Apply suggestions from code review

Co-authored-by: Tom Hvitved <hvitved@github.com>

ql/src/codeql_ruby/controlflow/CfgNodes.qll

@@ -362,9 +362,9 @@ module ExprNodes {
   }
 
   /** A control-flow node that wraps an `ElementReference` AST expression. */
-  class ElementReferenceCfgNode extends ExprCfgNode {
-    override ElementReference e;
+  class ElementReferenceCfgNode extends MethodCallCfgNode {
+    ElementReferenceCfgNode() { e instanceof ElementReference }
 
-    final override ElementReference getExpr() { result = ExprCfgNode.super.getExpr() }
+    final override ElementReference getExpr() { result = super.getExpr() }
   }
 }

ql/src/codeql_ruby/dataflow/internal/TaintTrackingPrivate.qll

@@ -32,6 +32,6 @@ predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nod
   // element reference from nodeFrom
   exists(CfgNodes::ExprNodes::ElementReferenceCfgNode ref |
     ref = nodeTo.asExpr() and
-    ref.getExpr().getReceiver() = nodeFrom.asExpr().getExpr()
+    ref.getReceiver() = nodeFrom.asExpr()
   )
 }

ql/src/queries/security/cwe-089/SqlInjection.ql

@@ -24,7 +24,7 @@ class SQLInjectionConfiguration extends TaintTracking::Configuration {
 
   override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSink(DataFlow::Node sink) { sink = any(SqlExecution e) }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof SqlExecution }
 
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
     guard instanceof StringConstCompare or