Merge pull request #12645 from aschackmull/dataflow/renaming

Dataflow: Rename Make to Global and hasFlow to flow
2026-05-05 05:35:13 +02:00 · 2023-03-24 08:48:31 +01:00
parent 9f36acbb5e d440bc2d0c
commit 9d88f01c82
200 changed files with 843 additions and 553 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlow.qll
@@ -2,7 +2,7 @@
 * Provides an implementation of global (interprocedural) data flow. This file
 * re-exports the local (intraprocedural) data flow analysis from
 * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed
- * through the `Make` and `MakeWithState` modules.
+ * through the `Global` and `GlobalWithState` modules.
 */

 private import DataFlowImplCommon
@@ -73,10 +73,10 @@ signature module ConfigSig {
   */
  default FlowFeature getAFeature() { none() }

-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
  default predicate sourceGrouping(Node source, string sourceGroup) { none() }

-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
  default predicate sinkGrouping(Node sink, string sinkGroup) { none() }

  /**
@@ -166,10 +166,10 @@ signature module StateConfigSig {
   */
  default FlowFeature getAFeature() { none() }

-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
  default predicate sourceGrouping(Node source, string sourceGroup) { none() }

-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
  default predicate sinkGrouping(Node sink, string sinkGroup) { none() }

  /**
@@ -182,15 +182,15 @@ signature module StateConfigSig {
 }

 /**
- * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
+ * Gets the exploration limit for `partialFlow` and `partialFlowRev`
 * measured in approximate number of interprocedural steps.
 */
 signature int explorationLimitSig();

 /**
- * The output of a data flow computation.
+ * The output of a global data flow computation.
 */
-signature module DataFlowSig {
+signature module GlobalFlowSig {
  /**
   * A `Node` augmented with a call context (except for sinks) and an access path.
   * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated.
@@ -203,28 +203,28 @@ signature module DataFlowSig {
   * The corresponding paths are generated from the end-points and the graph
   * included in the module `PathGraph`.
   */
-  predicate hasFlowPath(PathNode source, PathNode sink);
+  predicate flowPath(PathNode source, PathNode sink);

  /**
   * Holds if data can flow from `source` to `sink`.
   */
-  predicate hasFlow(Node source, Node sink);
+  predicate flow(Node source, Node sink);

  /**
   * Holds if data can flow from some source to `sink`.
   */
-  predicate hasFlowTo(Node sink);
+  predicate flowTo(Node sink);

  /**
   * Holds if data can flow from some source to `sink`.
   */
-  predicate hasFlowToExpr(DataFlowExpr sink);
+  predicate flowToExpr(DataFlowExpr sink);
 }

 /**
 * Constructs a standard data flow computation.
 */
-module Make<ConfigSig Config> implements DataFlowSig {
+module Global<ConfigSig Config> implements GlobalFlowSig {
  private module C implements FullStateConfigSig {
    import DefaultState<Config>
    import Config
@@ -233,10 +233,15 @@ module Make<ConfigSig Config> implements DataFlowSig {
  import Impl<C>
 }

+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<ConfigSig Config> implements GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
 * Constructs a data flow computation using flow state.
 */
-module MakeWithState<StateConfigSig Config> implements DataFlowSig {
+module GlobalWithState<StateConfigSig Config> implements GlobalFlowSig {
  private module C implements FullStateConfigSig {
    import Config
  }
@@ -244,6 +249,11 @@ module MakeWithState<StateConfigSig Config> implements DataFlowSig {
  import Impl<C>
 }

+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<StateConfigSig Config> implements GlobalFlowSig {
+  import GlobalWithState<Config>
+}
+
 signature class PathNodeSig {
  /** Gets a textual representation of this element. */
  string toString();
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll
@@ -91,10 +91,10 @@ signature module FullStateConfigSig {
   */
  FlowFeature getAFeature();

-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
  predicate sourceGrouping(Node source, string sourceGroup);

-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
  predicate sinkGrouping(Node sink, string sinkGroup);

  /**
@@ -3629,7 +3629,7 @@ module Impl<FullStateConfigSig Config> {
   * The corresponding paths are generated from the end-points and the graph
   * included in the module `PathGraph`.
   */
-  predicate hasFlowPath(PathNode source, PathNode sink) {
+  predicate flowPath(PathNode source, PathNode sink) {
    exists(PathNodeImpl flowsource, PathNodeImpl flowsink |
      source = flowsource and sink = flowsink
    |
@@ -3639,6 +3639,9 @@ module Impl<FullStateConfigSig Config> {
    )
  }

+  /** DEPRECATED: Use `flowPath` instead. */
+  deprecated predicate hasFlowPath = flowPath/2;
+
  private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) {
    flowsource.isSource() and
    flowsource.getNodeEx().asNode() = source and
@@ -3649,17 +3652,26 @@ module Impl<FullStateConfigSig Config> {
  /**
   * Holds if data can flow from `source` to `sink`.
   */
-  predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+  predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+
+  /** DEPRECATED: Use `flow` instead. */
+  deprecated predicate hasFlow = flow/2;

  /**
   * Holds if data can flow from some source to `sink`.
   */
-  predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+  predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+
+  /** DEPRECATED: Use `flowTo` instead. */
+  deprecated predicate hasFlowTo = flowTo/1;

  /**
   * Holds if data can flow from some source to `sink`.
   */
-  predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
+  predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) }
+
+  /** DEPRECATED: Use `flowToExpr` instead. */
+  deprecated predicate hasFlowToExpr = flowToExpr/1;

  private predicate finalStats(
    boolean fwd, int nodes, int fields, int conscand, int states, int tuples
@@ -4570,7 +4582,7 @@ module Impl<FullStateConfigSig Config> {
     *
     * To use this in a `path-problem` query, import the module `PartialPathGraph`.
     */
-    predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) {
+    predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) {
      partialFlow(source, node) and
      dist = node.getSourceDistance()
    }
@@ -4590,7 +4602,7 @@ module Impl<FullStateConfigSig Config> {
     * Note that reverse flow has slightly lower precision than the corresponding
     * forward flow, as reverse flow disregards type pruning among other features.
     */
-    predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
+    predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
      revPartialFlow(node, sink) and
      dist = node.getSinkDistance()
    }
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll
@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
 *
 * Provides a `Configuration` class backwards-compatible interface to the data
 * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }

 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }

 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
 *
 * Provides a `Configuration` class backwards-compatible interface to the data
 * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }

 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }

 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
 *
 * Provides a `Configuration` class backwards-compatible interface to the data
 * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }

 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }

 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
 *
 * Provides a `Configuration` class backwards-compatible interface to the data
 * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }

 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }

 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
 *
 * Provides a `Configuration` class backwards-compatible interface to the data
 * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }

 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }

 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll
@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
 *
 * Provides a `Configuration` class backwards-compatible interface to the data
 * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }

 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }

 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
--- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll
@@ -35,7 +35,7 @@ private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> imp
 /**
 * Constructs a standard taint tracking computation.
 */
-module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
+module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
  private module Config0 implements DataFlowInternal::FullStateConfigSig {
    import DataFlowInternal::DefaultState<Config>
    import Config
@@ -48,10 +48,15 @@ module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
  import DataFlowInternal::Impl<C>
 }

+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
 * Constructs a taint tracking computation using flow state.
 */
-module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataFlowSig {
+module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
  private module Config0 implements DataFlowInternal::FullStateConfigSig {
    import Config
  }
@@ -62,3 +67,8 @@ module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataF

  import DataFlowInternal::Impl<C>
 }
+
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import GlobalWithState<Config>
+}
--- a/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll
@@ -28,7 +28,7 @@ class OnActivityResultIncomingIntent extends DataFlow::Node {
   */
  predicate isRemoteSource() {
    exists(RefType startingType, Expr startActivityForResultArg |
-      ImplicitStartActivityForResult::hasFlowToExpr(startActivityForResultArg) and
+      ImplicitStartActivityForResult::flowToExpr(startActivityForResultArg) and
      // startingType is the class enclosing the method that calls `startActivityForResult`.
      startingType = startActivityForResultArg.getEnclosingCallable().getDeclaringType()
    |
@@ -104,7 +104,7 @@ private module ImplicitStartActivityForResultConfig implements DataFlow::ConfigS
 }

 private module ImplicitStartActivityForResult =
-  DataFlow::Make<ImplicitStartActivityForResultConfig>;
+  DataFlow::Global<ImplicitStartActivityForResultConfig>;

 /** An Android Activity or Fragment. */
 private class ActivityOrFragment extends Class {
--- a/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll
@@ -21,10 +21,10 @@ private module TypeLiteralToParseAsFlowConfig implements DataFlow::ConfigSig {
  }
 }

-private module TypeLiteralToParseAsFlow = DataFlow::Make<TypeLiteralToParseAsFlowConfig>;
+private module TypeLiteralToParseAsFlow = DataFlow::Global<TypeLiteralToParseAsFlowConfig>;

 private TypeLiteral getSourceWithFlowToParseAs() {
-  TypeLiteralToParseAsFlow::hasFlow(DataFlow::exprNode(result), _)
+  TypeLiteralToParseAsFlow::flow(DataFlow::exprNode(result), _)
 }

 /** A field that is deserialized by `HttpResponse.parseAs`. */
--- a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
@@ -108,10 +108,10 @@ private module TypeLiteralToJacksonDatabindFlowConfig implements DataFlow::Confi
 }

 private module TypeLiteralToJacksonDatabindFlow =
-  DataFlow::Make<TypeLiteralToJacksonDatabindFlowConfig>;
+  DataFlow::Global<TypeLiteralToJacksonDatabindFlowConfig>;

 private TypeLiteral getSourceWithFlowToJacksonDatabind() {
-  TypeLiteralToJacksonDatabindFlow::hasFlow(DataFlow::exprNode(result), _)
+  TypeLiteralToJacksonDatabindFlow::flow(DataFlow::exprNode(result), _)
 }

 /** A type whose values are explicitly deserialized in a call to a Jackson method. */
--- a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll
@@ -173,4 +173,4 @@ private module SensitiveCommunicationConfig implements DataFlow::ConfigSig {
 /**
 * Tracks taint flow from variables containing sensitive information to broadcast Intents.
 */
-module SensitiveCommunicationFlow = TaintTracking::Make<SensitiveCommunicationConfig>;
+module SensitiveCommunicationFlow = TaintTracking::Global<SensitiveCommunicationConfig>;
--- a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll
@@ -17,15 +17,15 @@ private module ApkInstallationConfig implements DataFlow::ConfigSig {
      ma.getMethod() instanceof SetDataMethod and
      ma.getArgument(0) = node.asExpr() and
      (
-        PackageArchiveMimeTypeFlow::hasFlowToExpr(ma.getQualifier())
+        PackageArchiveMimeTypeFlow::flowToExpr(ma.getQualifier())
        or
-        InstallPackageActionFlow::hasFlowToExpr(ma.getQualifier())
+        InstallPackageActionFlow::flowToExpr(ma.getQualifier())
      )
    )
  }
 }

-module ApkInstallationFlow = DataFlow::Make<ApkInstallationConfig>;
+module ApkInstallationFlow = DataFlow::Global<ApkInstallationConfig>;

 private newtype ActionState =
  ActionUnset() or
@@ -72,7 +72,8 @@ private module InstallPackageActionConfig implements DataFlow::StateConfigSig {
  predicate isBarrier(DataFlow::Node node, FlowState state) { none() }
 }

-private module InstallPackageActionFlow = TaintTracking::MakeWithState<InstallPackageActionConfig>;
+private module InstallPackageActionFlow =
+  TaintTracking::GlobalWithState<InstallPackageActionConfig>;

 private newtype MimeTypeState =
  MimeTypeUnset() or
@@ -117,4 +118,4 @@ private module PackageArchiveMimeTypeConfig implements DataFlow::StateConfigSig
 }

 private module PackageArchiveMimeTypeFlow =
-  TaintTracking::MakeWithState<PackageArchiveMimeTypeConfig>;
+  TaintTracking::GlobalWithState<PackageArchiveMimeTypeConfig>;
--- a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll
@@ -37,4 +37,4 @@ private module FragmentInjectionTaintConfig implements DataFlow::ConfigSig {
 * Taint-tracking flow for unsafe user input
 * that is used to create Android fragments dynamically.
 */
-module FragmentInjectionTaintFlow = TaintTracking::Make<FragmentInjectionTaintConfig>;
+module FragmentInjectionTaintFlow = TaintTracking::Global<FragmentInjectionTaintConfig>;
--- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll
@@ -53,4 +53,4 @@ private module IntentUriPermissionManipulationConfig implements DataFlow::Config
 * Taint tracking flow for user-provided Intents being returned to third party apps.
 */
 module IntentUriPermissionManipulationFlow =
-  TaintTracking::Make<IntentUriPermissionManipulationConfig>;
+  TaintTracking::Global<IntentUriPermissionManipulationConfig>;
--- a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll
@@ -38,4 +38,4 @@ private module LogInjectionConfig implements DataFlow::ConfigSig {
 /**
 * Taint-tracking flow for tracking untrusted user input used in log entries.
 */
-module LogInjectionFlow = TaintTracking::Make<LogInjectionConfig>;
+module LogInjectionFlow = TaintTracking::Global<LogInjectionConfig>;
--- a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll
+++ b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll
@@ -53,4 +53,4 @@ private module RequestForgeryConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node node) { node instanceof RequestForgerySanitizer }
 }

-module RequestForgeryFlow = TaintTracking::Make<RequestForgeryConfig>;
+module RequestForgeryFlow = TaintTracking::Global<RequestForgeryConfig>;
--- a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll
@@ -42,4 +42,4 @@ private module RsaWithoutOaepConfig implements DataFlow::ConfigSig {
 }

 /** Flow for finding RSA ciphers initialized without using OAEP padding. */
-module RsaWithoutOaepFlow = DataFlow::Make<RsaWithoutOaepConfig>;
+module RsaWithoutOaepFlow = DataFlow::Global<RsaWithoutOaepConfig>;
--- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -65,4 +65,4 @@ private module SensitiveLoggerConfig implements DataFlow::ConfigSig {
  predicate isBarrierIn(Node node) { isSource(node) }
 }

-module SensitiveLoggerFlow = TaintTracking::Make<SensitiveLoggerConfig>;
+module SensitiveLoggerFlow = TaintTracking::Global<SensitiveLoggerConfig>;
--- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll
@@ -41,4 +41,4 @@ private module UnsafeContentResolutionConfig implements DataFlow::ConfigSig {
 }

 /** Taint-tracking flow to find paths from remote sources to content URI resolutions. */
-module UnsafeContentResolutionFlow = TaintTracking::Make<UnsafeContentResolutionConfig>;
+module UnsafeContentResolutionFlow = TaintTracking::Global<UnsafeContentResolutionConfig>;
--- a/java/ql/lib/semmle/code/java/security/XSS.qll
+++ b/java/ql/lib/semmle/code/java/security/XSS.qll
@@ -43,7 +43,7 @@ private class DefaultXssSink extends XssSink {
    or
    exists(MethodAccess ma |
      ma.getMethod() instanceof WritingMethod and
-      XssVulnerableWriterSourceToWritingMethodFlow::hasFlowToExpr(ma.getQualifier()) and
+      XssVulnerableWriterSourceToWritingMethodFlow::flowToExpr(ma.getQualifier()) and
      this.asExpr() = ma.getArgument(_)
    )
  }
@@ -71,7 +71,7 @@ private module XssVulnerableWriterSourceToWritingMethodFlowConfig implements Dat
 }

 private module XssVulnerableWriterSourceToWritingMethodFlow =
-  TaintTracking::Make<XssVulnerableWriterSourceToWritingMethodFlowConfig>;
+  TaintTracking::Global<XssVulnerableWriterSourceToWritingMethodFlowConfig>;

 /** A method that can be used to output data to an output stream or writer. */
 private class WritingMethod extends Method {
--- a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll
@@ -42,4 +42,4 @@ module XxeLocalConfig implements DataFlow::ConfigSig {
 /**
 * Detect taint flow of unvalidated local user input that is used in XML external entity expansion.
 */
-module XxeLocalFlow = TaintTracking::Make<XxeLocalConfig>;
+module XxeLocalFlow = TaintTracking::Global<XxeLocalConfig>;
--- a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll
@@ -42,4 +42,4 @@ module XxeConfig implements DataFlow::ConfigSig {
 /**
 * Detect taint flow of unvalidated remote user input that is used in XML external entity expansion.
 */
-module XxeFlow = TaintTracking::Make<XxeConfig>;
+module XxeFlow = TaintTracking::Global<XxeConfig>;
--- a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll
@@ -81,4 +81,4 @@ private module PolynomialRedosConfig implements DataFlow::ConfigSig {
  }
 }

-module PolynomialRedosFlow = TaintTracking::Make<PolynomialRedosConfig>;
+module PolynomialRedosFlow = TaintTracking::Global<PolynomialRedosConfig>;