From 9b4e189374a9d2dd868ef24cd1d71613685a58bc Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Tue, 28 Jul 2020 11:55:03 +0100
Subject: [PATCH] Insecure-TLS: Use DataFlow::Node::getRoot, and factor
 getEnclosingFunction

---
 ql/src/experimental/CWE-327/InsecureTLS.ql | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ql/src/experimental/CWE-327/InsecureTLS.ql b/ql/src/experimental/CWE-327/InsecureTLS.ql
index 1a8094809f4..10181390c55 100644
--- a/ql/src/experimental/CWE-327/InsecureTLS.ql
+++ b/ql/src/experimental/CWE-327/InsecureTLS.ql
@@ -239,8 +239,8 @@ where
   // Exclude sources or sinks that occur lexically within a block related to a feature or legacy flag
   not astNodeIsFlag([source, sink].getNode().asExpr().getParent*(), [featureFlag(), legacyFlag()]) and
   // Exclude results in functions whose name documents insecurity
-  not exists(FuncDef fn | fn = sink.getNode().asInstruction().getRoot() |
-    isFeatureFlagName(fn.getEnclosingFunction*().getName()) or
-    isLegacyFlagName(fn.getEnclosingFunction*().getName())
+  not exists(FuncDef fn | fn = sink.getNode().getRoot().getEnclosingFunction*() |
+    isFeatureFlagName(fn.getName()) or
+    isLegacyFlagName(fn.getName())
   )
 select sink.getNode(), source, sink, message