github
diff --git a/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll‎
Lines changed: 5 additions & 1 deletion b/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/PrivateCleartextWrite.expected‎
Lines changed: 9 additions & 2 deletions b/‎cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/PrivateCleartextWrite.expected‎
Lines changed: 9 additions & 2 deletions
@@ -692,7 +692,11 @@ class Unit extends TUnit {
 }
 
 /** Holds if `n` should be hidden from path explanations. */
-predicate nodeIsHidden(Node n) { n instanceof OperandNode and not n instanceof ArgumentNode }
+predicate nodeIsHidden(Node n) {
+  n instanceof OperandNode and
+  not n instanceof ArgumentNode and
+  not n.asOperand() instanceof StoreValueOperand
+}
 
 class LambdaCallKind = Unit;
 
 
@@ -1,4 +1,5 @@
 edges
+| test.cpp:45:18:45:23 | buffer | test.cpp:45:7:45:10 | func indirection |
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode |
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode |
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode |
@@ -9,8 +10,10 @@ edges
 | test.cpp:77:16:77:22 | medical | test.cpp:78:11:78:15 | buff2 |
 | test.cpp:77:16:77:22 | medical | test.cpp:78:24:78:27 | temp |
 | test.cpp:77:16:77:22 | medical | test.cpp:81:22:81:28 | medical |
-| test.cpp:81:22:81:28 | medical | test.cpp:82:11:82:15 | buff3 |
-| test.cpp:81:22:81:28 | medical | test.cpp:82:24:82:28 | buff5 |
+| test.cpp:81:17:81:20 | call to func | test.cpp:82:11:82:15 | buff3 |
+| test.cpp:81:17:81:20 | call to func | test.cpp:82:24:82:28 | buff5 |
+| test.cpp:81:22:81:28 | medical | test.cpp:45:18:45:23 | buffer |
+| test.cpp:81:22:81:28 | medical | test.cpp:81:17:81:20 | call to func |
 | test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode |
 | test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode |
 | test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode |
@@ -27,6 +30,8 @@ edges
 | test.cpp:99:61:99:70 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
 | test.cpp:99:61:99:70 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
 nodes
+| test.cpp:45:7:45:10 | func indirection | semmle.label | func indirection |
+| test.cpp:45:18:45:23 | buffer | semmle.label | buffer |
 | test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
 | test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
 | test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
@@ -36,6 +41,7 @@ nodes
 | test.cpp:77:16:77:22 | medical | semmle.label | medical |
 | test.cpp:78:11:78:15 | buff2 | semmle.label | buff2 |
 | test.cpp:78:24:78:27 | temp | semmle.label | temp |
+| test.cpp:81:17:81:20 | call to func | semmle.label | call to func |
 | test.cpp:81:22:81:28 | medical | semmle.label | medical |
 | test.cpp:82:11:82:15 | buff3 | semmle.label | buff3 |
 | test.cpp:82:24:82:28 | buff5 | semmle.label | buff5 |
@@ -49,6 +55,7 @@ nodes
 | test.cpp:99:61:99:70 | theZipcode | semmle.label | theZipcode |
 | test.cpp:99:61:99:70 | theZipcode | semmle.label | theZipcode |
 subpaths
+| test.cpp:81:22:81:28 | medical | test.cpp:45:18:45:23 | buffer | test.cpp:45:7:45:10 | func indirection | test.cpp:81:17:81:20 | call to func |
 #select
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:57:9:57:18 | theZipcode | this source of private data. |
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:57:9:57:18 | theZipcode | this source of private data. |