From 5fd6dc3b876436d7de07ce488b8aa9ecc72d2052 Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Wed, 4 Oct 2023 10:48:09 +0200
Subject: [PATCH] Java: Opt-in the XSS query to use threat model flow sources.

---
 java/ql/lib/semmle/code/java/security/XssQuery.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/lib/semmle/code/java/security/XssQuery.qll b/java/ql/lib/semmle/code/java/security/XssQuery.qll
index 5accb2ca585..6fec86a78dd 100644
--- a/java/ql/lib/semmle/code/java/security/XssQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XssQuery.qll
@@ -9,7 +9,7 @@ import semmle.code.java.security.XSS
  * A taint-tracking configuration for cross site scripting vulnerabilities.
  */
 module XssConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }