diff --git a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll
index 51dad0fc18c..74fe756093c 100644
--- a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll
+++ b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll
@@ -10,7 +10,7 @@ import ExternalAPIsSpecific
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
+  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
diff --git a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll
index 51dad0fc18c..74fe756093c 100644
--- a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll
+++ b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll
@@ -10,7 +10,7 @@ import ExternalAPIsSpecific
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
+  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
index f1a64f6810b..e623628fea6 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
@@ -85,7 +85,7 @@ module RemoteSourceToExternalApi = TaintTracking::Global<RemoteSourceToExternalA
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { RemoteSourceToExternalApi::flow(_, this) }
+  UntrustedExternalApiDataNode() { RemoteSourceToExternalApi::flowTo(this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() { RemoteSourceToExternalApi::flow(result, this) }
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
index c3fdbc2dc3e..8797d6654d3 100644
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
@@ -91,7 +91,7 @@ class ExponentialRegexSink extends DataFlow::ExprNode, Sink {
   ExponentialRegexSink() {
     exists(RegexOperation regexOperation |
       // Exponential regex flows to the pattern argument
-      ExponentialRegexDataFlow::flow(_, DataFlow::exprNode(regexOperation.getPattern()))
+      ExponentialRegexDataFlow::flowToExpr(regexOperation.getPattern())
     |
       // This is used as an input for this pattern
       this.getExpr() = regexOperation.getInput() and
diff --git a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
index ad5c0a71227..8a8bb306864 100644
--- a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql	
+++ b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql	
@@ -53,7 +53,7 @@ where
   // JsonConvert static method call, but with additional unsafe typename tracking
   exists(DataFlow::Node settingsCallArg |
     JsonConvertTracking::flowPath(userInput.asPathNode3(), deserializeCallArg.asPathNode3()) and
-    TypeNameTracking::flow(_, settingsCallArg) and
+    TypeNameTracking::flowTo(settingsCallArg) and
     sameParent(deserializeCallArg.getNode(), settingsCallArg)
   )
 select deserializeCallArg, userInput, deserializeCallArg, "$@ flows to unsafe deserializer.",
diff --git a/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll b/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll
index 079ab35ee36..03df0817975 100644
--- a/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll
+++ b/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll
@@ -27,7 +27,7 @@ module AllocationSizeOverflow {
   private module FindLargeLensFlow = TaintTracking::Global<FindLargeLensConfig>;
 
   private DataFlow::CallNode getALargeLenCall() {
-    exists(DataFlow::Node lenArg | FindLargeLensFlow::flow(_, lenArg) |
+    exists(DataFlow::Node lenArg | FindLargeLensFlow::flowTo(lenArg) |
       result.getArgument(0) = lenArg
     )
   }
diff --git a/go/ql/lib/semmle/go/security/ExternalAPIs.qll b/go/ql/lib/semmle/go/security/ExternalAPIs.qll
index f85f939258f..0a9be6bcc70 100644
--- a/go/ql/lib/semmle/go/security/ExternalAPIs.qll
+++ b/go/ql/lib/semmle/go/security/ExternalAPIs.qll
@@ -211,7 +211,7 @@ module UntrustedDataToUnknownExternalApiFlow =
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
+  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
diff --git a/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql b/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
index 17ec112955f..34023f6161e 100644
--- a/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
+++ b/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
@@ -21,6 +21,6 @@ where
   OpenUrlRedirect::Flow::flowPath(source, sink) and
   // this excludes flow from safe parts of request URLs, for example the full URL when the
   // doing a redirect from `http://<path>` to `https://<path>`
-  not SafeUrlFlow::Flow::flow(_, sink.getNode())
+  not SafeUrlFlow::Flow::flowTo(sink.getNode())
 select sink.getNode(), source, sink, "This path to an untrusted URL redirection depends on a $@.",
   source.getNode(), "user-provided value"
diff --git a/go/ql/src/Security/CWE-918/RequestForgery.ql b/go/ql/src/Security/CWE-918/RequestForgery.ql
index 5a5c3265483..a54f51db9ce 100644
--- a/go/ql/src/Security/CWE-918/RequestForgery.ql
+++ b/go/ql/src/Security/CWE-918/RequestForgery.ql
@@ -21,6 +21,6 @@ where
   RequestForgery::Flow::flowPath(source, sink) and
   request = sink.getNode().(RequestForgery::Sink).getARequest() and
   // this excludes flow from safe parts of request URLs, for example the full URL
-  not SafeUrlFlow::Flow::flow(_, sink.getNode())
+  not SafeUrlFlow::Flow::flowTo(sink.getNode())
 select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(),
   sink.getNode().(RequestForgery::Sink).getKind(), source, "user-provided value"
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
index 7972c379e87..7a936044756 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
@@ -97,7 +97,7 @@ class ExternalApiDataNode extends DataFlow::Node instanceof Sink { }
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { ExternalAPIUsedWithUntrustedDataFlow::flow(_, this) }
+  UntrustedExternalApiDataNode() { ExternalAPIUsedWithUntrustedDataFlow::flowTo(this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() { ExternalAPIUsedWithUntrustedDataFlow::flow(result, this) }
@@ -110,7 +110,7 @@ private newtype TExternalApi =
   /** An external API sink with `name`. */
   MkExternalApiNode(string name) {
     exists(Sink sink |
-      ExternalAPIUsedWithUntrustedDataFlow::flow(_, sink) and
+      ExternalAPIUsedWithUntrustedDataFlow::flowTo(sink) and
       name = sink.getApiName()
     )
   }
diff --git a/javascript/ql/test/library-tests/FlowSummary/test.ql b/javascript/ql/test/library-tests/FlowSummary/test.ql
index 0e40dcdadb0..147908706c8 100644
--- a/javascript/ql/test/library-tests/FlowSummary/test.ql
+++ b/javascript/ql/test/library-tests/FlowSummary/test.ql
@@ -32,5 +32,5 @@ class BasicBarrierGuard extends DataFlow::CallNode {
 deprecated class ConsistencyConfig extends ConsistencyConfiguration {
   ConsistencyConfig() { this = "ConsistencyConfig" }
 
-  override DataFlow::Node getAnAlert() { Flow::flow(_, result) }
+  override DataFlow::Node getAnAlert() { Flow::flowTo(result) }
 }
diff --git a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query17.qll b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query17.qll
index e6dff623e97..e0a5ac34a91 100644
--- a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query17.qll	
+++ b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query17.qll	
@@ -14,7 +14,7 @@ predicate passwordVarAssign(Variable v, DataFlow::Node nd) {
 module PasswordFlow = DataFlow::Global<PasswordConfig>;
 
 query predicate test_query17(DataFlow::Node sink, string res) {
-  exists(Variable v | PasswordFlow::flow(_, sink) and passwordVarAssign(v, sink) |
+  exists(Variable v | PasswordFlow::flowTo(sink) and passwordVarAssign(v, sink) |
     res = "Password variable " + v.toString() + " is assigned a constant string."
   )
 }
diff --git a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
index e60afa470ec..304e6376d2c 100644
--- a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
@@ -50,7 +50,7 @@ module FullServerSideRequestForgeryFlow = TaintTracking::Global<FullServerSideRe
  */
 predicate fullyControlledRequest(Http::Client::Request request) {
   forall(DataFlow::Node urlPart | urlPart = request.getAUrlPart() |
-    FullServerSideRequestForgeryFlow::flow(_, urlPart)
+    FullServerSideRequestForgeryFlow::flowTo(urlPart)
   )
 }
 
diff --git a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
index 34649c0fb86..9c12845a0ca 100644
--- a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
+++ b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
@@ -182,7 +182,7 @@ module UntrustedDataToExternalApiFlow = TaintTracking::Global<UntrustedDataToExt
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
+  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
diff --git a/python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql b/python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql
index 7921121fb3a..d6d91a888d4 100644
--- a/python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql
+++ b/python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql
@@ -38,5 +38,5 @@ module RemoteFlowSourceReachConfig implements DataFlow::ConfigSig {
 module RemoteFlowSourceReachFlow = TaintTracking::Global<RemoteFlowSourceReachConfig>;
 
 from DataFlow::Node reachable
-where RemoteFlowSourceReachFlow::flow(_, reachable)
+where RemoteFlowSourceReachFlow::flowTo(reachable)
 select reachable, prettyNode(reachable)
diff --git a/ruby/ql/src/queries/meta/TaintedNodes.ql b/ruby/ql/src/queries/meta/TaintedNodes.ql
index 2ee6e83e0de..1594c59d3b0 100644
--- a/ruby/ql/src/queries/meta/TaintedNodes.ql
+++ b/ruby/ql/src/queries/meta/TaintedNodes.ql
@@ -28,5 +28,5 @@ private module BasicTaintConfig implements DataFlow::ConfigSig {
 private module BasicTaintFlow = TaintTracking::Global<BasicTaintConfig>;
 
 from DataFlow::Node node
-where BasicTaintFlow::flow(_, node)
+where BasicTaintFlow::flowTo(node)
 select node, "Tainted node"
diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql
index 61996adaf05..4de9cc98948 100644
--- a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql
+++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql
@@ -88,5 +88,5 @@ import InsecureCookieFlow::PathGraph
 from InsecureCookieFlow::PathNode sourceNode, InsecureCookieFlow::PathNode sinkNode
 where
   InsecureCookieFlow::flowPath(sourceNode, sinkNode) and
-  not PartitionedCookieFlow::flow(_, sinkNode.getNode())
+  not PartitionedCookieFlow::flowTo(sinkNode.getNode())
 select sinkNode.getNode(), sourceNode, sinkNode, "Cookie attribute 'Secure' is not set to true."
diff --git a/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll
index 4b31a7ab23f..03d8dff3148 100644
--- a/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll
@@ -87,7 +87,7 @@ private class UrlTransmittedSink extends CleartextTransmissionSink {
     // exclude `tel:` and similar URLs. These URLs necessarily contain
     // sensitive data which you expect to transmit only by making the
     // phone call (or similar operation).
-    not ExcludeUrlFlow::flow(_, this)
+    not ExcludeUrlFlow::flowTo(this)
   }
 }