Merge pull request github#15902 from michaelnebel/csharp/uncontrolledformatstring

C#: Remove hard-coded local sources from the uncontrolled-format-string query.

Author: michaelnebel

csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql

@@ -17,9 +17,7 @@ import semmle.code.csharp.frameworks.Format
 import FormatString::PathGraph
 
 module FormatStringConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source instanceof ThreatModelFlowSource or source instanceof LocalFlowSource
-  }
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
 
   predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(FormatCall call | call.hasInsertions()).getFormatExpr()