diff --git a/java/ql/lib/ext/threat-grouping.model.yml b/java/ql/lib/ext/threat-grouping.model.yml
index 561feda262b..f91d6f88f43 100644
--- a/java/ql/lib/ext/threat-grouping.model.yml
+++ b/java/ql/lib/ext/threat-grouping.model.yml
@@ -24,9 +24,6 @@ extensions:
       - ["java.sql", "Statement", True, "getConnection", "()", "", "ReturnValue", "sql", "manual"]
       - ["java.sql", "ResultSet", True, "getInt", "(int)", "", "Argument[0]", "sql", "manual"]
 
-      # This one is not defined elsewhere. Why not? I can't get my example working without it.
-      - ["java.io", "InputStream", True, "read", "()", "", "ReturnValue", "remote", "manual"]
-
 
   # Create a graph of parent-child relationships between threat models and their kinds
   # The left side is a kind of threat model. The right side groups the kinds together.
diff --git a/java/ql/test/experimental/configured-flow/Test.java b/java/ql/test/experimental/configured-flow/Test.java
index 4ecec1f88b3..1c86a05ab62 100644
--- a/java/ql/test/experimental/configured-flow/Test.java
+++ b/java/ql/test/experimental/configured-flow/Test.java
@@ -1,17 +1,23 @@
 import java.sql.*;
 import java.net.*;
+import java.nio.charset.StandardCharsets;
 
 class Test {
+  private String byteToString(byte[] data) {
+    return new String(data, StandardCharsets.UTF_8);
+  }
+
   public void M1(Statement handle) throws Exception {
     // Only a source if "remote" is a selected threat model
     Socket sock = new Socket("localhost", 1234);
-    int val = sock.getInputStream().read();
+    byte[] data = new byte[1024];
+    sock.getInputStream().read(data);
 
     // Sink
-    sock.getOutputStream().write(val);
+    sock.getOutputStream().write(data);
 
     // Sink
-    handle.executeUpdate("INSERT INTO foo VALUES ('" + val + "')");
+    handle.executeUpdate("INSERT INTO foo VALUES ('" + byteToString(data) + "')");
   }
 
   public void M2(Statement handle) throws Exception {    
diff --git a/java/ql/test/experimental/configured-flow/test-all.expected b/java/ql/test/experimental/configured-flow/test-all.expected
index dbec2b955c9..a8b6f60f458 100644
--- a/java/ql/test/experimental/configured-flow/test-all.expected
+++ b/java/ql/test/experimental/configured-flow/test-all.expected
@@ -1,26 +1,39 @@
 edges
-| Test.java:8:15:8:42 | read(...) : Number | Test.java:11:34:11:36 | val |
-| Test.java:8:15:8:42 | read(...) : Number | Test.java:14:26:14:65 | ... + ... |
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:22:56:22:57 | rs : ResultSet |
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:26:34:26:35 | rs : ResultSet |
-| Test.java:22:56:22:57 | rs : ResultSet | Test.java:22:56:22:75 | getString(...) : String |
-| Test.java:22:56:22:75 | getString(...) : String | Test.java:22:26:22:82 | ... + ... |
-| Test.java:26:34:26:35 | rs : ResultSet | Test.java:26:34:26:53 | getString(...) : String |
-| Test.java:26:34:26:53 | getString(...) : String | Test.java:26:34:26:64 | getBytes(...) |
+| Test.java:6:31:6:41 | data : byte[] | Test.java:7:23:7:26 | data : byte[] |
+| Test.java:7:23:7:26 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:14:32:14:35 | data [post update] : byte[] |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:17:34:17:37 | data |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:20:69:20:72 | data : byte[] |
+| Test.java:20:56:20:73 | byteToString(...) : String | Test.java:20:26:20:80 | ... + ... |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:20:56:20:73 | byteToString(...) : String |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:28:56:28:57 | rs : ResultSet |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:32:34:32:35 | rs : ResultSet |
+| Test.java:28:56:28:57 | rs : ResultSet | Test.java:28:56:28:75 | getString(...) : String |
+| Test.java:28:56:28:75 | getString(...) : String | Test.java:28:26:28:82 | ... + ... |
+| Test.java:32:34:32:35 | rs : ResultSet | Test.java:32:34:32:53 | getString(...) : String |
+| Test.java:32:34:32:53 | getString(...) : String | Test.java:32:34:32:64 | getBytes(...) |
 nodes
-| Test.java:8:15:8:42 | read(...) : Number | semmle.label | read(...) : Number |
-| Test.java:11:34:11:36 | val | semmle.label | val |
-| Test.java:14:26:14:65 | ... + ... | semmle.label | ... + ... |
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | semmle.label | executeQuery(...) : ResultSet |
-| Test.java:22:26:22:82 | ... + ... | semmle.label | ... + ... |
-| Test.java:22:56:22:57 | rs : ResultSet | semmle.label | rs : ResultSet |
-| Test.java:22:56:22:75 | getString(...) : String | semmle.label | getString(...) : String |
-| Test.java:26:34:26:35 | rs : ResultSet | semmle.label | rs : ResultSet |
-| Test.java:26:34:26:53 | getString(...) : String | semmle.label | getString(...) : String |
-| Test.java:26:34:26:64 | getBytes(...) | semmle.label | getBytes(...) |
+| Test.java:6:31:6:41 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:7:12:7:51 | new String(...) : String | semmle.label | new String(...) : String |
+| Test.java:7:23:7:26 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| Test.java:14:32:14:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
+| Test.java:17:34:17:37 | data | semmle.label | data |
+| Test.java:20:26:20:80 | ... + ... | semmle.label | ... + ... |
+| Test.java:20:56:20:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
+| Test.java:20:69:20:72 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | semmle.label | executeQuery(...) : ResultSet |
+| Test.java:28:26:28:82 | ... + ... | semmle.label | ... + ... |
+| Test.java:28:56:28:57 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:28:56:28:75 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:32:34:32:35 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:32:34:32:53 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:32:34:32:64 | getBytes(...) | semmle.label | getBytes(...) |
 subpaths
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String | Test.java:20:56:20:73 | byteToString(...) : String |
 #select
-| Test.java:11:34:11:36 | val | Test.java:8:15:8:42 | read(...) : Number | Test.java:11:34:11:36 | val | This is some kind of threat model thingy $@. | Test.java:8:15:8:42 | read(...) | Source of that thingy |
-| Test.java:14:26:14:65 | ... + ... | Test.java:8:15:8:42 | read(...) : Number | Test.java:14:26:14:65 | ... + ... | This is some kind of threat model thingy $@. | Test.java:8:15:8:42 | read(...) | Source of that thingy |
-| Test.java:22:26:22:82 | ... + ... | Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:22:26:22:82 | ... + ... | This is some kind of threat model thingy $@. | Test.java:19:20:19:59 | executeQuery(...) | Source of that thingy |
-| Test.java:26:34:26:64 | getBytes(...) | Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:26:34:26:64 | getBytes(...) | This is some kind of threat model thingy $@. | Test.java:19:20:19:59 | executeQuery(...) | Source of that thingy |
+| Test.java:17:34:17:37 | data | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:17:34:17:37 | data | This is some kind of threat model thingy $@. | Test.java:14:5:14:25 | getInputStream(...) | Source of that thingy |
+| Test.java:20:26:20:80 | ... + ... | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:20:26:20:80 | ... + ... | This is some kind of threat model thingy $@. | Test.java:14:5:14:25 | getInputStream(...) | Source of that thingy |
+| Test.java:28:26:28:82 | ... + ... | Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:28:26:28:82 | ... + ... | This is some kind of threat model thingy $@. | Test.java:25:20:25:59 | executeQuery(...) | Source of that thingy |
+| Test.java:32:34:32:64 | getBytes(...) | Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:32:34:32:64 | getBytes(...) | This is some kind of threat model thingy $@. | Test.java:25:20:25:59 | executeQuery(...) | Source of that thingy |
diff --git a/java/ql/test/experimental/configured-flow/test-hardcoded-all.expected b/java/ql/test/experimental/configured-flow/test-hardcoded-all.expected
index dbec2b955c9..a8b6f60f458 100644
--- a/java/ql/test/experimental/configured-flow/test-hardcoded-all.expected
+++ b/java/ql/test/experimental/configured-flow/test-hardcoded-all.expected
@@ -1,26 +1,39 @@
 edges
-| Test.java:8:15:8:42 | read(...) : Number | Test.java:11:34:11:36 | val |
-| Test.java:8:15:8:42 | read(...) : Number | Test.java:14:26:14:65 | ... + ... |
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:22:56:22:57 | rs : ResultSet |
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:26:34:26:35 | rs : ResultSet |
-| Test.java:22:56:22:57 | rs : ResultSet | Test.java:22:56:22:75 | getString(...) : String |
-| Test.java:22:56:22:75 | getString(...) : String | Test.java:22:26:22:82 | ... + ... |
-| Test.java:26:34:26:35 | rs : ResultSet | Test.java:26:34:26:53 | getString(...) : String |
-| Test.java:26:34:26:53 | getString(...) : String | Test.java:26:34:26:64 | getBytes(...) |
+| Test.java:6:31:6:41 | data : byte[] | Test.java:7:23:7:26 | data : byte[] |
+| Test.java:7:23:7:26 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:14:32:14:35 | data [post update] : byte[] |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:17:34:17:37 | data |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:20:69:20:72 | data : byte[] |
+| Test.java:20:56:20:73 | byteToString(...) : String | Test.java:20:26:20:80 | ... + ... |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:20:56:20:73 | byteToString(...) : String |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:28:56:28:57 | rs : ResultSet |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:32:34:32:35 | rs : ResultSet |
+| Test.java:28:56:28:57 | rs : ResultSet | Test.java:28:56:28:75 | getString(...) : String |
+| Test.java:28:56:28:75 | getString(...) : String | Test.java:28:26:28:82 | ... + ... |
+| Test.java:32:34:32:35 | rs : ResultSet | Test.java:32:34:32:53 | getString(...) : String |
+| Test.java:32:34:32:53 | getString(...) : String | Test.java:32:34:32:64 | getBytes(...) |
 nodes
-| Test.java:8:15:8:42 | read(...) : Number | semmle.label | read(...) : Number |
-| Test.java:11:34:11:36 | val | semmle.label | val |
-| Test.java:14:26:14:65 | ... + ... | semmle.label | ... + ... |
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | semmle.label | executeQuery(...) : ResultSet |
-| Test.java:22:26:22:82 | ... + ... | semmle.label | ... + ... |
-| Test.java:22:56:22:57 | rs : ResultSet | semmle.label | rs : ResultSet |
-| Test.java:22:56:22:75 | getString(...) : String | semmle.label | getString(...) : String |
-| Test.java:26:34:26:35 | rs : ResultSet | semmle.label | rs : ResultSet |
-| Test.java:26:34:26:53 | getString(...) : String | semmle.label | getString(...) : String |
-| Test.java:26:34:26:64 | getBytes(...) | semmle.label | getBytes(...) |
+| Test.java:6:31:6:41 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:7:12:7:51 | new String(...) : String | semmle.label | new String(...) : String |
+| Test.java:7:23:7:26 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| Test.java:14:32:14:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
+| Test.java:17:34:17:37 | data | semmle.label | data |
+| Test.java:20:26:20:80 | ... + ... | semmle.label | ... + ... |
+| Test.java:20:56:20:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
+| Test.java:20:69:20:72 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | semmle.label | executeQuery(...) : ResultSet |
+| Test.java:28:26:28:82 | ... + ... | semmle.label | ... + ... |
+| Test.java:28:56:28:57 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:28:56:28:75 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:32:34:32:35 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:32:34:32:53 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:32:34:32:64 | getBytes(...) | semmle.label | getBytes(...) |
 subpaths
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String | Test.java:20:56:20:73 | byteToString(...) : String |
 #select
-| Test.java:11:34:11:36 | val | Test.java:8:15:8:42 | read(...) : Number | Test.java:11:34:11:36 | val | This is some kind of threat model thingy $@. | Test.java:8:15:8:42 | read(...) | Source of that thingy |
-| Test.java:14:26:14:65 | ... + ... | Test.java:8:15:8:42 | read(...) : Number | Test.java:14:26:14:65 | ... + ... | This is some kind of threat model thingy $@. | Test.java:8:15:8:42 | read(...) | Source of that thingy |
-| Test.java:22:26:22:82 | ... + ... | Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:22:26:22:82 | ... + ... | This is some kind of threat model thingy $@. | Test.java:19:20:19:59 | executeQuery(...) | Source of that thingy |
-| Test.java:26:34:26:64 | getBytes(...) | Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:26:34:26:64 | getBytes(...) | This is some kind of threat model thingy $@. | Test.java:19:20:19:59 | executeQuery(...) | Source of that thingy |
+| Test.java:17:34:17:37 | data | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:17:34:17:37 | data | This is some kind of threat model thingy $@. | Test.java:14:5:14:25 | getInputStream(...) | Source of that thingy |
+| Test.java:20:26:20:80 | ... + ... | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:20:26:20:80 | ... + ... | This is some kind of threat model thingy $@. | Test.java:14:5:14:25 | getInputStream(...) | Source of that thingy |
+| Test.java:28:26:28:82 | ... + ... | Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:28:26:28:82 | ... + ... | This is some kind of threat model thingy $@. | Test.java:25:20:25:59 | executeQuery(...) | Source of that thingy |
+| Test.java:32:34:32:64 | getBytes(...) | Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:32:34:32:64 | getBytes(...) | This is some kind of threat model thingy $@. | Test.java:25:20:25:59 | executeQuery(...) | Source of that thingy |
diff --git a/java/ql/test/experimental/configured-flow/test-hardcoded-remote.expected b/java/ql/test/experimental/configured-flow/test-hardcoded-remote.expected
index 814ea53dd9d..c7c96f7c09f 100644
--- a/java/ql/test/experimental/configured-flow/test-hardcoded-remote.expected
+++ b/java/ql/test/experimental/configured-flow/test-hardcoded-remote.expected
@@ -1,11 +1,24 @@
 edges
-| Test.java:8:15:8:42 | read(...) : Number | Test.java:11:34:11:36 | val |
-| Test.java:8:15:8:42 | read(...) : Number | Test.java:14:26:14:65 | ... + ... |
+| Test.java:6:31:6:41 | data : byte[] | Test.java:7:23:7:26 | data : byte[] |
+| Test.java:7:23:7:26 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:14:32:14:35 | data [post update] : byte[] |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:17:34:17:37 | data |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:20:69:20:72 | data : byte[] |
+| Test.java:20:56:20:73 | byteToString(...) : String | Test.java:20:26:20:80 | ... + ... |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:20:56:20:73 | byteToString(...) : String |
 nodes
-| Test.java:8:15:8:42 | read(...) : Number | semmle.label | read(...) : Number |
-| Test.java:11:34:11:36 | val | semmle.label | val |
-| Test.java:14:26:14:65 | ... + ... | semmle.label | ... + ... |
+| Test.java:6:31:6:41 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:7:12:7:51 | new String(...) : String | semmle.label | new String(...) : String |
+| Test.java:7:23:7:26 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| Test.java:14:32:14:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
+| Test.java:17:34:17:37 | data | semmle.label | data |
+| Test.java:20:26:20:80 | ... + ... | semmle.label | ... + ... |
+| Test.java:20:56:20:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
+| Test.java:20:69:20:72 | data : byte[] | semmle.label | data : byte[] |
 subpaths
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String | Test.java:20:56:20:73 | byteToString(...) : String |
 #select
-| Test.java:11:34:11:36 | val | Test.java:8:15:8:42 | read(...) : Number | Test.java:11:34:11:36 | val | This is some kind of threat model thingy $@. | Test.java:8:15:8:42 | read(...) | Source of that thingy |
-| Test.java:14:26:14:65 | ... + ... | Test.java:8:15:8:42 | read(...) : Number | Test.java:14:26:14:65 | ... + ... | This is some kind of threat model thingy $@. | Test.java:8:15:8:42 | read(...) | Source of that thingy |
+| Test.java:17:34:17:37 | data | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:17:34:17:37 | data | This is some kind of threat model thingy $@. | Test.java:14:5:14:25 | getInputStream(...) | Source of that thingy |
+| Test.java:20:26:20:80 | ... + ... | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:20:26:20:80 | ... + ... | This is some kind of threat model thingy $@. | Test.java:14:5:14:25 | getInputStream(...) | Source of that thingy |
diff --git a/java/ql/test/experimental/configured-flow/test-hardcoded-sql.expected b/java/ql/test/experimental/configured-flow/test-hardcoded-sql.expected
index 4881dde0792..94ab3c5860c 100644
--- a/java/ql/test/experimental/configured-flow/test-hardcoded-sql.expected
+++ b/java/ql/test/experimental/configured-flow/test-hardcoded-sql.expected
@@ -1,19 +1,19 @@
 edges
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:22:56:22:57 | rs : ResultSet |
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:26:34:26:35 | rs : ResultSet |
-| Test.java:22:56:22:57 | rs : ResultSet | Test.java:22:56:22:75 | getString(...) : String |
-| Test.java:22:56:22:75 | getString(...) : String | Test.java:22:26:22:82 | ... + ... |
-| Test.java:26:34:26:35 | rs : ResultSet | Test.java:26:34:26:53 | getString(...) : String |
-| Test.java:26:34:26:53 | getString(...) : String | Test.java:26:34:26:64 | getBytes(...) |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:28:56:28:57 | rs : ResultSet |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:32:34:32:35 | rs : ResultSet |
+| Test.java:28:56:28:57 | rs : ResultSet | Test.java:28:56:28:75 | getString(...) : String |
+| Test.java:28:56:28:75 | getString(...) : String | Test.java:28:26:28:82 | ... + ... |
+| Test.java:32:34:32:35 | rs : ResultSet | Test.java:32:34:32:53 | getString(...) : String |
+| Test.java:32:34:32:53 | getString(...) : String | Test.java:32:34:32:64 | getBytes(...) |
 nodes
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | semmle.label | executeQuery(...) : ResultSet |
-| Test.java:22:26:22:82 | ... + ... | semmle.label | ... + ... |
-| Test.java:22:56:22:57 | rs : ResultSet | semmle.label | rs : ResultSet |
-| Test.java:22:56:22:75 | getString(...) : String | semmle.label | getString(...) : String |
-| Test.java:26:34:26:35 | rs : ResultSet | semmle.label | rs : ResultSet |
-| Test.java:26:34:26:53 | getString(...) : String | semmle.label | getString(...) : String |
-| Test.java:26:34:26:64 | getBytes(...) | semmle.label | getBytes(...) |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | semmle.label | executeQuery(...) : ResultSet |
+| Test.java:28:26:28:82 | ... + ... | semmle.label | ... + ... |
+| Test.java:28:56:28:57 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:28:56:28:75 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:32:34:32:35 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:32:34:32:53 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:32:34:32:64 | getBytes(...) | semmle.label | getBytes(...) |
 subpaths
 #select
-| Test.java:22:26:22:82 | ... + ... | Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:22:26:22:82 | ... + ... | This is some kind of threat model thingy $@. | Test.java:19:20:19:59 | executeQuery(...) | Source of that thingy |
-| Test.java:26:34:26:64 | getBytes(...) | Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:26:34:26:64 | getBytes(...) | This is some kind of threat model thingy $@. | Test.java:19:20:19:59 | executeQuery(...) | Source of that thingy |
+| Test.java:28:26:28:82 | ... + ... | Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:28:26:28:82 | ... + ... | This is some kind of threat model thingy $@. | Test.java:25:20:25:59 | executeQuery(...) | Source of that thingy |
+| Test.java:32:34:32:64 | getBytes(...) | Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:32:34:32:64 | getBytes(...) | This is some kind of threat model thingy $@. | Test.java:25:20:25:59 | executeQuery(...) | Source of that thingy |
diff --git a/java/ql/test/experimental/configured-flow/test-hardcoded-standard.expected b/java/ql/test/experimental/configured-flow/test-hardcoded-standard.expected
index 814ea53dd9d..c7c96f7c09f 100644
--- a/java/ql/test/experimental/configured-flow/test-hardcoded-standard.expected
+++ b/java/ql/test/experimental/configured-flow/test-hardcoded-standard.expected
@@ -1,11 +1,24 @@
 edges
-| Test.java:8:15:8:42 | read(...) : Number | Test.java:11:34:11:36 | val |
-| Test.java:8:15:8:42 | read(...) : Number | Test.java:14:26:14:65 | ... + ... |
+| Test.java:6:31:6:41 | data : byte[] | Test.java:7:23:7:26 | data : byte[] |
+| Test.java:7:23:7:26 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:14:32:14:35 | data [post update] : byte[] |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:17:34:17:37 | data |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:20:69:20:72 | data : byte[] |
+| Test.java:20:56:20:73 | byteToString(...) : String | Test.java:20:26:20:80 | ... + ... |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:20:56:20:73 | byteToString(...) : String |
 nodes
-| Test.java:8:15:8:42 | read(...) : Number | semmle.label | read(...) : Number |
-| Test.java:11:34:11:36 | val | semmle.label | val |
-| Test.java:14:26:14:65 | ... + ... | semmle.label | ... + ... |
+| Test.java:6:31:6:41 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:7:12:7:51 | new String(...) : String | semmle.label | new String(...) : String |
+| Test.java:7:23:7:26 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| Test.java:14:32:14:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
+| Test.java:17:34:17:37 | data | semmle.label | data |
+| Test.java:20:26:20:80 | ... + ... | semmle.label | ... + ... |
+| Test.java:20:56:20:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
+| Test.java:20:69:20:72 | data : byte[] | semmle.label | data : byte[] |
 subpaths
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String | Test.java:20:56:20:73 | byteToString(...) : String |
 #select
-| Test.java:11:34:11:36 | val | Test.java:8:15:8:42 | read(...) : Number | Test.java:11:34:11:36 | val | This is some kind of threat model thingy $@. | Test.java:8:15:8:42 | read(...) | Source of that thingy |
-| Test.java:14:26:14:65 | ... + ... | Test.java:8:15:8:42 | read(...) : Number | Test.java:14:26:14:65 | ... + ... | This is some kind of threat model thingy $@. | Test.java:8:15:8:42 | read(...) | Source of that thingy |
+| Test.java:17:34:17:37 | data | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:17:34:17:37 | data | This is some kind of threat model thingy $@. | Test.java:14:5:14:25 | getInputStream(...) | Source of that thingy |
+| Test.java:20:26:20:80 | ... + ... | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:20:26:20:80 | ... + ... | This is some kind of threat model thingy $@. | Test.java:14:5:14:25 | getInputStream(...) | Source of that thingy |
diff --git a/java/ql/test/experimental/configured-flow/test-remote.expected b/java/ql/test/experimental/configured-flow/test-remote.expected
index 814ea53dd9d..c7c96f7c09f 100644
--- a/java/ql/test/experimental/configured-flow/test-remote.expected
+++ b/java/ql/test/experimental/configured-flow/test-remote.expected
@@ -1,11 +1,24 @@
 edges
-| Test.java:8:15:8:42 | read(...) : Number | Test.java:11:34:11:36 | val |
-| Test.java:8:15:8:42 | read(...) : Number | Test.java:14:26:14:65 | ... + ... |
+| Test.java:6:31:6:41 | data : byte[] | Test.java:7:23:7:26 | data : byte[] |
+| Test.java:7:23:7:26 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:14:32:14:35 | data [post update] : byte[] |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:17:34:17:37 | data |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:20:69:20:72 | data : byte[] |
+| Test.java:20:56:20:73 | byteToString(...) : String | Test.java:20:26:20:80 | ... + ... |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:20:56:20:73 | byteToString(...) : String |
 nodes
-| Test.java:8:15:8:42 | read(...) : Number | semmle.label | read(...) : Number |
-| Test.java:11:34:11:36 | val | semmle.label | val |
-| Test.java:14:26:14:65 | ... + ... | semmle.label | ... + ... |
+| Test.java:6:31:6:41 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:7:12:7:51 | new String(...) : String | semmle.label | new String(...) : String |
+| Test.java:7:23:7:26 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| Test.java:14:32:14:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
+| Test.java:17:34:17:37 | data | semmle.label | data |
+| Test.java:20:26:20:80 | ... + ... | semmle.label | ... + ... |
+| Test.java:20:56:20:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
+| Test.java:20:69:20:72 | data : byte[] | semmle.label | data : byte[] |
 subpaths
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String | Test.java:20:56:20:73 | byteToString(...) : String |
 #select
-| Test.java:11:34:11:36 | val | Test.java:8:15:8:42 | read(...) : Number | Test.java:11:34:11:36 | val | This is some kind of threat model thingy $@. | Test.java:8:15:8:42 | read(...) | Source of that thingy |
-| Test.java:14:26:14:65 | ... + ... | Test.java:8:15:8:42 | read(...) : Number | Test.java:14:26:14:65 | ... + ... | This is some kind of threat model thingy $@. | Test.java:8:15:8:42 | read(...) | Source of that thingy |
+| Test.java:17:34:17:37 | data | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:17:34:17:37 | data | This is some kind of threat model thingy $@. | Test.java:14:5:14:25 | getInputStream(...) | Source of that thingy |
+| Test.java:20:26:20:80 | ... + ... | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:20:26:20:80 | ... + ... | This is some kind of threat model thingy $@. | Test.java:14:5:14:25 | getInputStream(...) | Source of that thingy |
diff --git a/java/ql/test/experimental/configured-flow/test-sql.expected b/java/ql/test/experimental/configured-flow/test-sql.expected
index 4881dde0792..94ab3c5860c 100644
--- a/java/ql/test/experimental/configured-flow/test-sql.expected
+++ b/java/ql/test/experimental/configured-flow/test-sql.expected
@@ -1,19 +1,19 @@
 edges
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:22:56:22:57 | rs : ResultSet |
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:26:34:26:35 | rs : ResultSet |
-| Test.java:22:56:22:57 | rs : ResultSet | Test.java:22:56:22:75 | getString(...) : String |
-| Test.java:22:56:22:75 | getString(...) : String | Test.java:22:26:22:82 | ... + ... |
-| Test.java:26:34:26:35 | rs : ResultSet | Test.java:26:34:26:53 | getString(...) : String |
-| Test.java:26:34:26:53 | getString(...) : String | Test.java:26:34:26:64 | getBytes(...) |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:28:56:28:57 | rs : ResultSet |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:32:34:32:35 | rs : ResultSet |
+| Test.java:28:56:28:57 | rs : ResultSet | Test.java:28:56:28:75 | getString(...) : String |
+| Test.java:28:56:28:75 | getString(...) : String | Test.java:28:26:28:82 | ... + ... |
+| Test.java:32:34:32:35 | rs : ResultSet | Test.java:32:34:32:53 | getString(...) : String |
+| Test.java:32:34:32:53 | getString(...) : String | Test.java:32:34:32:64 | getBytes(...) |
 nodes
-| Test.java:19:20:19:59 | executeQuery(...) : ResultSet | semmle.label | executeQuery(...) : ResultSet |
-| Test.java:22:26:22:82 | ... + ... | semmle.label | ... + ... |
-| Test.java:22:56:22:57 | rs : ResultSet | semmle.label | rs : ResultSet |
-| Test.java:22:56:22:75 | getString(...) : String | semmle.label | getString(...) : String |
-| Test.java:26:34:26:35 | rs : ResultSet | semmle.label | rs : ResultSet |
-| Test.java:26:34:26:53 | getString(...) : String | semmle.label | getString(...) : String |
-| Test.java:26:34:26:64 | getBytes(...) | semmle.label | getBytes(...) |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | semmle.label | executeQuery(...) : ResultSet |
+| Test.java:28:26:28:82 | ... + ... | semmle.label | ... + ... |
+| Test.java:28:56:28:57 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:28:56:28:75 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:32:34:32:35 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:32:34:32:53 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:32:34:32:64 | getBytes(...) | semmle.label | getBytes(...) |
 subpaths
 #select
-| Test.java:22:26:22:82 | ... + ... | Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:22:26:22:82 | ... + ... | This is some kind of threat model thingy $@. | Test.java:19:20:19:59 | executeQuery(...) | Source of that thingy |
-| Test.java:26:34:26:64 | getBytes(...) | Test.java:19:20:19:59 | executeQuery(...) : ResultSet | Test.java:26:34:26:64 | getBytes(...) | This is some kind of threat model thingy $@. | Test.java:19:20:19:59 | executeQuery(...) | Source of that thingy |
+| Test.java:28:26:28:82 | ... + ... | Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:28:26:28:82 | ... + ... | This is some kind of threat model thingy $@. | Test.java:25:20:25:59 | executeQuery(...) | Source of that thingy |
+| Test.java:32:34:32:64 | getBytes(...) | Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:32:34:32:64 | getBytes(...) | This is some kind of threat model thingy $@. | Test.java:25:20:25:59 | executeQuery(...) | Source of that thingy |