C#: Address review comments

hvitved · hvitved · commit 949b3601d0b6 · 2019-05-15T14:10:42.000+02:00
diff --git a/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql b/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql
@@ -21,7 +21,7 @@ from
 where
   source = sourcePath.getNode() and
   sink = sinkPath.getNode() and
-  c.hasFlow(source, sink) and
+  c.hasFlowPath(sourcePath, sinkPath) and
   // Print the source value if it's available
   if exists(source.asExpr().getValue())
   then value = "The hard-coded value \"" + source.asExpr().getValue() + "\""
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/CallContext.qll b/csharp/ql/src/semmle/code/csharp/dataflow/CallContext.qll
@@ -33,7 +33,7 @@ class CallContext extends TCallContext {
 class EmptyCallContext extends CallContext, TEmptyCallContext {
   override string toString() { result = "<empty>" }
 
-  override Location getLocation() { result instanceof EmptyLocation }
+  override EmptyLocation getLocation() { any() }
 }
 
 /**
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll
@@ -2,26 +2,34 @@ import csharp
 private import DataFlowPrivate
 private import DataFlowPublic
 
-private ControlFlowElement getAScope(boolean exactScope) {
-  exists(ControlFlowReachabilityConfiguration c |
-    c.candidate(_, _, result, exactScope, _) or
-    c.candidateDef(_, _, result, exactScope, _)
-  )
+private class ControlFlowScope extends ControlFlowElement {
+  private boolean exactScope;
+
+  ControlFlowScope() {
+    exists(ControlFlowReachabilityConfiguration c |
+      c.candidate(_, _, this, exactScope, _) or
+      c.candidateDef(_, _, this, exactScope, _)
+    )
+  }
+
+  predicate isExact() { exactScope = true }
+
+  predicate isNonExact() { exactScope = false }
 }
 
-private ControlFlowElement getANonExactScopeChild(ControlFlowElement scope) {
-  scope = getAScope(false) and
+private ControlFlowElement getANonExactScopeChild(ControlFlowScope scope) {
+  scope.isNonExact() and
   result = scope
   or
   result = getANonExactScopeChild(scope).getAChild()
 }
 
 pragma[noinline]
-private ControlFlow::BasicBlock getABasicBlockInScope(ControlFlowElement scope, boolean exactScope) {
+private ControlFlow::BasicBlock getABasicBlockInScope(ControlFlowScope scope, boolean exactScope) {
   result.getANode().getElement() = getANonExactScopeChild(scope) and
   exactScope = false
   or
-  scope = getAScope(true) and
+  scope.isExact() and
   result.getANode().getElement() = scope and
   exactScope = true
 }
diff --git a/csharp/ql/src/semmle/code/csharp/exprs/Creation.qll b/csharp/ql/src/semmle/code/csharp/exprs/Creation.qll
@@ -380,7 +380,11 @@ class AnonymousFunctionExpr extends Expr, Callable, @anonymous_function_expr {
   override string getName() { result = "<anonymous>" }
 
   override Type getReturnType() {
-    result = getType().(SystemLinqExpressions::DelegateExtType).getDelegateType().getReturnType()
+    result = this
+          .getType()
+          .(SystemLinqExpressions::DelegateExtType)
+          .getDelegateType()
+          .getReturnType()
   }
 
   override AnonymousFunctionExpr getSourceDeclaration() { result = this }
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/HardcodedCredentials.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/HardcodedCredentials.qll
@@ -55,21 +55,21 @@ module HardcodedCredentials {
       not any(ReturnedByMockObject mock).getAnArgument() = sink.asExpr()
     }
 
-    override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
-      super.hasFlow(source, sink) and
+    override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) {
+      super.hasFlowPath(source, sink) and
       // Exclude hard-coded credentials in tests if they only flow to calls to methods with a name
       // like "Add*" "Create*" or "Update*". The rationale is that hard-coded credentials within
       // tests that are only used for creating or setting values within tests are unlikely to
       // represent credentials to some accessible system.
       not (
-        source.asExpr().getFile() instanceof TestFile and
+        source.getNode().asExpr().getFile() instanceof TestFile and
         exists(MethodCall createOrAddCall, string createOrAddMethodName |
           createOrAddMethodName.matches("Update%") or
           createOrAddMethodName.matches("Create%") or
           createOrAddMethodName.matches("Add%")
         |
           createOrAddCall.getTarget().hasName(createOrAddMethodName) and
-          createOrAddCall.getAnArgument() = sink.asExpr()
+          createOrAddCall.getAnArgument() = sink.getNode().asExpr()
         )
       )
     }
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/ReDoS.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/ReDoS.qll
@@ -40,15 +40,15 @@ module ReDoS {
       // a sub class of `Sink`, as that results in bad aggregate
       // recursion. Therefore, we overestimate the sinks here
       // and make the restriction later by overriding
-      // `hasFlow()` below.
+      // `hasFlowPath()` below.
       sink.asExpr() = any(RegexOperation ro).getInput()
     }
 
     override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
 
-    override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
-      super.hasFlow(source, sink) and
-      (sink instanceof Sink or sink instanceof ExponentialRegexSink)
+    override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) {
+      super.hasFlowPath(source, sink) and
+      (sink.getNode() instanceof Sink or sink.getNode() instanceof ExponentialRegexSink)
     }
   }
 
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/XMLEntityInjection.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/XMLEntityInjection.qll
@@ -39,7 +39,7 @@ module XMLEntityInjection {
       // in the charpred, as that results in bad aggregate
       // recursion. Therefore, we overestimate the sinks here
       // and make the restriction later by overriding
-      // `hasFlow()` below.
+      // `hasFlowPath()` below.
       this.getExpr() = any(MethodCall mc |
           mc.getTarget().hasQualifiedName("System.Xml.XmlReader.Create") or
           mc.getTarget().hasQualifiedName("System.Xml.XmlDocument.Load") or
@@ -75,9 +75,9 @@ module XMLEntityInjection {
 
     override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
 
-    override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {
-      super.hasFlow(source, sink) and
-      exists(sink.(Sink).getReason())
+    override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) {
+      super.hasFlowPath(source, sink) and
+      exists(sink.getNode().(Sink).getReason())
     }
   }
 
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.expected b/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.expected
@@ -11,32 +11,10 @@ edges
 | TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" |
 #select
 | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | The hard-coded value "myPa55word" flows to $@ which is compared against $@. | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | "myPa55word" | HardcodedCredentials.cs:17:13:17:20 | access to local variable password | access to local variable password |
-| HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | The hard-coded value "myPa55word" flows to $@ which is compared against $@. | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | "myPa55word" | HardcodedCredentials.cs:17:13:17:20 | access to local variable password | access to local variable password |
-| HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | The hard-coded value "myPa55word" flows to $@ which is compared against $@. | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | "myPa55word" | HardcodedCredentials.cs:17:13:17:20 | access to local variable password | access to local variable password |
-| HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | The hard-coded value "myPa55word" flows to $@ which is compared against $@. | HardcodedCredentials.cs:17:25:17:36 | "myPa55word" | "myPa55word" | HardcodedCredentials.cs:17:13:17:20 | access to local variable password | access to local variable password |
-| HardcodedCredentials.cs:33:19:33:28 | "username" | HardcodedCredentials.cs:33:19:33:28 | "username" | HardcodedCredentials.cs:33:19:33:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | HardcodedCredentials.cs:33:19:33:28 | "username" | name | HardcodedCredentials.cs:31:31:45:13 | object creation of type MembershipUser | object creation of type MembershipUser |
-| HardcodedCredentials.cs:33:19:33:28 | "username" | HardcodedCredentials.cs:33:19:33:28 | "username" | HardcodedCredentials.cs:33:19:33:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | HardcodedCredentials.cs:33:19:33:28 | "username" | name | HardcodedCredentials.cs:31:31:45:13 | object creation of type MembershipUser | object creation of type MembershipUser |
-| HardcodedCredentials.cs:33:19:33:28 | "username" | HardcodedCredentials.cs:33:19:33:28 | "username" | HardcodedCredentials.cs:33:19:33:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | HardcodedCredentials.cs:33:19:33:28 | "username" | name | HardcodedCredentials.cs:31:31:45:13 | object creation of type MembershipUser | object creation of type MembershipUser |
 | HardcodedCredentials.cs:33:19:33:28 | "username" | HardcodedCredentials.cs:33:19:33:28 | "username" | HardcodedCredentials.cs:33:19:33:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | HardcodedCredentials.cs:33:19:33:28 | "username" | name | HardcodedCredentials.cs:31:31:45:13 | object creation of type MembershipUser | object creation of type MembershipUser |
 | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | The hard-coded value "myNewPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | newPassword | HardcodedCredentials.cs:47:9:47:54 | call to method ChangePassword | call to method ChangePassword |
-| HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | The hard-coded value "myNewPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | newPassword | HardcodedCredentials.cs:47:9:47:54 | call to method ChangePassword | call to method ChangePassword |
-| HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | The hard-coded value "myNewPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | newPassword | HardcodedCredentials.cs:47:9:47:54 | call to method ChangePassword | call to method ChangePassword |
-| HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | The hard-coded value "myNewPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:47:39:47:53 | "myNewPa55word" | newPassword | HardcodedCredentials.cs:47:9:47:54 | call to method ChangePassword | call to method ChangePassword |
 | HardcodedCredentials.cs:49:30:49:60 | array creation of type Byte[] | HardcodedCredentials.cs:49:30:49:60 | array creation of type Byte[] | HardcodedCredentials.cs:52:13:52:23 | access to local variable rawCertData | This hard-coded value flows to the $@ parameter in $@. | HardcodedCredentials.cs:52:13:52:23 | access to local variable rawCertData | rawData | HardcodedCredentials.cs:51:33:53:25 | object creation of type X509Certificate2 | object creation of type X509Certificate2 |
-| HardcodedCredentials.cs:49:30:49:60 | array creation of type Byte[] | HardcodedCredentials.cs:49:30:49:60 | array creation of type Byte[] | HardcodedCredentials.cs:52:13:52:23 | access to local variable rawCertData | This hard-coded value flows to the $@ parameter in $@. | HardcodedCredentials.cs:52:13:52:23 | access to local variable rawCertData | rawData | HardcodedCredentials.cs:51:33:53:25 | object creation of type X509Certificate2 | object creation of type X509Certificate2 |
-| HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | The hard-coded value "myPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | password | HardcodedCredentials.cs:51:33:53:25 | object creation of type X509Certificate2 | object creation of type X509Certificate2 |
 | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | The hard-coded value "myPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | password | HardcodedCredentials.cs:51:33:53:25 | object creation of type X509Certificate2 | object creation of type X509Certificate2 |
-| HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | The hard-coded value "myPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | password | HardcodedCredentials.cs:51:33:53:25 | object creation of type X509Certificate2 | object creation of type X509Certificate2 |
-| HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | The hard-coded value "myPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:53:13:53:24 | "myPa55word" | password | HardcodedCredentials.cs:51:33:53:25 | object creation of type X509Certificate2 | object creation of type X509Certificate2 |
-| HardcodedCredentials.cs:76:31:76:42 | "myusername" | HardcodedCredentials.cs:76:31:76:42 | "myusername" | HardcodedCredentials.cs:76:31:76:42 | "myusername" | The hard-coded value "myusername" flows to the $@ parameter in $@. | HardcodedCredentials.cs:76:31:76:42 | "myusername" | username | HardcodedCredentials.cs:76:9:76:57 | call to method CreateUser | call to method CreateUser |
 | HardcodedCredentials.cs:76:31:76:42 | "myusername" | HardcodedCredentials.cs:76:31:76:42 | "myusername" | HardcodedCredentials.cs:76:31:76:42 | "myusername" | The hard-coded value "myusername" flows to the $@ parameter in $@. | HardcodedCredentials.cs:76:31:76:42 | "myusername" | username | HardcodedCredentials.cs:76:9:76:57 | call to method CreateUser | call to method CreateUser |
-| HardcodedCredentials.cs:76:31:76:42 | "myusername" | HardcodedCredentials.cs:76:31:76:42 | "myusername" | HardcodedCredentials.cs:76:31:76:42 | "myusername" | The hard-coded value "myusername" flows to the $@ parameter in $@. | HardcodedCredentials.cs:76:31:76:42 | "myusername" | username | HardcodedCredentials.cs:76:9:76:57 | call to method CreateUser | call to method CreateUser |
-| HardcodedCredentials.cs:76:31:76:42 | "myusername" | HardcodedCredentials.cs:76:31:76:42 | "myusername" | HardcodedCredentials.cs:76:31:76:42 | "myusername" | The hard-coded value "myusername" flows to the $@ parameter in $@. | HardcodedCredentials.cs:76:31:76:42 | "myusername" | username | HardcodedCredentials.cs:76:9:76:57 | call to method CreateUser | call to method CreateUser |
-| HardcodedCredentials.cs:76:45:76:56 | "mypassword" | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | The hard-coded value "mypassword" flows to the $@ parameter in $@. | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | password | HardcodedCredentials.cs:76:9:76:57 | call to method CreateUser | call to method CreateUser |
 | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | The hard-coded value "mypassword" flows to the $@ parameter in $@. | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | password | HardcodedCredentials.cs:76:9:76:57 | call to method CreateUser | call to method CreateUser |
-| HardcodedCredentials.cs:76:45:76:56 | "mypassword" | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | The hard-coded value "mypassword" flows to the $@ parameter in $@. | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | password | HardcodedCredentials.cs:76:9:76:57 | call to method CreateUser | call to method CreateUser |
-| HardcodedCredentials.cs:76:45:76:56 | "mypassword" | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | The hard-coded value "mypassword" flows to the $@ parameter in $@. | HardcodedCredentials.cs:76:45:76:56 | "mypassword" | password | HardcodedCredentials.cs:76:9:76:57 | call to method CreateUser | call to method CreateUser |
-| TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | TestHardcodedCredentials.cs:26:19:26:28 | "username" | name | TestHardcodedCredentials.cs:24:31:38:13 | object creation of type MembershipUser | object creation of type MembershipUser |
-| TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | TestHardcodedCredentials.cs:26:19:26:28 | "username" | name | TestHardcodedCredentials.cs:24:31:38:13 | object creation of type MembershipUser | object creation of type MembershipUser |
-| TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | TestHardcodedCredentials.cs:26:19:26:28 | "username" | name | TestHardcodedCredentials.cs:24:31:38:13 | object creation of type MembershipUser | object creation of type MembershipUser |
 | TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | TestHardcodedCredentials.cs:26:19:26:28 | "username" | name | TestHardcodedCredentials.cs:24:31:38:13 | object creation of type MembershipUser | object creation of type MembershipUser |

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ class CallContext extends TCallContext {`
`33`	`33`	`class EmptyCallContext extends CallContext, TEmptyCallContext {`
`34`	`34`	`override string toString() { result = "<empty>" }`
`35`	`35`
`36`		`- override Location getLocation() { result instanceof EmptyLocation }`
	`36`	`+ override EmptyLocation getLocation() { any() }`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -55,21 +55,21 @@ module HardcodedCredentials {`
`55`	`55`	`not any(ReturnedByMockObject mock).getAnArgument() = sink.asExpr()`
`56`	`56`	`}`
`57`	`57`
`58`		`- override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {`
`59`		`- super.hasFlow(source, sink) and`
	`58`	`+ override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) {`
	`59`	`+ super.hasFlowPath(source, sink) and`
`60`	`60`	`// Exclude hard-coded credentials in tests if they only flow to calls to methods with a name`
`61`	`61`	`// like "Add" "Create" or "Update*". The rationale is that hard-coded credentials within`
`62`	`62`	`// tests that are only used for creating or setting values within tests are unlikely to`
`63`	`63`	`// represent credentials to some accessible system.`
`64`	`64`	`not (`
`65`		`- source.asExpr().getFile() instanceof TestFile and`
	`65`	`+ source.getNode().asExpr().getFile() instanceof TestFile and`
`66`	`66`	`exists(MethodCall createOrAddCall, string createOrAddMethodName \|`
`67`	`67`	`createOrAddMethodName.matches("Update%") or`
`68`	`68`	`createOrAddMethodName.matches("Create%") or`
`69`	`69`	`createOrAddMethodName.matches("Add%")`
`70`	`70`	`\|`
`71`	`71`	`createOrAddCall.getTarget().hasName(createOrAddMethodName) and`
`72`		`- createOrAddCall.getAnArgument() = sink.asExpr()`
	`72`	`+ createOrAddCall.getAnArgument() = sink.getNode().asExpr()`
`73`	`73`	`)`
`74`	`74`	`)`
`75`	`75`	`}`
Original file line number	Diff line number	Diff line change
`@@ -40,15 +40,15 @@ module ReDoS {`
`40`	`40`	// a sub class of `Sink`, as that results in bad aggregate
`41`	`41`	`// recursion. Therefore, we overestimate the sinks here`
`42`	`42`	`// and make the restriction later by overriding`
`43`		- // `hasFlow()` below.
	`43`	+ // `hasFlowPath()` below.
`44`	`44`	`sink.asExpr() = any(RegexOperation ro).getInput()`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }`
`48`	`48`
`49`		`- override predicate hasFlow(DataFlow::Node source, DataFlow::Node sink) {`
`50`		`- super.hasFlow(source, sink) and`
`51`		`- (sink instanceof Sink or sink instanceof ExponentialRegexSink)`
	`49`	`+ override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) {`
	`50`	`+ super.hasFlowPath(source, sink) and`
	`51`	`+ (sink.getNode() instanceof Sink or sink.getNode() instanceof ExponentialRegexSink)`
`52`	`52`	`}`
`53`	`53`	`}`
`54`	`54`