diff --git a/SqlInjection.ql b/SqlInjection.ql
index d61334b..d6d982b 100644
--- a/SqlInjection.ql
+++ b/SqlInjection.ql
@@ -12,7 +12,12 @@ import semmle.code.cpp.dataflow.TaintTracking
 class SqliFlowConfig extends TaintTracking::Configuration {
     SqliFlowConfig() { this = "SqliFlow" }
 
-    override predicate isSource(DataFlow::Node source) { any() }
+    override predicate isSource(DataFlow::Node source) {
+        exists(FunctionCall read |
+            read.getTarget().getName() = "read" and
+            read.getArgument(1) = source.asExpr()
+        )
+    }
 
     override predicate isSanitizer(DataFlow::Node sanitizer) { none() }