Apply suggestions from code review

Co-authored-by: Anders Schack-Mulligen <[email protected]>

Author: atorralba

java/ql/lib/semmle/code/java/JDK.qll

@@ -232,10 +232,10 @@ private class InputStreamWrapperAnonymousStep extends AdditionalTaintStep {
  */
 private class InputStreamWrapperConstructorStep extends AdditionalTaintStep {
   override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
-    exists(ClassInstanceExpr cc, Argument a, AssignExpr ae |
+    exists(ClassInstanceExpr cc, Argument a, AssignExpr ae, int pos |
       cc.getConstructedType().getASourceSupertype+() instanceof TypeInputStream and
-      cc.getAnArgument() = a and
-      cc.getCallee().getParameter(a.getParameterPos()).getAnAccess() = ae.getRhs() and
+      cc.getArgument(pragma[only_bind_into](pos)) = a and
+      cc.getCallee().getParameter(pragma[only_bind_into](pos)).getAnAccess() = ae.getRhs() and
       ae.getDest().(FieldWrite).getField().getType().(RefType).getASourceSupertype*() instanceof
         TypeInputStream
     |

java/ql/test/library-tests/dataflow/stream-read/A.java

@@ -84,4 +84,22 @@ public int read(byte[] b) throws IOException {
         sink(wrapper); // $ hasTaintFlow
     }
 
+    public static InputStream wrapStream(InputStream in) {
+        return new InputStream() {
+            @Override
+            public int read() throws IOException {
+                return 0;
+            }
+
+            @Override
+            public int read(byte[] b) throws IOException {
+                return in.read(b);
+            }
+        };
+    }
+
+    public static void testWrapCall() {
+        sink(wrapStream(null)); // no flow
+        sink(wrapStream(source())); // $ hasTaintFlow
+    }
 }