Use HasFlow instead HasFlowPath

Author: edvraa

csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql

@@ -50,12 +50,11 @@ where
   // JsonConvert static method call, but with additional unsafe typename tracking
   exists(
     JsonConvertTrackingConfig taintTrackingJsonConvert, TypeNameTrackingConfig typenameTracking,
-    DataFlow::PathNode settingsCallArg
+    DataFlow::Node settingsCallArg
   |
     taintTrackingJsonConvert.hasFlowPath(userInput, deserializeCallArg) and
-    typenameTracking.hasFlowPath(_, settingsCallArg) and
-    deserializeCallArg.getNode().asExpr().getParent() =
-      settingsCallArg.getNode().asExpr().getParent()
+    typenameTracking.hasFlow(_, settingsCallArg) and
+    deserializeCallArg.getNode().asExpr().getParent() = settingsCallArg.asExpr().getParent()
   )
 select deserializeCallArg, userInput, deserializeCallArg, "$@ flows to unsafe deserializer.",
   userInput, "User-provided data"