Use a full dataflow config rather than local flow

java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java

@@ -2,8 +2,16 @@ import javax.crypto.Cipher;
 
 class RsaWithoutOaep {
     public void test() throws Exception {
-        Cipher rsaBad = Cipher.getInstance("RSA/ECB/NoPadding"); // $hasResult
+        Cipher rsaBad = Cipher.getInstance("RSA/ECB/NoPadding"); // $hasTaintFlow
 
         Cipher rsaGood = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); 
     }
+
+    public Cipher getCipher(String spec) throws Exception {
+        return Cipher.getInstance(spec); // $hasTaintFlow
+    }
+
+    public void test2() throws Exception {
+        Cipher rsa = getCipher("RSA/ECB/NoPadding");
+    }
 }

java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql

@@ -1,19 +1,10 @@
 import java
 import TestUtilities.InlineExpectationsTest
+import TestUtilities.InlineFlowTest
 import semmle.code.java.security.RsaWithoutOaepQuery
 
-class HasResult extends InlineExpectationsTest {
-  HasResult() { this = "HasResult" }
+class HasFlowTest extends InlineFlowTest {
+  override DataFlow::Configuration getTaintFlowConfig() { result instanceof RsaWithoutOaepConfig }
 
-  override string getARelevantTag() { result = "hasResult" }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasResult" and
-    value = "" and
-    exists(CryptoAlgoSpec c |
-      rsaWithoutOaepCall(c) and
-      location = c.getLocation() and
-      element = c.toString()
-    )
-  }
+  override DataFlow::Configuration getValueFlowConfig() { none() }
 }