Use flowFrom.

go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql

@@ -81,5 +81,5 @@ module Config implements DataFlow::ConfigSig {
 module Flow = DataFlow::Global<Config>;
 
 from DataFlow::Node source, string msg
-where Flow::flow(source, _) and Config::isSourceString(source, msg)
+where Flow::flowFrom(source) and Config::isSourceString(source, msg)
 select source, msg

go/ql/src/Security/CWE-352/ConstantOauth2State.ql

@@ -154,7 +154,7 @@ module FlowToPrintFlow = DataFlow::Global<FlowToPrintConfig>;
 
 /** Holds if the provided `CallNode`'s result flows to an argument of a printer call. */
 predicate resultFlowsToPrinter(DataFlow::CallNode authCodeUrlCall) {
-  FlowToPrintFlow::flow(authCodeUrlCall.getResult(), _)
+  FlowToPrintFlow::flowFrom(authCodeUrlCall.getResult())
 }
 
 /** Get a data-flow node that reads the value of `os.Stdin`. */

go/ql/src/experimental/CWE-285/PamAuthBypass.ql

@@ -70,5 +70,6 @@ module PamStartToAuthenticateFlow = TaintTracking::Global<PamStartToAuthenticate
 from DataFlow::Node source, DataFlow::Node sink
 where
   not isInTestFile(source.asExpr()) and
-  (PamStartToAuthenticateFlow::flow(source, sink) and not PamStartToAcctMgmtFlow::flow(source, _))
+  PamStartToAuthenticateFlow::flow(source, sink) and
+  not PamStartToAcctMgmtFlow::flowFrom(source)
 select source, "This Pam transaction may not be secure."

go/ql/src/experimental/CWE-321-V2/HardCodedKeys.ql

@@ -24,7 +24,7 @@ module JwtParseWithConstantKeyConfig implements DataFlow::ConfigSig {
       or
       n = fd.(FuncDecl).getFunction().getARead()
     |
-      GolangJwtKeyFunc::flow(n, _) and
+      GolangJwtKeyFunc::flowFrom(n) and
       sink = rn and
       rn.getRoot() = fd and
       rn.getIndex() = 0