Java: Refactor PolynomialReDoS.ql

java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql

@@ -15,12 +15,14 @@
 
 import java
 import semmle.code.java.security.regexp.PolynomialReDoSQuery
-import DataFlow::PathGraph
+import PolynomialRedosFlow::PathGraph
 
 from
-  DataFlow::PathNode source, DataFlow::PathNode sink,
+  PolynomialRedosFlow::PathNode source, PolynomialRedosFlow::PathNode sink,
   SuperlinearBackTracking::PolynomialBackTrackingTerm regexp
-where hasPolynomialReDoSResult(source, sink, regexp)
+where
+  PolynomialRedosFlow::hasFlowPath(source, sink) and
+  regexp.getRootTerm() = sink.getNode().(PolynomialRedosSink).getRegExp()
 select sink, source, sink,
   "This $@ that depends on a $@ may run slow on strings " + regexp.getPrefixMessage() +
     "with many repetitions of '" + regexp.getPumpString() + "'.", regexp, "regular expression",