diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
index 9bc05d7ed045..e97b53f9f001 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
@@ -1,16 +1,16 @@
 edges
 | tests.cpp:26:15:26:23 | VariableAddress indirection | tests.cpp:51:12:51:20 | call to badSource indirection |
-| tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:38:39:38:49 | environment indirection |
+| tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:38:39:38:49 | Convert indirection |
 | tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | VariableAddress indirection |
-| tests.cpp:38:39:38:49 | environment indirection | tests.cpp:38:25:38:36 | strncat output argument |
-| tests.cpp:51:12:51:20 | call to badSource indirection | tests.cpp:53:16:53:19 | data indirection |
+| tests.cpp:38:39:38:49 | Convert indirection | tests.cpp:38:25:38:36 | strncat output argument |
+| tests.cpp:51:12:51:20 | call to badSource indirection | tests.cpp:53:16:53:19 | Convert indirection |
 nodes
 | tests.cpp:26:15:26:23 | VariableAddress indirection | semmle.label | VariableAddress indirection |
 | tests.cpp:33:34:33:39 | call to getenv indirection | semmle.label | call to getenv indirection |
 | tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument |
-| tests.cpp:38:39:38:49 | environment indirection | semmle.label | environment indirection |
+| tests.cpp:38:39:38:49 | Convert indirection | semmle.label | Convert indirection |
 | tests.cpp:51:12:51:20 | call to badSource indirection | semmle.label | call to badSource indirection |
-| tests.cpp:53:16:53:19 | data indirection | semmle.label | data indirection |
+| tests.cpp:53:16:53:19 | Convert indirection | semmle.label | Convert indirection |
 subpaths
 #select
-| tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:53:16:53:19 | data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | call to getenv indirection | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument |
+| tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:53:16:53:19 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | call to getenv indirection | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
index 265f4a5dc195..194087ce70bb 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
@@ -1,149 +1,149 @@
 edges
-| test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:50:35:50:43 | envCflags indirection |
-| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | command indirection |
-| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
-| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | filename indirection |
-| test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | command indirection |
-| test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument |
-| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | filename indirection |
-| test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | command indirection |
-| test.cpp:84:20:84:27 | filename indirection | test.cpp:84:11:84:17 | strncat output argument |
-| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | filename indirection |
-| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | path indirection |
-| test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument |
-| test.cpp:106:20:106:25 | call to getenv | test.cpp:107:33:107:36 | path indirection |
-| test.cpp:106:20:106:38 | call to getenv indirection | test.cpp:107:33:107:36 | path indirection |
+| test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:50:35:50:43 | Load indirection |
+| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | Convert indirection |
+| test.cpp:50:35:50:43 | Load indirection | test.cpp:50:11:50:17 | sprintf output argument |
+| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | Convert indirection |
+| test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | Convert indirection |
+| test.cpp:64:20:64:27 | Convert indirection | test.cpp:64:11:64:17 | strncat output argument |
+| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | Convert indirection |
+| test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | Convert indirection |
+| test.cpp:84:20:84:27 | Convert indirection | test.cpp:84:11:84:17 | strncat output argument |
+| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | Convert indirection |
+| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | Convert indirection |
+| test.cpp:93:17:93:24 | Convert indirection | test.cpp:93:11:93:14 | strncat output argument |
+| test.cpp:106:20:106:25 | call to getenv | test.cpp:107:33:107:36 | CopyValue indirection |
+| test.cpp:106:20:106:38 | call to getenv indirection | test.cpp:107:33:107:36 | CopyValue indirection |
 | test.cpp:107:31:107:31 | Call | test.cpp:108:18:108:22 | call to c_str indirection |
-| test.cpp:107:33:107:36 | path indirection | test.cpp:107:31:107:31 | Call |
-| test.cpp:113:20:113:25 | call to getenv | test.cpp:114:19:114:22 | path indirection |
-| test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:19:114:22 | path indirection |
+| test.cpp:107:33:107:36 | CopyValue indirection | test.cpp:107:31:107:31 | Call |
+| test.cpp:113:20:113:25 | call to getenv | test.cpp:114:19:114:22 | CopyValue indirection |
+| test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:19:114:22 | CopyValue indirection |
 | test.cpp:114:10:114:23 | Convert | test.cpp:114:25:114:29 | call to c_str indirection |
 | test.cpp:114:17:114:17 | call to operator+ | test.cpp:114:25:114:29 | call to c_str indirection |
-| test.cpp:114:19:114:22 | path indirection | test.cpp:114:10:114:23 | Convert |
-| test.cpp:114:19:114:22 | path indirection | test.cpp:114:17:114:17 | call to operator+ |
-| test.cpp:119:20:119:25 | call to getenv | test.cpp:120:19:120:22 | path indirection |
-| test.cpp:119:20:119:38 | call to getenv indirection | test.cpp:120:19:120:22 | path indirection |
+| test.cpp:114:19:114:22 | CopyValue indirection | test.cpp:114:10:114:23 | Convert |
+| test.cpp:114:19:114:22 | CopyValue indirection | test.cpp:114:17:114:17 | call to operator+ |
+| test.cpp:119:20:119:25 | call to getenv | test.cpp:120:19:120:22 | CopyValue indirection |
+| test.cpp:119:20:119:38 | call to getenv indirection | test.cpp:120:19:120:22 | CopyValue indirection |
 | test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | call to data indirection |
-| test.cpp:120:19:120:22 | path indirection | test.cpp:120:17:120:17 | call to operator+ |
-| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | str indirection |
-| test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | command indirection |
-| test.cpp:142:31:142:33 | str indirection | test.cpp:142:11:142:17 | sprintf output argument |
-| test.cpp:174:9:174:16 | fread output argument | test.cpp:177:20:177:27 | filename indirection |
-| test.cpp:174:9:174:16 | fread output argument | test.cpp:178:22:178:26 | flags indirection |
-| test.cpp:174:9:174:16 | fread output argument | test.cpp:180:22:180:29 | filename indirection |
-| test.cpp:177:13:177:17 | strncat output argument | test.cpp:183:32:183:38 | command indirection |
-| test.cpp:177:20:177:27 | filename indirection | test.cpp:177:13:177:17 | strncat output argument |
-| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | command indirection |
-| test.cpp:178:22:178:26 | flags indirection | test.cpp:178:13:178:19 | strncat output argument |
-| test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | command indirection |
-| test.cpp:180:22:180:29 | filename indirection | test.cpp:180:13:180:19 | strncat output argument |
+| test.cpp:120:19:120:22 | CopyValue indirection | test.cpp:120:17:120:17 | call to operator+ |
+| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | Convert indirection |
+| test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | Convert indirection |
+| test.cpp:142:31:142:33 | Convert indirection | test.cpp:142:11:142:17 | sprintf output argument |
+| test.cpp:174:9:174:16 | fread output argument | test.cpp:177:20:177:27 | Convert indirection |
+| test.cpp:174:9:174:16 | fread output argument | test.cpp:178:22:178:26 | Convert indirection |
+| test.cpp:174:9:174:16 | fread output argument | test.cpp:180:22:180:29 | Convert indirection |
+| test.cpp:177:13:177:17 | strncat output argument | test.cpp:183:32:183:38 | Convert indirection |
+| test.cpp:177:20:177:27 | Convert indirection | test.cpp:177:13:177:17 | strncat output argument |
+| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | Convert indirection |
+| test.cpp:178:22:178:26 | Convert indirection | test.cpp:178:13:178:19 | strncat output argument |
+| test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | Convert indirection |
+| test.cpp:180:22:180:29 | Convert indirection | test.cpp:180:13:180:19 | strncat output argument |
 | test.cpp:186:34:186:38 | flags | test.cpp:187:11:187:15 | strncat output argument |
 | test.cpp:186:34:186:38 | flags | test.cpp:187:11:187:15 | strncat output argument |
 | test.cpp:186:34:186:38 | flags | test.cpp:188:11:188:17 | strncat output argument |
-| test.cpp:186:34:186:38 | flags | test.cpp:188:20:188:24 | flags indirection |
+| test.cpp:186:34:186:38 | flags | test.cpp:188:20:188:24 | Convert indirection |
 | test.cpp:186:34:186:38 | flags indirection | test.cpp:187:11:187:15 | strncat output argument |
 | test.cpp:186:34:186:38 | flags indirection | test.cpp:187:11:187:15 | strncat output argument |
 | test.cpp:186:34:186:38 | flags indirection | test.cpp:188:11:188:17 | strncat output argument |
-| test.cpp:186:34:186:38 | flags indirection | test.cpp:188:20:188:24 | flags indirection |
+| test.cpp:186:34:186:38 | flags indirection | test.cpp:188:20:188:24 | Convert indirection |
 | test.cpp:186:47:186:54 | filename | test.cpp:187:11:187:15 | strncat output argument |
-| test.cpp:186:47:186:54 | filename | test.cpp:188:20:188:24 | flags indirection |
+| test.cpp:186:47:186:54 | filename | test.cpp:188:20:188:24 | Convert indirection |
 | test.cpp:186:47:186:54 | filename indirection | test.cpp:187:11:187:15 | strncat output argument |
-| test.cpp:186:47:186:54 | filename indirection | test.cpp:187:18:187:25 | filename indirection |
-| test.cpp:186:47:186:54 | filename indirection | test.cpp:188:20:188:24 | flags indirection |
+| test.cpp:186:47:186:54 | filename indirection | test.cpp:187:18:187:25 | Convert indirection |
+| test.cpp:186:47:186:54 | filename indirection | test.cpp:188:20:188:24 | Convert indirection |
 | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument |
 | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument |
 | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument |
-| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | flags indirection |
-| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | flags indirection |
-| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | flags indirection |
-| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | flags indirection |
-| test.cpp:187:18:187:25 | filename indirection | test.cpp:187:11:187:15 | strncat output argument |
-| test.cpp:188:20:188:24 | flags indirection | test.cpp:188:11:188:17 | strncat output argument |
-| test.cpp:188:20:188:24 | flags indirection | test.cpp:188:11:188:17 | strncat output argument |
-| test.cpp:188:20:188:24 | flags indirection | test.cpp:188:11:188:17 | strncat output argument |
-| test.cpp:188:20:188:24 | flags indirection | test.cpp:188:11:188:17 | strncat output argument |
+| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | Convert indirection |
+| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | Convert indirection |
+| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | Convert indirection |
+| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | Convert indirection |
+| test.cpp:187:18:187:25 | Convert indirection | test.cpp:187:11:187:15 | strncat output argument |
+| test.cpp:188:20:188:24 | Convert indirection | test.cpp:188:11:188:17 | strncat output argument |
+| test.cpp:188:20:188:24 | Convert indirection | test.cpp:188:11:188:17 | strncat output argument |
+| test.cpp:188:20:188:24 | Convert indirection | test.cpp:188:11:188:17 | strncat output argument |
+| test.cpp:188:20:188:24 | Convert indirection | test.cpp:188:11:188:17 | strncat output argument |
+| test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | Convert indirection |
 | test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | filename |
-| test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | filename indirection |
-| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | command indirection |
-| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | command indirection |
+| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | Convert indirection |
+| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | Convert indirection |
+| test.cpp:196:19:196:23 | Convert indirection | test.cpp:186:34:186:38 | flags indirection |
+| test.cpp:196:19:196:23 | Convert indirection | test.cpp:186:34:186:38 | flags indirection |
+| test.cpp:196:19:196:23 | Convert indirection | test.cpp:196:10:196:16 | concat output argument |
+| test.cpp:196:19:196:23 | Convert indirection | test.cpp:196:10:196:16 | concat output argument |
+| test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | Convert indirection |
+| test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | Convert indirection |
 | test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | flags |
 | test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | flags |
-| test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | flags indirection |
-| test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | flags indirection |
 | test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags |
 | test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags |
 | test.cpp:196:19:196:23 | flags | test.cpp:196:10:196:16 | concat output argument |
 | test.cpp:196:19:196:23 | flags | test.cpp:196:10:196:16 | concat output argument |
 | test.cpp:196:19:196:23 | flags | test.cpp:196:19:196:23 | concat output argument |
 | test.cpp:196:19:196:23 | flags | test.cpp:196:19:196:23 | concat output argument |
-| test.cpp:196:19:196:23 | flags indirection | test.cpp:186:34:186:38 | flags indirection |
-| test.cpp:196:19:196:23 | flags indirection | test.cpp:186:34:186:38 | flags indirection |
-| test.cpp:196:19:196:23 | flags indirection | test.cpp:196:10:196:16 | concat output argument |
-| test.cpp:196:19:196:23 | flags indirection | test.cpp:196:10:196:16 | concat output argument |
+| test.cpp:196:26:196:33 | Convert indirection | test.cpp:186:47:186:54 | filename indirection |
+| test.cpp:196:26:196:33 | Convert indirection | test.cpp:196:10:196:16 | concat output argument |
+| test.cpp:196:26:196:33 | Convert indirection | test.cpp:196:10:196:16 | concat output argument |
+| test.cpp:196:26:196:33 | Convert indirection | test.cpp:196:19:196:23 | concat output argument |
+| test.cpp:196:26:196:33 | Convert indirection | test.cpp:196:19:196:23 | concat output argument |
 | test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename |
 | test.cpp:196:26:196:33 | filename | test.cpp:196:10:196:16 | concat output argument |
 | test.cpp:196:26:196:33 | filename | test.cpp:196:19:196:23 | concat output argument |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | filename indirection |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:196:10:196:16 | concat output argument |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:196:10:196:16 | concat output argument |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:196:19:196:23 | concat output argument |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:196:19:196:23 | concat output argument |
-| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | filename indirection |
-| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | filename indirection |
-| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | command indirection |
-| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | command indirection |
-| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
-| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
-| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
-| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
+| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | Convert indirection |
+| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | Convert indirection |
+| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | Convert indirection |
+| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | Convert indirection |
+| test.cpp:220:19:220:26 | Convert indirection | test.cpp:220:10:220:16 | strncat output argument |
+| test.cpp:220:19:220:26 | Convert indirection | test.cpp:220:10:220:16 | strncat output argument |
+| test.cpp:220:19:220:26 | Convert indirection | test.cpp:220:10:220:16 | strncat output argument |
+| test.cpp:220:19:220:26 | Convert indirection | test.cpp:220:10:220:16 | strncat output argument |
 nodes
 | test.cpp:47:21:47:26 | call to getenv indirection | semmle.label | call to getenv indirection |
 | test.cpp:50:11:50:17 | sprintf output argument | semmle.label | sprintf output argument |
-| test.cpp:50:35:50:43 | envCflags indirection | semmle.label | envCflags indirection |
-| test.cpp:51:10:51:16 | command indirection | semmle.label | command indirection |
+| test.cpp:50:35:50:43 | Load indirection | semmle.label | Load indirection |
+| test.cpp:51:10:51:16 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:62:9:62:16 | fread output argument | semmle.label | fread output argument |
 | test.cpp:64:11:64:17 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:64:20:64:27 | filename indirection | semmle.label | filename indirection |
-| test.cpp:65:10:65:16 | command indirection | semmle.label | command indirection |
+| test.cpp:64:20:64:27 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:65:10:65:16 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:82:9:82:16 | fread output argument | semmle.label | fread output argument |
 | test.cpp:84:11:84:17 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:84:20:84:27 | filename indirection | semmle.label | filename indirection |
-| test.cpp:85:32:85:38 | command indirection | semmle.label | command indirection |
+| test.cpp:84:20:84:27 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:85:32:85:38 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:91:9:91:16 | fread output argument | semmle.label | fread output argument |
 | test.cpp:93:11:93:14 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:93:17:93:24 | filename indirection | semmle.label | filename indirection |
-| test.cpp:94:45:94:48 | path indirection | semmle.label | path indirection |
+| test.cpp:93:17:93:24 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:94:45:94:48 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:106:20:106:25 | call to getenv | semmle.label | call to getenv |
 | test.cpp:106:20:106:38 | call to getenv indirection | semmle.label | call to getenv indirection |
 | test.cpp:107:31:107:31 | Call | semmle.label | Call |
-| test.cpp:107:33:107:36 | path indirection | semmle.label | path indirection |
+| test.cpp:107:33:107:36 | CopyValue indirection | semmle.label | CopyValue indirection |
 | test.cpp:108:18:108:22 | call to c_str indirection | semmle.label | call to c_str indirection |
 | test.cpp:113:20:113:25 | call to getenv | semmle.label | call to getenv |
 | test.cpp:113:20:113:38 | call to getenv indirection | semmle.label | call to getenv indirection |
 | test.cpp:114:10:114:23 | Convert | semmle.label | Convert |
 | test.cpp:114:17:114:17 | call to operator+ | semmle.label | call to operator+ |
-| test.cpp:114:19:114:22 | path indirection | semmle.label | path indirection |
+| test.cpp:114:19:114:22 | CopyValue indirection | semmle.label | CopyValue indirection |
 | test.cpp:114:25:114:29 | call to c_str indirection | semmle.label | call to c_str indirection |
 | test.cpp:114:25:114:29 | call to c_str indirection | semmle.label | call to c_str indirection |
 | test.cpp:119:20:119:25 | call to getenv | semmle.label | call to getenv |
 | test.cpp:119:20:119:38 | call to getenv indirection | semmle.label | call to getenv indirection |
 | test.cpp:120:10:120:30 | call to data indirection | semmle.label | call to data indirection |
 | test.cpp:120:17:120:17 | call to operator+ | semmle.label | call to operator+ |
-| test.cpp:120:19:120:22 | path indirection | semmle.label | path indirection |
+| test.cpp:120:19:120:22 | CopyValue indirection | semmle.label | CopyValue indirection |
 | test.cpp:140:9:140:11 | fread output argument | semmle.label | fread output argument |
 | test.cpp:142:11:142:17 | sprintf output argument | semmle.label | sprintf output argument |
-| test.cpp:142:31:142:33 | str indirection | semmle.label | str indirection |
-| test.cpp:143:10:143:16 | command indirection | semmle.label | command indirection |
+| test.cpp:142:31:142:33 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:143:10:143:16 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:174:9:174:16 | fread output argument | semmle.label | fread output argument |
 | test.cpp:177:13:177:17 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:177:20:177:27 | filename indirection | semmle.label | filename indirection |
+| test.cpp:177:20:177:27 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:178:13:178:19 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:178:22:178:26 | flags indirection | semmle.label | flags indirection |
+| test.cpp:178:22:178:26 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:180:13:180:19 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:180:22:180:29 | filename indirection | semmle.label | filename indirection |
-| test.cpp:183:32:183:38 | command indirection | semmle.label | command indirection |
-| test.cpp:183:32:183:38 | command indirection | semmle.label | command indirection |
-| test.cpp:183:32:183:38 | command indirection | semmle.label | command indirection |
+| test.cpp:180:22:180:29 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:183:32:183:38 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:183:32:183:38 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:183:32:183:38 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:186:34:186:38 | flags | semmle.label | flags |
 | test.cpp:186:34:186:38 | flags | semmle.label | flags |
 | test.cpp:186:34:186:38 | flags indirection | semmle.label | flags indirection |
@@ -157,7 +157,7 @@ nodes
 | test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
 | test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
 | test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:187:18:187:25 | filename indirection | semmle.label | filename indirection |
+| test.cpp:187:18:187:25 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
 | test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
 | test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
@@ -165,47 +165,47 @@ nodes
 | test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
 | test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
 | test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:188:20:188:24 | flags indirection | semmle.label | flags indirection |
-| test.cpp:188:20:188:24 | flags indirection | semmle.label | flags indirection |
-| test.cpp:188:20:188:24 | flags indirection | semmle.label | flags indirection |
-| test.cpp:188:20:188:24 | flags indirection | semmle.label | flags indirection |
+| test.cpp:188:20:188:24 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:188:20:188:24 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:188:20:188:24 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:188:20:188:24 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:194:9:194:16 | fread output argument | semmle.label | fread output argument |
 | test.cpp:196:10:196:16 | concat output argument | semmle.label | concat output argument |
 | test.cpp:196:10:196:16 | concat output argument | semmle.label | concat output argument |
+| test.cpp:196:19:196:23 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:196:19:196:23 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:196:19:196:23 | concat output argument | semmle.label | concat output argument |
 | test.cpp:196:19:196:23 | concat output argument | semmle.label | concat output argument |
 | test.cpp:196:19:196:23 | flags | semmle.label | flags |
 | test.cpp:196:19:196:23 | flags | semmle.label | flags |
-| test.cpp:196:19:196:23 | flags indirection | semmle.label | flags indirection |
-| test.cpp:196:19:196:23 | flags indirection | semmle.label | flags indirection |
+| test.cpp:196:26:196:33 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:196:26:196:33 | filename | semmle.label | filename |
-| test.cpp:196:26:196:33 | filename indirection | semmle.label | filename indirection |
-| test.cpp:198:32:198:38 | command indirection | semmle.label | command indirection |
-| test.cpp:198:32:198:38 | command indirection | semmle.label | command indirection |
+| test.cpp:198:32:198:38 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:198:32:198:38 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:218:9:218:16 | fread output argument | semmle.label | fread output argument |
 | test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
 | test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:220:19:220:26 | filename indirection | semmle.label | filename indirection |
-| test.cpp:220:19:220:26 | filename indirection | semmle.label | filename indirection |
-| test.cpp:222:32:222:38 | command indirection | semmle.label | command indirection |
+| test.cpp:220:19:220:26 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:220:19:220:26 | Convert indirection | semmle.label | Convert indirection |
+| test.cpp:222:32:222:38 | Convert indirection | semmle.label | Convert indirection |
 subpaths
+| test.cpp:196:19:196:23 | Convert indirection | test.cpp:186:34:186:38 | flags indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
+| test.cpp:196:19:196:23 | Convert indirection | test.cpp:186:34:186:38 | flags indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
 | test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
 | test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
 | test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
 | test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
-| test.cpp:196:19:196:23 | flags indirection | test.cpp:186:34:186:38 | flags indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
-| test.cpp:196:19:196:23 | flags indirection | test.cpp:186:34:186:38 | flags indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
+| test.cpp:196:26:196:33 | Convert indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
+| test.cpp:196:26:196:33 | Convert indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
+| test.cpp:196:26:196:33 | Convert indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
+| test.cpp:196:26:196:33 | Convert indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
 | test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
 | test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
 #select
-| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv indirection | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
-| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (String read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
-| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (String read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
-| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | path indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (String read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
+| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:51:10:51:16 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv indirection | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
+| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (String read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
+| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (String read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
+| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (String read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
 | test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:25 | call to getenv | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:25 | call to getenv | user input (an environment variable) | test.cpp:107:31:107:31 | Call | Call |
 | test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:38 | call to getenv indirection | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:38 | call to getenv indirection | user input (an environment variable) | test.cpp:107:31:107:31 | Call | Call |
 | test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:25 | call to getenv | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:25 | call to getenv | user input (an environment variable) | test.cpp:114:10:114:23 | Convert | Convert |
@@ -214,11 +214,11 @@ subpaths
 | test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | call to getenv indirection | user input (an environment variable) | test.cpp:114:17:114:17 | call to operator+ | call to operator+ |
 | test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:25 | call to getenv | test.cpp:120:10:120:30 | call to data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:25 | call to getenv | user input (an environment variable) | test.cpp:120:17:120:17 | call to operator+ | call to operator+ |
 | test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:38 | call to getenv indirection | test.cpp:120:10:120:30 | call to data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:38 | call to getenv indirection | user input (an environment variable) | test.cpp:120:17:120:17 | call to operator+ | call to operator+ |
-| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:140:9:140:11 | fread output argument | user input (String read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
-| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:177:13:177:17 | strncat output argument | strncat output argument |
-| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:178:13:178:19 | strncat output argument | strncat output argument |
-| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:180:13:180:19 | strncat output argument | strncat output argument |
-| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (String read by fread) | test.cpp:187:11:187:15 | strncat output argument | strncat output argument |
-| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (String read by fread) | test.cpp:188:11:188:17 | strncat output argument | strncat output argument |
-| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (String read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
-| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (String read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
+| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:140:9:140:11 | fread output argument | user input (String read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
+| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:177:13:177:17 | strncat output argument | strncat output argument |
+| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:178:13:178:19 | strncat output argument | strncat output argument |
+| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:180:13:180:19 | strncat output argument | strncat output argument |
+| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (String read by fread) | test.cpp:187:11:187:15 | strncat output argument | strncat output argument |
+| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (String read by fread) | test.cpp:188:11:188:17 | strncat output argument | strncat output argument |
+| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (String read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
+| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (String read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
index 5e0638a0afe4..3dcfbb66c38c 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
@@ -5,12 +5,12 @@ edges
 | test.cpp:37:73:37:76 | data indirection | test.cpp:43:32:43:35 | data |
 | test.cpp:37:73:37:76 | data indirection | test.cpp:43:32:43:35 | data |
 | test.cpp:37:73:37:76 | data indirection | test.cpp:43:32:43:35 | data |
+| test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | Load indirection |
+| test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | Load indirection |
 | test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data |
 | test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data |
-| test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data indirection |
-| test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data indirection |
+| test.cpp:73:24:73:27 | Load indirection | test.cpp:37:73:37:76 | data indirection |
 | test.cpp:73:24:73:27 | data | test.cpp:37:73:37:76 | data |
-| test.cpp:73:24:73:27 | data indirection | test.cpp:37:73:37:76 | data indirection |
 subpaths
 nodes
 | test.cpp:37:73:37:76 | data | semmle.label | data |
@@ -20,7 +20,7 @@ nodes
 | test.cpp:43:32:43:35 | data | semmle.label | data |
 | test.cpp:64:30:64:35 | call to getenv | semmle.label | call to getenv |
 | test.cpp:64:30:64:35 | call to getenv | semmle.label | call to getenv |
+| test.cpp:73:24:73:27 | Load indirection | semmle.label | Load indirection |
 | test.cpp:73:24:73:27 | data | semmle.label | data |
-| test.cpp:73:24:73:27 | data indirection | semmle.label | data indirection |
 #select
 | test.cpp:43:32:43:35 | data | test.cpp:64:30:64:35 | call to getenv | test.cpp:43:32:43:35 | data | The value of this argument may come from $@ and is being passed to LoadLibraryA. | test.cpp:64:30:64:35 | call to getenv | call to getenv |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
index 7a3621285d94..e987b7a22fdc 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
@@ -31,33 +31,33 @@ edges
 | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:65:9:65:13 | memcpy output argument |
 | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:65:9:65:13 | memcpy output argument |
 | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:65:9:65:13 | memcpy output argument |
+| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | Convert indirection |
 | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | src |
-| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | src indirection |
+| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | Convert indirection |
 | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | src |
-| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | src indirection |
+| overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument | overflowdestination.cpp:76:24:76:27 | Convert indirection |
 | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument | overflowdestination.cpp:76:24:76:27 | dest |
-| overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument | overflowdestination.cpp:76:24:76:27 | dest indirection |
+| overflowdestination.cpp:75:30:75:32 | Convert indirection | overflowdestination.cpp:50:52:50:54 | src indirection |
+| overflowdestination.cpp:75:30:75:32 | Convert indirection | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
+| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | Convert indirection |
 | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | src |
-| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | src indirection |
 | overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src |
 | overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
 | overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
-| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | src indirection |
-| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
+| overflowdestination.cpp:76:24:76:27 | Convert indirection | overflowdestination.cpp:57:40:57:43 | dest indirection |
+| overflowdestination.cpp:76:24:76:27 | Convert indirection | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:24:76:27 | dest | overflowdestination.cpp:57:40:57:43 | dest |
 | overflowdestination.cpp:76:24:76:27 | dest | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:24:76:27 | dest | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
-| overflowdestination.cpp:76:24:76:27 | dest indirection | overflowdestination.cpp:57:40:57:43 | dest indirection |
-| overflowdestination.cpp:76:24:76:27 | dest indirection | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
+| overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument | overflowdestination.cpp:76:24:76:27 | Convert indirection |
 | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument | overflowdestination.cpp:76:24:76:27 | dest |
-| overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument | overflowdestination.cpp:76:24:76:27 | dest indirection |
+| overflowdestination.cpp:76:30:76:32 | Convert indirection | overflowdestination.cpp:57:52:57:54 | src indirection |
+| overflowdestination.cpp:76:30:76:32 | Convert indirection | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
+| overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument | overflowdestination.cpp:76:30:76:32 | Convert indirection |
 | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument | overflowdestination.cpp:76:30:76:32 | src |
-| overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument | overflowdestination.cpp:76:30:76:32 | src indirection |
 | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src |
 | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
-| overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | src indirection |
-| overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
 nodes
 | overflowdestination.cpp:27:9:27:12 | argv | semmle.label | argv |
 | overflowdestination.cpp:30:17:30:20 | arg1 | semmle.label | arg1 |
@@ -87,35 +87,35 @@ nodes
 | overflowdestination.cpp:65:9:65:13 | memcpy output argument | semmle.label | memcpy output argument |
 | overflowdestination.cpp:73:8:73:10 | fgets output argument | semmle.label | fgets output argument |
 | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument | semmle.label | overflowdest_test2 output argument |
+| overflowdestination.cpp:75:30:75:32 | Convert indirection | semmle.label | Convert indirection |
 | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | semmle.label | overflowdest_test2 output argument |
 | overflowdestination.cpp:75:30:75:32 | src | semmle.label | src |
-| overflowdestination.cpp:75:30:75:32 | src indirection | semmle.label | src indirection |
+| overflowdestination.cpp:76:24:76:27 | Convert indirection | semmle.label | Convert indirection |
 | overflowdestination.cpp:76:24:76:27 | dest | semmle.label | dest |
-| overflowdestination.cpp:76:24:76:27 | dest indirection | semmle.label | dest indirection |
 | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument | semmle.label | overflowdest_test3 output argument |
+| overflowdestination.cpp:76:30:76:32 | Convert indirection | semmle.label | Convert indirection |
 | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument | semmle.label | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:30:76:32 | src | semmle.label | src |
-| overflowdestination.cpp:76:30:76:32 | src indirection | semmle.label | src indirection |
 subpaths
+| overflowdestination.cpp:75:30:75:32 | Convert indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:52:9:52:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
+| overflowdestination.cpp:75:30:75:32 | Convert indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
+| overflowdestination.cpp:75:30:75:32 | Convert indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
 | overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:52:9:52:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
 | overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
 | overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
 | overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
 | overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
-| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:52:9:52:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
-| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
-| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
+| overflowdestination.cpp:76:24:76:27 | Convert indirection | overflowdestination.cpp:57:40:57:43 | dest indirection | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:24:76:27 | dest | overflowdestination.cpp:57:40:57:43 | dest | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:24:76:27 | dest | overflowdestination.cpp:57:40:57:43 | dest | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
-| overflowdestination.cpp:76:24:76:27 | dest indirection | overflowdestination.cpp:57:40:57:43 | dest indirection | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
+| overflowdestination.cpp:76:30:76:32 | Convert indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:63:9:63:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
+| overflowdestination.cpp:76:30:76:32 | Convert indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:64:9:64:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
+| overflowdestination.cpp:76:30:76:32 | Convert indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:63:9:63:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:64:9:64:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:64:9:64:13 | memcpy output argument | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
 | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
-| overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:63:9:63:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
-| overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:64:9:64:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
-| overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
 #select
 | overflowdestination.cpp:30:2:30:8 | call to strncpy | overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
 | overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | src | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
index 343fe43d2d02..62c9cd2c081c 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
@@ -19,18 +19,18 @@ edges
 | test3.cpp:124:7:124:20 | VariableAddress indirection | test3.cpp:146:15:146:18 | data |
 | test3.cpp:126:9:126:23 | global_password indirection | test3.cpp:124:7:124:20 | VariableAddress indirection |
 | test3.cpp:126:9:126:23 | global_password indirection | test3.cpp:124:7:124:20 | VariableAddress indirection |
+| test3.cpp:134:11:134:18 | Convert indirection | test3.cpp:112:20:112:25 | buffer indirection |
 | test3.cpp:134:11:134:18 | password | test3.cpp:112:20:112:25 | buffer |
-| test3.cpp:134:11:134:18 | password indirection | test3.cpp:112:20:112:25 | buffer indirection |
+| test3.cpp:134:11:134:18 | password indirection | test3.cpp:134:11:134:18 | Convert indirection |
 | test3.cpp:134:11:134:18 | password indirection | test3.cpp:134:11:134:18 | password |
-| test3.cpp:134:11:134:18 | password indirection | test3.cpp:134:11:134:18 | password indirection |
 | test3.cpp:138:21:138:22 | call to id indirection | test3.cpp:140:15:140:17 | ptr |
+| test3.cpp:138:24:138:32 | Load indirection | test3.cpp:117:28:117:33 | buffer indirection |
+| test3.cpp:138:24:138:32 | Load indirection | test3.cpp:138:21:138:22 | call to id indirection |
+| test3.cpp:138:24:138:32 | Load indirection | test3.cpp:140:15:140:17 | ptr |
 | test3.cpp:138:24:138:32 | password1 | test3.cpp:140:15:140:17 | ptr |
-| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:117:28:117:33 | buffer indirection |
-| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:21:138:22 | call to id indirection |
+| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:24:138:32 | Load indirection |
 | test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:24:138:32 | password1 |
 | test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:24:138:32 | password1 |
-| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:24:138:32 | password1 indirection |
-| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:140:15:140:17 | ptr |
 | test3.cpp:144:16:144:29 | call to get_global_str indirection | test3.cpp:146:15:146:18 | data |
 | test3.cpp:173:15:173:22 | password indirection | test3.cpp:173:15:173:22 | password |
 | test3.cpp:181:15:181:22 | password indirection | test3.cpp:181:15:181:22 | password |
@@ -60,34 +60,34 @@ edges
 | test3.cpp:293:20:293:23 | data indirection | test3.cpp:295:14:295:17 | data |
 | test3.cpp:298:20:298:23 | data | test3.cpp:300:14:300:17 | data |
 | test3.cpp:298:20:298:23 | data indirection | test3.cpp:300:14:300:17 | data |
+| test3.cpp:313:11:313:19 | Load indirection | test3.cpp:278:20:278:23 | data indirection |
 | test3.cpp:313:11:313:19 | password1 | test3.cpp:278:20:278:23 | data |
-| test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:278:20:278:23 | data indirection |
+| test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:313:11:313:19 | Load indirection |
 | test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:313:11:313:19 | password1 |
 | test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:313:11:313:19 | password1 |
-| test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:313:11:313:19 | password1 indirection |
+| test3.cpp:314:11:314:19 | Load indirection | test3.cpp:283:20:283:23 | data indirection |
 | test3.cpp:314:11:314:19 | password1 | test3.cpp:283:20:283:23 | data |
-| test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:283:20:283:23 | data indirection |
+| test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:314:11:314:19 | Load indirection |
 | test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:314:11:314:19 | password1 |
 | test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:314:11:314:19 | password1 |
-| test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:314:11:314:19 | password1 indirection |
+| test3.cpp:316:11:316:19 | Load indirection | test3.cpp:283:20:283:23 | data indirection |
 | test3.cpp:316:11:316:19 | password1 | test3.cpp:283:20:283:23 | data |
-| test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:283:20:283:23 | data indirection |
+| test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:316:11:316:19 | Load indirection |
 | test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:316:11:316:19 | password1 |
 | test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:316:11:316:19 | password1 |
-| test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:316:11:316:19 | password1 indirection |
+| test3.cpp:317:11:317:19 | Load indirection | test3.cpp:288:20:288:23 | data indirection |
 | test3.cpp:317:11:317:19 | password1 | test3.cpp:288:20:288:23 | data |
-| test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:288:20:288:23 | data indirection |
+| test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:317:11:317:19 | Load indirection |
 | test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:317:11:317:19 | password1 |
 | test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:317:11:317:19 | password1 |
-| test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:317:11:317:19 | password1 indirection |
+| test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:324:11:324:14 | Load indirection |
 | test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:324:11:324:14 | data |
-| test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:324:11:324:14 | data indirection |
+| test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:325:11:325:14 | Load indirection |
 | test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:325:11:325:14 | data |
-| test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:325:11:325:14 | data indirection |
+| test3.cpp:324:11:324:14 | Load indirection | test3.cpp:293:20:293:23 | data indirection |
 | test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data |
-| test3.cpp:324:11:324:14 | data indirection | test3.cpp:293:20:293:23 | data indirection |
+| test3.cpp:325:11:325:14 | Load indirection | test3.cpp:298:20:298:23 | data indirection |
 | test3.cpp:325:11:325:14 | data | test3.cpp:298:20:298:23 | data |
-| test3.cpp:325:11:325:14 | data indirection | test3.cpp:298:20:298:23 | data indirection |
 | test3.cpp:341:16:341:23 | password indirection | test3.cpp:341:16:341:23 | password |
 | test3.cpp:352:16:352:23 | password indirection | test3.cpp:352:16:352:23 | password |
 | test3.cpp:368:15:368:22 | password indirection | test3.cpp:368:15:368:22 | password |
@@ -141,14 +141,14 @@ nodes
 | test3.cpp:124:7:124:20 | VariableAddress indirection | semmle.label | VariableAddress indirection |
 | test3.cpp:124:7:124:20 | VariableAddress indirection | semmle.label | VariableAddress indirection |
 | test3.cpp:126:9:126:23 | global_password indirection | semmle.label | global_password indirection |
+| test3.cpp:134:11:134:18 | Convert indirection | semmle.label | Convert indirection |
 | test3.cpp:134:11:134:18 | password | semmle.label | password |
 | test3.cpp:134:11:134:18 | password indirection | semmle.label | password indirection |
-| test3.cpp:134:11:134:18 | password indirection | semmle.label | password indirection |
 | test3.cpp:138:21:138:22 | call to id indirection | semmle.label | call to id indirection |
+| test3.cpp:138:24:138:32 | Load indirection | semmle.label | Load indirection |
 | test3.cpp:138:24:138:32 | password1 | semmle.label | password1 |
 | test3.cpp:138:24:138:32 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:138:24:138:32 | password1 indirection | semmle.label | password1 indirection |
-| test3.cpp:138:24:138:32 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:140:15:140:17 | ptr | semmle.label | ptr |
 | test3.cpp:144:16:144:29 | call to get_global_str indirection | semmle.label | call to get_global_str indirection |
 | test3.cpp:146:15:146:18 | data | semmle.label | data |
@@ -196,27 +196,27 @@ nodes
 | test3.cpp:298:20:298:23 | data | semmle.label | data |
 | test3.cpp:298:20:298:23 | data indirection | semmle.label | data indirection |
 | test3.cpp:300:14:300:17 | data | semmle.label | data |
+| test3.cpp:313:11:313:19 | Load indirection | semmle.label | Load indirection |
 | test3.cpp:313:11:313:19 | password1 | semmle.label | password1 |
 | test3.cpp:313:11:313:19 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:313:11:313:19 | password1 indirection | semmle.label | password1 indirection |
-| test3.cpp:313:11:313:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:314:11:314:19 | Load indirection | semmle.label | Load indirection |
 | test3.cpp:314:11:314:19 | password1 | semmle.label | password1 |
 | test3.cpp:314:11:314:19 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:314:11:314:19 | password1 indirection | semmle.label | password1 indirection |
-| test3.cpp:314:11:314:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:316:11:316:19 | Load indirection | semmle.label | Load indirection |
 | test3.cpp:316:11:316:19 | password1 | semmle.label | password1 |
 | test3.cpp:316:11:316:19 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:316:11:316:19 | password1 indirection | semmle.label | password1 indirection |
-| test3.cpp:316:11:316:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:317:11:317:19 | Load indirection | semmle.label | Load indirection |
 | test3.cpp:317:11:317:19 | password1 | semmle.label | password1 |
 | test3.cpp:317:11:317:19 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:317:11:317:19 | password1 indirection | semmle.label | password1 indirection |
-| test3.cpp:317:11:317:19 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:322:16:322:24 | password2 indirection | semmle.label | password2 indirection |
+| test3.cpp:324:11:324:14 | Load indirection | semmle.label | Load indirection |
 | test3.cpp:324:11:324:14 | data | semmle.label | data |
-| test3.cpp:324:11:324:14 | data indirection | semmle.label | data indirection |
+| test3.cpp:325:11:325:14 | Load indirection | semmle.label | Load indirection |
 | test3.cpp:325:11:325:14 | data | semmle.label | data |
-| test3.cpp:325:11:325:14 | data indirection | semmle.label | data indirection |
 | test3.cpp:341:16:341:23 | password | semmle.label | password |
 | test3.cpp:341:16:341:23 | password indirection | semmle.label | password indirection |
 | test3.cpp:352:16:352:23 | password | semmle.label | password |
@@ -266,7 +266,7 @@ nodes
 | test3.cpp:577:8:577:23 | call to get_home_address | semmle.label | call to get_home_address |
 | test3.cpp:578:14:578:16 | str | semmle.label | str |
 subpaths
-| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:117:28:117:33 | buffer indirection | test3.cpp:117:13:117:14 | VariableAddress indirection | test3.cpp:138:21:138:22 | call to id indirection |
+| test3.cpp:138:24:138:32 | Load indirection | test3.cpp:117:28:117:33 | buffer indirection | test3.cpp:117:13:117:14 | VariableAddress indirection | test3.cpp:138:21:138:22 | call to id indirection |
 #select
 | test3.cpp:22:3:22:6 | call to send | test3.cpp:20:28:20:36 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:20:28:20:36 | password1 indirection | password1 indirection |
 | test3.cpp:22:3:22:6 | call to send | test3.cpp:20:28:20:36 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:20:28:20:36 | password1 indirection | password1 indirection |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
index 0d485f631ff8..481594c692a9 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
@@ -18,20 +18,20 @@ edges
 | test.cpp:39:11:39:15 | url_l | test.cpp:11:26:11:28 | url |
 | test.cpp:40:11:40:17 | access to array | test.cpp:11:26:11:28 | url |
 | test.cpp:40:11:40:17 | access to array indirection | test.cpp:11:26:11:28 | url indirection |
+| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | Convert indirection |
+| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | Convert indirection |
 | test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
 | test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
-| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer indirection |
-| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer indirection |
+| test.cpp:49:11:49:16 | Convert indirection | test.cpp:11:26:11:28 | url indirection |
 | test.cpp:49:11:49:16 | buffer | test.cpp:11:26:11:28 | url |
-| test.cpp:49:11:49:16 | buffer indirection | test.cpp:11:26:11:28 | url indirection |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | Convert indirection |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | Convert indirection |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | Convert indirection |
 | test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
 | test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
 | test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
-| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr indirection |
-| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr indirection |
-| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr indirection |
+| test.cpp:121:11:121:13 | Convert indirection | test.cpp:11:26:11:28 | url indirection |
 | test.cpp:121:11:121:13 | ptr | test.cpp:11:26:11:28 | url |
-| test.cpp:121:11:121:13 | ptr indirection | test.cpp:11:26:11:28 | url indirection |
 nodes
 | test.cpp:11:26:11:28 | url | semmle.label | url |
 | test.cpp:11:26:11:28 | url indirection | semmle.label | url indirection |
@@ -53,13 +53,13 @@ nodes
 | test.cpp:40:11:40:17 | access to array indirection | semmle.label | access to array indirection |
 | test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
 | test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
+| test.cpp:49:11:49:16 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:49:11:49:16 | buffer | semmle.label | buffer |
-| test.cpp:49:11:49:16 | buffer indirection | semmle.label | buffer indirection |
 | test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
 | test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
 | test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
+| test.cpp:121:11:121:13 | Convert indirection | semmle.label | Convert indirection |
 | test.cpp:121:11:121:13 | ptr | semmle.label | ptr |
-| test.cpp:121:11:121:13 | ptr indirection | semmle.label | ptr indirection |
 subpaths
 #select
 | test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |