Merge pull request #20961 from aschackmull/dataflow/flowfrom

Dataflow: Add flowFrom predicates to mirror flowTo.

python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll

@@ -50,7 +50,7 @@ module FullServerSideRequestForgeryFlow = TaintTracking::Global<FullServerSideRe
  */
 predicate fullyControlledRequest(Http::Client::Request request) {
   forall(DataFlow::Node urlPart | urlPart = request.getAUrlPart() |
-    FullServerSideRequestForgeryFlow::flow(_, urlPart)
+    FullServerSideRequestForgeryFlow::flowTo(urlPart)
   )
 }
 

python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll

@@ -182,7 +182,7 @@ module UntrustedDataToExternalApiFlow = TaintTracking::Global<UntrustedDataToExt
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
+  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }

python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql

@@ -38,5 +38,5 @@ module RemoteFlowSourceReachConfig implements DataFlow::ConfigSig {
 module RemoteFlowSourceReachFlow = TaintTracking::Global<RemoteFlowSourceReachConfig>;
 
 from DataFlow::Node reachable
-where RemoteFlowSourceReachFlow::flow(_, reachable)
+where RemoteFlowSourceReachFlow::flowTo(reachable)
 select reachable, prettyNode(reachable)