From 6534946ecaef35db296c8ec121391c219c366f43 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Fri, 13 Dec 2024 13:44:46 +0100
Subject: [PATCH] Disable reverse flow through stores

---
 .../dataflow/fields/ir-path-flow.expected     |  5 --
 .../dataflow/reverse-flow/ReverseFlow.cs      |  2 +-
 .../reverse-flow/ReverseFlow.expected         | 44 ------------------
 .../frameworks/GoMicro/LogInjection.expected  | 46 -------------------
 .../CWE-322/InsecureHostKeyCallback.expected  | 35 --------------
 .../dataflow/capture/inlinetest.expected      | 21 ---------
 .../guava/handwritten/TestCollect.java        |  4 +-
 .../dataflow/internal/DataFlowImplCommon.qll  |  2 +
 8 files changed, 5 insertions(+), 154 deletions(-)

diff --git a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
index 79de88900a30..050c26165069 100644
--- a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
@@ -88,11 +88,8 @@ edges
 | A.cpp:142:7:142:20 | ... = ... | A.cpp:142:7:142:7 | *b [post update] [c] | provenance |  |
 | A.cpp:142:14:142:20 | new | A.cpp:142:7:142:20 | ... = ... | provenance |  |
 | A.cpp:143:7:143:10 | *this [post update] [*b, c] | A.cpp:140:5:140:5 | *this [Reverse] [*b, c] | provenance |  |
-| A.cpp:143:7:143:10 | *this [post update] [*b, c] | A.cpp:143:7:143:10 | *this [post update] [Reverse] [*b, c] | provenance |  |
-| A.cpp:143:7:143:10 | *this [post update] [Reverse] [*b, c] | A.cpp:143:7:143:31 | *... = ... [Reverse] [c] | provenance |  |
 | A.cpp:143:7:143:10 | *this [post update] [b] | A.cpp:140:5:140:5 | *this [Reverse] [b] | provenance |  |
 | A.cpp:143:7:143:10 | *this [post update] [b] | A.cpp:140:5:140:5 | *this [Reverse] [b] | provenance |  |
-| A.cpp:143:7:143:31 | *... = ... [Reverse] [c] | A.cpp:140:13:140:13 | *b [Reverse] [c] | provenance |  |
 | A.cpp:143:7:143:31 | *... = ... [c] | A.cpp:143:7:143:10 | *this [post update] [*b, c] | provenance |  |
 | A.cpp:143:7:143:31 | ... = ... | A.cpp:143:7:143:10 | *this [post update] [b] | provenance |  |
 | A.cpp:143:7:143:31 | ... = ... | A.cpp:143:7:143:10 | *this [post update] [b] | provenance |  |
@@ -1017,10 +1014,8 @@ nodes
 | A.cpp:142:7:142:20 | ... = ... | semmle.label | ... = ... |
 | A.cpp:142:14:142:20 | new | semmle.label | new |
 | A.cpp:143:7:143:10 | *this [post update] [*b, c] | semmle.label | *this [post update] [*b, c] |
-| A.cpp:143:7:143:10 | *this [post update] [Reverse] [*b, c] | semmle.label | *this [post update] [Reverse] [*b, c] |
 | A.cpp:143:7:143:10 | *this [post update] [b] | semmle.label | *this [post update] [b] |
 | A.cpp:143:7:143:10 | *this [post update] [b] | semmle.label | *this [post update] [b] |
-| A.cpp:143:7:143:31 | *... = ... [Reverse] [c] | semmle.label | *... = ... [Reverse] [c] |
 | A.cpp:143:7:143:31 | *... = ... [c] | semmle.label | *... = ... [c] |
 | A.cpp:143:7:143:31 | ... = ... | semmle.label | ... = ... |
 | A.cpp:143:7:143:31 | ... = ... | semmle.label | ... = ... |
diff --git a/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.cs b/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.cs
index 60a4fa8ea4b6..c131f58dc79e 100644
--- a/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.cs
+++ b/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.cs
@@ -43,7 +43,7 @@ public void M7()
     {
         var a = new A();
         M8(a);
-        Sink(a.Field); // $ hasValueFlow=3
+        Sink(a.Field); // $ MISSING: hasValueFlow=3
     }
 
     public void M8(A a)
diff --git a/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.expected b/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.expected
index d899ddc7cb17..8dc3812f88a4 100644
--- a/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.expected
+++ b/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.expected
@@ -44,26 +44,6 @@ edges
 | ReverseFlow.cs:39:9:39:12 | [post] this access : A [field Field] : String | ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | ReverseFlow.cs:39:9:39:12 | [post] this access : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | ReverseFlow.cs:39:9:39:12 | [post] this access : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:45:12:45:12 | [post] access to local variable a : A [field Field] : String | ReverseFlow.cs:46:14:46:14 | access to local variable a : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:45:12:45:12 | [post] access to local variable a : A [field Field] : String | ReverseFlow.cs:46:14:46:14 | access to local variable a : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:46:14:46:14 | access to local variable a : A [field Field] : String | ReverseFlow.cs:46:14:46:20 | access to field Field | provenance |  |
-| ReverseFlow.cs:46:14:46:14 | access to local variable a : A [field Field] : String | ReverseFlow.cs:46:14:46:20 | access to field Field | provenance |  |
-| ReverseFlow.cs:49:22:49:22 | a [Reverse] : A [field Field] : String | ReverseFlow.cs:45:12:45:12 | [post] access to local variable a : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:49:22:49:22 | a [Reverse] : A [field Field] : String | ReverseFlow.cs:45:12:45:12 | [post] access to local variable a : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:52:20:52:20 | access to parameter a [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:52:20:52:20 | access to parameter a [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:52:20:52:20 | access to parameter a [Reverse] : A [field Field] : String | ReverseFlow.cs:49:22:49:22 | a [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:52:20:52:20 | access to parameter a [Reverse] : A [field Field] : String | ReverseFlow.cs:49:22:49:22 | a [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:58:9:58:16 | [post] access to field Nested : A [field Field] : String | ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:58:9:58:16 | [post] access to field Nested : A [field Field] : String | ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | ReverseFlow.cs:58:9:58:16 | [post] access to field Nested : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | ReverseFlow.cs:58:9:58:16 | [post] access to field Nested : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:66:9:66:26 | [post] call to method GetNestedNested : A [field Field] : String | ReverseFlow.cs:66:9:66:26 | call to method GetNestedNested [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:66:9:66:26 | [post] call to method GetNestedNested : A [field Field] : String | ReverseFlow.cs:66:9:66:26 | call to method GetNestedNested [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:66:9:66:26 | call to method GetNestedNested [Reverse] : A [field Field] : String | ReverseFlow.cs:66:25:66:25 | [post] access to local variable a : A [field Nested, field Nested, field Field] : String | provenance |  |
@@ -141,28 +121,6 @@ nodes
 | ReverseFlow.cs:39:9:39:12 | [post] this access : A [field Field] : String | semmle.label | [post] this access : A [field Field] : String |
 | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | semmle.label | call to method Source<String> : String |
 | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | semmle.label | call to method Source<String> : String |
-| ReverseFlow.cs:45:12:45:12 | [post] access to local variable a : A [field Field] : String | semmle.label | [post] access to local variable a : A [field Field] : String |
-| ReverseFlow.cs:45:12:45:12 | [post] access to local variable a : A [field Field] : String | semmle.label | [post] access to local variable a : A [field Field] : String |
-| ReverseFlow.cs:46:14:46:14 | access to local variable a : A [field Field] : String | semmle.label | access to local variable a : A [field Field] : String |
-| ReverseFlow.cs:46:14:46:14 | access to local variable a : A [field Field] : String | semmle.label | access to local variable a : A [field Field] : String |
-| ReverseFlow.cs:46:14:46:20 | access to field Field | semmle.label | access to field Field |
-| ReverseFlow.cs:46:14:46:20 | access to field Field | semmle.label | access to field Field |
-| ReverseFlow.cs:49:22:49:22 | a [Reverse] : A [field Field] : String | semmle.label | a [Reverse] : A [field Field] : String |
-| ReverseFlow.cs:49:22:49:22 | a [Reverse] : A [field Field] : String | semmle.label | a [Reverse] : A [field Field] : String |
-| ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | semmle.label | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String |
-| ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | semmle.label | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String |
-| ReverseFlow.cs:52:20:52:20 | access to parameter a [Reverse] : A [field Field] : String | semmle.label | access to parameter a [Reverse] : A [field Field] : String |
-| ReverseFlow.cs:52:20:52:20 | access to parameter a [Reverse] : A [field Field] : String | semmle.label | access to parameter a [Reverse] : A [field Field] : String |
-| ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | semmle.label | [post] access to local variable b : A [field Nested, field Field] : String |
-| ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | semmle.label | [post] access to local variable b : A [field Nested, field Field] : String |
-| ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | semmle.label | a [Reverse] : A [field Nested, field Field] : String |
-| ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | semmle.label | a [Reverse] : A [field Nested, field Field] : String |
-| ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | semmle.label | [post] access to parameter a : A [field Nested, field Field] : String |
-| ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | semmle.label | [post] access to parameter a : A [field Nested, field Field] : String |
-| ReverseFlow.cs:58:9:58:16 | [post] access to field Nested : A [field Field] : String | semmle.label | [post] access to field Nested : A [field Field] : String |
-| ReverseFlow.cs:58:9:58:16 | [post] access to field Nested : A [field Field] : String | semmle.label | [post] access to field Nested : A [field Field] : String |
-| ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | semmle.label | call to method Source<String> : String |
-| ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | semmle.label | call to method Source<String> : String |
 | ReverseFlow.cs:66:9:66:26 | [post] call to method GetNestedNested : A [field Field] : String | semmle.label | [post] call to method GetNestedNested : A [field Field] : String |
 | ReverseFlow.cs:66:9:66:26 | [post] call to method GetNestedNested : A [field Field] : String | semmle.label | [post] call to method GetNestedNested : A [field Field] : String |
 | ReverseFlow.cs:66:9:66:26 | call to method GetNestedNested [Reverse] : A [field Field] : String | semmle.label | call to method GetNestedNested [Reverse] : A [field Field] : String |
@@ -204,8 +162,6 @@ testFailures
 | ReverseFlow.cs:11:14:11:27 | access to field Field | ReverseFlow.cs:22:19:22:35 | call to method Source<String> : String | ReverseFlow.cs:11:14:11:27 | access to field Field | $@ | ReverseFlow.cs:22:19:22:35 | call to method Source<String> : String | call to method Source<String> : String |
 | ReverseFlow.cs:28:14:28:30 | access to field Field | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | ReverseFlow.cs:28:14:28:30 | access to field Field | $@ | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | call to method Source<String> : String |
 | ReverseFlow.cs:28:14:28:30 | access to field Field | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | ReverseFlow.cs:28:14:28:30 | access to field Field | $@ | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | call to method Source<String> : String |
-| ReverseFlow.cs:46:14:46:20 | access to field Field | ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | ReverseFlow.cs:46:14:46:20 | access to field Field | $@ | ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | call to method Source<String> : String |
-| ReverseFlow.cs:46:14:46:20 | access to field Field | ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | ReverseFlow.cs:46:14:46:20 | access to field Field | $@ | ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | call to method Source<String> : String |
 | ReverseFlow.cs:67:14:67:34 | access to field Field | ReverseFlow.cs:66:36:66:52 | call to method Source<String> : String | ReverseFlow.cs:67:14:67:34 | access to field Field | $@ | ReverseFlow.cs:66:36:66:52 | call to method Source<String> : String | call to method Source<String> : String |
 | ReverseFlow.cs:67:14:67:34 | access to field Field | ReverseFlow.cs:66:36:66:52 | call to method Source<String> : String | ReverseFlow.cs:67:14:67:34 | access to field Field | $@ | ReverseFlow.cs:66:36:66:52 | call to method Source<String> : String | call to method Source<String> : String |
 | ReverseFlow.cs:81:14:81:20 | access to field Field | ReverseFlow.cs:80:19:80:35 | call to method Source<String> : String | ReverseFlow.cs:81:14:81:20 | access to field Field | $@ | ReverseFlow.cs:80:19:80:35 | call to method Source<String> : String | call to method Source<String> : String |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected
index 06c99ce736bc..b5614b13a45c 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected
@@ -1,72 +1,26 @@
 edges
 | main.go:18:46:18:48 | definition of req | main.go:18:46:18:48 | definition of req [Reverse] | provenance |  |
-| main.go:18:46:18:48 | definition of req | main.go:20:10:20:12 | implicit dereference | provenance |  |
-| main.go:18:46:18:48 | definition of req | main.go:20:10:20:12 | implicit dereference | provenance |  |
-| main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance |  |
 | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance |  |
 | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance |  |
 | main.go:18:46:18:48 | definition of req [Reverse] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance |  |
-| main.go:18:46:18:48 | definition of req [Reverse] [pointer, Name] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [pointer, Name] | provenance |  |
-| main.go:18:46:18:48 | definition of req [pointer, Name] | main.go:20:10:20:12 | req [pointer, Name] | provenance |  |
-| main.go:20:10:20:12 | implicit dereference | main.go:18:46:18:48 | definition of req [Reverse] | provenance |  |
-| main.go:20:10:20:12 | implicit dereference | main.go:21:28:21:31 | name | provenance |  |
-| main.go:20:10:20:12 | implicit dereference | main.go:21:28:21:31 | name | provenance |  |
-| main.go:20:10:20:12 | implicit dereference | main.go:21:28:21:31 | name | provenance |  |
-| main.go:20:10:20:12 | implicit dereference [Name] | main.go:20:10:20:17 | selection of Name | provenance |  |
-| main.go:20:10:20:12 | implicit dereference [Reverse] [Name] | main.go:20:10:20:12 | req [Reverse] [pointer, Name] | provenance |  |
-| main.go:20:10:20:12 | req [Reverse] [pointer, Name] | main.go:18:46:18:48 | definition of req [Reverse] [pointer, Name] | provenance |  |
-| main.go:20:10:20:12 | req [pointer, Name] | main.go:20:10:20:12 | implicit dereference [Name] | provenance |  |
-| main.go:20:10:20:17 | selection of Name | main.go:21:28:21:31 | name | provenance |  |
-| main.go:20:10:20:17 | selection of Name [Reverse] | main.go:20:10:20:12 | implicit dereference [Reverse] [Name] | provenance |  |
-| main.go:21:2:21:32 | []type{args} [Reverse] [array] | main.go:21:28:21:31 | name [Reverse] | provenance |  |
-| main.go:21:2:21:32 | []type{args} [array] | main.go:21:2:21:32 | []type{args} [Reverse] [array] | provenance |  |
-| main.go:21:28:21:31 | name | main.go:21:2:21:32 | []type{args} [array] | provenance |  |
-| main.go:21:28:21:31 | name [Reverse] | main.go:20:10:20:17 | selection of Name [Reverse] | provenance |  |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] | provenance |  |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:86:37:86:38 | in | provenance |  |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:86:37:86:38 | in | provenance |  |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance |  |
-| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] [pointer, Name] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [pointer, Name] | provenance |  |
-| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [pointer, Name] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] [pointer, Name] | provenance |  |
-| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [pointer, Name] | proto/Hello.pb.micro.go:86:37:86:38 | in [pointer, Name] | provenance |  |
-| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [pointer, Name] | proto/Hello.pb.micro.go:86:37:86:38 | in [pointer, Name] | provenance |  |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | main.go:18:46:18:48 | definition of req | provenance |  |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | main.go:18:46:18:48 | definition of req | provenance |  |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance |  |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance |  |
-| proto/Hello.pb.micro.go:86:37:86:38 | in [pointer, Name] | main.go:18:46:18:48 | definition of req [pointer, Name] | provenance |  |
-| proto/Hello.pb.micro.go:86:37:86:38 | in [pointer, Name] | main.go:18:46:18:48 | definition of req [pointer, Name] | provenance |  |
-| proto/Hello.pb.micro.go:86:37:86:38 | in [pointer, Name] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [pointer, Name] | provenance |  |
-| proto/Hello.pb.micro.go:86:37:86:38 | in [pointer, Name] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [pointer, Name] | provenance |  |
 nodes
 | main.go:18:46:18:48 | definition of req | semmle.label | definition of req |
 | main.go:18:46:18:48 | definition of req | semmle.label | definition of req |
 | main.go:18:46:18:48 | definition of req [Reverse] | semmle.label | definition of req [Reverse] |
-| main.go:18:46:18:48 | definition of req [Reverse] [pointer, Name] | semmle.label | definition of req [Reverse] [pointer, Name] |
-| main.go:18:46:18:48 | definition of req [pointer, Name] | semmle.label | definition of req [pointer, Name] |
-| main.go:20:10:20:12 | implicit dereference | semmle.label | implicit dereference |
-| main.go:20:10:20:12 | implicit dereference | semmle.label | implicit dereference |
-| main.go:20:10:20:12 | implicit dereference [Name] | semmle.label | implicit dereference [Name] |
-| main.go:20:10:20:12 | implicit dereference [Reverse] [Name] | semmle.label | implicit dereference [Reverse] [Name] |
-| main.go:20:10:20:12 | req [Reverse] [pointer, Name] | semmle.label | req [Reverse] [pointer, Name] |
-| main.go:20:10:20:12 | req [pointer, Name] | semmle.label | req [pointer, Name] |
-| main.go:20:10:20:17 | selection of Name | semmle.label | selection of Name |
-| main.go:20:10:20:17 | selection of Name [Reverse] | semmle.label | selection of Name [Reverse] |
-| main.go:21:2:21:32 | []type{args} [Reverse] [array] | semmle.label | []type{args} [Reverse] [array] |
-| main.go:21:2:21:32 | []type{args} [array] | semmle.label | []type{args} [array] |
-| main.go:21:28:21:31 | name | semmle.label | name |
 | main.go:21:28:21:31 | name | semmle.label | name |
-| main.go:21:28:21:31 | name [Reverse] | semmle.label | name [Reverse] |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | semmle.label | definition of in |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | semmle.label | definition of in |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] | semmle.label | definition of in [Reverse] |
-| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] [pointer, Name] | semmle.label | definition of in [Reverse] [pointer, Name] |
-| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [pointer, Name] | semmle.label | definition of in [pointer, Name] |
-| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [pointer, Name] | semmle.label | definition of in [pointer, Name] |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | semmle.label | in |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | semmle.label | in |
-| proto/Hello.pb.micro.go:86:37:86:38 | in [pointer, Name] | semmle.label | in [pointer, Name] |
-| proto/Hello.pb.micro.go:86:37:86:38 | in [pointer, Name] | semmle.label | in [pointer, Name] |
 subpaths
 #select
 | main.go:21:28:21:31 | name | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | definition of req | user-provided value |
diff --git a/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected b/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected
index 7ca29cc7a834..b81d24f26654 100644
--- a/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected
+++ b/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected
@@ -5,30 +5,10 @@ edges
 | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | provenance |  |
 | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | provenance |  |
 | InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | provenance |  |
-| InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback [Reverse] | InsecureHostKeyCallbackExample.go:109:2:109:26 | definition of potentiallySecureCallback | provenance |  |
-| InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [HostKeyCallback] | InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [Reverse] [HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [Reverse] [HostKeyCallback] | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback [Reverse] | provenance |  |
-| InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [Reverse] [pointer, HostKeyCallback] | InsecureHostKeyCallbackExample.go:78:3:78:8 | implicit dereference [Reverse] [HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [pointer, HostKeyCallback] | InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [Reverse] [pointer, HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [pointer, HostKeyCallback] | InsecureHostKeyCallbackExample.go:76:3:76:8 | config [pointer, HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [pointer, HostKeyCallback] | InsecureHostKeyCallbackExample.go:78:3:78:8 | config [pointer, HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:76:3:76:8 | config [pointer, HostKeyCallback] | InsecureHostKeyCallbackExample.go:76:3:76:8 | implicit dereference [HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:76:3:76:8 | implicit dereference [HostKeyCallback] | InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [pointer, HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:76:28:76:54 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:76:28:76:54 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:76:3:76:8 | implicit dereference [HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:78:3:78:8 | config [pointer, HostKeyCallback] | InsecureHostKeyCallbackExample.go:78:3:78:8 | implicit dereference [HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:78:3:78:8 | implicit dereference [HostKeyCallback] | InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [pointer, HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:78:3:78:8 | implicit dereference [HostKeyCallback] | InsecureHostKeyCallbackExample.go:78:3:78:8 | implicit dereference [Reverse] [HostKeyCallback] | provenance |  |
-| InsecureHostKeyCallbackExample.go:78:3:78:8 | implicit dereference [Reverse] [HostKeyCallback] | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback [Reverse] | provenance |  |
-| InsecureHostKeyCallbackExample.go:78:3:78:8 | implicit dereference [Reverse] [HostKeyCallback] | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback [Reverse] | provenance |  |
-| InsecureHostKeyCallbackExample.go:78:28:78:35 | callback [Reverse] | InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback [Reverse] | provenance |  |
-| InsecureHostKeyCallbackExample.go:78:28:78:35 | callback [Reverse] | InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback [Reverse] | provenance |  |
 | InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | provenance |  |
 | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | provenance |  |
 | InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | provenance |  |
-| InsecureHostKeyCallbackExample.go:109:2:109:26 | definition of potentiallySecureCallback | InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | provenance |  |
-| InsecureHostKeyCallbackExample.go:109:2:109:26 | definition of potentiallySecureCallback | InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:110:3:115:3 | function literal | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | provenance |  |
@@ -47,29 +27,14 @@ nodes
 | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | semmle.label | definition of callback |
 | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback | semmle.label | definition of callback |
-| InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback [Reverse] | semmle.label | definition of callback [Reverse] |
-| InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [HostKeyCallback] | semmle.label | definition of config [HostKeyCallback] |
-| InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [Reverse] [HostKeyCallback] | semmle.label | definition of config [Reverse] [HostKeyCallback] |
-| InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [Reverse] [pointer, HostKeyCallback] | semmle.label | definition of config [Reverse] [pointer, HostKeyCallback] |
-| InsecureHostKeyCallbackExample.go:69:2:69:7 | definition of config [pointer, HostKeyCallback] | semmle.label | definition of config [pointer, HostKeyCallback] |
-| InsecureHostKeyCallbackExample.go:76:3:76:8 | config [pointer, HostKeyCallback] | semmle.label | config [pointer, HostKeyCallback] |
-| InsecureHostKeyCallbackExample.go:76:3:76:8 | implicit dereference [HostKeyCallback] | semmle.label | implicit dereference [HostKeyCallback] |
 | InsecureHostKeyCallbackExample.go:76:28:76:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
-| InsecureHostKeyCallbackExample.go:76:28:76:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
-| InsecureHostKeyCallbackExample.go:78:3:78:8 | config [pointer, HostKeyCallback] | semmle.label | config [pointer, HostKeyCallback] |
-| InsecureHostKeyCallbackExample.go:78:3:78:8 | implicit dereference [HostKeyCallback] | semmle.label | implicit dereference [HostKeyCallback] |
-| InsecureHostKeyCallbackExample.go:78:3:78:8 | implicit dereference [Reverse] [HostKeyCallback] | semmle.label | implicit dereference [Reverse] [HostKeyCallback] |
-| InsecureHostKeyCallbackExample.go:78:3:78:8 | implicit dereference [Reverse] [HostKeyCallback] | semmle.label | implicit dereference [Reverse] [HostKeyCallback] |
 | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | semmle.label | callback |
-| InsecureHostKeyCallbackExample.go:78:28:78:35 | callback [Reverse] | semmle.label | callback [Reverse] |
-| InsecureHostKeyCallbackExample.go:78:28:78:35 | callback [Reverse] | semmle.label | callback [Reverse] |
 | InsecureHostKeyCallbackExample.go:92:28:92:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
 | InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | semmle.label | type conversion |
 | InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal | semmle.label | function literal |
 | InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | semmle.label | insecureCallback |
-| InsecureHostKeyCallbackExample.go:109:2:109:26 | definition of potentiallySecureCallback | semmle.label | definition of potentiallySecureCallback |
 | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | semmle.label | type conversion |
 | InsecureHostKeyCallbackExample.go:110:3:115:3 | function literal | semmle.label | function literal |
 | InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | semmle.label | potentiallySecureCallback |
diff --git a/java/ql/test/library-tests/dataflow/capture/inlinetest.expected b/java/ql/test/library-tests/dataflow/capture/inlinetest.expected
index 373740ee3f04..52850a6e7ad2 100644
--- a/java/ql/test/library-tests/dataflow/capture/inlinetest.expected
+++ b/java/ql/test/library-tests/dataflow/capture/inlinetest.expected
@@ -33,16 +33,10 @@ edges
 | B.java:39:5:39:7 | inp : HashMap [<map.key>] : String | B.java:39:18:39:20 | key : String | provenance | MaD:4 |
 | B.java:39:5:39:7 | inp : HashMap [<map.value>] : String | B.java:39:17:39:56 | ...->... [post update] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String | provenance | MaD:5 |
 | B.java:39:5:39:7 | inp : HashMap [<map.value>] : String | B.java:39:23:39:27 | value : String | provenance | MaD:5 |
-| B.java:39:17:39:56 | ...->... [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String | B.java:39:17:39:56 | out [Reverse] : Map [<map.key>] : String | provenance |  |
-| B.java:39:17:39:56 | ...->... [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String | B.java:39:17:39:56 | out [Reverse] : Map [<map.value>] : String | provenance |  |
-| B.java:39:17:39:56 | ...->... [post update] : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String | B.java:39:17:39:56 | ...->... [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String | provenance |  |
 | B.java:39:17:39:56 | ...->... [post update] : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String | B.java:39:17:39:56 | out : Map [<map.key>] : String | provenance |  |
-| B.java:39:17:39:56 | ...->... [post update] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String | B.java:39:17:39:56 | ...->... [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String | provenance |  |
 | B.java:39:17:39:56 | ...->... [post update] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String | B.java:39:17:39:56 | out : Map [<map.value>] : String | provenance |  |
 | B.java:39:17:39:56 | out : Map [<map.key>] : String | B.java:38:48:38:70 | out [Reverse] : Map [<map.key>] : String | provenance |  |
 | B.java:39:17:39:56 | out : Map [<map.value>] : String | B.java:38:48:38:70 | out [Reverse] : Map [<map.value>] : String | provenance |  |
-| B.java:39:17:39:56 | out [Reverse] : Map [<map.key>] : String | B.java:38:48:38:70 | out [Reverse] : Map [<map.key>] : String | provenance |  |
-| B.java:39:17:39:56 | out [Reverse] : Map [<map.value>] : String | B.java:38:48:38:70 | out [Reverse] : Map [<map.value>] : String | provenance |  |
 | B.java:39:18:39:20 | key : String | B.java:39:43:39:45 | key : String | provenance |  |
 | B.java:39:23:39:27 | value : String | B.java:39:48:39:52 | value : String | provenance |  |
 | B.java:39:35:39:37 | out [post update] : HashMap [<map.key>] : String | B.java:39:35:39:37 | this : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String | provenance |  |
@@ -74,19 +68,12 @@ edges
 | B.java:71:19:71:23 | other [post update] : B [elem] : String | B.java:74:10:74:14 | other : B [elem] : String | provenance |  |
 | B.java:74:10:74:14 | other : B [elem] : String | B.java:74:10:74:19 | other.elem | provenance |  |
 | B.java:77:22:77:28 | param [Reverse] : B [elem] : String | B.java:71:19:71:23 | other [post update] : B [elem] : String | provenance |  |
-| B.java:78:18:81:5 | ...->... [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:78:18:81:5 | param [Reverse] : B [elem] : String | provenance |  |
-| B.java:78:18:81:5 | param [Reverse] : B [elem] : String | B.java:77:22:77:28 | param [Reverse] : B [elem] : String | provenance |  |
 | B.java:78:18:81:5 | parameter this [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | r [post update] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:80:7:80:11 | param [post update] : B [elem] : String | B.java:80:7:80:11 | this : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:80:7:80:11 | this : new Runnable(...) { ... } [param, elem] : String | B.java:78:18:81:5 | parameter this [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:80:20:80:39 | source(...) : String | B.java:80:7:80:11 | param [post update] : B [elem] : String | provenance |  |
 | B.java:82:5:82:5 | param : B [elem] : String | B.java:77:22:77:28 | param [Reverse] : B [elem] : String | provenance |  |
-| B.java:82:5:82:5 | param [Reverse] : B [elem] : String | B.java:77:22:77:28 | param [Reverse] : B [elem] : String | provenance |  |
-| B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:78:18:81:5 | ...->... [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
-| B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | param [Reverse] : B [elem] : String | provenance |  |
-| B.java:82:5:82:5 | r [post update] : new Runnable(...) { ... } [param, elem] : String | B.java:78:18:81:5 | ...->... [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:82:5:82:5 | r [post update] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | param : B [elem] : String | provenance |  |
-| B.java:82:5:82:5 | r [post update] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:88:22:88:44 | parameter this : new Runnable(...) { ... } [B b, elem] : String | B.java:88:35:88:35 | this : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
 | B.java:88:35:88:35 | b : B [elem] : String | B.java:88:35:88:40 | b.elem | provenance |  |
 | B.java:88:35:88:35 | this : new Runnable(...) { ... } [B b, elem] : String | B.java:88:35:88:35 | b : B [elem] : String | provenance |  |
@@ -338,14 +325,10 @@ nodes
 | B.java:38:48:38:70 | out [Reverse] : Map [<map.value>] : String | semmle.label | out [Reverse] : Map [<map.value>] : String |
 | B.java:39:5:39:7 | inp : HashMap [<map.key>] : String | semmle.label | inp : HashMap [<map.key>] : String |
 | B.java:39:5:39:7 | inp : HashMap [<map.value>] : String | semmle.label | inp : HashMap [<map.value>] : String |
-| B.java:39:17:39:56 | ...->... [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String | semmle.label | ...->... [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String |
-| B.java:39:17:39:56 | ...->... [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String | semmle.label | ...->... [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String |
 | B.java:39:17:39:56 | ...->... [post update] : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String | semmle.label | ...->... [post update] : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String |
 | B.java:39:17:39:56 | ...->... [post update] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String | semmle.label | ...->... [post update] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String |
 | B.java:39:17:39:56 | out : Map [<map.key>] : String | semmle.label | out : Map [<map.key>] : String |
 | B.java:39:17:39:56 | out : Map [<map.value>] : String | semmle.label | out : Map [<map.value>] : String |
-| B.java:39:17:39:56 | out [Reverse] : Map [<map.key>] : String | semmle.label | out [Reverse] : Map [<map.key>] : String |
-| B.java:39:17:39:56 | out [Reverse] : Map [<map.value>] : String | semmle.label | out [Reverse] : Map [<map.value>] : String |
 | B.java:39:17:39:56 | parameter this [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String | semmle.label | parameter this [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.key>] : String |
 | B.java:39:17:39:56 | parameter this [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String | semmle.label | parameter this [Reverse] : new BiConsumer<String,String>(...) { ... } [out, <map.value>] : String |
 | B.java:39:18:39:20 | key : String | semmle.label | key : String |
@@ -381,15 +364,11 @@ nodes
 | B.java:74:10:74:14 | other : B [elem] : String | semmle.label | other : B [elem] : String |
 | B.java:74:10:74:19 | other.elem | semmle.label | other.elem |
 | B.java:77:22:77:28 | param [Reverse] : B [elem] : String | semmle.label | param [Reverse] : B [elem] : String |
-| B.java:78:18:81:5 | ...->... [Reverse] : new Runnable(...) { ... } [param, elem] : String | semmle.label | ...->... [Reverse] : new Runnable(...) { ... } [param, elem] : String |
-| B.java:78:18:81:5 | param [Reverse] : B [elem] : String | semmle.label | param [Reverse] : B [elem] : String |
 | B.java:78:18:81:5 | parameter this [Reverse] : new Runnable(...) { ... } [param, elem] : String | semmle.label | parameter this [Reverse] : new Runnable(...) { ... } [param, elem] : String |
 | B.java:80:7:80:11 | param [post update] : B [elem] : String | semmle.label | param [post update] : B [elem] : String |
 | B.java:80:7:80:11 | this : new Runnable(...) { ... } [param, elem] : String | semmle.label | this : new Runnable(...) { ... } [param, elem] : String |
 | B.java:80:20:80:39 | source(...) : String | semmle.label | source(...) : String |
 | B.java:82:5:82:5 | param : B [elem] : String | semmle.label | param : B [elem] : String |
-| B.java:82:5:82:5 | param [Reverse] : B [elem] : String | semmle.label | param [Reverse] : B [elem] : String |
-| B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | semmle.label | r [Reverse] : new Runnable(...) { ... } [param, elem] : String |
 | B.java:82:5:82:5 | r [post update] : new Runnable(...) { ... } [param, elem] : String | semmle.label | r [post update] : new Runnable(...) { ... } [param, elem] : String |
 | B.java:88:22:88:44 | parameter this : new Runnable(...) { ... } [B b, elem] : String | semmle.label | parameter this : new Runnable(...) { ... } [B b, elem] : String |
 | B.java:88:35:88:35 | b : B [elem] : String | semmle.label | b : B [elem] : String |
diff --git a/java/ql/test/library-tests/frameworks/guava/handwritten/TestCollect.java b/java/ql/test/library-tests/frameworks/guava/handwritten/TestCollect.java
index 52ae0bd4ffc9..09dd28c19bae 100644
--- a/java/ql/test/library-tests/frameworks/guava/handwritten/TestCollect.java
+++ b/java/ql/test/library-tests/frameworks/guava/handwritten/TestCollect.java
@@ -111,7 +111,7 @@ void test4(Table<String, String, String> t1, Table<String, String, String> t2, T
         sink(t1.remove("r", "c")); // $numValueFlow=1
 
         t3.row("r").put("c", x);
-        sink(tableValue(t3));  // $ numValueFlow=1
+        sink(tableValue(t3));  // $ MISSING:numValueFlow=1 // depends on aliasing
     }
 
     void test5(Multimap<String, String> m1, Multimap<String, String> m2, Multimap<String, String> m3, 
@@ -133,7 +133,7 @@ void test5(Multimap<String, String> m1, Multimap<String, String> m2, Multimap<St
         }
 
         m5.asMap().get("k").add(x);
-        sink(multimapValue(m5));  // $ numValueFlow=1
+        sink(multimapValue(m5));  // $ MISSING:numValueFlow=1 // depends on aliasing
     }
 
     void test6(Comparator<String> comp, SortedSet<String> sorS, SortedMap<String, String> sorM) {
diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
index 2820724addc1..c6e0bcca2035 100644
--- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
+++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
@@ -1065,6 +1065,7 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
         )
         or
         // store
+        none() and
         exists(Node mid |
           parameterValueFlowCand(p, mid) and
           Lang::storeStep(mid, _, node)
@@ -1197,6 +1198,7 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
     }
 
     predicate readStep(NodeEx node1, ContentSet c, NodeEx node2) {
+      none() and
       exists(boolean allowFwdFlowOut |
         Lang::storeStep(pragma[only_bind_into](node2.asNodeReverse(allowFwdFlowOut)), c,
           pragma[only_bind_into](node1.asNodeReverse(allowFwdFlowOut)))