git a/go/ql/lib/semmle/go/frameworks/Gogf.qll b/go/ql/lib/semmle/go/frameworks/Gogf.qll
deleted file mode 100644
index 1ef78b3bb692..000000000000
--- a/go/ql/lib/semmle/go/frameworks/Gogf.qll
+++ /dev/null
@@ -1,17 +0,0 @@
-/**
- * Provides classes for working the `github.com/gogf` package.
- */
-
-import go
-private import semmle.go.security.HardcodedCredentials
-
-private module Gogf {
-  private class GogfJwtSign extends HardcodedCredentials::Sink {
-    GogfJwtSign() {
-      exists(Field f |
-        f.hasQualifiedName(package("github.com/gogf/gf-jwt", ""), "GfJWTMiddleware", "Key") and
-        f.getAWrite().getRhs() = this
-      )
-    }
-  }
-}
diff --git a/go/ql/lib/semmle/go/frameworks/Iris.qll b/go/ql/lib/semmle/go/frameworks/Iris.qll
index b241ce8e5387..bb965769d5c4 100644
--- a/go/ql/lib/semmle/go/frameworks/Iris.qll
+++ b/go/ql/lib/semmle/go/frameworks/Iris.qll
@@ -3,7 +3,6 @@
  */
 
 import go
-private import semmle.go.security.HardcodedCredentials
 
 private module Iris {
   /** Gets the v1 module path `github.com/kataras/iris`. */
@@ -47,13 +46,4 @@ private module Iris {
 
     override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) }
   }
-
-  private class IrisJwt extends HardcodedCredentials::Sink {
-    IrisJwt() {
-      exists(Field f |
-        f.hasQualifiedName(package("github.com/kataras/iris", "middleware/jwt"), "Signer", "Key") and
-        f.getAWrite().getRhs() = this
-      )
-    }
-  }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/XPath.qll b/go/ql/lib/semmle/go/frameworks/XPath.qll
index 5ef6cf0088cc..8aea6a210214 100644
--- a/go/ql/lib/semmle/go/frameworks/XPath.qll
+++ b/go/ql/lib/semmle/go/frameworks/XPath.qll
@@ -3,6 +3,7 @@
  */
 
 import go
+import semmle.go.dataflow.ExternalFlow
 
 /** Provides classes for working with XPath-related APIs. */
 module XPath {
@@ -24,186 +25,24 @@ module XPath {
      */
     abstract class Range extends DataFlow::Node { }
 
-    /**
-     * An XPath expression string used in an API function of the
-     * [XPath](https://github.com/antchfx/xpath) package.
-     */
-    private class AntchfxXpathXPathExpressionString extends Range {
-      AntchfxXpathXPathExpressionString() {
-        exists(Function f, string name | name.matches("Compile%") |
-          f.hasQualifiedName(package("github.com/antchfx/xpath", ""), name) and
-          this = f.getACall().getArgument(0)
-        )
-        or
-        exists(Function f, string name | name.matches("MustCompile%") |
-          f.hasQualifiedName(package("github.com/antchfx/xpath", ""), name) and
-          this = f.getACall().getArgument(0)
-        )
-        or
-        exists(Function f, string name | name.matches("Select%") |
-          f.hasQualifiedName(package("github.com/antchfx/xpath", ""), name) and
-          this = f.getACall().getArgument(1)
-        )
-      }
-    }
-
-    /**
-     * An XPath expression string used in an API function of the
-     * [htmlquery](https://github.com/antchfx/htmlquery) package.
-     */
-    private class AntchfxHtmlqueryXPathExpressionString extends Range {
-      AntchfxHtmlqueryXPathExpressionString() {
-        exists(Function f, string name | name.matches("Find%") |
-          f.hasQualifiedName(package("github.com/antchfx/htmlquery", ""), name) and
-          this = f.getACall().getArgument(1)
-        )
-        or
-        exists(Function f, string name | name.matches("Query%") |
-          f.hasQualifiedName(package("github.com/antchfx/htmlquery", ""), name) and
-          this = f.getACall().getArgument(1)
-        )
-      }
-    }
-
-    /**
-     * An XPath expression string used in an API function of the
-     * [xmlquery](https://github.com/antchfx/xmlquery) package.
-     */
-    private class AntchfxXmlqueryXPathExpressionString extends Range {
-      AntchfxXmlqueryXPathExpressionString() {
-        exists(Function f, string name | name.matches("Find%") |
-          f.hasQualifiedName(package("github.com/antchfx/xmlquery", ""), name) and
-          this = f.getACall().getArgument(1)
-        )
-        or
-        exists(Function f, string name | name.matches("Query%") |
-          f.hasQualifiedName(package("github.com/antchfx/xmlquery", ""), name) and
-          this = f.getACall().getArgument(1)
-        )
-        or
-        exists(Method m, string name | name.matches("Select%") |
-          m.hasQualifiedName(package("github.com/antchfx/xmlquery", ""), "Node", name) and
-          this = m.getACall().getArgument(0)
-        )
-      }
-    }
-
-    /**
-     * An XPath expression string used in an API function of the
-     * [jsonquery](https://github.com/antchfx/jsonquery) package.
-     */
-    private class AntchfxJsonqueryXPathExpressionString extends Range {
-      AntchfxJsonqueryXPathExpressionString() {
-        exists(Function f, string name | name.matches("Find%") |
-          f.hasQualifiedName(package("github.com/antchfx/jsonquery", ""), name) and
-          this = f.getACall().getArgument(1)
-        )
-        or
-        exists(Function f, string name | name.matches("Query%") |
-          f.hasQualifiedName(package("github.com/antchfx/jsonquery", ""), name) and
-          this = f.getACall().getArgument(1)
-        )
-      }
-    }
-
-    /**
-     * An XPath expression string used in an API function of the
-     * [xmlpath](https://github.com/go-xmlpath/xmlpath) package.
-     */
-    private class GoXmlpathXmlpathXPathExpressionString extends Range {
-      GoXmlpathXmlpathXPathExpressionString() {
-        exists(Function f, string name | name.matches("Compile%") |
-          f.hasQualifiedName(XmlPath::packagePath(), name) and
-          this = f.getACall().getArgument(0)
-        )
-        or
-        exists(Function f, string name | name.matches("MustCompile%") |
-          f.hasQualifiedName(XmlPath::packagePath(), name) and
-          this = f.getACall().getArgument(0)
-        )
-      }
-    }
-
-    /**
-     * An XPath expression string used in an API function of the
-     * [goxpath](https://github.com/ChrisTrenkamp/goxpath) package.
-     */
-    private class ChrisTrenkampGoxpathXPathExpressionString extends Range {
-      ChrisTrenkampGoxpathXPathExpressionString() {
-        exists(Function f, string name | name.matches("Parse%") |
-          f.hasQualifiedName(package("github.com/ChrisTrenkamp/goxpath", ""), name) and
-          this = f.getACall().getArgument(0)
-        )
-        or
-        exists(Function f, string name | name.matches("MustParse%") |
-          f.hasQualifiedName(package("github.com/ChrisTrenkamp/goxpath", ""), name) and
-          this = f.getACall().getArgument(0)
-        )
-      }
-    }
-
-    /**
-     * An XPath expression string used in an API function of the
-     * [lestrrat-go/libxml2](https://github.com/lestrrat-go/libxml2) package.
-     */
-    private class LestratGoLibxml2XPathExpressionString extends Range {
-      LestratGoLibxml2XPathExpressionString() {
-        exists(Method m, string name | name.matches("Parse%") |
-          m.hasQualifiedName(package("github.com/lestrrat-go/libxml2", "parser"), "Parser", name) and
-          this = m.getACall().getArgument(0)
-        )
-      }
-    }
-
-    /**
-     * An XPath expression string used in an API function of the
-     * [xpathparser](https://github.com/santhosh-tekuri/xpathparser) package.
-     */
-    private class SanthoshTekuriXpathparserXPathExpressionString extends Range {
-      SanthoshTekuriXpathparserXPathExpressionString() {
-        exists(Function f, string name | name.matches("Parse%") |
-          f.hasQualifiedName(package("github.com/santhosh-tekuri/xpathparser", ""), name) and
-          this = f.getACall().getArgument(0)
-        )
-        or
-        exists(Function f, string name | name.matches("MustParse%") |
-          f.hasQualifiedName(package("github.com/santhosh-tekuri/xpathparser", ""), name) and
-          this = f.getACall().getArgument(0)
-        )
-      }
-    }
-
-    /**
-     * An XPath expression string used in an API function of the
-     * [gokogiri]https://github.com/jbowtie/gokogiri) package.
-     */
-    private class JbowtieGokogiriXPathExpressionString extends Range {
-      JbowtieGokogiriXPathExpressionString() {
-        exists(Function f, string name | name.matches("Compile%") |
-          f.hasQualifiedName(package("github.com/jbowtie/gokogiri", "xpath"), name) and
-          this = f.getACall().getArgument(0)
-        )
-        or
-        exists(Method m, string name | name.matches("Search%") |
-          m.hasQualifiedName(package("github.com/jbowtie/gokogiri", "xml"), "Node", name) and
-          this = m.getACall().getArgument(0)
-        )
-        or
-        exists(Method m, string name | name.matches("EvalXPath%") |
-          m.hasQualifiedName(package("github.com/jbowtie/gokogiri", "xml"), "Node", name) and
-          this = m.getACall().getArgument(0)
-        )
-      }
+    private class DefaultXPathExpressionString extends Range {
+      DefaultXPathExpressionString() { sinkNode(this, "xpath-injection") }
     }
   }
 }
 
 /**
+ * DEPRECATED
+ *
  * Provides classes for working with the [xmlpath](https://gopkg.in/xmlpath.v2) package.
  */
-module XmlPath {
-  /** Gets the package name `github.com/go-xmlpath/xmlpath` or `gopkg.in/xmlpath`. */
-  string packagePath() {
+deprecated module XmlPath {
+  /**
+   * DEPRECATED
+   *
+   * Gets the package name `github.com/go-xmlpath/xmlpath` or `gopkg.in/xmlpath`.
+   */
+  deprecated string packagePath() {
     result = package(["github.com/go-xmlpath/xmlpath", "gopkg.in/xmlpath"], "")
   }
 }
diff --git a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
index 9d87494cc8f1..b56395cceedd 100644
--- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
@@ -8,6 +8,7 @@ import SafeUrlFlowCustomizations
 import semmle.go.dataflow.barrierguardutil.RedirectCheckBarrierGuard
 import semmle.go.dataflow.barrierguardutil.RegexpCheck
 import semmle.go.dataflow.barrierguardutil.UrlCheck
+import semmle.go.dataflow.ExternalFlow
 
 /** Provides classes and predicates for the request forgery query. */
 module RequestForgery {
@@ -42,6 +43,22 @@ module RequestForgery {
    */
   private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { }
 
+  private class DefaultRequestForgerySink extends Sink {
+    string kind;
+
+    DefaultRequestForgerySink() {
+      exists(string modelKind | sinkNode(this, modelKind) |
+        modelKind = "request-forgery" and kind = "URL"
+        or
+        modelKind = "request-forgery[" + kind + "]"
+      )
+    }
+
+    override DataFlow::Node getARequest() { result = this }
+
+    override string getKind() { result = kind }
+  }
+
   /**
    * The URL of an HTTP request, viewed as a sink for request forgery.
    */
diff --git a/go/ql/test/experimental/CWE-090/LDAPInjection.expected b/go/ql/test/experimental/CWE-090/LDAPInjection.expected
index 514d04162892..4398f9df10c3 100644
--- a/go/ql/test/experimental/CWE-090/LDAPInjection.expected
+++ b/go/ql/test/experimental/CWE-090/LDAPInjection.expected
@@ -1,18 +1,18 @@
 edges
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:794  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:794  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:862  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:862  |
 | LDAPInjection.go:62:3:62:33 | slice literal [array] | LDAPInjection.go:62:3:62:33 | slice literal | provenance |  |
 | LDAPInjection.go:62:24:62:32 | untrusted | LDAPInjection.go:62:3:62:33 | slice literal [array] | provenance |  |
 | LDAPInjection.go:69:3:69:33 | slice literal [array] | LDAPInjection.go:69:3:69:33 | slice literal | provenance |  |
diff --git a/go/ql/test/experimental/CWE-203/Timing.expected b/go/ql/test/experimental/CWE-203/Timing.expected
index 11ccfa802c34..1e68d0d24d6b 100644
--- a/go/ql/test/experimental/CWE-203/Timing.expected
+++ b/go/ql/test/experimental/CWE-203/Timing.expected
@@ -1,9 +1,9 @@
 edges
-| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | Src:MaD:800 MaD:775 |
+| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | Src:MaD:868 MaD:843 |
 | timing.go:15:18:15:45 | call to Get | timing.go:17:31:17:42 | headerSecret | provenance |  |
-| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | Src:MaD:800 MaD:775 |
+| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | Src:MaD:868 MaD:843 |
 | timing.go:28:18:28:45 | call to Get | timing.go:30:47:30:58 | headerSecret | provenance |  |
-| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | Src:MaD:800 MaD:775 |
+| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | Src:MaD:868 MaD:843 |
 | timing.go:41:18:41:45 | call to Get | timing.go:42:25:42:36 | headerSecret | provenance |  |
 nodes
 | timing.go:15:18:15:27 | selection of Header | semmle.label | selection of Header |
diff --git a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected
index e1b5b23f1ddf..4de7d4230d34 100644
--- a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected
+++ b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected
@@ -1,5 +1,5 @@
 edges
-| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword | provenance |  |
 | ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | provenance |  |
 nodes
diff --git a/go/ql/test/experimental/CWE-369/DivideByZero.expected b/go/ql/test/experimental/CWE-369/DivideByZero.expected
index f9e0a4905cb5..490d6de70fad 100644
--- a/go/ql/test/experimental/CWE-369/DivideByZero.expected
+++ b/go/ql/test/experimental/CWE-369/DivideByZero.expected
@@ -1,24 +1,24 @@
 edges
-| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:11:27:11:32 | param1 | provenance |  |
 | DivideByZero.go:11:2:11:33 | ... := ...[0] | DivideByZero.go:12:16:12:20 | value | provenance |  |
 | DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] | provenance | Config |
-| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | DivideByZero.go:17:12:17:24 | call to Query | DivideByZero.go:18:11:18:24 | type conversion | provenance |  |
 | DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value | provenance |  |
-| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:25:31:25:36 | param1 | provenance |  |
 | DivideByZero.go:25:2:25:45 | ... := ...[0] | DivideByZero.go:26:16:26:20 | value | provenance |  |
 | DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] | provenance | Config |
-| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:32:33:32:38 | param1 | provenance |  |
 | DivideByZero.go:32:2:32:43 | ... := ...[0] | DivideByZero.go:33:16:33:20 | value | provenance |  |
 | DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] | provenance | Config |
-| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:39:32:39:37 | param1 | provenance |  |
 | DivideByZero.go:39:2:39:46 | ... := ...[0] | DivideByZero.go:40:16:40:20 | value | provenance |  |
 | DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] | provenance | Config |
-| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | DivideByZero.go:54:12:54:24 | call to Query | DivideByZero.go:55:11:55:24 | type conversion | provenance |  |
 | DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value | provenance |  |
 nodes
diff --git a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
index 324734afd6c8..5b8a77d383dc 100644
--- a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
+++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
@@ -1,24 +1,24 @@
 edges
-| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:790  |
-| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | definition of file | provenance | Src:MaD:795  |
-| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | definition of file | provenance | Src:MaD:795  |
-| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | definition of file | provenance | Src:MaD:795  |
-| test.go:64:8:64:19 | selection of Body | test.go:208:12:208:15 | definition of file | provenance | Src:MaD:795  |
-| test.go:66:8:66:19 | selection of Body | test.go:233:12:233:15 | definition of file | provenance | Src:MaD:795  |
-| test.go:68:17:68:28 | selection of Body | test.go:258:21:258:24 | definition of file | provenance | Src:MaD:795  |
-| test.go:70:13:70:24 | selection of Body | test.go:283:17:283:20 | definition of file | provenance | Src:MaD:795  |
-| test.go:72:16:72:27 | selection of Body | test.go:308:20:308:23 | definition of file | provenance | Src:MaD:795  |
-| test.go:74:7:74:18 | selection of Body | test.go:333:11:333:14 | definition of file | provenance | Src:MaD:795  |
-| test.go:76:9:76:20 | selection of Body | test.go:358:13:358:16 | definition of file | provenance | Src:MaD:795  |
-| test.go:78:18:78:29 | selection of Body | test.go:384:22:384:25 | definition of file | provenance | Src:MaD:795  |
-| test.go:80:5:80:16 | selection of Body | test.go:412:9:412:12 | definition of file | provenance | Src:MaD:795  |
-| test.go:82:7:82:18 | selection of Body | test.go:447:11:447:14 | definition of file | provenance | Src:MaD:795  |
-| test.go:84:15:84:26 | selection of Body | test.go:440:19:440:21 | definition of src | provenance | Src:MaD:795  |
-| test.go:85:16:85:27 | selection of Body | test.go:472:20:472:23 | definition of file | provenance | Src:MaD:795  |
-| test.go:87:16:87:27 | selection of Body | test.go:499:20:499:23 | definition of file | provenance | Src:MaD:795  |
-| test.go:89:17:89:28 | selection of Body | test.go:526:21:526:24 | definition of file | provenance | Src:MaD:795  |
-| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | definition of file | provenance | Src:MaD:795  |
-| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | definition of file | provenance | Src:MaD:795  |
+| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:858  |
+| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | definition of file | provenance | Src:MaD:863  |
+| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | definition of file | provenance | Src:MaD:863  |
+| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | definition of file | provenance | Src:MaD:863  |
+| test.go:64:8:64:19 | selection of Body | test.go:208:12:208:15 | definition of file | provenance | Src:MaD:863  |
+| test.go:66:8:66:19 | selection of Body | test.go:233:12:233:15 | definition of file | provenance | Src:MaD:863  |
+| test.go:68:17:68:28 | selection of Body | test.go:258:21:258:24 | definition of file | provenance | Src:MaD:863  |
+| test.go:70:13:70:24 | selection of Body | test.go:283:17:283:20 | definition of file | provenance | Src:MaD:863  |
+| test.go:72:16:72:27 | selection of Body | test.go:308:20:308:23 | definition of file | provenance | Src:MaD:863  |
+| test.go:74:7:74:18 | selection of Body | test.go:333:11:333:14 | definition of file | provenance | Src:MaD:863  |
+| test.go:76:9:76:20 | selection of Body | test.go:358:13:358:16 | definition of file | provenance | Src:MaD:863  |
+| test.go:78:18:78:29 | selection of Body | test.go:384:22:384:25 | definition of file | provenance | Src:MaD:863  |
+| test.go:80:5:80:16 | selection of Body | test.go:412:9:412:12 | definition of file | provenance | Src:MaD:863  |
+| test.go:82:7:82:18 | selection of Body | test.go:447:11:447:14 | definition of file | provenance | Src:MaD:863  |
+| test.go:84:15:84:26 | selection of Body | test.go:440:19:440:21 | definition of src | provenance | Src:MaD:863  |
+| test.go:85:16:85:27 | selection of Body | test.go:472:20:472:23 | definition of file | provenance | Src:MaD:863  |
+| test.go:87:16:87:27 | selection of Body | test.go:499:20:499:23 | definition of file | provenance | Src:MaD:863  |
+| test.go:89:17:89:28 | selection of Body | test.go:526:21:526:24 | definition of file | provenance | Src:MaD:863  |
+| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | definition of file | provenance | Src:MaD:863  |
+| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | definition of file | provenance | Src:MaD:863  |
 | test.go:128:20:128:27 | definition of filename | test.go:130:33:130:40 | filename | provenance |  |
 | test.go:128:20:128:27 | definition of filename | test.go:143:51:143:58 | filename | provenance |  |
 | test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance |  |
@@ -31,7 +31,7 @@ edges
 | test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance |  |
 | test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance |  |
 | test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance |  |
-| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:667 |
+| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:735 |
 | test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance |  |
 | test.go:160:32:160:53 | call to NewReader | test.go:160:2:160:69 | ... := ...[0] | provenance | Config |
 | test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:46 |
@@ -39,7 +39,7 @@ edges
 | test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:8 |
 | test.go:169:28:169:31 | definition of file | test.go:170:25:170:28 | file | provenance |  |
 | test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance |  |
-| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:667 |
+| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:735 |
 | test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance |  |
 | test.go:171:41:171:62 | call to NewReader | test.go:171:2:171:78 | ... := ...[0] | provenance | Config |
 | test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:46 |
diff --git a/go/ql/test/experimental/CWE-74/DsnInjection.expected b/go/ql/test/experimental/CWE-74/DsnInjection.expected
index 901f9fed3682..afdf32bc72e8 100644
--- a/go/ql/test/experimental/CWE-74/DsnInjection.expected
+++ b/go/ql/test/experimental/CWE-74/DsnInjection.expected
@@ -1,5 +1,5 @@
 edges
-| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:49:102:49:105 | name | provenance | Src:MaD:790  |
+| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:49:102:49:105 | name | provenance | Src:MaD:858  |
 | Dsn.go:49:11:49:106 | []type{args} [array] | Dsn.go:49:11:49:106 | call to Sprintf | provenance | MaD:248 |
 | Dsn.go:49:11:49:106 | call to Sprintf | Dsn.go:50:29:50:33 | dbDSN | provenance |  |
 | Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | []type{args} [array] | provenance |  |
diff --git a/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected b/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected
index 28eb20587b68..b76894d86c87 100644
--- a/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected
+++ b/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected
@@ -1,28 +1,28 @@
 edges
 | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | HTMLTemplateEscapingPassthrough.go:30:39:30:39 | a | provenance |  |
-| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | provenance | Src:MaD:794  |
+| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | provenance | Src:MaD:862  |
 | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | HTMLTemplateEscapingPassthrough.go:36:40:36:40 | a | provenance |  |
-| HTMLTemplateEscapingPassthrough.go:35:23:35:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | provenance | Src:MaD:794  |
+| HTMLTemplateEscapingPassthrough.go:35:23:35:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | provenance | Src:MaD:862  |
 | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | HTMLTemplateEscapingPassthrough.go:41:40:41:40 | a | provenance |  |
-| HTMLTemplateEscapingPassthrough.go:40:19:40:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | provenance | Src:MaD:794  |
+| HTMLTemplateEscapingPassthrough.go:40:19:40:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | provenance | Src:MaD:862  |
 | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | HTMLTemplateEscapingPassthrough.go:47:41:47:41 | c | provenance |  |
-| HTMLTemplateEscapingPassthrough.go:46:29:46:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | provenance | Src:MaD:794  |
+| HTMLTemplateEscapingPassthrough.go:46:29:46:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | provenance | Src:MaD:862  |
 | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | HTMLTemplateEscapingPassthrough.go:51:44:51:44 | d | provenance |  |
-| HTMLTemplateEscapingPassthrough.go:50:23:50:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | provenance | Src:MaD:794  |
+| HTMLTemplateEscapingPassthrough.go:50:23:50:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | provenance | Src:MaD:862  |
 | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | HTMLTemplateEscapingPassthrough.go:55:44:55:44 | e | provenance |  |
-| HTMLTemplateEscapingPassthrough.go:54:26:54:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | provenance | Src:MaD:794  |
+| HTMLTemplateEscapingPassthrough.go:54:26:54:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | provenance | Src:MaD:862  |
 | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | HTMLTemplateEscapingPassthrough.go:59:38:59:38 | b | provenance |  |
-| HTMLTemplateEscapingPassthrough.go:58:24:58:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | provenance | Src:MaD:794  |
+| HTMLTemplateEscapingPassthrough.go:58:24:58:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | provenance | Src:MaD:862  |
 | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | HTMLTemplateEscapingPassthrough.go:63:44:63:44 | f | provenance |  |
-| HTMLTemplateEscapingPassthrough.go:62:27:62:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | provenance | Src:MaD:794  |
+| HTMLTemplateEscapingPassthrough.go:62:27:62:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | provenance | Src:MaD:862  |
 | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | HTMLTemplateEscapingPassthrough.go:67:38:67:38 | g | provenance |  |
-| HTMLTemplateEscapingPassthrough.go:66:24:66:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | provenance | Src:MaD:794  |
-| HTMLTemplateEscapingPassthrough.go:75:17:75:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:76:38:76:44 | escaped | provenance | Src:MaD:794  |
-| HTMLTemplateEscapingPassthrough.go:81:10:81:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:84:38:84:40 | src | provenance | Src:MaD:794  |
-| HTMLTemplateEscapingPassthrough.go:89:10:89:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | provenance | Src:MaD:794  |
+| HTMLTemplateEscapingPassthrough.go:66:24:66:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | provenance | Src:MaD:862  |
+| HTMLTemplateEscapingPassthrough.go:75:17:75:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:76:38:76:44 | escaped | provenance | Src:MaD:862  |
+| HTMLTemplateEscapingPassthrough.go:81:10:81:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:84:38:84:40 | src | provenance | Src:MaD:862  |
+| HTMLTemplateEscapingPassthrough.go:89:10:89:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | provenance | Src:MaD:862  |
 | HTMLTemplateEscapingPassthrough.go:91:16:91:77 | type conversion | HTMLTemplateEscapingPassthrough.go:92:38:92:46 | converted | provenance |  |
 | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | HTMLTemplateEscapingPassthrough.go:91:16:91:77 | type conversion | provenance |  |
-| HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | provenance | MaD:642 |
+| HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | provenance | MaD:710 |
 nodes
 | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | semmle.label | type conversion |
 | HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | semmle.label | call to UserAgent |
diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected
index 1e8f3bcd393c..091d87da33e3 100644
--- a/go/ql/test/experimental/CWE-918/SSRF.expected
+++ b/go/ql/test/experimental/CWE-918/SSRF.expected
@@ -1,12 +1,12 @@
 edges
-| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:790  |
-| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:793  |
-| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:793  |
-| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:793  |
-| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:793  |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:402  |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:402  |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:402  |
+| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:858  |
+| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:861  |
+| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:861  |
+| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:861  |
+| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:861  |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:426  |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:426  |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:426  |
 | new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:248 |
 | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | []type{args} [array] | provenance |  |
 | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | FunctionModel |
@@ -16,10 +16,10 @@ edges
 | new-tests.go:35:12:35:58 | []type{args} [array] | new-tests.go:35:12:35:58 | call to Sprintf | provenance | MaD:248 |
 | new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | []type{args} [array] | provenance |  |
 | new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf | provenance | FunctionModel |
-| new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | Src:MaD:391  |
-| new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:396  |
+| new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | Src:MaD:415  |
+| new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:420  |
 | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance |  |
-| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:795 MaD:660 |
+| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:863 MaD:728 |
 | new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:187 |
 | new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word | provenance |  |
 | new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe | provenance |  |
@@ -33,14 +33,14 @@ edges
 | new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:248 |
 | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | []type{args} [array] | provenance |  |
 | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | FunctionModel |
-| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | Src:MaD:802 MaD:863 |
-| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:870 |
+| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | Src:MaD:870 MaD:931 |
+| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:938 |
 | new-tests.go:78:18:78:46 | call to Get | new-tests.go:79:11:79:46 | ...+... | provenance |  |
 | new-tests.go:81:18:81:67 | call to TrimPrefix | new-tests.go:82:11:82:46 | ...+... | provenance |  |
-| new-tests.go:81:37:81:43 | selection of URL | new-tests.go:81:37:81:48 | selection of Path | provenance | Src:MaD:802  |
-| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:988 |
-| new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | provenance | Src:MaD:447  |
-| new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | provenance | Src:MaD:408  |
+| new-tests.go:81:37:81:43 | selection of URL | new-tests.go:81:37:81:48 | selection of Path | provenance | Src:MaD:870  |
+| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:1056 |
+| new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | provenance | Src:MaD:479  |
+| new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | provenance | Src:MaD:432  |
 nodes
 | builtin.go:19:12:19:34 | call to FormValue | semmle.label | call to FormValue |
 | builtin.go:22:21:22:62 | ...+... | semmle.label | ...+... |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected
index dd113996a23e..c8e291d9d56e 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected
@@ -1,10 +1,10 @@
 edges
 | Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance |  |
-| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:795 MaD:673 |
+| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:863 MaD:741 |
 | Builtin.go:12:2:12:2 | definition of b | Builtin.go:17:9:17:17 | type conversion | provenance |  |
-| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:795 MaD:673 |
+| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:863 MaD:741 |
 | Builtin.go:21:2:21:2 | definition of b | Builtin.go:24:10:24:18 | type conversion | provenance |  |
-| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:795 MaD:673 |
+| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:863 MaD:741 |
 nodes
 | Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b |
 | Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest1.expected b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest1.expected
index 30671016dced..df4e50774032 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest1.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest1.expected
@@ -1,6 +1,6 @@
 edges
-| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:802 MaD:863 |
-| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:870 |
+| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:870 MaD:931 |
+| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:938 |
 | test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance |  |
 nodes
 | test.go:32:11:32:15 | selection of URL | semmle.label | selection of URL |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest2.expected b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest2.expected
index 3d4edb738084..6db9e75c7b3b 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest2.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest2.expected
@@ -1,7 +1,7 @@
 edges
 | test.go:27:11:27:63 | call to ExecuteQuery | test.go:28:7:28:11 | query | provenance | Src:MaD:1  |
-| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:802 MaD:863 |
-| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:870 |
+| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:870 MaD:931 |
+| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:938 |
 | test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance |  |
 nodes
 | test.go:27:11:27:63 | call to ExecuteQuery | semmle.label | call to ExecuteQuery |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest3.expected b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest3.expected
index 401b39a979a5..e524ca468680 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest3.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest3.expected
@@ -2,8 +2,8 @@ edges
 | test.go:9:10:9:40 | call to ReadEnvironment | test.go:11:7:11:29 | ...+... | provenance | Src:MaD:2  |
 | test.go:15:9:15:32 | call to GetCliArg | test.go:17:7:17:28 | ...+... | provenance | Src:MaD:4  |
 | test.go:27:11:27:63 | call to ExecuteQuery | test.go:28:7:28:11 | query | provenance | Src:MaD:1  |
-| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:802 MaD:863 |
-| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:870 |
+| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:870 MaD:931 |
+| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:938 |
 | test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance |  |
 nodes
 | test.go:9:10:9:40 | call to ReadEnvironment | semmle.label | call to ReadEnvironment |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest4.expected b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest4.expected
index c5d3e018e70c..75ac714260ec 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest4.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest4.expected
@@ -3,8 +3,8 @@ edges
 | test.go:15:9:15:32 | call to GetCliArg | test.go:17:7:17:28 | ...+... | provenance | Src:MaD:4  |
 | test.go:21:11:21:36 | call to GetCustom | test.go:23:7:23:30 | ...+... | provenance | Src:MaD:3  |
 | test.go:27:11:27:63 | call to ExecuteQuery | test.go:28:7:28:11 | query | provenance | Src:MaD:1  |
-| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:802 MaD:863 |
-| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:870 |
+| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:870 MaD:931 |
+| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:938 |
 | test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance |  |
 nodes
 | test.go:9:10:9:40 | call to ReadEnvironment | semmle.label | call to ReadEnvironment |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest5.expected b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest5.expected
index 312c91e1c4bf..eec69b5c06fa 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest5.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest5.expected
@@ -1,8 +1,8 @@
 edges
 | test.go:9:10:9:40 | call to ReadEnvironment | test.go:11:7:11:29 | ...+... | provenance | Src:MaD:3  |
 | test.go:15:9:15:32 | call to GetCliArg | test.go:17:7:17:28 | ...+... | provenance | Src:MaD:5  |
-| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:802 MaD:863 |
-| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:870 |
+| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:870 MaD:931 |
+| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:938 |
 | test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance |  |
 nodes
 | test.go:9:10:9:40 | call to ReadEnvironment | semmle.label | call to ReadEnvironment |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest6.expected b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest6.expected
index 7e30904b70cc..008bed821024 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest6.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest6.expected
@@ -1,8 +1,8 @@
 edges
 | test.go:15:9:15:32 | call to GetCliArg | test.go:17:7:17:28 | ...+... | provenance | Src:MaD:5  |
 | test.go:27:11:27:63 | call to ExecuteQuery | test.go:28:7:28:11 | query | provenance | Src:MaD:2  |
-| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:802 MaD:863 |
-| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:870 |
+| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | Src:MaD:870 MaD:931 |
+| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:938 |
 | test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance |  |
 nodes
 | test.go:15:9:15:32 | call to GetCliArg | semmle.label | call to GetCliArg |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
index fd6f8095ccc2..60f03a954b90 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
@@ -1,104 +1,104 @@
 edges
-| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:270  |
-| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:270  |
-| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:270  |
-| test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | provenance | Src:MaD:271  |
-| test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | provenance | Src:MaD:272  |
-| test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | provenance | Src:MaD:273  |
-| test.go:57:20:57:42 | call to Header | test.go:57:13:57:43 | type conversion | provenance | Src:MaD:274  |
-| test.go:62:20:62:41 | call to Param | test.go:62:13:62:42 | type conversion | provenance | Src:MaD:275  |
-| test.go:67:20:67:33 | call to Params | test.go:67:13:67:45 | type conversion | provenance | Src:MaD:276  |
-| test.go:72:20:72:41 | call to Query | test.go:72:13:72:42 | type conversion | provenance | Src:MaD:277  |
-| test.go:77:20:77:32 | call to Refer | test.go:77:13:77:33 | type conversion | provenance | Src:MaD:278  |
-| test.go:82:20:82:34 | call to Referer | test.go:82:13:82:35 | type conversion | provenance | Src:MaD:279  |
-| test.go:87:20:87:30 | call to URI | test.go:87:13:87:31 | type conversion | provenance | Src:MaD:281  |
-| test.go:92:20:92:30 | call to URL | test.go:92:13:92:31 | type conversion | provenance | Src:MaD:282  |
-| test.go:97:20:97:36 | call to UserAgent | test.go:97:13:97:37 | type conversion | provenance | Src:MaD:283  |
-| test.go:102:14:102:25 | call to Data | test.go:102:14:102:45 | type assertion | provenance | Src:MaD:272  |
-| test.go:114:14:114:25 | call to Data | test.go:114:14:114:45 | type assertion | provenance | Src:MaD:272  |
-| test.go:126:14:126:25 | call to Data | test.go:126:14:126:45 | type assertion | provenance | Src:MaD:272  |
-| test.go:143:23:143:42 | call to Data | test.go:143:23:143:62 | type assertion | provenance | Src:MaD:272  |
-| test.go:199:15:199:26 | call to Data | test.go:200:36:200:53 | type assertion | provenance | Src:MaD:272  |
-| test.go:199:15:199:26 | call to Data | test.go:201:39:201:56 | type assertion | provenance | Src:MaD:272  |
-| test.go:199:15:199:26 | call to Data | test.go:202:28:202:56 | type assertion | provenance | Src:MaD:272  |
-| test.go:199:15:199:26 | call to Data | test.go:204:36:204:53 | type assertion | provenance | Src:MaD:272  |
-| test.go:199:15:199:26 | call to Data | test.go:205:34:205:51 | type assertion | provenance | Src:MaD:272  |
+| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:291  |
+| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:291  |
+| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:291  |
+| test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | provenance | Src:MaD:292  |
+| test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | provenance | Src:MaD:293  |
+| test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | provenance | Src:MaD:294  |
+| test.go:57:20:57:42 | call to Header | test.go:57:13:57:43 | type conversion | provenance | Src:MaD:295  |
+| test.go:62:20:62:41 | call to Param | test.go:62:13:62:42 | type conversion | provenance | Src:MaD:296  |
+| test.go:67:20:67:33 | call to Params | test.go:67:13:67:45 | type conversion | provenance | Src:MaD:297  |
+| test.go:72:20:72:41 | call to Query | test.go:72:13:72:42 | type conversion | provenance | Src:MaD:298  |
+| test.go:77:20:77:32 | call to Refer | test.go:77:13:77:33 | type conversion | provenance | Src:MaD:299  |
+| test.go:82:20:82:34 | call to Referer | test.go:82:13:82:35 | type conversion | provenance | Src:MaD:300  |
+| test.go:87:20:87:30 | call to URI | test.go:87:13:87:31 | type conversion | provenance | Src:MaD:302  |
+| test.go:92:20:92:30 | call to URL | test.go:92:13:92:31 | type conversion | provenance | Src:MaD:303  |
+| test.go:97:20:97:36 | call to UserAgent | test.go:97:13:97:37 | type conversion | provenance | Src:MaD:304  |
+| test.go:102:14:102:25 | call to Data | test.go:102:14:102:45 | type assertion | provenance | Src:MaD:293  |
+| test.go:114:14:114:25 | call to Data | test.go:114:14:114:45 | type assertion | provenance | Src:MaD:293  |
+| test.go:126:14:126:25 | call to Data | test.go:126:14:126:45 | type assertion | provenance | Src:MaD:293  |
+| test.go:143:23:143:42 | call to Data | test.go:143:23:143:62 | type assertion | provenance | Src:MaD:293  |
+| test.go:199:15:199:26 | call to Data | test.go:200:36:200:53 | type assertion | provenance | Src:MaD:293  |
+| test.go:199:15:199:26 | call to Data | test.go:201:39:201:56 | type assertion | provenance | Src:MaD:293  |
+| test.go:199:15:199:26 | call to Data | test.go:202:28:202:56 | type assertion | provenance | Src:MaD:293  |
+| test.go:199:15:199:26 | call to Data | test.go:204:36:204:53 | type assertion | provenance | Src:MaD:293  |
+| test.go:199:15:199:26 | call to Data | test.go:205:34:205:51 | type assertion | provenance | Src:MaD:293  |
 | test.go:200:21:200:54 | call to HTML2str | test.go:200:14:200:55 | type conversion | provenance |  |
-| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:288 |
+| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:309 |
 | test.go:201:21:201:57 | call to Htmlunquote | test.go:201:14:201:58 | type conversion | provenance |  |
-| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:290 |
+| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:311 |
 | test.go:202:2:202:68 | ... := ...[0] | test.go:203:14:203:28 | type assertion | provenance |  |
-| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:291 |
+| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:312 |
 | test.go:204:21:204:54 | call to Str2html | test.go:204:14:204:55 | type conversion | provenance |  |
-| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:293 |
+| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:314 |
 | test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | provenance |  |
-| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:294 |
+| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:315 |
 | test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | provenance |  |
-| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | Src:MaD:797 MaD:292 |
-| test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | Src:MaD:296  |
-| test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | Src:MaD:296  |
+| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | Src:MaD:865 MaD:313 |
+| test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | Src:MaD:317  |
+| test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | Src:MaD:317  |
 | test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | provenance |  |
-| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:660 |
-| test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | provenance | Src:MaD:297  |
-| test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | Src:MaD:298  |
-| test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | Src:MaD:299  |
-| test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | provenance | Src:MaD:300  |
-| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:295  |
-| test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | provenance | Src:MaD:298  |
-| test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | provenance | Src:MaD:284  |
-| test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | provenance | Src:MaD:284  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:278:21:278:28 | index expression | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:283:44:283:60 | selection of Filename | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:284:38:284:49 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:285:37:285:48 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:291:4:291:15 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:293:42:293:53 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:294:53:294:64 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:295:38:295:49 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:296:49:296:60 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:297:51:297:65 | index expression | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:298:36:298:47 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:299:37:299:48 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | provenance | Src:MaD:297  |
-| test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | Src:MaD:297  |
+| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:728 |
+| test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | provenance | Src:MaD:318  |
+| test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | Src:MaD:319  |
+| test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | Src:MaD:320  |
+| test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | provenance | Src:MaD:321  |
+| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:316  |
+| test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | provenance | Src:MaD:319  |
+| test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | provenance | Src:MaD:305  |
+| test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | provenance | Src:MaD:305  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:278:21:278:28 | index expression | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:283:44:283:60 | selection of Filename | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:284:38:284:49 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:285:37:285:48 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:291:4:291:15 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:293:42:293:53 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:294:53:294:64 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:295:38:295:49 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:296:49:296:60 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:297:51:297:65 | index expression | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:298:36:298:47 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:299:37:299:48 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | provenance | Src:MaD:318  |
+| test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | Src:MaD:318  |
 | test.go:276:2:276:13 | definition of genericFiles [array] | test.go:297:51:297:62 | genericFiles [array] | provenance |  |
 | test.go:278:21:278:28 | index expression | test.go:276:2:276:13 | definition of genericFiles [array] | provenance |  |
 | test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | FunctionModel |
 | test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | provenance |  |
-| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:253 |
+| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:274 |
 | test.go:285:21:285:60 | call to SliceDiff | test.go:285:21:285:96 | selection of Filename | provenance |  |
-| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:254 |
+| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:275 |
 | test.go:290:3:292:44 | call to SliceFilter | test.go:290:3:292:80 | selection of Filename | provenance |  |
-| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:255 |
+| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:276 |
 | test.go:293:21:293:65 | call to SliceIntersect | test.go:293:21:293:101 | selection of Filename | provenance |  |
-| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:256 |
+| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:277 |
 | test.go:294:21:294:65 | call to SliceIntersect | test.go:294:21:294:101 | selection of Filename | provenance |  |
-| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:256 |
+| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:277 |
 | test.go:295:21:295:61 | call to SliceMerge | test.go:295:21:295:97 | selection of Filename | provenance |  |
-| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:257 |
+| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:278 |
 | test.go:296:21:296:61 | call to SliceMerge | test.go:296:21:296:97 | selection of Filename | provenance |  |
-| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:257 |
+| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:278 |
 | test.go:297:21:297:66 | call to SlicePad | test.go:297:21:297:102 | selection of Filename | provenance |  |
 | test.go:297:51:297:62 | genericFiles [array] | test.go:297:51:297:65 | index expression | provenance |  |
-| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:258 |
+| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:279 |
 | test.go:298:21:298:66 | call to SlicePad | test.go:298:21:298:102 | selection of Filename | provenance |  |
-| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:258 |
+| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:279 |
 | test.go:299:21:299:49 | call to SliceRand | test.go:299:21:299:82 | selection of Filename | provenance |  |
-| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:259 |
+| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:280 |
 | test.go:301:21:301:97 | call to SliceReduce | test.go:301:21:301:133 | selection of Filename | provenance |  |
-| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:260 |
+| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:281 |
 | test.go:302:21:302:52 | call to SliceShuffle | test.go:302:21:302:88 | selection of Filename | provenance |  |
-| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:261 |
+| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:282 |
 | test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | provenance |  |
-| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:262 |
+| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:283 |
 | test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | provenance |  |
 | test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | provenance |  |
-| test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | Src:MaD:298  |
-| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:265 |
-| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:263 |
+| test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | Src:MaD:319  |
+| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:286 |
+| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:284 |
 | test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | provenance |  |
-| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:264 |
+| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:285 |
 | test.go:312:21:312:32 | call to Items | test.go:312:21:312:52 | type assertion | provenance |  |
 nodes
 | test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
index 001f56be494f..f6cd6f2ffb86 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
@@ -1,12 +1,12 @@
 edges
-| test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | Src:MaD:272  |
-| test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | Src:MaD:272  |
-| test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | Src:MaD:272  |
-| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | Src:MaD:280 MaD:187 |
+| test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | Src:MaD:293  |
+| test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | Src:MaD:293  |
+| test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | Src:MaD:293  |
+| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | Src:MaD:301 MaD:187 |
 | test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | provenance |  |
-| test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | Src:MaD:272  |
-| test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | Src:MaD:272  |
-| test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:272  |
+| test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | Src:MaD:293  |
+| test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | Src:MaD:293  |
+| test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:293  |
 nodes
 | test.go:215:15:215:26 | call to Data | semmle.label | call to Data |
 | test.go:216:18:216:26 | untrusted | semmle.label | untrusted |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected
index 3122b2d22615..aa206e91c804 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected
@@ -1,36 +1,36 @@
 edges
-| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | provenance | Src:MaD:794  |
-| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | provenance | Src:MaD:794  |
-| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | provenance | Src:MaD:794  |
-| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | provenance | Src:MaD:794  |
-| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | provenance | Src:MaD:794  |
-| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | provenance | Src:MaD:794  |
-| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | provenance | Src:MaD:794  |
-| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | provenance | Src:MaD:794  |
-| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | provenance | Src:MaD:794  |
-| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | provenance | Src:MaD:794  |
-| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | provenance | Src:MaD:794  |
-| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | provenance | Src:MaD:794  |
+| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | provenance | Src:MaD:862  |
+| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | provenance | Src:MaD:862  |
+| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | provenance | Src:MaD:862  |
+| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | provenance | Src:MaD:862  |
+| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | provenance | Src:MaD:862  |
+| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | provenance | Src:MaD:862  |
+| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | provenance | Src:MaD:862  |
+| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | provenance | Src:MaD:862  |
+| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | provenance | Src:MaD:862  |
+| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | provenance | Src:MaD:862  |
+| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | provenance | Src:MaD:862  |
+| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | provenance | Src:MaD:862  |
 nodes
 | test.go:10:15:10:41 | call to UserAgent | semmle.label | call to UserAgent |
 | test.go:12:11:12:19 | untrusted | semmle.label | untrusted |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.expected
index 963d271c8b68..8bbe70ea05ca 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.expected
@@ -1,10 +1,10 @@
 edges
-| test.go:13:12:13:16 | selection of URL | test.go:13:12:13:21 | selection of Path | provenance | Src:MaD:802  |
+| test.go:13:12:13:16 | selection of URL | test.go:13:12:13:21 | selection of Path | provenance | Src:MaD:870  |
 | test.go:13:12:13:21 | selection of Path | test.go:21:18:21:23 | hidden | provenance |  |
 | test.go:21:18:21:23 | hidden | test.go:21:11:21:24 | type conversion | provenance |  |
-| test.go:22:18:22:45 | call to URLParam | test.go:22:11:22:46 | type conversion | provenance | Src:MaD:408  |
-| test.go:23:18:23:60 | call to URLParamFromCtx | test.go:23:11:23:61 | type conversion | provenance | Src:MaD:409  |
-| test.go:24:18:24:71 | call to URLParam | test.go:24:11:24:72 | type conversion | provenance | Src:MaD:410  |
+| test.go:22:18:22:45 | call to URLParam | test.go:22:11:22:46 | type conversion | provenance | Src:MaD:432  |
+| test.go:23:18:23:60 | call to URLParamFromCtx | test.go:23:11:23:61 | type conversion | provenance | Src:MaD:433  |
+| test.go:24:18:24:71 | call to URLParam | test.go:24:11:24:72 | type conversion | provenance | Src:MaD:434  |
 nodes
 | test.go:13:12:13:16 | selection of URL | semmle.label | selection of URL |
 | test.go:13:12:13:21 | selection of Path | semmle.label | selection of Path |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
index 816efce0892f..6e9abece5cad 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
@@ -1,10 +1,10 @@
 edges
-| test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | provenance | Src:MaD:464  |
-| test.go:178:11:178:32 | call to Param | test.go:182:24:182:28 | param | provenance | Src:MaD:464  |
+| test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | provenance | Src:MaD:502  |
+| test.go:178:11:178:32 | call to Param | test.go:182:24:182:28 | param | provenance | Src:MaD:502  |
 | test.go:182:24:182:28 | param | test.go:182:20:182:28 | ...+... | provenance | Config |
 | test.go:190:9:190:26 | star expression | test.go:190:10:190:26 | selection of URL | provenance | Config |
 | test.go:190:9:190:26 | star expression | test.go:193:21:193:23 | url | provenance |  |
-| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | provenance | Src:MaD:802 Config |
+| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | provenance | Src:MaD:870 Config |
 | test.go:193:21:193:23 | url | test.go:193:21:193:32 | call to String | provenance | Config |
 nodes
 | test.go:172:11:172:32 | call to Param | semmle.label | call to Param |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected
index 8ada23ef521b..572147dc317d 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected
@@ -1,36 +1,36 @@
 edges
-| test.go:15:11:15:32 | call to Param | test.go:16:16:16:20 | param | provenance | Src:MaD:464  |
-| test.go:21:11:21:27 | call to ParamValues | test.go:22:16:22:20 | param | provenance | Src:MaD:465  |
-| test.go:27:11:27:37 | call to QueryParam | test.go:28:16:28:20 | param | provenance | Src:MaD:466  |
-| test.go:33:11:33:27 | call to QueryParams | test.go:34:16:34:20 | param | provenance | Src:MaD:467  |
-| test.go:39:10:39:26 | call to QueryString | test.go:40:16:40:19 | qstr | provenance | Src:MaD:468  |
-| test.go:45:9:45:34 | call to FormValue | test.go:46:16:46:18 | val | provenance | Src:MaD:469  |
-| test.go:51:2:51:30 | ... := ...[0] | test.go:52:16:52:37 | index expression | provenance | Src:MaD:470  |
-| test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | Src:MaD:471  |
+| test.go:15:11:15:32 | call to Param | test.go:16:16:16:20 | param | provenance | Src:MaD:502  |
+| test.go:21:11:21:27 | call to ParamValues | test.go:22:16:22:20 | param | provenance | Src:MaD:503  |
+| test.go:27:11:27:37 | call to QueryParam | test.go:28:16:28:20 | param | provenance | Src:MaD:504  |
+| test.go:33:11:33:27 | call to QueryParams | test.go:34:16:34:20 | param | provenance | Src:MaD:505  |
+| test.go:39:10:39:26 | call to QueryString | test.go:40:16:40:19 | qstr | provenance | Src:MaD:506  |
+| test.go:45:9:45:34 | call to FormValue | test.go:46:16:46:18 | val | provenance | Src:MaD:507  |
+| test.go:51:2:51:30 | ... := ...[0] | test.go:52:16:52:37 | index expression | provenance | Src:MaD:508  |
+| test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | Src:MaD:509  |
 | test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | provenance |  |
-| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:747 |
+| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:815 |
 | test.go:59:2:59:7 | definition of buffer | test.go:61:20:61:25 | buffer | provenance |  |
-| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:673 |
-| test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | Src:MaD:472  |
-| test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | Src:MaD:472  |
+| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:741 |
+| test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | Src:MaD:510  |
+| test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | Src:MaD:510  |
 | test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | provenance |  |
-| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:747 |
+| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:815 |
 | test.go:75:2:75:7 | definition of buffer | test.go:77:20:77:25 | buffer | provenance |  |
-| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:673 |
-| test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | Src:MaD:473  |
-| test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | Src:MaD:474  |
-| test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:463  |
+| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:741 |
+| test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | Src:MaD:511  |
+| test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | Src:MaD:512  |
+| test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:501  |
 | test.go:112:17:112:19 | definition of ctx | test.go:114:16:114:18 | ctx | provenance |  |
-| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | Src:MaD:464 MaD:462 |
-| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:461 |
+| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | Src:MaD:502 MaD:500 |
+| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:499 |
 | test.go:114:16:114:33 | call to Get | test.go:114:16:114:42 | type assertion | provenance |  |
-| test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | provenance | Src:MaD:464  |
-| test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | provenance | Src:MaD:464  |
-| test.go:136:11:136:32 | call to Param | test.go:137:29:137:41 | type conversion | provenance | Src:MaD:464  |
-| test.go:148:11:148:32 | call to Param | test.go:149:30:149:34 | param | provenance | Src:MaD:464  |
+| test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | provenance | Src:MaD:502  |
+| test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | provenance | Src:MaD:502  |
+| test.go:136:11:136:32 | call to Param | test.go:137:29:137:41 | type conversion | provenance | Src:MaD:502  |
+| test.go:148:11:148:32 | call to Param | test.go:149:30:149:34 | param | provenance | Src:MaD:502  |
 | test.go:149:12:149:35 | call to NewReader | test.go:150:31:150:36 | reader | provenance |  |
-| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | provenance | MaD:966 |
-| test.go:164:11:164:32 | call to Param | test.go:165:23:165:35 | type conversion | provenance | Src:MaD:464  |
+| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | provenance | MaD:1034 |
+| test.go:164:11:164:32 | call to Param | test.go:165:23:165:35 | type conversion | provenance | Src:MaD:502  |
 nodes
 | test.go:15:11:15:32 | call to Param | semmle.label | call to Param |
 | test.go:16:16:16:20 | param | semmle.label | param |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected
index 31ee545b275c..efcdd10aeda4 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected
@@ -1,6 +1,6 @@
 edges
-| test.go:221:15:221:38 | call to QueryParam | test.go:222:17:222:24 | filepath | provenance | Src:MaD:466  |
-| test.go:225:15:225:38 | call to QueryParam | test.go:226:23:226:30 | filepath | provenance | Src:MaD:466  |
+| test.go:221:15:221:38 | call to QueryParam | test.go:222:17:222:24 | filepath | provenance | Src:MaD:504  |
+| test.go:225:15:225:38 | call to QueryParam | test.go:226:23:226:30 | filepath | provenance | Src:MaD:504  |
 nodes
 | test.go:221:15:221:38 | call to QueryParam | semmle.label | call to QueryParam |
 | test.go:222:17:222:24 | filepath | semmle.label | filepath |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected
index 39c52eb45303..069795a4a3c9 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected
@@ -4,13 +4,13 @@ edges
 | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:31:21:31:34 | untrustedInput | provenance |  |
 | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:35:27:35:41 | untrustedString | provenance |  |
 | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:39:31:39:45 | untrustedString | provenance |  |
-| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:453 |
+| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:490 |
 | jsoniter.go:27:33:27:37 | &... | jsoniter.go:28:15:28:24 | selection of field | provenance |  |
-| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:451 |
+| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:488 |
 | jsoniter.go:31:37:31:42 | &... | jsoniter.go:32:15:32:25 | selection of field | provenance |  |
-| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:454 |
+| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:491 |
 | jsoniter.go:35:44:35:49 | &... | jsoniter.go:36:15:36:25 | selection of field | provenance |  |
-| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:452 |
+| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:489 |
 | jsoniter.go:39:48:39:53 | &... | jsoniter.go:40:15:40:25 | selection of field | provenance |  |
 nodes
 | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | semmle.label | call to getUntrustedBytes |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.expected
index 0a11cd3a5074..c1e237e83de6 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.expected
@@ -1,8 +1,8 @@
 edges
-| Gin.go:24:15:24:33 | call to Query | Gin.go:25:10:25:17 | filepath | provenance | Src:MaD:396  |
-| Gin.go:24:15:24:33 | call to Query | Gin.go:26:39:26:46 | filepath | provenance | Src:MaD:396  |
-| Gin.go:24:15:24:33 | call to Query | Gin.go:27:20:27:27 | filepath | provenance | Src:MaD:396  |
-| Gin.go:24:15:24:33 | call to Query | Gin.go:29:32:29:39 | filepath | provenance | Src:MaD:396  |
+| Gin.go:24:15:24:33 | call to Query | Gin.go:25:10:25:17 | filepath | provenance | Src:MaD:420  |
+| Gin.go:24:15:24:33 | call to Query | Gin.go:26:39:26:46 | filepath | provenance | Src:MaD:420  |
+| Gin.go:24:15:24:33 | call to Query | Gin.go:27:20:27:27 | filepath | provenance | Src:MaD:420  |
+| Gin.go:24:15:24:33 | call to Query | Gin.go:29:32:29:39 | filepath | provenance | Src:MaD:420  |
 nodes
 | Gin.go:24:15:24:33 | call to Query | semmle.label | call to Query |
 | Gin.go:25:10:25:17 | filepath | semmle.label | filepath |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected b/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected
index dbfd0a240a2b..5ab8a42efd44 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected
@@ -1,13 +1,13 @@
 invalidModelRow
 edges
-| gorestful.go:15:15:15:44 | call to QueryParameters | gorestful.go:15:15:15:47 | index expression | provenance | Src:MaD:339  |
-| gorestful.go:17:2:17:39 | ... := ...[0] | gorestful.go:18:15:18:17 | val | provenance | Src:MaD:341  |
-| gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | provenance | Src:MaD:344  |
-| gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:345  |
-| gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | provenance | Src:MaD:339  |
-| gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | provenance | Src:MaD:341  |
-| gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | provenance | Src:MaD:344  |
-| gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:345  |
+| gorestful.go:15:15:15:44 | call to QueryParameters | gorestful.go:15:15:15:47 | index expression | provenance | Src:MaD:363  |
+| gorestful.go:17:2:17:39 | ... := ...[0] | gorestful.go:18:15:18:17 | val | provenance | Src:MaD:365  |
+| gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | provenance | Src:MaD:368  |
+| gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:369  |
+| gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | provenance | Src:MaD:363  |
+| gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | provenance | Src:MaD:365  |
+| gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | provenance | Src:MaD:368  |
+| gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:369  |
 nodes
 | gorestful.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters |
 | gorestful.go:15:15:15:47 | index expression | semmle.label | index expression |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
index bc8d19ba666d..9bab97f24002 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
@@ -1,8 +1,8 @@
 edges
 | EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params | provenance | Config |
 | EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config |
-| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Src:MaD:482 Config |
-| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:482 Config |
+| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Src:MaD:523 Config |
+| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:523 Config |
 | EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config |
 nodes
 | EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
index 3d58541bee20..281b06a61faa 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
@@ -1,13 +1,13 @@
 edges
 | EndToEnd.go:35:2:35:4 | definition of buf | EndToEnd.go:37:24:37:26 | buf | provenance |  |
-| EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | Src:MaD:482  |
-| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:870 |
-| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:676 |
-| EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | Src:MaD:482  |
-| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:870 |
-| Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | Src:MaD:482  |
-| examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | Src:MaD:802  |
-| examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | Src:MaD:802  |
+| EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | Src:MaD:523  |
+| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:938 |
+| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:744 |
+| EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | Src:MaD:523  |
+| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:938 |
+| Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | Src:MaD:523  |
+| examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | Src:MaD:870  |
+| examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | Src:MaD:870  |
 nodes
 | EndToEnd.go:35:2:35:4 | definition of buf | semmle.label | definition of buf |
 | EndToEnd.go:36:18:36:25 | selection of Params | semmle.label | selection of Params |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
index d5ca93960155..85d872e5ff2c 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
@@ -1,8 +1,8 @@
 edges
-| EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:30 | selection of Form | provenance | Src:MaD:482  |
-| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:870 |
-| EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | Src:MaD:482  |
-| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:870 |
+| EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:30 | selection of Form | provenance | Src:MaD:523  |
+| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:938 |
+| EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | Src:MaD:523  |
+| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:938 |
 nodes
 | EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params |
 | EndToEnd.go:58:18:58:30 | selection of Form | semmle.label | selection of Form |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected
index 4b0749e3224b..ffb48a360ae7 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected
@@ -6,9 +6,9 @@ edges
 | rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance |  |
 | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance |  |
 | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance |  |
-| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:795 MaD:667 |
+| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:863 MaD:735 |
 | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | provenance |  |
-| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:611 |
+| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:679 |
 | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | provenance |  |
 | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance |  |
 | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance |  |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected
index c74109cd3a0e..4ae04f07904b 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected
@@ -1,40 +1,40 @@
 edges
-| test.go:12:12:12:22 | selection of URL | test.go:12:12:12:30 | call to Query | provenance | Src:MaD:802 MaD:863 |
-| test.go:12:12:12:30 | call to Query | test.go:12:12:12:44 | call to Get | provenance | MaD:870 |
+| test.go:12:12:12:22 | selection of URL | test.go:12:12:12:30 | call to Query | provenance | Src:MaD:870 MaD:931 |
+| test.go:12:12:12:30 | call to Query | test.go:12:12:12:44 | call to Get | provenance | MaD:938 |
 | test.go:12:12:12:44 | call to Get | test.go:15:42:15:47 | param1 | provenance |  |
 | test.go:15:22:15:48 | call to UnescapeString | test.go:15:15:15:49 | type conversion | provenance |  |
-| test.go:15:42:15:47 | param1 | test.go:15:22:15:48 | call to UnescapeString | provenance | MaD:595 |
+| test.go:15:42:15:47 | param1 | test.go:15:22:15:48 | call to UnescapeString | provenance | MaD:663 |
 | test.go:17:2:17:36 | ... := ...[0] | test.go:18:15:18:31 | type conversion | provenance |  |
 | test.go:17:2:17:36 | ... := ...[0] | test.go:29:22:29:25 | node | provenance |  |
-| test.go:17:24:17:35 | selection of Body | test.go:17:2:17:36 | ... := ...[0] | provenance | Src:MaD:795 MaD:590 |
+| test.go:17:24:17:35 | selection of Body | test.go:17:2:17:36 | ... := ...[0] | provenance | Src:MaD:863 MaD:658 |
 | test.go:20:2:20:48 | ... := ...[0] | test.go:21:15:21:32 | type conversion | provenance |  |
-| test.go:20:36:20:47 | selection of Body | test.go:20:2:20:48 | ... := ...[0] | provenance | Src:MaD:795 MaD:593 |
+| test.go:20:36:20:47 | selection of Body | test.go:20:2:20:48 | ... := ...[0] | provenance | Src:MaD:863 MaD:661 |
 | test.go:23:2:23:50 | ... := ...[0] | test.go:24:15:24:35 | type conversion | provenance |  |
-| test.go:23:33:23:44 | selection of Body | test.go:23:2:23:50 | ... := ...[0] | provenance | Src:MaD:795 MaD:591 |
+| test.go:23:33:23:44 | selection of Body | test.go:23:2:23:50 | ... := ...[0] | provenance | Src:MaD:863 MaD:659 |
 | test.go:26:2:26:62 | ... := ...[0] | test.go:27:15:27:36 | type conversion | provenance |  |
-| test.go:26:45:26:56 | selection of Body | test.go:26:2:26:62 | ... := ...[0] | provenance | Src:MaD:795 MaD:592 |
+| test.go:26:45:26:56 | selection of Body | test.go:26:2:26:62 | ... := ...[0] | provenance | Src:MaD:863 MaD:660 |
 | test.go:31:15:31:45 | call to NewTokenizer | test.go:32:15:32:23 | tokenizer | provenance |  |
 | test.go:31:15:31:45 | call to NewTokenizer | test.go:33:15:33:23 | tokenizer | provenance |  |
 | test.go:31:15:31:45 | call to NewTokenizer | test.go:34:17:34:25 | tokenizer | provenance |  |
 | test.go:31:15:31:45 | call to NewTokenizer | test.go:36:15:36:23 | tokenizer | provenance |  |
 | test.go:31:15:31:45 | call to NewTokenizer | test.go:37:22:37:30 | tokenizer | provenance |  |
-| test.go:31:33:31:44 | selection of Body | test.go:31:15:31:45 | call to NewTokenizer | provenance | Src:MaD:795 MaD:588 |
-| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:34 | call to Buffered | provenance | MaD:598 |
-| test.go:33:15:33:23 | tokenizer | test.go:33:15:33:29 | call to Raw | provenance | MaD:599 |
+| test.go:31:33:31:44 | selection of Body | test.go:31:15:31:45 | call to NewTokenizer | provenance | Src:MaD:863 MaD:656 |
+| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:34 | call to Buffered | provenance | MaD:666 |
+| test.go:33:15:33:23 | tokenizer | test.go:33:15:33:29 | call to Raw | provenance | MaD:667 |
 | test.go:34:2:34:35 | ... := ...[1] | test.go:35:15:35:19 | value | provenance |  |
-| test.go:34:17:34:25 | tokenizer | test.go:34:2:34:35 | ... := ...[1] | provenance | MaD:600 |
-| test.go:36:15:36:23 | tokenizer | test.go:36:15:36:30 | call to Text | provenance | MaD:601 |
-| test.go:37:22:37:30 | tokenizer | test.go:37:22:37:38 | call to Token | provenance | MaD:602 |
+| test.go:34:17:34:25 | tokenizer | test.go:34:2:34:35 | ... := ...[1] | provenance | MaD:668 |
+| test.go:36:15:36:23 | tokenizer | test.go:36:15:36:30 | call to Text | provenance | MaD:669 |
+| test.go:37:22:37:30 | tokenizer | test.go:37:22:37:38 | call to Token | provenance | MaD:670 |
 | test.go:37:22:37:38 | call to Token | test.go:37:15:37:44 | type conversion | provenance |  |
 | test.go:39:23:39:77 | call to NewTokenizerFragment | test.go:40:15:40:31 | tokenizerFragment | provenance |  |
-| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | Src:MaD:795 MaD:589 |
-| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:598 |
+| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | Src:MaD:863 MaD:657 |
+| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:666 |
 | test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance |  |
 | test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance |  |
 | test.go:42:6:42:14 | definition of cleanNode | test.go:45:23:45:31 | cleanNode | provenance |  |
 | test.go:43:2:43:43 | ... := ...[0] | test.go:44:24:44:34 | taintedNode | provenance |  |
-| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | Src:MaD:795 MaD:590 |
-| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:596 |
+| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | Src:MaD:863 MaD:658 |
+| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:664 |
 | test.go:45:22:45:31 | &... | test.go:45:22:45:31 | &... | provenance |  |
 | test.go:45:22:45:31 | &... | test.go:45:22:45:31 | &... | provenance |  |
 | test.go:45:22:45:31 | &... | test.go:45:23:45:31 | cleanNode | provenance |  |
@@ -46,8 +46,8 @@ edges
 | test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance |  |
 | test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:23:50:32 | cleanNode2 | provenance |  |
 | test.go:48:2:48:44 | ... := ...[0] | test.go:49:26:49:37 | taintedNode2 | provenance |  |
-| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | Src:MaD:795 MaD:590 |
-| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:597 |
+| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | Src:MaD:863 MaD:658 |
+| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:665 |
 | test.go:50:22:50:32 | &... | test.go:50:22:50:32 | &... | provenance |  |
 | test.go:50:22:50:32 | &... | test.go:50:22:50:32 | &... | provenance |  |
 | test.go:50:22:50:32 | &... | test.go:50:23:50:32 | cleanNode2 | provenance |  |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected
index d68255c95813..0f25bb1f6d15 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected
@@ -1,6 +1,6 @@
 edges
-| test.go:56:2:56:42 | ... := ...[0] | test.go:57:29:57:40 | selection of Value | provenance | Src:MaD:787  |
-| test.go:57:29:57:40 | selection of Value | test.go:57:11:57:41 | call to EscapeString | provenance | MaD:587 |
+| test.go:56:2:56:42 | ... := ...[0] | test.go:57:29:57:40 | selection of Value | provenance | Src:MaD:855  |
+| test.go:57:29:57:40 | selection of Value | test.go:57:11:57:41 | call to EscapeString | provenance | MaD:655 |
 nodes
 | test.go:56:2:56:42 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:57:11:57:41 | call to EscapeString | semmle.label | call to EscapeString |
diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
index 0071cfbdddd7..90ace097e5b0 100644
--- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
@@ -1,27 +1,27 @@
 edges
-| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | ArgumentInjection.go:9:10:9:24 | call to Query | ArgumentInjection.go:10:31:10:34 | path | provenance |  |
-| CommandInjection2.go:13:15:13:21 | selection of URL | CommandInjection2.go:13:15:13:29 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| CommandInjection2.go:13:15:13:21 | selection of URL | CommandInjection2.go:13:15:13:29 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | CommandInjection2.go:13:15:13:29 | call to Query | CommandInjection2.go:15:67:15:75 | imageName | provenance |  |
 | CommandInjection2.go:15:34:15:88 | []type{args} [array] | CommandInjection2.go:15:34:15:88 | call to Sprintf | provenance | MaD:248 |
 | CommandInjection2.go:15:67:15:75 | imageName | CommandInjection2.go:15:34:15:88 | []type{args} [array] | provenance |  |
 | CommandInjection2.go:15:67:15:75 | imageName | CommandInjection2.go:15:34:15:88 | call to Sprintf | provenance | FunctionModel |
-| CommandInjection2.go:41:15:41:21 | selection of URL | CommandInjection2.go:41:15:41:29 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| CommandInjection2.go:41:15:41:21 | selection of URL | CommandInjection2.go:41:15:41:29 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | CommandInjection2.go:41:15:41:29 | call to Query | CommandInjection2.go:44:67:44:75 | imageName | provenance |  |
 | CommandInjection2.go:44:34:44:88 | []type{args} [array] | CommandInjection2.go:44:34:44:88 | call to Sprintf | provenance | MaD:248 |
 | CommandInjection2.go:44:67:44:75 | imageName | CommandInjection2.go:44:34:44:88 | []type{args} [array] | provenance |  |
 | CommandInjection2.go:44:67:44:75 | imageName | CommandInjection2.go:44:34:44:88 | call to Sprintf | provenance | FunctionModel |
-| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | CommandInjection.go:9:13:9:27 | call to Query | CommandInjection.go:10:22:10:28 | cmdName | provenance |  |
-| GitSubcommands.go:11:13:11:19 | selection of URL | GitSubcommands.go:11:13:11:27 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| GitSubcommands.go:11:13:11:19 | selection of URL | GitSubcommands.go:11:13:11:27 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:13:31:13:37 | tainted | provenance |  |
 | GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:14:31:14:37 | tainted | provenance |  |
 | GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:15:30:15:36 | tainted | provenance |  |
 | GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:16:35:16:41 | tainted | provenance |  |
 | GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:17:36:17:42 | tainted | provenance |  |
-| GitSubcommands.go:33:13:33:19 | selection of URL | GitSubcommands.go:33:13:33:27 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| GitSubcommands.go:33:13:33:19 | selection of URL | GitSubcommands.go:33:13:33:27 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | GitSubcommands.go:33:13:33:27 | call to Query | GitSubcommands.go:38:32:38:38 | tainted | provenance |  |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance |  |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance |  |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance |  |
@@ -56,7 +56,7 @@ edges
 | SanitizingDoubleDash.go:69:21:69:28 | arrayLit | SanitizingDoubleDash.go:69:14:69:35 | call to append | provenance | MaD:28 |
 | SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array] | SanitizingDoubleDash.go:69:14:69:35 | call to append | provenance | MaD:29 |
 | SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array] | SanitizingDoubleDash.go:69:14:69:35 | call to append [array] | provenance | MaD:29 |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:95:25:95:31 | tainted | provenance |  |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:96:24:96:34 | slice expression | provenance |  |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:100:31:100:37 | tainted | provenance |  |
diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
index a8e50184fb05..6d31d8d846f6 100644
--- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
+++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
@@ -1,18 +1,18 @@
 edges
-| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | Src:MaD:797 MaD:870 |
+| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | Src:MaD:865 MaD:938 |
 | ReflectedXss.go:11:15:11:36 | call to Get | ReflectedXss.go:14:44:14:51 | username | provenance |  |
-| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get | provenance | Src:MaD:797 MaD:870 |
+| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get | provenance | Src:MaD:865 MaD:938 |
 | contenttype.go:11:11:11:28 | call to Get | contenttype.go:17:11:17:22 | type conversion | provenance |  |
-| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get | provenance | Src:MaD:797 MaD:870 |
+| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get | provenance | Src:MaD:865 MaD:938 |
 | contenttype.go:49:11:49:28 | call to Get | contenttype.go:53:34:53:37 | data | provenance |  |
-| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | provenance | Src:MaD:790  |
-| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | provenance | Src:MaD:790  |
-| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | provenance | Src:MaD:790  |
-| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:790  |
-| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:789  |
-| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:789  |
+| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | provenance | Src:MaD:858  |
+| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | provenance | Src:MaD:858  |
+| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | provenance | Src:MaD:858  |
+| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:858  |
+| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:857  |
+| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:857  |
 | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content | provenance |  |
-| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:660 |
+| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:728 |
 | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:248 |
 | reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion | provenance |  |
 | reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | provenance |  |
@@ -21,32 +21,32 @@ edges
 | reflectedxsstest.go:34:17:34:61 | call to Sprintf | reflectedxsstest.go:34:10:34:62 | type conversion | provenance |  |
 | reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | []type{args} [array] | provenance |  |
 | reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | FunctionModel |
-| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | Src:MaD:791  |
+| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | Src:MaD:859  |
 | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:40:14:40:17 | part | provenance |  |
 | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:42:2:42:5 | part | provenance |  |
-| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:750 |
-| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:748 |
+| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:818 |
+| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:816 |
 | reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName | provenance |  |
 | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance |  |
-| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:673 |
+| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:741 |
 | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:248 |
 | reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion | provenance |  |
 | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | provenance |  |
 | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | FunctionModel |
-| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | reflectedxsstest.go:51:14:51:26 | call to Query | reflectedxsstest.go:54:11:54:21 | type conversion | provenance |  |
-| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | Src:MaD:797 MaD:870 |
+| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | Src:MaD:865 MaD:938 |
 | tst.go:14:15:14:36 | call to Get | tst.go:18:32:18:32 | a | provenance |  |
 | tst.go:18:19:18:38 | call to Join | tst.go:18:12:18:39 | type conversion | provenance |  |
-| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:964 |
-| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | Src:MaD:797 MaD:870 |
+| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:1032 |
+| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | Src:MaD:865 MaD:938 |
 | tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance |  |
-| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:604  |
-| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:603  |
-| websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:871  |
-| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:448  |
-| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:449  |
-| websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:450  |
+| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:672  |
+| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:671  |
+| websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:939  |
+| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:480  |
+| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:481  |
+| websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:482  |
 nodes
 | ReflectedXss.go:11:15:11:20 | selection of Form | semmle.label | selection of Form |
 | ReflectedXss.go:11:15:11:36 | call to Get | semmle.label | call to Get |
diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
index 1b57d8a4ab65..376a898236e6 100644
--- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
@@ -1,12 +1,12 @@
 edges
 | SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:248 |
 | SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q | provenance |  |
-| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance |  |
 | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | []type{args} [array] | provenance |  |
 | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | FunctionModel |
 | issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b | provenance |  |
-| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | Src:MaD:795 MaD:660 |
+| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | Src:MaD:863 MaD:728 |
 | issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:187 |
 | issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance |  |
 | issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:248 |
@@ -14,7 +14,7 @@ edges
 | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance |  |
 | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel |
 | issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 | provenance |  |
-| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | Src:MaD:795 MaD:660 |
+| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | Src:MaD:863 MaD:728 |
 | issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:187 |
 | issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance |  |
 | issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:248 |
@@ -22,26 +22,26 @@ edges
 | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance |  |
 | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel |
 | issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | MaD:187 |
-| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance |  |
 | issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance |  |
 | issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:248 |
 | issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance |  |
 | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance |  |
 | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | FunctionModel |
-| main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | Src:MaD:797  |
+| main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | Src:MaD:865  |
 | main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:248 |
-| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression | provenance |  |
 | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | []type{args} [array] | provenance |  |
 | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | call to Sprintf | provenance | FunctionModel |
 | main.go:16:11:16:85 | []type{args} [array] | main.go:16:11:16:85 | call to Sprintf | provenance | MaD:248 |
-| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | Src:MaD:800 MaD:775 |
+| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | Src:MaD:868 MaD:843 |
 | main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | []type{args} [array] | provenance |  |
 | main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | call to Sprintf | provenance | FunctionModel |
 | main.go:28:17:31:2 | &... [pointer, Category] | main.go:34:3:34:13 | RequestData [pointer, Category] | provenance |  |
 | main.go:28:18:31:2 | struct literal [Category] | main.go:28:17:31:2 | &... [pointer, Category] | provenance |  |
-| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | main.go:30:13:30:27 | call to Query | main.go:30:13:30:39 | index expression | provenance |  |
 | main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] | provenance |  |
 | main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:248 |
@@ -54,7 +54,7 @@ edges
 | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance |  |
 | main.go:40:2:40:12 | RequestData [pointer, Category] | main.go:40:2:40:12 | implicit dereference [Category] | provenance |  |
 | main.go:40:2:40:12 | implicit dereference [Category] | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | provenance |  |
-| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance |  |
 | main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance |  |
 | main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:248 |
@@ -67,7 +67,7 @@ edges
 | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance |  |
 | main.go:49:3:49:14 | star expression [Category] | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | provenance |  |
 | main.go:49:4:49:14 | RequestData [pointer, Category] | main.go:49:3:49:14 | star expression [Category] | provenance |  |
-| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance |  |
 | main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance |  |
 | main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:248 |
@@ -80,7 +80,7 @@ edges
 | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance |  |
 | main.go:58:3:58:14 | star expression [Category] | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | provenance |  |
 | main.go:58:4:58:14 | RequestData [pointer, Category] | main.go:58:3:58:14 | star expression [Category] | provenance |  |
-| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | Src:MaD:802 MaD:863 |
+| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | Src:MaD:870 MaD:931 |
 | main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance |  |
 | main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance |  |
 | main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:248 |
@@ -89,7 +89,7 @@ edges
 | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel |
 | main.go:61:4:61:15 | star expression [Category] | main.go:61:3:61:25 | selection of Category | provenance |  |
 | main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] | provenance |  |
-| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:793  |
+| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:861  |
 | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter | provenance |  |
 | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:61:27:61:32 | filter | provenance |  |
 | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:63:23:63:28 | filter | provenance |  |
diff --git a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected
index 923fa5a71d6a..8dcbe898f4cd 100644
--- a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected
+++ b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected
@@ -2,10 +2,10 @@ edges
 | StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance |  |
 | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:13:29:13:47 | type conversion | provenance |  |
 | StringBreakMismatched.go:13:13:13:62 | call to Replace | StringBreakMismatched.go:17:26:17:32 | escaped | provenance |  |
-| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:968 |
+| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:1036 |
 | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:25:29:25:47 | type conversion | provenance |  |
 | StringBreakMismatched.go:25:13:25:61 | call to Replace | StringBreakMismatched.go:29:27:29:33 | escaped | provenance |  |
-| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace | provenance | MaD:968 |
+| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace | provenance | MaD:1036 |
 nodes
 | StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] |
 | StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON |
diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
index 1f7fa8d7eca8..557d8ce1e912 100644
--- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
+++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
@@ -1,9 +1,9 @@
 edges
 | klog.go:20:3:25:3 | range statement[1] | klog.go:21:27:21:33 | headers | provenance |  |
-| klog.go:20:30:20:37 | selection of Header | klog.go:20:3:25:3 | range statement[1] | provenance | Src:MaD:800 Config |
+| klog.go:20:30:20:37 | selection of Header | klog.go:20:3:25:3 | range statement[1] | provenance | Src:MaD:868 Config |
 | klog.go:21:4:24:4 | range statement[1] | klog.go:22:15:22:20 | header | provenance |  |
 | klog.go:21:27:21:33 | headers | klog.go:21:4:24:4 | range statement[1] | provenance | Config |
-| klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | provenance | Src:MaD:800 Config |
+| klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | provenance | Src:MaD:868 Config |
 | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance |  |
 | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance |  |
 | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance |  |
diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
index 27d27a1f4cf5..554431a6d2eb 100644
--- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
+++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
@@ -9,7 +9,7 @@ edges
 | sample.go:33:2:33:6 | definition of nonce | sample.go:37:25:37:29 | nonce | provenance |  |
 | sample.go:33:2:33:6 | definition of nonce | sample.go:37:32:37:36 | nonce | provenance |  |
 | sample.go:34:12:34:40 | call to New | sample.go:35:14:35:19 | random | provenance |  |
-| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:669 |
+| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:737 |
 | sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance |  |
 | sample.go:56:11:56:40 | type conversion | sample.go:58:32:58:43 | type conversion | provenance |  |
 | sample.go:56:18:56:39 | index expression | sample.go:56:11:56:40 | type conversion | provenance |  |
diff --git a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected
index 32c78cc4e9db..ab561322bfcb 100644
--- a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected
+++ b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected
@@ -1,16 +1,16 @@
 edges
-| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | Src:MaD:802 MaD:863 |
-| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:870 |
+| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | Src:MaD:870 MaD:931 |
+| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:938 |
 | go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | provenance |  |
 | go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken | provenance |  |
 | go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken | provenance |  |
-| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance |  Sink:MaD:415 |
-| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:417 |
-| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | Src:MaD:802 MaD:863 |
-| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:870 |
+| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance |  Sink:MaD:439 |
+| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:441 |
+| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | Src:MaD:870 MaD:931 |
+| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:938 |
 | golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | provenance |  |
 | golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance |  |
-| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance |  Sink:MaD:431 |
+| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance |  Sink:MaD:463 |
 nodes
 | go-jose.v3.go:25:16:25:20 | selection of URL | semmle.label | selection of URL |
 | go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query |
diff --git a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
index aea61f57f6b2..1e482d7efd79 100644
--- a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
+++ b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
@@ -12,8 +12,8 @@ edges
 | main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:20:73:27 | redirect | provenance |  |
 | main.go:68:17:68:24 | definition of redirect | main.go:73:20:73:27 | redirect | provenance |  |
 | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | provenance |  |
-| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:891 |
-| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:891 |
+| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:959 |
+| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:959 |
 | main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url | provenance |  |
 | main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | provenance |  |
 | main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 | provenance |  |
diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
index 3d0e867ca97e..f8b4e4ffe4b9 100644
--- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
+++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
@@ -1,19 +1,19 @@
 edges
-| OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance | Src:MaD:797 Config |
-| stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance | Src:MaD:797 Config |
+| OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance | Src:MaD:865 Config |
+| stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance | Src:MaD:865 Config |
 | stdlib.go:13:13:13:32 | call to Get | stdlib.go:15:30:15:35 | target | provenance |  |
-| stdlib.go:22:13:22:18 | selection of Form | stdlib.go:22:13:22:32 | call to Get | provenance | Src:MaD:797 Config |
+| stdlib.go:22:13:22:18 | selection of Form | stdlib.go:22:13:22:32 | call to Get | provenance | Src:MaD:865 Config |
 | stdlib.go:22:13:22:32 | call to Get | stdlib.go:24:30:24:35 | target | provenance |  |
-| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:31:13:31:32 | call to Get | provenance | Src:MaD:797 Config |
+| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:31:13:31:32 | call to Get | provenance | Src:MaD:865 Config |
 | stdlib.go:31:13:31:32 | call to Get | stdlib.go:35:34:35:39 | target | provenance |  |
 | stdlib.go:35:34:35:39 | target | stdlib.go:35:30:35:39 | ...+... | provenance | Config |
-| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:44:13:44:32 | call to Get | provenance | Src:MaD:797 Config |
+| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:44:13:44:32 | call to Get | provenance | Src:MaD:865 Config |
 | stdlib.go:44:13:44:32 | call to Get | stdlib.go:46:23:46:28 | target | provenance |  |
-| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:64:13:64:32 | call to Get | provenance | Src:MaD:797 Config |
+| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:64:13:64:32 | call to Get | provenance | Src:MaD:865 Config |
 | stdlib.go:64:13:64:32 | call to Get | stdlib.go:67:23:67:28 | target | provenance |  |
 | stdlib.go:67:23:67:28 | target | stdlib.go:67:23:67:37 | ...+... | provenance | Config |
 | stdlib.go:67:23:67:37 | ...+... | stdlib.go:67:23:67:40 | ...+... | provenance | Config |
-| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:89:13:89:32 | call to Get | provenance | Src:MaD:797 Config |
+| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:89:13:89:32 | call to Get | provenance | Src:MaD:865 Config |
 | stdlib.go:89:13:89:32 | call to Get | stdlib.go:90:3:90:8 | target | provenance |  |
 | stdlib.go:90:3:90:8 | target | stdlib.go:90:3:90:25 | ... += ... | provenance | Config |
 | stdlib.go:90:3:90:25 | ... += ... | stdlib.go:92:23:92:28 | target | provenance |  |
@@ -28,26 +28,26 @@ edges
 | stdlib.go:112:4:112:4 | r [pointer, URL] | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance |  |
 | stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL | provenance | Config |
 | stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL [pointer] | provenance |  |
-| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance | Src:MaD:802  |
-| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference | provenance | Src:MaD:802 Config |
+| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance | Src:MaD:870  |
+| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference | provenance | Src:MaD:870 Config |
 | stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance |  |
 | stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:8 | implicit dereference | provenance |  |
 | stdlib.go:113:24:113:24 | implicit dereference [URL] | stdlib.go:113:24:113:28 | selection of URL | provenance |  |
 | stdlib.go:113:24:113:24 | r [pointer, URL] | stdlib.go:113:24:113:24 | implicit dereference [URL] | provenance |  |
-| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String | provenance | Src:MaD:802 Config |
-| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:146:13:146:32 | call to Get | provenance | Src:MaD:797 Config |
+| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String | provenance | Src:MaD:870 Config |
+| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:146:13:146:32 | call to Get | provenance | Src:MaD:865 Config |
 | stdlib.go:146:13:146:32 | call to Get | stdlib.go:152:23:152:28 | target | provenance |  |
 | stdlib.go:159:10:159:15 | star expression | stdlib.go:159:11:159:15 | selection of URL | provenance | Config |
 | stdlib.go:159:10:159:15 | star expression | stdlib.go:162:24:162:26 | url | provenance |  |
-| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:159:10:159:15 | star expression | provenance | Src:MaD:802 Config |
+| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:159:10:159:15 | star expression | provenance | Src:MaD:870 Config |
 | stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String | provenance | Config |
-| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | Src:MaD:802 Config |
+| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | Src:MaD:870 Config |
 | stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | Config |
-| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | provenance | Src:MaD:790  |
+| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | provenance | Src:MaD:858  |
 | stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance |  |
 | stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance |  |
 | stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance |  |
-| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:790 Config |
+| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:858 Config |
 | stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | Config |
 | stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | Config |
 | stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | Config |
diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected
index 07c431401623..ecde804ea1d0 100644
--- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected
@@ -1,23 +1,23 @@
 edges
-| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | Src:MaD:800 MaD:775 |
+| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | Src:MaD:868 MaD:843 |
 | EmailBad.go:9:10:9:29 | call to Get | EmailBad.go:12:56:12:67 | type conversion | provenance |  |
-| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:793  |
-| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:793  |
-| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:672 |
-| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:793  |
-| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:793  |
-| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:793  |
+| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:861  |
+| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:861  |
+| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:740 |
+| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:861  |
+| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:861  |
+| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:861  |
 | main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance |  |
-| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:515 |
-| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:793  |
+| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:558 |
+| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:861  |
 | main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance |  |
 | main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance |  |
 | main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance |  |
-| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:515 |
-| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:793  |
-| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:793  |
+| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:558 |
+| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:861  |
+| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:861  |
 | main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance |  |
-| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:515 |
+| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:558 |
 nodes
 | EmailBad.go:9:10:9:17 | selection of Header | semmle.label | selection of Header |
 | EmailBad.go:9:10:9:29 | call to Get | semmle.label | call to Get |
diff --git a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
index 47739bb945b9..0f6f19ab594a 100644
--- a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
@@ -1,155 +1,165 @@
 edges
-| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| XPathInjection.go:13:14:13:35 | call to Get | XPathInjection.go:16:29:16:91 | ...+... | provenance |  |
-| tst.go:34:14:34:19 | selection of Form | tst.go:34:14:34:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:34:14:34:35 | call to Get | tst.go:37:23:37:85 | ...+... | provenance |  |
-| tst.go:34:14:34:35 | call to Get | tst.go:40:24:40:86 | ...+... | provenance |  |
-| tst.go:34:14:34:35 | call to Get | tst.go:43:24:43:82 | ...+... | provenance |  |
-| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:48:14:48:35 | call to Get | tst.go:51:26:51:84 | ...+... | provenance |  |
-| tst.go:48:14:48:35 | call to Get | tst.go:54:29:54:87 | ...+... | provenance |  |
-| tst.go:48:14:48:35 | call to Get | tst.go:57:33:57:91 | ...+... | provenance |  |
-| tst.go:48:14:48:35 | call to Get | tst.go:60:30:60:88 | ...+... | provenance |  |
-| tst.go:65:14:65:19 | selection of Form | tst.go:65:14:65:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:65:14:65:35 | call to Get | tst.go:68:25:68:83 | ...+... | provenance |  |
-| tst.go:65:14:65:35 | call to Get | tst.go:71:28:71:86 | ...+... | provenance |  |
-| tst.go:65:14:65:35 | call to Get | tst.go:74:25:74:83 | ...+... | provenance |  |
-| tst.go:65:14:65:35 | call to Get | tst.go:77:34:77:92 | ...+... | provenance |  |
-| tst.go:65:14:65:35 | call to Get | tst.go:80:32:80:90 | ...+... | provenance |  |
-| tst.go:65:14:65:35 | call to Get | tst.go:83:29:83:87 | ...+... | provenance |  |
-| tst.go:65:14:65:35 | call to Get | tst.go:86:23:86:85 | ...+... | provenance |  |
-| tst.go:65:14:65:35 | call to Get | tst.go:89:22:89:84 | ...+... | provenance |  |
-| tst.go:94:14:94:19 | selection of Form | tst.go:94:14:94:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:94:14:94:35 | call to Get | tst.go:97:26:97:84 | ...+... | provenance |  |
-| tst.go:94:14:94:35 | call to Get | tst.go:100:29:100:87 | ...+... | provenance |  |
-| tst.go:94:14:94:35 | call to Get | tst.go:103:33:103:91 | ...+... | provenance |  |
-| tst.go:94:14:94:35 | call to Get | tst.go:106:30:106:88 | ...+... | provenance |  |
-| tst.go:111:14:111:19 | selection of Form | tst.go:111:14:111:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:111:14:111:35 | call to Get | tst.go:114:25:114:87 | ...+... | provenance |  |
-| tst.go:111:14:111:35 | call to Get | tst.go:117:26:117:88 | ...+... | provenance |  |
-| tst.go:122:14:122:19 | selection of Form | tst.go:122:14:122:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:122:14:122:35 | call to Get | tst.go:126:23:126:126 | ...+... | provenance |  |
-| tst.go:122:14:122:35 | call to Get | tst.go:129:24:129:127 | ...+... | provenance |  |
-| tst.go:122:14:122:35 | call to Get | tst.go:132:27:132:122 | ...+... | provenance |  |
-| tst.go:123:14:123:19 | selection of Form | tst.go:123:14:123:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:123:14:123:35 | call to Get | tst.go:126:23:126:126 | ...+... | provenance |  |
-| tst.go:123:14:123:35 | call to Get | tst.go:129:24:129:127 | ...+... | provenance |  |
-| tst.go:123:14:123:35 | call to Get | tst.go:132:27:132:122 | ...+... | provenance |  |
-| tst.go:140:14:140:19 | selection of Form | tst.go:140:14:140:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:140:14:140:35 | call to Get | tst.go:143:27:143:89 | ...+... | provenance |  |
-| tst.go:140:14:140:35 | call to Get | tst.go:146:28:146:90 | ...+... | provenance |  |
-| tst.go:151:14:151:19 | selection of Form | tst.go:151:14:151:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:151:14:151:35 | call to Get | tst.go:155:33:155:136 | ...+... | provenance |  |
-| tst.go:151:14:151:35 | call to Get | tst.go:158:18:158:121 | ...+... | provenance |  |
-| tst.go:151:14:151:35 | call to Get | tst.go:164:31:164:126 | ...+... | provenance |  |
-| tst.go:151:14:151:35 | call to Get | tst.go:173:21:173:116 | ...+... | provenance |  |
-| tst.go:151:14:151:35 | call to Get | tst.go:182:27:182:122 | ...+... | provenance |  |
-| tst.go:152:14:152:19 | selection of Form | tst.go:152:14:152:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:152:14:152:35 | call to Get | tst.go:155:33:155:136 | ...+... | provenance |  |
-| tst.go:152:14:152:35 | call to Get | tst.go:158:18:158:121 | ...+... | provenance |  |
-| tst.go:152:14:152:35 | call to Get | tst.go:164:31:164:126 | ...+... | provenance |  |
-| tst.go:152:14:152:35 | call to Get | tst.go:173:21:173:116 | ...+... | provenance |  |
-| tst.go:152:14:152:35 | call to Get | tst.go:182:27:182:122 | ...+... | provenance |  |
-| tst.go:193:14:193:19 | selection of Form | tst.go:193:14:193:35 | call to Get | provenance | Src:MaD:797 MaD:870 |
-| tst.go:193:14:193:35 | call to Get | tst.go:198:23:198:85 | ...+... | provenance |  |
+| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| XPathInjection.go:13:14:13:35 | call to Get | XPathInjection.go:16:29:16:91 | ...+... | provenance |  Sink:MaD:322 |
+| tst.go:35:14:35:19 | selection of Form | tst.go:35:14:35:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:35:14:35:35 | call to Get | tst.go:38:23:38:85 | ...+... | provenance |  Sink:MaD:266 |
+| tst.go:35:14:35:35 | call to Get | tst.go:39:29:39:87 | ...+... | provenance |  Sink:MaD:267 |
+| tst.go:35:14:35:35 | call to Get | tst.go:40:24:40:86 | ...+... | provenance |  Sink:MaD:268 |
+| tst.go:35:14:35:35 | call to Get | tst.go:41:24:41:82 | ...+... | provenance |  Sink:MaD:269 |
+| tst.go:46:14:46:19 | selection of Form | tst.go:46:14:46:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:46:14:46:35 | call to Get | tst.go:49:26:49:84 | ...+... | provenance |  Sink:MaD:250 |
+| tst.go:46:14:46:35 | call to Get | tst.go:50:29:50:87 | ...+... | provenance |  Sink:MaD:251 |
+| tst.go:46:14:46:35 | call to Get | tst.go:51:30:51:88 | ...+... | provenance |  Sink:MaD:252 |
+| tst.go:46:14:46:35 | call to Get | tst.go:52:33:52:91 | ...+... | provenance |  Sink:MaD:253 |
+| tst.go:57:14:57:19 | selection of Form | tst.go:57:14:57:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:57:14:57:35 | call to Get | tst.go:60:25:60:83 | ...+... | provenance |  Sink:MaD:258 |
+| tst.go:57:14:57:35 | call to Get | tst.go:61:28:61:86 | ...+... | provenance |  Sink:MaD:259 |
+| tst.go:57:14:57:35 | call to Get | tst.go:62:25:62:83 | ...+... | provenance |  Sink:MaD:260 |
+| tst.go:57:14:57:35 | call to Get | tst.go:63:34:63:92 | ...+... | provenance |  Sink:MaD:261 |
+| tst.go:57:14:57:35 | call to Get | tst.go:64:29:64:87 | ...+... | provenance |  Sink:MaD:262 |
+| tst.go:57:14:57:35 | call to Get | tst.go:65:32:65:90 | ...+... | provenance |  Sink:MaD:263 |
+| tst.go:57:14:57:35 | call to Get | tst.go:66:23:66:85 | ...+... | provenance |  Sink:MaD:265 |
+| tst.go:57:14:57:35 | call to Get | tst.go:67:22:67:84 | ...+... | provenance |  Sink:MaD:264 |
+| tst.go:72:14:72:19 | selection of Form | tst.go:72:14:72:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:72:14:72:35 | call to Get | tst.go:75:26:75:84 | ...+... | provenance |  Sink:MaD:254 |
+| tst.go:72:14:72:35 | call to Get | tst.go:76:29:76:87 | ...+... | provenance |  Sink:MaD:255 |
+| tst.go:72:14:72:35 | call to Get | tst.go:77:30:77:88 | ...+... | provenance |  Sink:MaD:256 |
+| tst.go:72:14:72:35 | call to Get | tst.go:78:33:78:91 | ...+... | provenance |  Sink:MaD:257 |
+| tst.go:83:14:83:19 | selection of Form | tst.go:83:14:83:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:83:14:83:35 | call to Get | tst.go:86:25:86:87 | ...+... | provenance |  Sink:MaD:456 |
+| tst.go:83:14:83:35 | call to Get | tst.go:87:26:87:88 | ...+... | provenance |  Sink:MaD:457 |
+| tst.go:92:14:92:19 | selection of Form | tst.go:92:14:92:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:92:14:92:35 | call to Get | tst.go:96:23:96:126 | ...+... | provenance |  Sink:MaD:323 |
+| tst.go:92:14:92:35 | call to Get | tst.go:97:24:97:127 | ...+... | provenance |  Sink:MaD:322 |
+| tst.go:92:14:92:35 | call to Get | tst.go:98:27:98:122 | ...+... | provenance |  Sink:MaD:324 |
+| tst.go:93:14:93:19 | selection of Form | tst.go:93:14:93:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:93:14:93:35 | call to Get | tst.go:96:23:96:126 | ...+... | provenance |  Sink:MaD:323 |
+| tst.go:93:14:93:35 | call to Get | tst.go:97:24:97:127 | ...+... | provenance |  Sink:MaD:322 |
+| tst.go:93:14:93:35 | call to Get | tst.go:98:27:98:122 | ...+... | provenance |  Sink:MaD:324 |
+| tst.go:106:14:106:19 | selection of Form | tst.go:106:14:106:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:106:14:106:35 | call to Get | tst.go:109:27:109:89 | ...+... | provenance |  Sink:MaD:556 |
+| tst.go:106:14:106:35 | call to Get | tst.go:110:28:110:90 | ...+... | provenance |  Sink:MaD:557 |
+| tst.go:115:14:115:19 | selection of Form | tst.go:115:14:115:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:115:14:115:35 | call to Get | tst.go:119:33:119:136 | ...+... | provenance |  Sink:MaD:483 |
+| tst.go:115:14:115:35 | call to Get | tst.go:120:18:120:121 | ...+... | provenance |  Sink:MaD:484 |
+| tst.go:115:14:115:35 | call to Get | tst.go:121:31:121:126 | ...+... | provenance |  Sink:MaD:485 |
+| tst.go:115:14:115:35 | call to Get | tst.go:122:21:122:116 | ...+... | provenance |  Sink:MaD:486 |
+| tst.go:115:14:115:35 | call to Get | tst.go:123:27:123:122 | ...+... | provenance |  Sink:MaD:487 |
+| tst.go:116:14:116:19 | selection of Form | tst.go:116:14:116:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:116:14:116:35 | call to Get | tst.go:119:33:119:136 | ...+... | provenance |  Sink:MaD:483 |
+| tst.go:116:14:116:35 | call to Get | tst.go:120:18:120:121 | ...+... | provenance |  Sink:MaD:484 |
+| tst.go:116:14:116:35 | call to Get | tst.go:121:31:121:126 | ...+... | provenance |  Sink:MaD:485 |
+| tst.go:116:14:116:35 | call to Get | tst.go:122:21:122:116 | ...+... | provenance |  Sink:MaD:486 |
+| tst.go:116:14:116:35 | call to Get | tst.go:123:27:123:122 | ...+... | provenance |  Sink:MaD:487 |
+| tst.go:139:14:139:19 | selection of Form | tst.go:139:14:139:35 | call to Get | provenance | Src:MaD:865 MaD:938 |
+| tst.go:139:14:139:35 | call to Get | tst.go:144:17:144:87 | type conversion | provenance |  Sink:MaD:515 |
+| tst.go:139:14:139:35 | call to Get | tst.go:145:41:145:103 | ...+... | provenance |  |
+| tst.go:139:14:139:35 | call to Get | tst.go:146:23:146:85 | ...+... | provenance |  Sink:MaD:517 |
+| tst.go:145:41:145:103 | ...+... | tst.go:145:23:145:104 | call to NewReader | provenance | MaD:1034 Sink:MaD:516 |
 nodes
 | XPathInjection.go:13:14:13:19 | selection of Form | semmle.label | selection of Form |
 | XPathInjection.go:13:14:13:35 | call to Get | semmle.label | call to Get |
 | XPathInjection.go:16:29:16:91 | ...+... | semmle.label | ...+... |
-| tst.go:34:14:34:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:34:14:34:35 | call to Get | semmle.label | call to Get |
-| tst.go:37:23:37:85 | ...+... | semmle.label | ...+... |
+| tst.go:35:14:35:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:35:14:35:35 | call to Get | semmle.label | call to Get |
+| tst.go:38:23:38:85 | ...+... | semmle.label | ...+... |
+| tst.go:39:29:39:87 | ...+... | semmle.label | ...+... |
 | tst.go:40:24:40:86 | ...+... | semmle.label | ...+... |
-| tst.go:43:24:43:82 | ...+... | semmle.label | ...+... |
-| tst.go:48:14:48:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:48:14:48:35 | call to Get | semmle.label | call to Get |
-| tst.go:51:26:51:84 | ...+... | semmle.label | ...+... |
-| tst.go:54:29:54:87 | ...+... | semmle.label | ...+... |
-| tst.go:57:33:57:91 | ...+... | semmle.label | ...+... |
-| tst.go:60:30:60:88 | ...+... | semmle.label | ...+... |
-| tst.go:65:14:65:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:65:14:65:35 | call to Get | semmle.label | call to Get |
-| tst.go:68:25:68:83 | ...+... | semmle.label | ...+... |
-| tst.go:71:28:71:86 | ...+... | semmle.label | ...+... |
-| tst.go:74:25:74:83 | ...+... | semmle.label | ...+... |
-| tst.go:77:34:77:92 | ...+... | semmle.label | ...+... |
-| tst.go:80:32:80:90 | ...+... | semmle.label | ...+... |
-| tst.go:83:29:83:87 | ...+... | semmle.label | ...+... |
-| tst.go:86:23:86:85 | ...+... | semmle.label | ...+... |
-| tst.go:89:22:89:84 | ...+... | semmle.label | ...+... |
-| tst.go:94:14:94:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:94:14:94:35 | call to Get | semmle.label | call to Get |
-| tst.go:97:26:97:84 | ...+... | semmle.label | ...+... |
-| tst.go:100:29:100:87 | ...+... | semmle.label | ...+... |
-| tst.go:103:33:103:91 | ...+... | semmle.label | ...+... |
-| tst.go:106:30:106:88 | ...+... | semmle.label | ...+... |
-| tst.go:111:14:111:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:111:14:111:35 | call to Get | semmle.label | call to Get |
-| tst.go:114:25:114:87 | ...+... | semmle.label | ...+... |
-| tst.go:117:26:117:88 | ...+... | semmle.label | ...+... |
-| tst.go:122:14:122:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:122:14:122:35 | call to Get | semmle.label | call to Get |
-| tst.go:123:14:123:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:123:14:123:35 | call to Get | semmle.label | call to Get |
-| tst.go:126:23:126:126 | ...+... | semmle.label | ...+... |
-| tst.go:129:24:129:127 | ...+... | semmle.label | ...+... |
-| tst.go:132:27:132:122 | ...+... | semmle.label | ...+... |
-| tst.go:140:14:140:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:140:14:140:35 | call to Get | semmle.label | call to Get |
-| tst.go:143:27:143:89 | ...+... | semmle.label | ...+... |
-| tst.go:146:28:146:90 | ...+... | semmle.label | ...+... |
-| tst.go:151:14:151:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:151:14:151:35 | call to Get | semmle.label | call to Get |
-| tst.go:152:14:152:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:152:14:152:35 | call to Get | semmle.label | call to Get |
-| tst.go:155:33:155:136 | ...+... | semmle.label | ...+... |
-| tst.go:158:18:158:121 | ...+... | semmle.label | ...+... |
-| tst.go:164:31:164:126 | ...+... | semmle.label | ...+... |
-| tst.go:173:21:173:116 | ...+... | semmle.label | ...+... |
-| tst.go:182:27:182:122 | ...+... | semmle.label | ...+... |
-| tst.go:193:14:193:19 | selection of Form | semmle.label | selection of Form |
-| tst.go:193:14:193:35 | call to Get | semmle.label | call to Get |
-| tst.go:198:23:198:85 | ...+... | semmle.label | ...+... |
+| tst.go:41:24:41:82 | ...+... | semmle.label | ...+... |
+| tst.go:46:14:46:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:46:14:46:35 | call to Get | semmle.label | call to Get |
+| tst.go:49:26:49:84 | ...+... | semmle.label | ...+... |
+| tst.go:50:29:50:87 | ...+... | semmle.label | ...+... |
+| tst.go:51:30:51:88 | ...+... | semmle.label | ...+... |
+| tst.go:52:33:52:91 | ...+... | semmle.label | ...+... |
+| tst.go:57:14:57:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:57:14:57:35 | call to Get | semmle.label | call to Get |
+| tst.go:60:25:60:83 | ...+... | semmle.label | ...+... |
+| tst.go:61:28:61:86 | ...+... | semmle.label | ...+... |
+| tst.go:62:25:62:83 | ...+... | semmle.label | ...+... |
+| tst.go:63:34:63:92 | ...+... | semmle.label | ...+... |
+| tst.go:64:29:64:87 | ...+... | semmle.label | ...+... |
+| tst.go:65:32:65:90 | ...+... | semmle.label | ...+... |
+| tst.go:66:23:66:85 | ...+... | semmle.label | ...+... |
+| tst.go:67:22:67:84 | ...+... | semmle.label | ...+... |
+| tst.go:72:14:72:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:72:14:72:35 | call to Get | semmle.label | call to Get |
+| tst.go:75:26:75:84 | ...+... | semmle.label | ...+... |
+| tst.go:76:29:76:87 | ...+... | semmle.label | ...+... |
+| tst.go:77:30:77:88 | ...+... | semmle.label | ...+... |
+| tst.go:78:33:78:91 | ...+... | semmle.label | ...+... |
+| tst.go:83:14:83:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:83:14:83:35 | call to Get | semmle.label | call to Get |
+| tst.go:86:25:86:87 | ...+... | semmle.label | ...+... |
+| tst.go:87:26:87:88 | ...+... | semmle.label | ...+... |
+| tst.go:92:14:92:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:92:14:92:35 | call to Get | semmle.label | call to Get |
+| tst.go:93:14:93:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:93:14:93:35 | call to Get | semmle.label | call to Get |
+| tst.go:96:23:96:126 | ...+... | semmle.label | ...+... |
+| tst.go:97:24:97:127 | ...+... | semmle.label | ...+... |
+| tst.go:98:27:98:122 | ...+... | semmle.label | ...+... |
+| tst.go:106:14:106:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:106:14:106:35 | call to Get | semmle.label | call to Get |
+| tst.go:109:27:109:89 | ...+... | semmle.label | ...+... |
+| tst.go:110:28:110:90 | ...+... | semmle.label | ...+... |
+| tst.go:115:14:115:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:115:14:115:35 | call to Get | semmle.label | call to Get |
+| tst.go:116:14:116:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:116:14:116:35 | call to Get | semmle.label | call to Get |
+| tst.go:119:33:119:136 | ...+... | semmle.label | ...+... |
+| tst.go:120:18:120:121 | ...+... | semmle.label | ...+... |
+| tst.go:121:31:121:126 | ...+... | semmle.label | ...+... |
+| tst.go:122:21:122:116 | ...+... | semmle.label | ...+... |
+| tst.go:123:27:123:122 | ...+... | semmle.label | ...+... |
+| tst.go:139:14:139:19 | selection of Form | semmle.label | selection of Form |
+| tst.go:139:14:139:35 | call to Get | semmle.label | call to Get |
+| tst.go:144:17:144:87 | type conversion | semmle.label | type conversion |
+| tst.go:145:23:145:104 | call to NewReader | semmle.label | call to NewReader |
+| tst.go:145:41:145:103 | ...+... | semmle.label | ...+... |
+| tst.go:146:23:146:85 | ...+... | semmle.label | ...+... |
 subpaths
 #select
 | XPathInjection.go:16:29:16:91 | ...+... | XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:16:29:16:91 | ...+... | XPath expression depends on a $@. | XPathInjection.go:13:14:13:19 | selection of Form | user-provided value |
-| tst.go:37:23:37:85 | ...+... | tst.go:34:14:34:19 | selection of Form | tst.go:37:23:37:85 | ...+... | XPath expression depends on a $@. | tst.go:34:14:34:19 | selection of Form | user-provided value |
-| tst.go:40:24:40:86 | ...+... | tst.go:34:14:34:19 | selection of Form | tst.go:40:24:40:86 | ...+... | XPath expression depends on a $@. | tst.go:34:14:34:19 | selection of Form | user-provided value |
-| tst.go:43:24:43:82 | ...+... | tst.go:34:14:34:19 | selection of Form | tst.go:43:24:43:82 | ...+... | XPath expression depends on a $@. | tst.go:34:14:34:19 | selection of Form | user-provided value |
-| tst.go:51:26:51:84 | ...+... | tst.go:48:14:48:19 | selection of Form | tst.go:51:26:51:84 | ...+... | XPath expression depends on a $@. | tst.go:48:14:48:19 | selection of Form | user-provided value |
-| tst.go:54:29:54:87 | ...+... | tst.go:48:14:48:19 | selection of Form | tst.go:54:29:54:87 | ...+... | XPath expression depends on a $@. | tst.go:48:14:48:19 | selection of Form | user-provided value |
-| tst.go:57:33:57:91 | ...+... | tst.go:48:14:48:19 | selection of Form | tst.go:57:33:57:91 | ...+... | XPath expression depends on a $@. | tst.go:48:14:48:19 | selection of Form | user-provided value |
-| tst.go:60:30:60:88 | ...+... | tst.go:48:14:48:19 | selection of Form | tst.go:60:30:60:88 | ...+... | XPath expression depends on a $@. | tst.go:48:14:48:19 | selection of Form | user-provided value |
-| tst.go:68:25:68:83 | ...+... | tst.go:65:14:65:19 | selection of Form | tst.go:68:25:68:83 | ...+... | XPath expression depends on a $@. | tst.go:65:14:65:19 | selection of Form | user-provided value |
-| tst.go:71:28:71:86 | ...+... | tst.go:65:14:65:19 | selection of Form | tst.go:71:28:71:86 | ...+... | XPath expression depends on a $@. | tst.go:65:14:65:19 | selection of Form | user-provided value |
-| tst.go:74:25:74:83 | ...+... | tst.go:65:14:65:19 | selection of Form | tst.go:74:25:74:83 | ...+... | XPath expression depends on a $@. | tst.go:65:14:65:19 | selection of Form | user-provided value |
-| tst.go:77:34:77:92 | ...+... | tst.go:65:14:65:19 | selection of Form | tst.go:77:34:77:92 | ...+... | XPath expression depends on a $@. | tst.go:65:14:65:19 | selection of Form | user-provided value |
-| tst.go:80:32:80:90 | ...+... | tst.go:65:14:65:19 | selection of Form | tst.go:80:32:80:90 | ...+... | XPath expression depends on a $@. | tst.go:65:14:65:19 | selection of Form | user-provided value |
-| tst.go:83:29:83:87 | ...+... | tst.go:65:14:65:19 | selection of Form | tst.go:83:29:83:87 | ...+... | XPath expression depends on a $@. | tst.go:65:14:65:19 | selection of Form | user-provided value |
-| tst.go:86:23:86:85 | ...+... | tst.go:65:14:65:19 | selection of Form | tst.go:86:23:86:85 | ...+... | XPath expression depends on a $@. | tst.go:65:14:65:19 | selection of Form | user-provided value |
-| tst.go:89:22:89:84 | ...+... | tst.go:65:14:65:19 | selection of Form | tst.go:89:22:89:84 | ...+... | XPath expression depends on a $@. | tst.go:65:14:65:19 | selection of Form | user-provided value |
-| tst.go:97:26:97:84 | ...+... | tst.go:94:14:94:19 | selection of Form | tst.go:97:26:97:84 | ...+... | XPath expression depends on a $@. | tst.go:94:14:94:19 | selection of Form | user-provided value |
-| tst.go:100:29:100:87 | ...+... | tst.go:94:14:94:19 | selection of Form | tst.go:100:29:100:87 | ...+... | XPath expression depends on a $@. | tst.go:94:14:94:19 | selection of Form | user-provided value |
-| tst.go:103:33:103:91 | ...+... | tst.go:94:14:94:19 | selection of Form | tst.go:103:33:103:91 | ...+... | XPath expression depends on a $@. | tst.go:94:14:94:19 | selection of Form | user-provided value |
-| tst.go:106:30:106:88 | ...+... | tst.go:94:14:94:19 | selection of Form | tst.go:106:30:106:88 | ...+... | XPath expression depends on a $@. | tst.go:94:14:94:19 | selection of Form | user-provided value |
-| tst.go:114:25:114:87 | ...+... | tst.go:111:14:111:19 | selection of Form | tst.go:114:25:114:87 | ...+... | XPath expression depends on a $@. | tst.go:111:14:111:19 | selection of Form | user-provided value |
-| tst.go:117:26:117:88 | ...+... | tst.go:111:14:111:19 | selection of Form | tst.go:117:26:117:88 | ...+... | XPath expression depends on a $@. | tst.go:111:14:111:19 | selection of Form | user-provided value |
-| tst.go:126:23:126:126 | ...+... | tst.go:122:14:122:19 | selection of Form | tst.go:126:23:126:126 | ...+... | XPath expression depends on a $@. | tst.go:122:14:122:19 | selection of Form | user-provided value |
-| tst.go:126:23:126:126 | ...+... | tst.go:123:14:123:19 | selection of Form | tst.go:126:23:126:126 | ...+... | XPath expression depends on a $@. | tst.go:123:14:123:19 | selection of Form | user-provided value |
-| tst.go:129:24:129:127 | ...+... | tst.go:122:14:122:19 | selection of Form | tst.go:129:24:129:127 | ...+... | XPath expression depends on a $@. | tst.go:122:14:122:19 | selection of Form | user-provided value |
-| tst.go:129:24:129:127 | ...+... | tst.go:123:14:123:19 | selection of Form | tst.go:129:24:129:127 | ...+... | XPath expression depends on a $@. | tst.go:123:14:123:19 | selection of Form | user-provided value |
-| tst.go:132:27:132:122 | ...+... | tst.go:122:14:122:19 | selection of Form | tst.go:132:27:132:122 | ...+... | XPath expression depends on a $@. | tst.go:122:14:122:19 | selection of Form | user-provided value |
-| tst.go:132:27:132:122 | ...+... | tst.go:123:14:123:19 | selection of Form | tst.go:132:27:132:122 | ...+... | XPath expression depends on a $@. | tst.go:123:14:123:19 | selection of Form | user-provided value |
-| tst.go:143:27:143:89 | ...+... | tst.go:140:14:140:19 | selection of Form | tst.go:143:27:143:89 | ...+... | XPath expression depends on a $@. | tst.go:140:14:140:19 | selection of Form | user-provided value |
-| tst.go:146:28:146:90 | ...+... | tst.go:140:14:140:19 | selection of Form | tst.go:146:28:146:90 | ...+... | XPath expression depends on a $@. | tst.go:140:14:140:19 | selection of Form | user-provided value |
-| tst.go:155:33:155:136 | ...+... | tst.go:151:14:151:19 | selection of Form | tst.go:155:33:155:136 | ...+... | XPath expression depends on a $@. | tst.go:151:14:151:19 | selection of Form | user-provided value |
-| tst.go:155:33:155:136 | ...+... | tst.go:152:14:152:19 | selection of Form | tst.go:155:33:155:136 | ...+... | XPath expression depends on a $@. | tst.go:152:14:152:19 | selection of Form | user-provided value |
-| tst.go:158:18:158:121 | ...+... | tst.go:151:14:151:19 | selection of Form | tst.go:158:18:158:121 | ...+... | XPath expression depends on a $@. | tst.go:151:14:151:19 | selection of Form | user-provided value |
-| tst.go:158:18:158:121 | ...+... | tst.go:152:14:152:19 | selection of Form | tst.go:158:18:158:121 | ...+... | XPath expression depends on a $@. | tst.go:152:14:152:19 | selection of Form | user-provided value |
-| tst.go:164:31:164:126 | ...+... | tst.go:151:14:151:19 | selection of Form | tst.go:164:31:164:126 | ...+... | XPath expression depends on a $@. | tst.go:151:14:151:19 | selection of Form | user-provided value |
-| tst.go:164:31:164:126 | ...+... | tst.go:152:14:152:19 | selection of Form | tst.go:164:31:164:126 | ...+... | XPath expression depends on a $@. | tst.go:152:14:152:19 | selection of Form | user-provided value |
-| tst.go:173:21:173:116 | ...+... | tst.go:151:14:151:19 | selection of Form | tst.go:173:21:173:116 | ...+... | XPath expression depends on a $@. | tst.go:151:14:151:19 | selection of Form | user-provided value |
-| tst.go:173:21:173:116 | ...+... | tst.go:152:14:152:19 | selection of Form | tst.go:173:21:173:116 | ...+... | XPath expression depends on a $@. | tst.go:152:14:152:19 | selection of Form | user-provided value |
-| tst.go:182:27:182:122 | ...+... | tst.go:151:14:151:19 | selection of Form | tst.go:182:27:182:122 | ...+... | XPath expression depends on a $@. | tst.go:151:14:151:19 | selection of Form | user-provided value |
-| tst.go:182:27:182:122 | ...+... | tst.go:152:14:152:19 | selection of Form | tst.go:182:27:182:122 | ...+... | XPath expression depends on a $@. | tst.go:152:14:152:19 | selection of Form | user-provided value |
-| tst.go:198:23:198:85 | ...+... | tst.go:193:14:193:19 | selection of Form | tst.go:198:23:198:85 | ...+... | XPath expression depends on a $@. | tst.go:193:14:193:19 | selection of Form | user-provided value |
+| tst.go:38:23:38:85 | ...+... | tst.go:35:14:35:19 | selection of Form | tst.go:38:23:38:85 | ...+... | XPath expression depends on a $@. | tst.go:35:14:35:19 | selection of Form | user-provided value |
+| tst.go:39:29:39:87 | ...+... | tst.go:35:14:35:19 | selection of Form | tst.go:39:29:39:87 | ...+... | XPath expression depends on a $@. | tst.go:35:14:35:19 | selection of Form | user-provided value |
+| tst.go:40:24:40:86 | ...+... | tst.go:35:14:35:19 | selection of Form | tst.go:40:24:40:86 | ...+... | XPath expression depends on a $@. | tst.go:35:14:35:19 | selection of Form | user-provided value |
+| tst.go:41:24:41:82 | ...+... | tst.go:35:14:35:19 | selection of Form | tst.go:41:24:41:82 | ...+... | XPath expression depends on a $@. | tst.go:35:14:35:19 | selection of Form | user-provided value |
+| tst.go:49:26:49:84 | ...+... | tst.go:46:14:46:19 | selection of Form | tst.go:49:26:49:84 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
+| tst.go:50:29:50:87 | ...+... | tst.go:46:14:46:19 | selection of Form | tst.go:50:29:50:87 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
+| tst.go:51:30:51:88 | ...+... | tst.go:46:14:46:19 | selection of Form | tst.go:51:30:51:88 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
+| tst.go:52:33:52:91 | ...+... | tst.go:46:14:46:19 | selection of Form | tst.go:52:33:52:91 | ...+... | XPath expression depends on a $@. | tst.go:46:14:46:19 | selection of Form | user-provided value |
+| tst.go:60:25:60:83 | ...+... | tst.go:57:14:57:19 | selection of Form | tst.go:60:25:60:83 | ...+... | XPath expression depends on a $@. | tst.go:57:14:57:19 | selection of Form | user-provided value |
+| tst.go:61:28:61:86 | ...+... | tst.go:57:14:57:19 | selection of Form | tst.go:61:28:61:86 | ...+... | XPath expression depends on a $@. | tst.go:57:14:57:19 | selection of Form | user-provided value |
+| tst.go:62:25:62:83 | ...+... | tst.go:57:14:57:19 | selection of Form | tst.go:62:25:62:83 | ...+... | XPath expression depends on a $@. | tst.go:57:14:57:19 | selection of Form | user-provided value |
+| tst.go:63:34:63:92 | ...+... | tst.go:57:14:57:19 | selection of Form | tst.go:63:34:63:92 | ...+... | XPath expression depends on a $@. | tst.go:57:14:57:19 | selection of Form | user-provided value |
+| tst.go:64:29:64:87 | ...+... | tst.go:57:14:57:19 | selection of Form | tst.go:64:29:64:87 | ...+... | XPath expression depends on a $@. | tst.go:57:14:57:19 | selection of Form | user-provided value |
+| tst.go:65:32:65:90 | ...+... | tst.go:57:14:57:19 | selection of Form | tst.go:65:32:65:90 | ...+... | XPath expression depends on a $@. | tst.go:57:14:57:19 | selection of Form | user-provided value |
+| tst.go:66:23:66:85 | ...+... | tst.go:57:14:57:19 | selection of Form | tst.go:66:23:66:85 | ...+... | XPath expression depends on a $@. | tst.go:57:14:57:19 | selection of Form | user-provided value |
+| tst.go:67:22:67:84 | ...+... | tst.go:57:14:57:19 | selection of Form | tst.go:67:22:67:84 | ...+... | XPath expression depends on a $@. | tst.go:57:14:57:19 | selection of Form | user-provided value |
+| tst.go:75:26:75:84 | ...+... | tst.go:72:14:72:19 | selection of Form | tst.go:75:26:75:84 | ...+... | XPath expression depends on a $@. | tst.go:72:14:72:19 | selection of Form | user-provided value |
+| tst.go:76:29:76:87 | ...+... | tst.go:72:14:72:19 | selection of Form | tst.go:76:29:76:87 | ...+... | XPath expression depends on a $@. | tst.go:72:14:72:19 | selection of Form | user-provided value |
+| tst.go:77:30:77:88 | ...+... | tst.go:72:14:72:19 | selection of Form | tst.go:77:30:77:88 | ...+... | XPath expression depends on a $@. | tst.go:72:14:72:19 | selection of Form | user-provided value |
+| tst.go:78:33:78:91 | ...+... | tst.go:72:14:72:19 | selection of Form | tst.go:78:33:78:91 | ...+... | XPath expression depends on a $@. | tst.go:72:14:72:19 | selection of Form | user-provided value |
+| tst.go:86:25:86:87 | ...+... | tst.go:83:14:83:19 | selection of Form | tst.go:86:25:86:87 | ...+... | XPath expression depends on a $@. | tst.go:83:14:83:19 | selection of Form | user-provided value |
+| tst.go:87:26:87:88 | ...+... | tst.go:83:14:83:19 | selection of Form | tst.go:87:26:87:88 | ...+... | XPath expression depends on a $@. | tst.go:83:14:83:19 | selection of Form | user-provided value |
+| tst.go:96:23:96:126 | ...+... | tst.go:92:14:92:19 | selection of Form | tst.go:96:23:96:126 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
+| tst.go:96:23:96:126 | ...+... | tst.go:93:14:93:19 | selection of Form | tst.go:96:23:96:126 | ...+... | XPath expression depends on a $@. | tst.go:93:14:93:19 | selection of Form | user-provided value |
+| tst.go:97:24:97:127 | ...+... | tst.go:92:14:92:19 | selection of Form | tst.go:97:24:97:127 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
+| tst.go:97:24:97:127 | ...+... | tst.go:93:14:93:19 | selection of Form | tst.go:97:24:97:127 | ...+... | XPath expression depends on a $@. | tst.go:93:14:93:19 | selection of Form | user-provided value |
+| tst.go:98:27:98:122 | ...+... | tst.go:92:14:92:19 | selection of Form | tst.go:98:27:98:122 | ...+... | XPath expression depends on a $@. | tst.go:92:14:92:19 | selection of Form | user-provided value |
+| tst.go:98:27:98:122 | ...+... | tst.go:93:14:93:19 | selection of Form | tst.go:98:27:98:122 | ...+... | XPath expression depends on a $@. | tst.go:93:14:93:19 | selection of Form | user-provided value |
+| tst.go:109:27:109:89 | ...+... | tst.go:106:14:106:19 | selection of Form | tst.go:109:27:109:89 | ...+... | XPath expression depends on a $@. | tst.go:106:14:106:19 | selection of Form | user-provided value |
+| tst.go:110:28:110:90 | ...+... | tst.go:106:14:106:19 | selection of Form | tst.go:110:28:110:90 | ...+... | XPath expression depends on a $@. | tst.go:106:14:106:19 | selection of Form | user-provided value |
+| tst.go:119:33:119:136 | ...+... | tst.go:115:14:115:19 | selection of Form | tst.go:119:33:119:136 | ...+... | XPath expression depends on a $@. | tst.go:115:14:115:19 | selection of Form | user-provided value |
+| tst.go:119:33:119:136 | ...+... | tst.go:116:14:116:19 | selection of Form | tst.go:119:33:119:136 | ...+... | XPath expression depends on a $@. | tst.go:116:14:116:19 | selection of Form | user-provided value |
+| tst.go:120:18:120:121 | ...+... | tst.go:115:14:115:19 | selection of Form | tst.go:120:18:120:121 | ...+... | XPath expression depends on a $@. | tst.go:115:14:115:19 | selection of Form | user-provided value |
+| tst.go:120:18:120:121 | ...+... | tst.go:116:14:116:19 | selection of Form | tst.go:120:18:120:121 | ...+... | XPath expression depends on a $@. | tst.go:116:14:116:19 | selection of Form | user-provided value |
+| tst.go:121:31:121:126 | ...+... | tst.go:115:14:115:19 | selection of Form | tst.go:121:31:121:126 | ...+... | XPath expression depends on a $@. | tst.go:115:14:115:19 | selection of Form | user-provided value |
+| tst.go:121:31:121:126 | ...+... | tst.go:116:14:116:19 | selection of Form | tst.go:121:31:121:126 | ...+... | XPath expression depends on a $@. | tst.go:116:14:116:19 | selection of Form | user-provided value |
+| tst.go:122:21:122:116 | ...+... | tst.go:115:14:115:19 | selection of Form | tst.go:122:21:122:116 | ...+... | XPath expression depends on a $@. | tst.go:115:14:115:19 | selection of Form | user-provided value |
+| tst.go:122:21:122:116 | ...+... | tst.go:116:14:116:19 | selection of Form | tst.go:122:21:122:116 | ...+... | XPath expression depends on a $@. | tst.go:116:14:116:19 | selection of Form | user-provided value |
+| tst.go:123:27:123:122 | ...+... | tst.go:115:14:115:19 | selection of Form | tst.go:123:27:123:122 | ...+... | XPath expression depends on a $@. | tst.go:115:14:115:19 | selection of Form | user-provided value |
+| tst.go:123:27:123:122 | ...+... | tst.go:116:14:116:19 | selection of Form | tst.go:123:27:123:122 | ...+... | XPath expression depends on a $@. | tst.go:116:14:116:19 | selection of Form | user-provided value |
+| tst.go:144:17:144:87 | type conversion | tst.go:139:14:139:19 | selection of Form | tst.go:144:17:144:87 | type conversion | XPath expression depends on a $@. | tst.go:139:14:139:19 | selection of Form | user-provided value |
+| tst.go:146:23:146:85 | ...+... | tst.go:139:14:139:19 | selection of Form | tst.go:146:23:146:85 | ...+... | XPath expression depends on a $@. | tst.go:139:14:139:19 | selection of Form | user-provided value |
diff --git a/go/ql/test/query-tests/Security/CWE-643/tst.go b/go/ql/test/query-tests/Security/CWE-643/tst.go
index 87ce0e4b6e1d..d3fc98b41a78 100644
--- a/go/ql/test/query-tests/Security/CWE-643/tst.go
+++ b/go/ql/test/query-tests/Security/CWE-643/tst.go
@@ -5,7 +5,7 @@ package main
 //go:generate depstubber -vendor github.com/antchfx/htmlquery "" Find,FindOne,QueryAll,Query
 //go:generate depstubber -vendor github.com/antchfx/jsonquery Node Find,FindOne,QueryAll,Query
 //go:generate depstubber -vendor github.com/antchfx/xmlquery Node Find,FindOne,FindEach,FindEachWithBreak,QueryAll,Query
-//go:generate depstubber -vendor github.com/antchfx/xpath "" Compile,MustCompile,Select
+//go:generate depstubber -vendor github.com/antchfx/xpath "" Compile,CompileWithNS,MustCompile,Select
 //go:generate depstubber -vendor github.com/go-xmlpath/xmlpath "" Compile,MustCompile
 //go:generate depstubber -vendor github.com/jbowtie/gokogiri/xml Node
 //go:generate depstubber -vendor github.com/jbowtie/gokogiri/xpath "" Compile
@@ -14,6 +14,7 @@ package main
 
 import (
 	"net/http"
+	"strings"
 
 	"github.com/ChrisTrenkamp/goxpath"
 	"github.com/antchfx/htmlquery"
@@ -35,11 +36,8 @@ func testAntchfxXpath(r *http.Request) {
 
 	// BAD: User input used directly in an XPath expression
 	_, _ = xpath.Compile("//users/user[login/text()='" + username + "']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
+	_, _ = xpath.CompileWithNS("//users/user[login/text()='"+username+"']/home_dir/text()", make(map[string]string))
 	_ = xpath.MustCompile("//users/user[login/text()='" + username + "']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_ = xpath.Select(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
 }
 
@@ -49,15 +47,9 @@ func testAntchfxHtmlquery(r *http.Request) {
 
 	// BAD: User input used directly in an XPath expression
 	_ = htmlquery.Find(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_ = htmlquery.FindOne(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
-	_, _ = htmlquery.QueryAll(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_, _ = htmlquery.Query(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
+	_, _ = htmlquery.QueryAll(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
 }
 
 func testAntchfxXmlquery(r *http.Request, n *xmlquery.Node) {
@@ -66,26 +58,12 @@ func testAntchfxXmlquery(r *http.Request, n *xmlquery.Node) {
 
 	// BAD: User input used directly in an XPath expression
 	_ = xmlquery.Find(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_ = xmlquery.FindOne(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	xmlquery.FindEach(nil, "//users/user[login/text()='"+username+"']/home_dir/text()", nil)
-
-	// BAD: User input used directly in an XPath expression
 	xmlquery.FindEachWithBreak(nil, "//users/user[login/text()='"+username+"']/home_dir/text()", nil)
-
-	// BAD: User input used directly in an XPath expression
-	_, _ = xmlquery.QueryAll(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_, _ = xmlquery.Query(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
+	_, _ = xmlquery.QueryAll(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
 	_ = n.SelectElements("//users/user[login/text()='" + username + "']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_ = n.SelectElement("//users/user[login/text()='" + username + "']/home_dir/text()")
 }
 
@@ -95,15 +73,9 @@ func testAntchfxJsonquery(r *http.Request) {
 
 	// BAD: User input used directly in an XPath expression
 	_ = jsonquery.Find(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_ = jsonquery.FindOne(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
-	_, _ = jsonquery.QueryAll(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_, _ = jsonquery.Query(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
+	_, _ = jsonquery.QueryAll(nil, "//users/user[login/text()='"+username+"']/home_dir/text()")
 }
 
 func testGoXmlpathXmlpath(r *http.Request) {
@@ -112,8 +84,6 @@ func testGoXmlpathXmlpath(r *http.Request) {
 
 	// BAD: User input used directly in an XPath expression
 	_, _ = xmlpath.Compile("//users/user[login/text()='" + username + "']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_ = xmlpath.MustCompile("//users/user[login/text()='" + username + "']/home_dir/text()")
 }
 
@@ -124,11 +94,7 @@ func testChrisTrenkampGoxpath(r *http.Request) {
 
 	// BAD: User input used directly in an XPath expression
 	_, _ = goxpath.Parse("//users/user[login/text()='" + username + "' and password/text() = '" + password + "']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_ = goxpath.MustParse("//users/user[login/text()='" + username + "' and password/text() = '" + password + "']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_, _ = goxpath.ParseExec("//users/user[login/text()='"+username+"' and password/text() = '"+password+"']/home_dir/text()", nil)
 
 	// GOOD: Uses parameters to avoid including user input directly in XPath expression
@@ -141,8 +107,6 @@ func testSanthoshTekuriXpathparser(r *http.Request) {
 
 	// BAD: User input used directly in an XPath expression
 	_, _ = xpathparser.Parse("//users/user[login/text()='" + username + "']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_ = xpathparser.MustParse("//users/user[login/text()='" + username + "']/home_dir/text()")
 }
 
@@ -153,39 +117,21 @@ func testJbowtieGokogiri(r *http.Request, n gokogiriXml.Node) {
 
 	// BAD: User input used directly in an XPath expression
 	xpath := gokogiriXpath.Compile("//users/user[login/text()='" + username + "' and password/text() = '" + password + "']/home_dir/text()")
-
-	// BAD: User input used directly in an XPath expression
 	_, _ = n.Search("//users/user[login/text()='" + username + "' and password/text() = '" + password + "']/home_dir/text()")
-
-	// OK: This is not flagged, since the creation of `xpath` is already flagged.
-	_, _ = n.Search(xpath)
-
-	// BAD: User input used directly in an XPath expression
 	_, _ = n.SearchWithVariables("//users/user[login/text()='"+username+"' and password/text() = '"+password+"']/home_dir/text()", nil)
-
-	// GOOD: Uses parameters to avoid including user input directly in XPath expression
-	_, _ = n.SearchWithVariables("//users/user[login/text()=$username and password/text() = $password]/home_dir/text()", nil)
-
-	// OK: This is not flagged, since the creation of `xpath` is already flagged.
-	_, _ = n.SearchWithVariables(xpath, nil)
-
-	// BAD: User input used directly in an XPath expression
 	_, _ = n.EvalXPath("//users/user[login/text()='"+username+"' and password/text() = '"+password+"']/home_dir/text()", nil)
+	_ = n.EvalXPathAsBoolean("//users/user[login/text()='"+username+"' and password/text() = '"+password+"']/home_dir/text()", nil)
 
-	// GOOD: Uses parameters to avoid including user input directly in XPath expression
-	_, _ = n.EvalXPath("//users/user[login/text()=$username and password/text() = $password]/home_dir/text()", nil)
-
-	// OK: This is not flagged, since the creation of `xpath` is already flagged.
+	// OK: Not flagged, since the creation of `xpath` is already flagged.
+	_, _ = n.Search(xpath)
+	_, _ = n.SearchWithVariables(xpath, nil)
 	_, _ = n.EvalXPath(xpath, nil)
-
-	// BAD: User input used directly in an XPath expression
-	_ = n.EvalXPathAsBoolean("//users/user[login/text()='"+username+"' and password/text() = '"+password+"']/home_dir/text()", nil)
+	_ = n.EvalXPathAsBoolean(xpath, nil)
 
 	// GOOD: Uses parameters to avoid including user input directly in XPath expression
+	_, _ = n.SearchWithVariables("//users/user[login/text()=$username and password/text() = $password]/home_dir/text()", nil)
+	_, _ = n.EvalXPath("//users/user[login/text()=$username and password/text() = $password]/home_dir/text()", nil)
 	_ = n.EvalXPathAsBoolean("//users/user[login/text()=$username and password/text() = $password]/home_dir/text()", nil)
-
-	// OK: This is not flagged, since the creation of `xpath` is already flagged.
-	_ = n.EvalXPathAsBoolean(xpath, nil)
 }
 
 func testLestratGoLibxml2(r *http.Request) {
@@ -195,5 +141,7 @@ func testLestratGoLibxml2(r *http.Request) {
 	p := parser.New(parser.XMLParseNoEnt)
 
 	// BAD: User input used directly in an XPath expression
+	_, _ = p.Parse([]byte("//users/user[login/text()='" + username + "']/home_dir/text()"))
+	_, _ = p.ParseReader(strings.NewReader("//users/user[login/text()='" + username + "']/home_dir/text()"))
 	_, _ = p.ParseString("//users/user[login/text()='" + username + "']/home_dir/text()")
 }
diff --git a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/xpath/stub.go b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/xpath/stub.go
index d470abbed9d0..782120b8a837 100644
--- a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/xpath/stub.go
+++ b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/xpath/stub.go
@@ -13,6 +13,10 @@ func Compile(_ string) (*Expr, error) {
 	return nil, nil
 }
 
+func CompileWithNS(_ string, _ map[string]string) (*Expr, error) {
+	return nil, nil
+}
+
 type Expr struct{}
 
 func (_ *Expr) Evaluate(_ NodeNavigator) interface{} {
diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
index f575ad436dcf..6cd887fa6102 100644
--- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
+++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
@@ -1,12 +1,12 @@
 edges
-| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:790  |
-| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:790  |
-| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:790  |
-| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | provenance | Src:MaD:790  |
-| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | provenance | Src:MaD:790  |
-| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | provenance | Src:MaD:790  |
-| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | provenance | Src:MaD:790  |
-| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:17 | tainted | provenance | Src:MaD:790  |
+| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:858  |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:858  |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:858  |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | provenance | Src:MaD:858  |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | provenance | Src:MaD:858  |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | provenance | Src:MaD:858  |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | provenance | Src:MaD:858  |
+| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:17 | tainted | provenance | Src:MaD:858  |
 | tst.go:35:2:35:2 | definition of u [pointer] | tst.go:36:2:36:2 | u [pointer] | provenance |  |
 | tst.go:36:2:36:2 | implicit dereference | tst.go:35:2:35:2 | definition of u [pointer] | provenance |  |
 | tst.go:36:2:36:2 | implicit dereference | tst.go:36:2:36:2 | u | provenance |  |
@@ -18,15 +18,15 @@ edges
 | tst.go:36:11:36:17 | tainted | tst.go:36:2:36:2 | u | provenance | Config |
 | tst.go:36:11:36:17 | tainted | tst.go:37:11:37:11 | u | provenance | Config |
 | tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String | provenance | MaD:238 |
-| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:793  |
-| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:793  |
-| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:793  |
-| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:793  |
-| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:793  |
-| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:793  |
-| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:793  |
-| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:793  |
-| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:793  |
+| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:861  |
+| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:861  |
+| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:861  |
+| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:861  |
+| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:861  |
+| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:861  |
+| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:861  |
+| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:861  |
+| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:861  |
 nodes
 | RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue |
 | RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... |
diff --git a/shared/mad/codeql/mad/ModelValidation.qll b/shared/mad/codeql/mad/ModelValidation.qll
index bd2c497ea4c2..7bfdc69b5692 100644
--- a/shared/mad/codeql/mad/ModelValidation.qll
+++ b/shared/mad/codeql/mad/ModelValidation.qll
@@ -52,7 +52,9 @@ module KindValidation<KindValidationConfigSig Config> {
           // Java-only currently, but may be shared in the future
           "regex-use%",
           // Swift-only currently, but may be shared in the future
-          "%string-%length", "weak-hash-input-%"
+          "%string-%length", "weak-hash-input-%",
+          // Go-only currently, but may be shared in the future
+          "request-forgery%"
         ])
     }
   }