Java: Address review comments.

Author: michaelnebel

java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll

@@ -618,7 +618,7 @@ private MethodAccess callReturningSameType(Expr ref) {
 }
 
 private SrcRefType entrypointType() {
-  exists(RemoteFlowSource s, RefType t |
+  exists(ThreatModelFlowSource s, RefType t |
     s instanceof DataFlow::ExplicitParameterNode and
     t = pragma[only_bind_out](s).getType() and
     not t instanceof TypeObject and
@@ -629,6 +629,10 @@ private SrcRefType entrypointType() {
 }
 
 private predicate entrypointFieldStep(DataFlow::Node src, DataFlow::Node sink) {
-  src = DataFlow::getFieldQualifier(sink.asExpr().(FieldRead)) and
+  exists(FieldRead fa |
+    fa = sink.asExpr() and
+    src = DataFlow::getFieldQualifier(fa) and
+    not fa.getField().isStatic()
+  ) and
   src.getType().(RefType).getSourceDeclaration() = entrypointType()
 }

java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll

@@ -86,18 +86,8 @@ module ThreatModelFlowConfig implements DataFlow::ConfigSig {
   }
 }
 
-/**
- * DEPRECATED: Use `ThreatModelFlowConfig` instead.
- */
-deprecated module RemoteFlowConfig = ThreatModelFlowConfig;
-
 module ThreatModelFlow = DataFlow::Global<ThreatModelFlowConfig>;
 
-/**
- * DEPRECATED: Use `ThreatModelFlow` instead.
- */
-deprecated module RemoteFlow = ThreatModelFlow;
-
 /** A data flow configuration tracing flow from json data into the argument `json` of JSONP-like string `someFunctionName + "(" + json + ")"`. */
 module JsonDataFlowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node src) { src instanceof JsonStringSource }