Replace flow(_, sink) with flowTo(sink)

java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll

@@ -56,7 +56,7 @@ private class DefaultCleartextStorageSanitizer extends CleartextStorageSanitizer
   DefaultCleartextStorageSanitizer() {
     this.getType() instanceof NumericType or
     this.getType() instanceof BooleanType or
-    EncryptedValueFlow::flow(_, this)
+    EncryptedValueFlow::flowTo(this)
   }
 }
 

java/ql/lib/semmle/code/java/security/ExternalAPIs.qll

@@ -127,7 +127,7 @@ deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiCo
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
+  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }

java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCredentialsApiCall.ql

@@ -9,7 +9,7 @@ class HardcodedCredentialsApiCallTest extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "HardcodedCredentialsApiCall" and
-    exists(DataFlow::Node sink | HardcodedCredentialApiCallFlow::flow(_, sink) |
+    exists(DataFlow::Node sink | HardcodedCredentialApiCallFlow::flowTo(sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""