github
diff --git a/‎javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll
Lines changed: 1 addition & 0 deletions b/‎javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll
Lines changed: 1 addition & 0 deletions
diff --git a/‎javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
Lines changed: 22 additions & 1 deletion b/‎javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
Lines changed: 22 additions & 1 deletion
diff --git a/‎javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/CountAlertsAndEndpoints.ql
Lines changed: 7 additions & 6 deletions b/‎javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/CountAlertsAndEndpoints.ql
Lines changed: 7 additions & 6 deletions
diff --git a/‎javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/experimental/adaptivethreatmodeling/test/.gitignore
Lines changed: 2 additions & 1 deletion b/‎javascript/ql/experimental/adaptivethreatmodeling/test/.gitignore
Lines changed: 2 additions & 1 deletion
diff --git a/‎javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointData.expected
Lines changed: 15 additions & 15 deletions b/‎javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointData.expected
Lines changed: 15 additions & 15 deletions
@@ -118,6 +118,7 @@ class EndpointScoringResults extends ScoringResults {
 
   pragma[inline]
   override predicate shouldResultBeIncluded(DataFlow::Node source, DataFlow::Node sink) {
+    exists(source) and
     if getCfg().isKnownSink(sink)
     then any()
     else (
 
@@ -125,6 +125,6 @@ class BarrierGuardNodeAsSanitizerGuardNode extends TaintTracking::LabeledSanitiz
   }
 
   override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) {
-    sanitizes(outcome, e)
+    sanitizes(outcome, e) and exists(label)
   }
 }
@@ -99,10 +99,31 @@ class Configuration extends TaintTracking::Configuration {
   }
 
   override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
-    guard instanceof DomBasedXss::SanitizerGuard
+    guard instanceof PrefixStringSanitizerActivated or
+    guard instanceof QuoteGuard or
+    guard instanceof ContainsHtmlGuard
   }
 
   override predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) {
     DomBasedXss::isOptionallySanitizedEdge(pred, succ)
   }
 }
+
+private import semmle.javascript.security.dataflow.Xss::Shared as Shared
+
+private class PrefixStringSanitizerActivated extends TaintTracking::SanitizerGuardNode,
+  DomBasedXss::PrefixStringSanitizer {
+  PrefixStringSanitizerActivated() { this = this }
+}
+
+private class PrefixStringActivated extends DataFlow::FlowLabel, DomBasedXss::PrefixString {
+  PrefixStringActivated() { this = this }
+}
+
+private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard {
+  QuoteGuard() { this = this }
+}
+
+private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard {
+  ContainsHtmlGuard() { this = this }
+}
@@ -9,12 +9,13 @@
  * each security vulnerability.
  */
 
-import semmle.javascript.security.dataflow.NosqlInjection
-import semmle.javascript.security.dataflow.SqlInjection
-import semmle.javascript.security.dataflow.TaintedPath
-import semmle.javascript.security.dataflow.DomBasedXss
-import semmle.javascript.security.dataflow.StoredXss
-import semmle.javascript.security.dataflow.XssThroughDom
+import javascript
+import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection
+import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection
+import semmle.javascript.security.dataflow.TaintedPathQuery as TaintedPath
+import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss
+import semmle.javascript.security.dataflow.StoredXssQuery as StoredXss
+import semmle.javascript.security.dataflow.XssThroughDomQuery as XssThroughDom
 import evaluation.EndToEndEvaluation
 
 int numAlerts(DataFlow::Configuration cfg) {
 
@@ -193,7 +193,7 @@ module FlowFromSource {
 
     /** The sinks are the endpoints we're extracting. */
     override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) {
-      sink = getAnEndpoint(q)
+      sink = getAnEndpoint(q) and exists(lbl)
     }
   }
 }
@@ -1 +1,2 @@
-**/*.testproj
+**/*.testproj
+**/*.actual
@@ -4819,7 +4819,7 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | TaintedPath | sinkLabel | Sink | string |
@@ -5795,7 +5795,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | TaintedPath | sinkLabel | Sink | string |
@@ -6007,7 +6007,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | TaintedPath | sinkLabel | Sink | string |
@@ -6067,7 +6067,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | TaintedPath | sinkLabel | Sink | string |
@@ -6131,7 +6131,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | TaintedPath | sinkLabel | Sink | string |
@@ -6191,7 +6191,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | TaintedPath | sinkLabel | Sink | string |
@@ -6283,7 +6283,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | TaintedPath | sinkLabel | Sink | string |
@@ -6355,7 +6355,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | TaintedPath | sinkLabel | Sink | string |
@@ -6415,7 +6415,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | TaintedPath | sinkLabel | Sink | string |
@@ -6483,7 +6483,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | TaintedPath | sinkLabel | Sink | string |
@@ -6759,7 +6759,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | TaintedPath | sinkLabel | Sink | string |
@@ -7031,7 +7031,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | sinkLabel | Sink | string |
@@ -7079,7 +7079,7 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | sinkLabel | NotASink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | sinkLabel | Sink | string |
@@ -7591,11 +7591,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | TaintedPath | sinkLabel | Sink | string |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | TaintedPath | sinkLabel | Sink | string |
Original file line number	Diff line number	Diff line change
`@@ -125,6 +125,6 @@ class BarrierGuardNodeAsSanitizerGuardNode extends TaintTracking::LabeledSanitiz`
`125`	`125`	`}`
`126`	`126`
`127`	`127`	`override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) {`
`128`		`- sanitizes(outcome, e)`
	`128`	`+ sanitizes(outcome, e) and exists(label)`
`129`	`129`	`}`
`130`	`130`	`}`
Original file line number	Diff line number	Diff line change
`@@ -193,7 +193,7 @@ module FlowFromSource {`
`193`	`193`
`194`	`194`	`/** The sinks are the endpoints we're extracting. */`
`195`	`195`	`override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) {`
`196`		`- sink = getAnEndpoint(q)`
	`196`	`+ sink = getAnEndpoint(q) and exists(lbl)`
`197`	`197`	`}`
`198`	`198`	`}`
`199`	`199`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		`-*/.testproj`
	`1`	`+*/.testproj`
	`2`	`+*/.actual`