Java: Rename references.

2025-12-20 18:56:32 +01:00 · 2023-03-23 11:55:11 +01:00
parent 2761aa73ca
commit ec34d44359
81 changed files with 152 additions and 152 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll
@@ -28,7 +28,7 @@ class OnActivityResultIncomingIntent extends DataFlow::Node {
   */
  predicate isRemoteSource() {
    exists(RefType startingType, Expr startActivityForResultArg |
-      ImplicitStartActivityForResult::hasFlowToExpr(startActivityForResultArg) and
+      ImplicitStartActivityForResult::flowToExpr(startActivityForResultArg) and
      // startingType is the class enclosing the method that calls `startActivityForResult`.
      startingType = startActivityForResultArg.getEnclosingCallable().getDeclaringType()
    |
@@ -104,7 +104,7 @@ private module ImplicitStartActivityForResultConfig implements DataFlow::ConfigS
 }
 private module ImplicitStartActivityForResult =
-  DataFlow::Make<ImplicitStartActivityForResultConfig>;
+  DataFlow::Global<ImplicitStartActivityForResultConfig>;
 /** An Android Activity or Fragment. */
 private class ActivityOrFragment extends Class {
--- a/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll
@@ -21,10 +21,10 @@ private module TypeLiteralToParseAsFlowConfig implements DataFlow::ConfigSig {
  }
 }
-private module TypeLiteralToParseAsFlow = DataFlow::Make<TypeLiteralToParseAsFlowConfig>;
+private module TypeLiteralToParseAsFlow = DataFlow::Global<TypeLiteralToParseAsFlowConfig>;
 private TypeLiteral getSourceWithFlowToParseAs() {
-  TypeLiteralToParseAsFlow::hasFlow(DataFlow::exprNode(result), _)
+  TypeLiteralToParseAsFlow::flow(DataFlow::exprNode(result), _)
 }
 /** A field that is deserialized by `HttpResponse.parseAs`. */
--- a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
@@ -108,10 +108,10 @@ private module TypeLiteralToJacksonDatabindFlowConfig implements DataFlow::Confi
 }
 private module TypeLiteralToJacksonDatabindFlow =
-  DataFlow::Make<TypeLiteralToJacksonDatabindFlowConfig>;
+  DataFlow::Global<TypeLiteralToJacksonDatabindFlowConfig>;
 private TypeLiteral getSourceWithFlowToJacksonDatabind() {
-  TypeLiteralToJacksonDatabindFlow::hasFlow(DataFlow::exprNode(result), _)
+  TypeLiteralToJacksonDatabindFlow::flow(DataFlow::exprNode(result), _)
 }
 /** A type whose values are explicitly deserialized in a call to a Jackson method. */
--- a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll
@@ -173,4 +173,4 @@ private module SensitiveCommunicationConfig implements DataFlow::ConfigSig {
 /**
 * Tracks taint flow from variables containing sensitive information to broadcast Intents.
 */
-module SensitiveCommunicationFlow = TaintTracking::Make<SensitiveCommunicationConfig>;
+module SensitiveCommunicationFlow = TaintTracking::Global<SensitiveCommunicationConfig>;
--- a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll
@@ -17,15 +17,15 @@ private module ApkInstallationConfig implements DataFlow::ConfigSig {
      ma.getMethod() instanceof SetDataMethod and
      ma.getArgument(0) = node.asExpr() and
      (
-        PackageArchiveMimeTypeFlow::hasFlowToExpr(ma.getQualifier())
+        PackageArchiveMimeTypeFlow::flowToExpr(ma.getQualifier())
        or
-        InstallPackageActionFlow::hasFlowToExpr(ma.getQualifier())
+        InstallPackageActionFlow::flowToExpr(ma.getQualifier())
      )
    )
  }
 }
-module ApkInstallationFlow = DataFlow::Make<ApkInstallationConfig>;
+module ApkInstallationFlow = DataFlow::Global<ApkInstallationConfig>;
 private newtype ActionState =
  ActionUnset() or
@@ -72,7 +72,7 @@ private module InstallPackageActionConfig implements DataFlow::StateConfigSig {
  predicate isBarrier(DataFlow::Node node, FlowState state) { none() }
 }
-private module InstallPackageActionFlow = TaintTracking::MakeWithState<InstallPackageActionConfig>;
+private module InstallPackageActionFlow = TaintTracking::GlobalWithState<InstallPackageActionConfig>;
 private newtype MimeTypeState =
  MimeTypeUnset() or
@@ -117,4 +117,4 @@ private module PackageArchiveMimeTypeConfig implements DataFlow::StateConfigSig
 }
 private module PackageArchiveMimeTypeFlow =
-  TaintTracking::MakeWithState<PackageArchiveMimeTypeConfig>;
+  TaintTracking::GlobalWithState<PackageArchiveMimeTypeConfig>;
--- a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll
@@ -37,4 +37,4 @@ private module FragmentInjectionTaintConfig implements DataFlow::ConfigSig {
 * Taint-tracking flow for unsafe user input
 * that is used to create Android fragments dynamically.
 */
-module FragmentInjectionTaintFlow = TaintTracking::Make<FragmentInjectionTaintConfig>;
+module FragmentInjectionTaintFlow = TaintTracking::Global<FragmentInjectionTaintConfig>;
--- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll
@@ -53,4 +53,4 @@ private module IntentUriPermissionManipulationConfig implements DataFlow::Config
 * Taint tracking flow for user-provided Intents being returned to third party apps.
 */
 module IntentUriPermissionManipulationFlow =
-  TaintTracking::Make<IntentUriPermissionManipulationConfig>;
+  TaintTracking::Global<IntentUriPermissionManipulationConfig>;
--- a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll
@@ -38,4 +38,4 @@ private module LogInjectionConfig implements DataFlow::ConfigSig {
 /**
 * Taint-tracking flow for tracking untrusted user input used in log entries.
 */
-module LogInjectionFlow = TaintTracking::Make<LogInjectionConfig>;
+module LogInjectionFlow = TaintTracking::Global<LogInjectionConfig>;
--- a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll
+++ b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll
@@ -53,4 +53,4 @@ private module RequestForgeryConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node node) { node instanceof RequestForgerySanitizer }
 }
-module RequestForgeryFlow = TaintTracking::Make<RequestForgeryConfig>;
+module RequestForgeryFlow = TaintTracking::Global<RequestForgeryConfig>;
--- a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll
@@ -42,4 +42,4 @@ private module RsaWithoutOaepConfig implements DataFlow::ConfigSig {
 }
 /** Flow for finding RSA ciphers initialized without using OAEP padding. */
-module RsaWithoutOaepFlow = DataFlow::Make<RsaWithoutOaepConfig>;
+module RsaWithoutOaepFlow = DataFlow::Global<RsaWithoutOaepConfig>;
--- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -65,4 +65,4 @@ private module SensitiveLoggerConfig implements DataFlow::ConfigSig {
  predicate isBarrierIn(Node node) { isSource(node) }
 }
-module SensitiveLoggerFlow = TaintTracking::Make<SensitiveLoggerConfig>;
+module SensitiveLoggerFlow = TaintTracking::Global<SensitiveLoggerConfig>;
--- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll
@@ -41,4 +41,4 @@ private module UnsafeContentResolutionConfig implements DataFlow::ConfigSig {
 }
 /** Taint-tracking flow to find paths from remote sources to content URI resolutions. */
-module UnsafeContentResolutionFlow = TaintTracking::Make<UnsafeContentResolutionConfig>;
+module UnsafeContentResolutionFlow = TaintTracking::Global<UnsafeContentResolutionConfig>;
--- a/java/ql/lib/semmle/code/java/security/XSS.qll
+++ b/java/ql/lib/semmle/code/java/security/XSS.qll
@@ -43,7 +43,7 @@ private class DefaultXssSink extends XssSink {
    or
    exists(MethodAccess ma |
      ma.getMethod() instanceof WritingMethod and
-      XssVulnerableWriterSourceToWritingMethodFlow::hasFlowToExpr(ma.getQualifier()) and
+      XssVulnerableWriterSourceToWritingMethodFlow::flowToExpr(ma.getQualifier()) and
      this.asExpr() = ma.getArgument(_)
    )
  }
@@ -71,7 +71,7 @@ private module XssVulnerableWriterSourceToWritingMethodFlowConfig implements Dat
 }
 private module XssVulnerableWriterSourceToWritingMethodFlow =
-  TaintTracking::Make<XssVulnerableWriterSourceToWritingMethodFlowConfig>;
+  TaintTracking::Global<XssVulnerableWriterSourceToWritingMethodFlowConfig>;
 /** A method that can be used to output data to an output stream or writer. */
 private class WritingMethod extends Method {
--- a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll
@@ -42,4 +42,4 @@ module XxeLocalConfig implements DataFlow::ConfigSig {
 /**
 * Detect taint flow of unvalidated local user input that is used in XML external entity expansion.
 */
-module XxeLocalFlow = TaintTracking::Make<XxeLocalConfig>;
+module XxeLocalFlow = TaintTracking::Global<XxeLocalConfig>;
--- a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll
@@ -42,4 +42,4 @@ module XxeConfig implements DataFlow::ConfigSig {
 /**
 * Detect taint flow of unvalidated remote user input that is used in XML external entity expansion.
 */
-module XxeFlow = TaintTracking::Make<XxeConfig>;
+module XxeFlow = TaintTracking::Global<XxeConfig>;
--- a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll
@@ -81,4 +81,4 @@ private module PolynomialRedosConfig implements DataFlow::ConfigSig {
  }
 }
-module PolynomialRedosFlow = TaintTracking::Make<PolynomialRedosConfig>;
+module PolynomialRedosFlow = TaintTracking::Global<PolynomialRedosConfig>;
--- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
@@ -41,7 +41,7 @@ module TaintedPathConfig implements DataFlow::ConfigSig {
  }
 }
-module TaintedPath = TaintTracking::Make<TaintedPathConfig>;
+module TaintedPath = TaintTracking::Global<TaintedPathConfig>;
 import TaintedPath::PathGraph
@@ -53,13 +53,13 @@ import TaintedPath::PathGraph
 * continue to report there; otherwise we report directly at `sink`.
 */
 DataFlow::Node getReportingNode(DataFlow::Node sink) {
-  TaintedPath::hasFlowTo(sink) and
+  TaintedPath::flowTo(sink) and
  if exists(PathCreation pc | pc.getAnInput() = sink.asExpr())
  then result.asExpr() = any(PathCreation pc | pc.getAnInput() = sink.asExpr())
  else result = sink
 }
 from TaintedPath::PathNode source, TaintedPath::PathNode sink
-where TaintedPath::hasFlowPath(source, sink)
+where TaintedPath::flowPath(source, sink)
 select getReportingNode(sink.getNode()), source, sink, "This path depends on a $@.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql
@@ -41,7 +41,7 @@ module TaintedPathLocalConfig implements DataFlow::ConfigSig {
  }
 }
-module TaintedPathLocalFlow = TaintTracking::Make<TaintedPathLocalConfig>;
+module TaintedPathLocalFlow = TaintTracking::Global<TaintedPathLocalConfig>;
 import TaintedPathLocalFlow::PathGraph
@@ -53,13 +53,13 @@ import TaintedPathLocalFlow::PathGraph
 * continue to report there; otherwise we report directly at `sink`.
 */
 DataFlow::Node getReportingNode(DataFlow::Node sink) {
-  TaintedPathLocalFlow::hasFlowTo(sink) and
+  TaintedPathLocalFlow::flowTo(sink) and
  if exists(PathCreation pc | pc.getAnInput() = sink.asExpr())
  then result.asExpr() = any(PathCreation pc | pc.getAnInput() = sink.asExpr())
  else result = sink
 }
 from TaintedPathLocalFlow::PathNode source, TaintedPathLocalFlow::PathNode sink
-where TaintedPathLocalFlow::hasFlowPath(source, sink)
+where TaintedPathLocalFlow::flowPath(source, sink)
 select getReportingNode(sink.getNode()), source, sink, "This path depends on a $@.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
+++ b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
@@ -44,7 +44,7 @@ module ZipSlipConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node node) { node instanceof PathInjectionSanitizer }
 }
-module ZipSlipFlow = TaintTracking::Make<ZipSlipConfig>;
+module ZipSlipFlow = TaintTracking::Global<ZipSlipConfig>;
 import ZipSlipFlow::PathGraph
@@ -56,7 +56,7 @@ private class FileCreationSink extends DataFlow::Node {
 }
 from ZipSlipFlow::PathNode source, ZipSlipFlow::PathNode sink
-where ZipSlipFlow::hasFlowPath(source, sink)
+where ZipSlipFlow::flowPath(source, sink)
 select source.getNode(), source, sink,
  "Unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(),
  "file system operation"
--- a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql
@@ -32,7 +32,7 @@ module LocalUserInputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
 }
 module LocalUserInputToArgumentToExecFlow =
-  TaintTracking::Make<LocalUserInputToArgumentToExecFlowConfig>;
+  TaintTracking::Global<LocalUserInputToArgumentToExecFlowConfig>;
 import LocalUserInputToArgumentToExecFlow::PathGraph
@@ -40,7 +40,7 @@ from
  LocalUserInputToArgumentToExecFlow::PathNode source,
  LocalUserInputToArgumentToExecFlow::PathNode sink, ArgumentToExec execArg
 where
-  LocalUserInputToArgumentToExecFlow::hasFlowPath(source, sink) and
+  LocalUserInputToArgumentToExecFlow::flowPath(source, sink) and
  sink.getNode().asExpr() = execArg
 select execArg, source, sink, "This command line depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-079/XSS.ql
+++ b/java/ql/src/Security/CWE/CWE-079/XSS.ql
@@ -29,11 +29,11 @@ module XssConfig implements DataFlow::ConfigSig {
  }
 }
-module XssFlow = TaintTracking::Make<XssConfig>;
+module XssFlow = TaintTracking::Global<XssConfig>;
 import XssFlow::PathGraph
 from XssFlow::PathNode source, XssFlow::PathNode sink
-where XssFlow::hasFlowPath(source, sink)
+where XssFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql
@@ -21,11 +21,11 @@ module XssLocalConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
 }
-module XssLocalFlow = TaintTracking::Make<XssLocalConfig>;
+module XssLocalFlow = TaintTracking::Global<XssLocalConfig>;
 import XssLocalFlow::PathGraph
 from XssLocalFlow::PathNode source, XssLocalFlow::PathNode sink
-where XssLocalFlow::hasFlowPath(source, sink)
+where XssLocalFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
+++ b/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
@@ -36,7 +36,7 @@ module UncontrolledStringBuilderSourceFlowConfig implements DataFlow::ConfigSig
 }
 module UncontrolledStringBuilderSourceFlow =
-  TaintTracking::Make<UncontrolledStringBuilderSourceFlowConfig>;
+  TaintTracking::Global<UncontrolledStringBuilderSourceFlowConfig>;
 from QueryInjectionSink query, Expr uncontrolled
 where
@@ -45,7 +45,7 @@ where
    or
    exists(StringBuilderVar sbv |
      uncontrolledStringBuilderQuery(sbv, uncontrolled) and
-      UncontrolledStringBuilderSourceFlow::hasFlow(DataFlow::exprNode(sbv.getToStringCall()), query)
+      UncontrolledStringBuilderSourceFlow::flow(DataFlow::exprNode(sbv.getToStringCall()), query)
    )
  ) and
  not queryTaintedBy(query, _, _)
--- a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql
@@ -31,13 +31,13 @@ module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {
 }
 module LocalUserInputToQueryInjectionFlow =
-  TaintTracking::Make<LocalUserInputToQueryInjectionFlowConfig>;
+  TaintTracking::Global<LocalUserInputToQueryInjectionFlowConfig>;
 import LocalUserInputToQueryInjectionFlow::PathGraph
 from
  LocalUserInputToQueryInjectionFlow::PathNode source,
  LocalUserInputToQueryInjectionFlow::PathNode sink
-where LocalUserInputToQueryInjectionFlow::hasFlowPath(source, sink)
+where LocalUserInputToQueryInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
@@ -17,6 +17,6 @@ import LdapInjectionLib
 import LdapInjectionFlow::PathGraph
 from LdapInjectionFlow::PathNode source, LdapInjectionFlow::PathNode sink
-where LdapInjectionFlow::hasFlowPath(source, sink)
+where LdapInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll
+++ b/java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll
@@ -17,4 +17,4 @@ module LdapInjectionFlowConfig implements DataFlow::ConfigSig {
  }
 }
-module LdapInjectionFlow = TaintTracking::Make<LdapInjectionFlowConfig>;
+module LdapInjectionFlow = TaintTracking::Global<LdapInjectionFlowConfig>;
--- a/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
+++ b/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
@@ -15,5 +15,5 @@ import semmle.code.java.security.ArbitraryApkInstallationQuery
 import ApkInstallationFlow::PathGraph
 from ApkInstallationFlow::PathNode source, ApkInstallationFlow::PathNode sink
-where ApkInstallationFlow::hasFlowPath(source, sink)
+where ApkInstallationFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Arbitrary Android APK installation."
--- a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
+++ b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
@@ -61,7 +61,7 @@ module BeanValidationConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof BeanValidationSink }
 }
-module BeanValidationFlow = TaintTracking::Make<BeanValidationConfig>;
+module BeanValidationFlow = TaintTracking::Global<BeanValidationConfig>;
 import BeanValidationFlow::PathGraph
@@ -80,6 +80,6 @@ where
    or
    exists(SetMessageInterpolatorCall c | not c.isSafe())
  ) and
-  BeanValidationFlow::hasFlowPath(source, sink)
+  BeanValidationFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Custom constraint error message contains an unsanitized $@.",
  source, "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
+++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
@@ -42,12 +42,12 @@ module ResponseSplittingConfig implements DataFlow::ConfigSig {
  }
 }
-module ResponseSplitting = TaintTracking::Make<ResponseSplittingConfig>;
+module ResponseSplitting = TaintTracking::Global<ResponseSplittingConfig>;
 import ResponseSplitting::PathGraph
 from ResponseSplitting::PathNode source, ResponseSplitting::PathNode sink
-where ResponseSplitting::hasFlowPath(source, sink)
+where ResponseSplitting::flowPath(source, sink)
 select sink.getNode(), source, sink,
  "This header depends on a $@, which may cause a response-splitting vulnerability.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql
@@ -26,12 +26,12 @@ module ResponseSplittingLocalConfig implements DataFlow::ConfigSig {
  }
 }
-module ResponseSplitting = TaintTracking::Make<ResponseSplittingLocalConfig>;
+module ResponseSplitting = TaintTracking::Global<ResponseSplittingLocalConfig>;
 import ResponseSplitting::PathGraph
 from ResponseSplitting::PathNode source, ResponseSplitting::PathNode sink
-where ResponseSplitting::hasFlowPath(source, sink)
+where ResponseSplitting::flowPath(source, sink)
 select sink.getNode(), source, sink,
  "This header depends on a $@, which may cause a response-splitting vulnerability.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.LogInjectionQuery
 import LogInjectionFlow::PathGraph
 from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink
-where LogInjectionFlow::hasFlowPath(source, sink)
+where LogInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This log entry depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
+++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
@@ -23,7 +23,7 @@ private module ImproperValidationOfArrayConstructionConfig implements DataFlow::
 }
 module ImproperValidationOfArrayConstructionFlow =
-  TaintTracking::Make<ImproperValidationOfArrayConstructionConfig>;
+  TaintTracking::Global<ImproperValidationOfArrayConstructionConfig>;
 import ImproperValidationOfArrayConstructionFlow::PathGraph
@@ -34,7 +34,7 @@ from
 where
  arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sizeExpr, arrayCreation) and
  sizeExpr = sink.getNode().asExpr() and
-  ImproperValidationOfArrayConstructionFlow::hasFlowPath(source, sink)
+  ImproperValidationOfArrayConstructionFlow::flowPath(source, sink)
 select arrayAccess.getIndexExpr(), source, sink,
  "This accesses the $@, but the array is initialized using a $@ which may be zero.", arrayCreation,
  "array", source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql
+++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql
@@ -27,7 +27,7 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig {
  }
 }
-module BoundedFlowSourceFlow = DataFlow::Make<BoundedFlowSourceConfig>;
+module BoundedFlowSourceFlow = DataFlow::Global<BoundedFlowSourceConfig>;
 import BoundedFlowSourceFlow::PathGraph
@@ -39,7 +39,7 @@ where
  arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sizeExpr, arrayCreation) and
  sizeExpr = sink.getNode().asExpr() and
  boundedsource = source.getNode() and
-  BoundedFlowSourceFlow::hasFlowPath(source, sink)
+  BoundedFlowSourceFlow::flowPath(source, sink)
 select arrayAccess.getIndexExpr(), source, sink,
  "This accesses the $@, but the array is initialized using $@ which may be zero.", arrayCreation,
  "array", boundedsource, boundedsource.getDescription().toLowerCase()
--- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql
@@ -24,7 +24,7 @@ module ImproperValidationOfArrayConstructionLocalConfig implements DataFlow::Con
 }
 module ImproperValidationOfArrayConstructionLocalFlow =
-  TaintTracking::Make<ImproperValidationOfArrayConstructionLocalConfig>;
+  TaintTracking::Global<ImproperValidationOfArrayConstructionLocalConfig>;
 import ImproperValidationOfArrayConstructionLocalFlow::PathGraph
@@ -35,7 +35,7 @@ from
 where
  arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sizeExpr, arrayCreation) and
  sizeExpr = sink.getNode().asExpr() and
-  ImproperValidationOfArrayConstructionLocalFlow::hasFlowPath(source, sink)
+  ImproperValidationOfArrayConstructionLocalFlow::flowPath(source, sink)
 select arrayAccess.getIndexExpr(), source, sink,
  "This accesses the $@, but the array is initialized using a $@ which may be zero.", arrayCreation,
  "array", source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
+++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
@@ -25,7 +25,7 @@ module ImproperValidationOfArrayIndexConfig implements DataFlow::ConfigSig {
 }
 module ImproperValidationOfArrayIndexFlow =
-  TaintTracking::Make<ImproperValidationOfArrayIndexConfig>;
+  TaintTracking::Global<ImproperValidationOfArrayIndexConfig>;
 import ImproperValidationOfArrayIndexFlow::PathGraph
@@ -34,7 +34,7 @@ from
  ImproperValidationOfArrayIndexFlow::PathNode sink, CheckableArrayAccess arrayAccess
 where
  arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and
-  ImproperValidationOfArrayIndexFlow::hasFlowPath(source, sink)
+  ImproperValidationOfArrayIndexFlow::flowPath(source, sink)
 select arrayAccess.getIndexExpr(), source, sink,
  "This index depends on a $@ which can cause an ArrayIndexOutOfBoundsException.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql
+++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql
@@ -24,7 +24,7 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig {
  }
 }
-module BoundedFlowSourceFlow = DataFlow::Make<BoundedFlowSourceConfig>;
+module BoundedFlowSourceFlow = DataFlow::Global<BoundedFlowSourceConfig>;
 import BoundedFlowSourceFlow::PathGraph
@@ -34,7 +34,7 @@ from
 where
  arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and
  boundedsource = source.getNode() and
-  BoundedFlowSourceFlow::hasFlowPath(source, sink) and
+  BoundedFlowSourceFlow::flowPath(source, sink) and
  boundedsource != sink.getNode() and
  not (
    (
--- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql
@@ -24,7 +24,7 @@ module ImproperValidationOfArrayIndexLocalConfig implements DataFlow::ConfigSig
 }
 module ImproperValidationOfArrayIndexLocalFlow =
-  TaintTracking::Make<ImproperValidationOfArrayIndexLocalConfig>;
+  TaintTracking::Global<ImproperValidationOfArrayIndexLocalConfig>;
 import ImproperValidationOfArrayIndexLocalFlow::PathGraph
@@ -33,7 +33,7 @@ from
  ImproperValidationOfArrayIndexLocalFlow::PathNode sink, CheckableArrayAccess arrayAccess
 where
  arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and
-  ImproperValidationOfArrayIndexLocalFlow::hasFlowPath(source, sink)
+  ImproperValidationOfArrayIndexLocalFlow::flowPath(source, sink)
 select arrayAccess.getIndexExpr(), source, sink,
  "This index depends on a $@ which can cause an ArrayIndexOutOfBoundsException.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
+++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
@@ -27,7 +27,7 @@ module ExternallyControlledFormatStringConfig implements DataFlow::ConfigSig {
 }
 module ExternallyControlledFormatStringFlow =
-  TaintTracking::Make<ExternallyControlledFormatStringConfig>;
+  TaintTracking::Global<ExternallyControlledFormatStringConfig>;
 import ExternallyControlledFormatStringFlow::PathGraph
@@ -35,7 +35,7 @@ from
  ExternallyControlledFormatStringFlow::PathNode source,
  ExternallyControlledFormatStringFlow::PathNode sink, StringFormat formatCall
 where
-  ExternallyControlledFormatStringFlow::hasFlowPath(source, sink) and
+  ExternallyControlledFormatStringFlow::flowPath(source, sink) and
  sink.getNode().asExpr() = formatCall.getFormatArgument()
 select formatCall.getFormatArgument(), source, sink, "Format string depends on a $@.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql
@@ -23,7 +23,7 @@ module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSi
 }
 module ExternallyControlledFormatStringLocalFlow =
-  TaintTracking::Make<ExternallyControlledFormatStringLocalConfig>;
+  TaintTracking::Global<ExternallyControlledFormatStringLocalConfig>;
 import ExternallyControlledFormatStringLocalFlow::PathGraph
@@ -31,7 +31,7 @@ from
  ExternallyControlledFormatStringLocalFlow::PathNode source,
  ExternallyControlledFormatStringLocalFlow::PathNode sink, StringFormat formatCall
 where
-  ExternallyControlledFormatStringLocalFlow::hasFlowPath(source, sink) and
+  ExternallyControlledFormatStringLocalFlow::flowPath(source, sink) and
  sink.getNode().asExpr() = formatCall.getFormatArgument()
 select formatCall.getFormatArgument(), source, sink, "Format string depends on a $@.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
+++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
@@ -32,9 +32,9 @@ module RemoteUserInputUnderflowConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) }
 }
-module RemoteUserInputOverflow = TaintTracking::Make<RemoteUserInputOverflowConfig>;
+module RemoteUserInputOverflow = TaintTracking::Global<RemoteUserInputOverflowConfig>;
-module RemoteUserInputUnderflow = TaintTracking::Make<RemoteUserInputUnderflowConfig>;
+module RemoteUserInputUnderflow = TaintTracking::Global<RemoteUserInputUnderflowConfig>;
 module Flow =
  DataFlow::MergePathGraph<RemoteUserInputOverflow::PathNode, RemoteUserInputUnderflow::PathNode,
@@ -44,11 +44,11 @@ import Flow::PathGraph
 from Flow::PathNode source, Flow::PathNode sink, ArithExpr exp, string effect
 where
-  RemoteUserInputOverflow::hasFlowPath(source.asPathNode1(), sink.asPathNode1()) and
+  RemoteUserInputOverflow::flowPath(source.asPathNode1(), sink.asPathNode1()) and
  overflowSink(exp, sink.getNode().asExpr()) and
  effect = "overflow"
  or
-  RemoteUserInputUnderflow::hasFlowPath(source.asPathNode2(), sink.asPathNode2()) and
+  RemoteUserInputUnderflow::flowPath(source.asPathNode2(), sink.asPathNode2()) and
  underflowSink(exp, sink.getNode().asExpr()) and
  effect = "underflow"
 select exp, source, sink,
--- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql
@@ -25,7 +25,7 @@ module ArithmeticTaintedLocalOverflowConfig implements DataFlow::ConfigSig {
 }
 module ArithmeticTaintedLocalOverflowFlow =
-  TaintTracking::Make<ArithmeticTaintedLocalOverflowConfig>;
+  TaintTracking::Global<ArithmeticTaintedLocalOverflowConfig>;
 module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
@@ -36,7 +36,7 @@ module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig {
 }
 module ArithmeticTaintedLocalUnderflowFlow =
-  TaintTracking::Make<ArithmeticTaintedLocalUnderflowConfig>;
+  TaintTracking::Global<ArithmeticTaintedLocalUnderflowConfig>;
 module Flow =
  DataFlow::MergePathGraph<ArithmeticTaintedLocalOverflowFlow::PathNode,
@@ -47,11 +47,11 @@ import Flow::PathGraph
 from Flow::PathNode source, Flow::PathNode sink, ArithExpr exp, string effect
 where
-  ArithmeticTaintedLocalOverflowFlow::hasFlowPath(source.asPathNode1(), sink.asPathNode1()) and
+  ArithmeticTaintedLocalOverflowFlow::flowPath(source.asPathNode1(), sink.asPathNode1()) and
  overflowSink(exp, sink.getNode().asExpr()) and
  effect = "overflow"
  or
-  ArithmeticTaintedLocalUnderflowFlow::hasFlowPath(source.asPathNode2(), sink.asPathNode2()) and
+  ArithmeticTaintedLocalUnderflowFlow::flowPath(source.asPathNode2(), sink.asPathNode2()) and
  underflowSink(exp, sink.getNode().asExpr()) and
  effect = "underflow"
 select exp, source, sink,
--- a/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
+++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
@@ -33,7 +33,7 @@ module ArithmeticUncontrolledOverflowConfig implements DataFlow::ConfigSig {
 }
 module ArithmeticUncontrolledOverflowFlow =
-  TaintTracking::Make<ArithmeticUncontrolledOverflowConfig>;
+  TaintTracking::Global<ArithmeticUncontrolledOverflowConfig>;
 module ArithmeticUncontrolledUnderflowConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof TaintSource }
@@ -44,7 +44,7 @@ module ArithmeticUncontrolledUnderflowConfig implements DataFlow::ConfigSig {
 }
 module ArithmeticUncontrolledUnderflowFlow =
-  TaintTracking::Make<ArithmeticUncontrolledUnderflowConfig>;
+  TaintTracking::Global<ArithmeticUncontrolledUnderflowConfig>;
 module Flow =
  DataFlow::MergePathGraph<ArithmeticUncontrolledOverflowFlow::PathNode,
@@ -55,11 +55,11 @@ import Flow::PathGraph
 from Flow::PathNode source, Flow::PathNode sink, ArithExpr exp, string effect
 where
-  ArithmeticUncontrolledOverflowFlow::hasFlowPath(source.asPathNode1(), sink.asPathNode1()) and
+  ArithmeticUncontrolledOverflowFlow::flowPath(source.asPathNode1(), sink.asPathNode1()) and
  overflowSink(exp, sink.getNode().asExpr()) and
  effect = "overflow"
  or
-  ArithmeticUncontrolledUnderflowFlow::hasFlowPath(source.asPathNode2(), sink.asPathNode2()) and
+  ArithmeticUncontrolledUnderflowFlow::flowPath(source.asPathNode2(), sink.asPathNode2()) and
  underflowSink(exp, sink.getNode().asExpr()) and
  effect = "underflow"
 select exp, source, sink,
--- a/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
+++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
@@ -45,7 +45,7 @@ module MaxValueFlowConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node n) { overflowBarrier(n) }
 }
-module MaxValueFlow = DataFlow::Make<MaxValueFlowConfig>;
+module MaxValueFlow = DataFlow::Global<MaxValueFlowConfig>;
 module MinValueFlowConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
@@ -59,7 +59,7 @@ module MinValueFlowConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) }
 }
-module MinValueFlow = DataFlow::Make<MinValueFlowConfig>;
+module MinValueFlow = DataFlow::Global<MinValueFlowConfig>;
 module Flow =
  DataFlow::MergePathGraph<MaxValueFlow::PathNode, MinValueFlow::PathNode, MaxValueFlow::PathGraph,
@@ -71,11 +71,11 @@ predicate query(
  Flow::PathNode source, Flow::PathNode sink, ArithExpr exp, string effect, Type srctyp
 ) {
  (
-    MaxValueFlow::hasFlowPath(source.asPathNode1(), sink.asPathNode1()) and
+    MaxValueFlow::flowPath(source.asPathNode1(), sink.asPathNode1()) and
    overflowSink(exp, sink.getNode().asExpr()) and
    effect = "overflow"
    or
-    MinValueFlow::hasFlowPath(source.asPathNode2(), sink.asPathNode2()) and
+    MinValueFlow::flowPath(source.asPathNode2(), sink.asPathNode2()) and
    underflowSink(exp, sink.getNode().asExpr()) and
    effect = "underflow"
  ) and
--- a/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
+++ b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
@@ -102,7 +102,7 @@ module WebViewDisallowContentAccessConfig implements DataFlow::StateConfigSig {
 }
 module WebViewDisallowContentAccessFlow =
-  TaintTracking::MakeWithState<WebViewDisallowContentAccessConfig>;
+  TaintTracking::GlobalWithState<WebViewDisallowContentAccessConfig>;
 from Expr e
 where
@@ -116,7 +116,7 @@ where
  // implicit: no setAllowContentAccess(false)
  exists(WebViewSource source |
    source.asExpr() = e and
-    not WebViewDisallowContentAccessFlow::hasFlow(source, _)
+    not WebViewDisallowContentAccessFlow::flow(source, _)
  )
 select e,
  "Sensitive information may be exposed via a malicious link due to access to content:// links being allowed in this WebView."
--- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
+++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
@@ -133,7 +133,7 @@ module TempDirSystemGetPropertyToCreateConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) {
    sink instanceof FileCreationSink and
-    not TempDirSystemGetPropertyDirectlyToMkdir::hasFlowTo(sink)
+    not TempDirSystemGetPropertyDirectlyToMkdir::flowTo(sink)
  }
  predicate isBarrier(DataFlow::Node sanitizer) {
@@ -146,7 +146,7 @@ module TempDirSystemGetPropertyToCreateConfig implements DataFlow::ConfigSig {
 }
 module TempDirSystemGetPropertyToCreate =
-  TaintTracking::Make<TempDirSystemGetPropertyToCreateConfig>;
+  TaintTracking::Global<TempDirSystemGetPropertyToCreateConfig>;
 /**
 * Configuration that tracks calls to to `mkdir` or `mkdirs` that are are directly on the temp directory system property.
@@ -179,7 +179,7 @@ module TempDirSystemGetPropertyDirectlyToMkdirConfig implements DataFlow::Config
 }
 module TempDirSystemGetPropertyDirectlyToMkdir =
-  TaintTracking::Make<TempDirSystemGetPropertyDirectlyToMkdirConfig>;
+  TaintTracking::Global<TempDirSystemGetPropertyDirectlyToMkdirConfig>;
 //
 // Begin configuration for tracking single-method calls that are vulnerable.
@@ -270,7 +270,7 @@ import Flow::PathGraph
 from Flow::PathNode source, Flow::PathNode sink, string message
 where
  (
-    TempDirSystemGetPropertyToCreate::hasFlowPath(source.asPathNode1(), sink.asPathNode1()) and
+    TempDirSystemGetPropertyToCreate::flowPath(source.asPathNode1(), sink.asPathNode1()) and
    message =
      "Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users."
    or
--- a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
+++ b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
@@ -42,7 +42,7 @@ module ServletWriterSourceToPrintStackTraceMethodFlowConfig implements DataFlow:
 }
 module ServletWriterSourceToPrintStackTraceMethodFlow =
-  TaintTracking::Make<ServletWriterSourceToPrintStackTraceMethodFlowConfig>;
+  TaintTracking::Global<ServletWriterSourceToPrintStackTraceMethodFlowConfig>;
 /**
 * A call that uses `Throwable.printStackTrace()` on a stream that is connected
@@ -51,7 +51,7 @@ module ServletWriterSourceToPrintStackTraceMethodFlow =
 predicate printsStackToWriter(MethodAccess call) {
  exists(PrintStackTraceMethod printStackTrace |
    call.getMethod() = printStackTrace and
-    ServletWriterSourceToPrintStackTraceMethodFlow::hasFlowToExpr(call.getAnArgument())
+    ServletWriterSourceToPrintStackTraceMethodFlow::flowToExpr(call.getAnArgument())
  )
 }
@@ -87,7 +87,7 @@ module StackTraceStringToHttpResponseSinkFlowConfig implements DataFlow::ConfigS
 }
 module StackTraceStringToHttpResponseSinkFlow =
-  TaintTracking::Make<StackTraceStringToHttpResponseSinkFlowConfig>;
+  TaintTracking::Global<StackTraceStringToHttpResponseSinkFlowConfig>;
 /**
 * A write of stack trace data to an external stream.
@@ -104,7 +104,7 @@ predicate printsStackExternally(MethodAccess call, Expr stackTrace) {
 predicate stringifiedStackFlowsExternally(DataFlow::Node externalExpr, Expr stackTrace) {
  exists(MethodAccess stackTraceString |
    stackTraceExpr(stackTrace, stackTraceString) and
-    StackTraceStringToHttpResponseSinkFlow::hasFlow(DataFlow::exprNode(stackTraceString),
+    StackTraceStringToHttpResponseSinkFlow::flow(DataFlow::exprNode(stackTraceString),
      externalExpr)
  )
 }
@@ -127,13 +127,13 @@ module GetMessageFlowSourceToHttpResponseSinkFlowConfig implements DataFlow::Con
 }
 module GetMessageFlowSourceToHttpResponseSinkFlow =
-  TaintTracking::Make<GetMessageFlowSourceToHttpResponseSinkFlowConfig>;
+  TaintTracking::Global<GetMessageFlowSourceToHttpResponseSinkFlowConfig>;
 /**
 * A call to `getMessage()` that then flows to a servlet response.
 */
 predicate getMessageFlowsExternally(DataFlow::Node externalExpr, GetMessageFlowSource getMessage) {
-  GetMessageFlowSourceToHttpResponseSinkFlow::hasFlow(DataFlow::exprNode(getMessage), externalExpr)
+  GetMessageFlowSourceToHttpResponseSinkFlow::flow(DataFlow::exprNode(getMessage), externalExpr)
 }
 from Expr externalExpr, Expr errorInformation
--- a/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
+++ b/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
@@ -20,7 +20,7 @@ import IntentUriPermissionManipulationFlow::PathGraph
 from
  IntentUriPermissionManipulationFlow::PathNode source,
  IntentUriPermissionManipulationFlow::PathNode sink
-where IntentUriPermissionManipulationFlow::hasFlowPath(source, sink)
+where IntentUriPermissionManipulationFlow::flowPath(source, sink)
 select sink.getNode(), source, sink,
  "This Intent can be set with arbitrary flags from a $@, " +
    "and used to give access to internal content providers.", source.getNode(),
--- a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
+++ b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
@@ -77,7 +77,7 @@ module TrustAllHostnameVerifierConfig implements DataFlow::ConfigSig {
  }
 }
-module TrustAllHostnameVerifierFlow = DataFlow::Make<TrustAllHostnameVerifierConfig>;
+module TrustAllHostnameVerifierFlow = DataFlow::Global<TrustAllHostnameVerifierConfig>;
 import TrustAllHostnameVerifierFlow::PathGraph
@@ -118,7 +118,7 @@ from
  TrustAllHostnameVerifierFlow::PathNode source, TrustAllHostnameVerifierFlow::PathNode sink,
  RefType verifier
 where
-  TrustAllHostnameVerifierFlow::hasFlowPath(source, sink) and
+  TrustAllHostnameVerifierFlow::flowPath(source, sink) and
  not isNodeGuardedByFlag(sink.getNode()) and
  verifier = source.getNode().asExpr().(ClassInstanceExpr).getConstructedType()
 select sink, source, sink,
--- a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+++ b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
@@ -38,7 +38,7 @@ module InsecureCryptoConfig implements ConfigSig {
  }
 }
-module InsecureCryptoFlow = TaintTracking::Make<InsecureCryptoConfig>;
+module InsecureCryptoFlow = TaintTracking::Global<InsecureCryptoConfig>;
 import InsecureCryptoFlow::PathGraph
@@ -48,6 +48,6 @@ from
 where
  sink.getNode().asExpr() = c.getAlgoSpec() and
  source.getNode().asExpr() = s and
-  InsecureCryptoFlow::hasFlowPath(source, sink)
+  InsecureCryptoFlow::flowPath(source, sink)
 select c, source, sink, "Cryptographic algorithm $@ is weak and should not be used.", s,
  s.getValue()
--- a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
+++ b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
@@ -61,7 +61,7 @@ module InsecureCryptoConfig implements ConfigSig {
  }
 }
-module InsecureCryptoFlow = TaintTracking::Make<InsecureCryptoConfig>;
+module InsecureCryptoFlow = TaintTracking::Global<InsecureCryptoConfig>;
 import InsecureCryptoFlow::PathGraph
@@ -71,7 +71,7 @@ from
 where
  sink.getNode().asExpr() = c.getAlgoSpec() and
  source.getNode().asExpr() = s and
-  InsecureCryptoFlow::hasFlowPath(source, sink)
+  InsecureCryptoFlow::flowPath(source, sink)
 select c, source, sink,
  "Cryptographic algorithm $@ may not be secure, consider using a different algorithm.", s,
  s.getValue()
--- a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
+++ b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
@@ -17,7 +17,7 @@ import semmle.code.java.security.UnsafeContentUriResolutionQuery
 import UnsafeContentResolutionFlow::PathGraph
 from UnsafeContentResolutionFlow::PathNode src, UnsafeContentResolutionFlow::PathNode sink
-where UnsafeContentResolutionFlow::hasFlowPath(src, sink)
+where UnsafeContentResolutionFlow::flowPath(src, sink)
 select sink.getNode(), src, sink,
  "This ContentResolver method that resolves a URI depends on a $@.", src.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
@@ -16,7 +16,7 @@ import semmle.code.java.security.FragmentInjectionQuery
 import FragmentInjectionTaintFlow::PathGraph
 from FragmentInjectionTaintFlow::PathNode source, FragmentInjectionTaintFlow::PathNode sink
-where FragmentInjectionTaintFlow::hasFlowPath(source, sink)
+where FragmentInjectionTaintFlow::flowPath(source, sink)
 select sink.getNode(), source, sink,
  "Fragment depends on a $@, which may allow a malicious application to bypass access controls.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
+++ b/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.SensitiveLoggingQuery
 import SensitiveLoggerFlow::PathGraph
 from SensitiveLoggerFlow::PathNode source, SensitiveLoggerFlow::PathNode sink
-where SensitiveLoggerFlow::hasFlowPath(source, sink)
+where SensitiveLoggerFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This $@ is written to a log file.", source.getNode(),
  "potentially sensitive information"
--- a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
+++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
@@ -21,11 +21,11 @@ module UrlRedirectConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink }
 }
-module UrlRedirectFlow = TaintTracking::Make<UrlRedirectConfig>;
+module UrlRedirectFlow = TaintTracking::Global<UrlRedirectConfig>;
 import UrlRedirectFlow::PathGraph
 from UrlRedirectFlow::PathNode source, UrlRedirectFlow::PathNode sink
-where UrlRedirectFlow::hasFlowPath(source, sink)
+where UrlRedirectFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql
@@ -21,11 +21,11 @@ module UrlRedirectLocalConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink }
 }
-module UrlRedirectLocalFlow = TaintTracking::Make<UrlRedirectLocalConfig>;
+module UrlRedirectLocalFlow = TaintTracking::Global<UrlRedirectLocalConfig>;
 import UrlRedirectLocalFlow::PathGraph
 from UrlRedirectLocalFlow::PathNode source, UrlRedirectLocalFlow::PathNode sink
-where UrlRedirectLocalFlow::hasFlowPath(source, sink)
+where UrlRedirectLocalFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-611/XXE.ql
+++ b/java/ql/src/Security/CWE/CWE-611/XXE.ql
@@ -19,7 +19,7 @@ import semmle.code.java.security.XxeRemoteQuery
 import XxeFlow::PathGraph
 from XxeFlow::PathNode source, XxeFlow::PathNode sink
-where XxeFlow::hasFlowPath(source, sink)
+where XxeFlow::flowPath(source, sink)
 select sink.getNode(), source, sink,
  "XML parsing depends on a $@ without guarding against external entity expansion.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-611/XXELocal.ql
+++ b/java/ql/src/Security/CWE/CWE-611/XXELocal.ql
@@ -19,7 +19,7 @@ import semmle.code.java.security.XxeLocalQuery
 import XxeLocalFlow::PathGraph
 from XxeLocalFlow::PathNode source, XxeLocalFlow::PathNode sink
-where XxeLocalFlow::hasFlowPath(source, sink)
+where XxeLocalFlow::flowPath(source, sink)
 select sink.getNode(), source, sink,
  "XML parsing depends on a $@ without guarding against external entity expansion.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
+++ b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
@@ -47,10 +47,10 @@ module SecureCookieConfig implements DataFlow::ConfigSig {
  }
 }
-module SecureCookieFlow = DataFlow::Make<SecureCookieConfig>;
+module SecureCookieFlow = DataFlow::Global<SecureCookieConfig>;
 from MethodAccess add
 where
  add.getMethod() instanceof ResponseAddCookieMethod and
-  not SecureCookieFlow::hasFlowToExpr(add.getArgument(0))
+  not SecureCookieFlow::flowToExpr(add.getArgument(0))
 select add, "Cookie is added to response without the 'secure' flag being set."
--- a/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
@@ -22,11 +22,11 @@ module XPathInjectionConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
 }
-module XPathInjectionFlow = TaintTracking::Make<XPathInjectionConfig>;
+module XPathInjectionFlow = TaintTracking::Global<XPathInjectionConfig>;
 import XPathInjectionFlow::PathGraph
 from XPathInjectionFlow::PathNode source, XPathInjectionFlow::PathNode sink
-where XPathInjectionFlow::hasFlowPath(source, sink)
+where XPathInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
+++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
@@ -34,14 +34,14 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig {
  }
 }
-module NumericCastFlow = TaintTracking::Make<NumericCastFlowConfig>;
+module NumericCastFlow = TaintTracking::Global<NumericCastFlowConfig>;
 import NumericCastFlow::PathGraph
 from NumericCastFlow::PathNode source, NumericCastFlow::PathNode sink, NumericNarrowingCastExpr exp
 where
  sink.getNode().asExpr() = exp.getExpr() and
-  NumericCastFlow::hasFlowPath(source, sink)
+  NumericCastFlow::flowPath(source, sink)
 select exp, source, sink,
  "This cast to a narrower type depends on a $@, potentially causing truncation.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql
@@ -32,7 +32,7 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig {
  }
 }
-module NumericCastFlow = TaintTracking::Make<NumericCastFlowConfig>;
+module NumericCastFlow = TaintTracking::Global<NumericCastFlowConfig>;
 import NumericCastFlow::PathGraph
@@ -42,7 +42,7 @@ from
 where
  exp.getExpr() = tainted and
  sink.getNode().asExpr() = tainted and
-  NumericCastFlow::hasFlowPath(source, sink) and
+  NumericCastFlow::flowPath(source, sink) and
  not exists(RightShiftOp e | e.getShiftedVariable() = tainted.getVariable())
 select exp, source, sink,
  "This cast to a narrower type depends on a $@, potentially causing truncation.", source.getNode(),
--- a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
+++ b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
@@ -21,7 +21,7 @@ from
  PolynomialRedosFlow::PathNode source, PolynomialRedosFlow::PathNode sink,
  SuperlinearBackTracking::PolynomialBackTrackingTerm regexp
 where
-  PolynomialRedosFlow::hasFlowPath(source, sink) and
+  PolynomialRedosFlow::flowPath(source, sink) and
  regexp.getRootTerm() = sink.getNode().(PolynomialRedosSink).getRegExp()
 select sink, source, sink,
  "This $@ that depends on a $@ may run slow on strings " + regexp.getPrefixMessage() +
--- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
@@ -15,6 +15,6 @@ import semmle.code.java.security.RsaWithoutOaepQuery
 import RsaWithoutOaepFlow::PathGraph
 from RsaWithoutOaepFlow::PathNode source, RsaWithoutOaepFlow::PathNode sink
-where RsaWithoutOaepFlow::hasFlowPath(source, sink)
+where RsaWithoutOaepFlow::flowPath(source, sink)
 select source, source, sink, "This specification is used to $@ without OAEP padding.", sink,
  "initialize an RSA cipher"
--- a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
+++ b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
@@ -60,7 +60,7 @@ module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig {
  }
 }
-module TaintedPermissionsCheckFlow = TaintTracking::Make<TaintedPermissionsCheckFlowConfig>;
+module TaintedPermissionsCheckFlow = TaintTracking::Global<TaintedPermissionsCheckFlowConfig>;
 import TaintedPermissionsCheckFlow::PathGraph
@@ -68,6 +68,6 @@ from
  TaintedPermissionsCheckFlow::PathNode source, TaintedPermissionsCheckFlow::PathNode sink,
  PermissionsConstruction p
 where
-  sink.getNode().asExpr() = p.getInput() and TaintedPermissionsCheckFlow::hasFlowPath(source, sink)
+  sink.getNode().asExpr() = p.getInput() and TaintedPermissionsCheckFlow::flowPath(source, sink)
 select p, source, sink, "Permissions check depends on a $@.", source.getNode(),
  "user-controlled value"
--- a/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
+++ b/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.RequestForgeryConfig
 import RequestForgeryFlow::PathGraph
 from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink
-where RequestForgeryFlow::hasFlowPath(source, sink)
+where RequestForgeryFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Potential server-side request forgery due to a $@.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
+++ b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.AndroidSensitiveCommunicationQuery
 import SensitiveCommunicationFlow::PathGraph
 from SensitiveCommunicationFlow::PathNode source, SensitiveCommunicationFlow::PathNode sink
-where SensitiveCommunicationFlow::hasFlowPath(source, sink)
+where SensitiveCommunicationFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This call may leak $@.", source.getNode(),
  "sensitive information"
--- a/java/ql/test/TestUtilities/InlineFlowTest.qll
+++ b/java/ql/test/TestUtilities/InlineFlowTest.qll
@@ -57,9 +57,9 @@ module DefaultFlowConfig implements DataFlow::ConfigSig {
  int fieldFlowBranchLimit() { result = 1000 }
 }
-private module DefaultValueFlow = DataFlow::Make<DefaultFlowConfig>;
+private module DefaultValueFlow = DataFlow::Global<DefaultFlowConfig>;
-private module DefaultTaintFlow = TaintTracking::Make<DefaultFlowConfig>;
+private module DefaultTaintFlow = TaintTracking::Global<DefaultFlowConfig>;
 class DefaultValueFlowConf extends DataFlow::Configuration {
  DefaultValueFlowConf() { this = "qltest:defaultValueFlowConf" }
@@ -118,13 +118,13 @@ class InlineFlowTest extends InlineExpectationsTest {
  predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) {
    if exists(EnableLegacyConfiguration e)
    then getValueFlowConfig().hasFlow(src, sink)
-    else DefaultValueFlow::hasFlow(src, sink)
+    else DefaultValueFlow::flow(src, sink)
  }
  predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
    if exists(EnableLegacyConfiguration e)
    then getTaintFlowConfig().hasFlow(src, sink)
-    else DefaultTaintFlow::hasFlow(src, sink)
+    else DefaultTaintFlow::flow(src, sink)
  }
  DataFlow::Configuration getValueFlowConfig() { result = any(DefaultValueFlowConf config) }
--- a/java/ql/test/library-tests/dataflow/inoutbarriers/test.ql
+++ b/java/ql/test/library-tests/dataflow/inoutbarriers/test.ql
@@ -47,13 +47,13 @@ module Conf4 implements ConfigSig {
 }
 predicate flow(Node src, Node sink, string s) {
-  Make<Conf1>::hasFlow(src, sink) and s = "nobarrier"
+  Global<Conf1>::flow(src, sink) and s = "nobarrier"
  or
-  Make<Conf2>::hasFlow(src, sink) and s = "srcbarrier"
+  Global<Conf2>::flow(src, sink) and s = "srcbarrier"
  or
-  Make<Conf3>::hasFlow(src, sink) and s = "sinkbarrier"
+  Global<Conf3>::flow(src, sink) and s = "sinkbarrier"
  or
-  Make<Conf4>::hasFlow(src, sink) and s = "both"
+  Global<Conf4>::flow(src, sink) and s = "both"
 }
 from Node src, Node sink, string s
--- a/java/ql/test/library-tests/dataflow/partial/test.ql
+++ b/java/ql/test/library-tests/dataflow/partial/test.ql
@@ -10,10 +10,10 @@ module Config implements ConfigSig {
 int explorationLimit() { result = 10 }
-module PartialFlow = Make<Config>::FlowExploration<explorationLimit/0>;
+module PartialFlow = Global<Config>::FlowExploration<explorationLimit/0>;
 import PartialFlow::PartialPathGraph
 from PartialFlow::PartialPathNode n, int dist
-where PartialFlow::hasPartialFlow(_, n, dist)
+where PartialFlow::partialFlow(_, n, dist)
 select dist, n
--- a/java/ql/test/library-tests/dataflow/partial/testRev.ql
+++ b/java/ql/test/library-tests/dataflow/partial/testRev.ql
@@ -10,10 +10,10 @@ module Config implements ConfigSig {
 int explorationLimit() { result = 10 }
-module PartialFlow = Make<Config>::FlowExploration<explorationLimit/0>;
+module PartialFlow = Global<Config>::FlowExploration<explorationLimit/0>;
 import PartialFlow::PartialPathGraph
 from PartialFlow::PartialPathNode n, int dist
-where PartialFlow::hasPartialFlowRev(n, _, dist)
+where PartialFlow::partialFlowRev(n, _, dist)
 select dist, n
--- a/java/ql/test/library-tests/dataflow/state/test.ql
+++ b/java/ql/test/library-tests/dataflow/state/test.ql
@@ -55,7 +55,7 @@ module Config implements DataFlow::StateConfigSig {
 int explorationLimit() { result = 0 }
-module Flow = TaintTracking::MakeWithState<Config>;
+module Flow = TaintTracking::GlobalWithState<Config>;
 module PartialFlow = Flow::FlowExploration<explorationLimit/0>;
@@ -67,7 +67,7 @@ class HasFlowTest extends InlineExpectationsTest {
  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "flow" and
    exists(Flow::PathNode src, Flow::PathNode sink |
-      Flow::hasFlowPath(src, sink) and
+      Flow::flowPath(src, sink) and
      sink.getNode().getLocation() = location and
      element = sink.toString() and
      value = src.getState()
@@ -75,7 +75,7 @@ class HasFlowTest extends InlineExpectationsTest {
    or
    tag = "pFwd" and
    exists(PartialFlow::PartialPathNode src, PartialFlow::PartialPathNode node |
-      PartialFlow::hasPartialFlow(src, node, _) and
+      PartialFlow::partialFlow(src, node, _) and
      checkNode(node.getNode()) and
      node.getNode().getLocation() = location and
      element = node.toString() and
@@ -84,7 +84,7 @@ class HasFlowTest extends InlineExpectationsTest {
    or
    tag = "pRev" and
    exists(PartialFlow::PartialPathNode node, PartialFlow::PartialPathNode sink |
-      PartialFlow::hasPartialFlowRev(node, sink, _) and
+      PartialFlow::partialFlowRev(node, sink, _) and
      checkNode(node.getNode()) and
      node.getNode().getLocation() = location and
      element = node.toString() and
--- a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql
+++ b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql
@@ -10,7 +10,7 @@ class HasApkInstallationTest extends InlineExpectationsTest {
  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasApkInstallation" and
-    exists(DataFlow::Node sink | ApkInstallationFlow::hasFlowTo(sink) |
+    exists(DataFlow::Node sink | ApkInstallationFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql
@@ -12,6 +12,6 @@ private class LogInjectionTest extends InlineFlowTest {
  override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
  override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
-    LogInjectionFlow::hasFlow(src, sink)
+    LogInjectionFlow::flow(src, sink)
  }
 }
--- a/java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.ql
+++ b/java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.ql
@@ -6,6 +6,6 @@ class IntentUriPermissionManipulationTest extends InlineFlowTest {
  override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
  override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
-    IntentUriPermissionManipulationFlow::hasFlow(src, sink)
+    IntentUriPermissionManipulationFlow::flow(src, sink)
  }
 }
--- a/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql
@@ -6,6 +6,6 @@ class Test extends InlineFlowTest {
  override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
  override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
-    UnsafeContentResolutionFlow::hasFlow(src, sink)
+    UnsafeContentResolutionFlow::flow(src, sink)
  }
 }
--- a/java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.ql
@@ -6,6 +6,6 @@ class Test extends InlineFlowTest {
  override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
  override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
-    FragmentInjectionTaintFlow::hasFlow(src, sink)
+    FragmentInjectionTaintFlow::flow(src, sink)
  }
 }
--- a/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql
+++ b/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql
@@ -4,7 +4,7 @@ import semmle.code.java.security.SensitiveLoggingQuery
 class HasFlowTest extends InlineFlowTest {
  override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
-    SensitiveLoggerFlow::hasFlow(src, sink)
+    SensitiveLoggerFlow::flow(src, sink)
  }
  override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
--- a/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql
+++ b/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql
@@ -9,7 +9,7 @@ class HasPolyRedos extends InlineExpectationsTest {
  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasPolyRedos" and
    exists(DataFlow::Node sink |
-      PolynomialRedosFlow::hasFlowTo(sink) and
+      PolynomialRedosFlow::flowTo(sink) and
      location = sink.getLocation() and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql
+++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql
@@ -7,6 +7,6 @@ class HasFlowTest extends InlineFlowTest {
  override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
  override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
-    RsaWithoutOaepFlow::hasFlow(src, sink)
+    RsaWithoutOaepFlow::flow(src, sink)
  }
 }
--- a/java/ql/test/query-tests/security/CWE-918/RequestForgery.ql
+++ b/java/ql/test/query-tests/security/CWE-918/RequestForgery.ql
@@ -10,7 +10,7 @@ class HasFlowTest extends InlineExpectationsTest {
  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "SSRF" and
    exists(DataFlow::Node sink |
-      RequestForgeryFlow::hasFlowTo(sink) and
+      RequestForgeryFlow::flowTo(sink) and
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-927/SensitiveCommunication.ql
+++ b/java/ql/test/query-tests/security/CWE-927/SensitiveCommunication.ql
@@ -7,6 +7,6 @@ class HasFlowTest extends InlineFlowTest {
  override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
  override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
-    SensitiveCommunicationFlow::hasFlow(src, sink)
+    SensitiveCommunicationFlow::flow(src, sink)
  }
 }