diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll index fa19a25f110..0fdf69eb8a3 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll @@ -56,7 +56,7 @@ private class DefaultCleartextStorageSanitizer extends CleartextStorageSanitizer DefaultCleartextStorageSanitizer() { this.getType() instanceof NumericType or this.getType() instanceof BooleanType or - EncryptedValueFlow::flow(_, this) + EncryptedValueFlow::flowTo(this) } } diff --git a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll index 2590a3c3652..6e534b89c1d 100644 --- a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll +++ b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll @@ -127,7 +127,7 @@ deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiCo /** A node representing untrusted data being passed to an external API. */ class UntrustedExternalApiDataNode extends ExternalApiDataNode { - UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) } + UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) } /** Gets a source of untrusted data which is passed to this external API data node. */ DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) } diff --git a/java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCredentialsApiCall.ql b/java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCredentialsApiCall.ql index 621d2a0105c..7d7b8e2d2a5 100644 --- a/java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCredentialsApiCall.ql +++ b/java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCredentialsApiCall.ql @@ -9,7 +9,7 @@ class HardcodedCredentialsApiCallTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "HardcodedCredentialsApiCall" and - exists(DataFlow::Node sink | HardcodedCredentialApiCallFlow::flow(_, sink) | + exists(DataFlow::Node sink | HardcodedCredentialApiCallFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = ""