From 4d7aeced3f359a95493cfe7b19ab2f44bb3aff9b Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Thu, 10 Nov 2022 10:38:22 +0100
Subject: [PATCH] C++: Simplify dataflow taint test query

The complexity seems a left-over from before these tests were turned into
inline expectation tests, where the aim seems to have been to have exactly
one sink node for each `sink` call. Multiple sink nodes for the same `sink`
call are not made visible in the inline expecation tests, and I am not
conviced this was very useful before, so remove the complexity.
---
 .../test/library-tests/dataflow/taint-tests/taint.ql  | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql
index bd513adcef27..d7ae0f88732a 100644
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql
@@ -95,16 +95,7 @@ module IRTest {
     override predicate isSink(DataFlow::Node sink) {
       exists(FunctionCall call |
         call.getTarget().getName() = "sink" and
-        sink.asConvertedExpr() = call.getAnArgument()
-        or
-        call.getTarget().getName() = "sink" and
-        sink.asExpr() = call.getAnArgument() and
-        sink.asConvertedExpr() instanceof ReferenceDereferenceExpr
-      )
-      or
-      exists(ReadSideEffectInstruction read |
-        read.getSideEffectOperand() = sink.asOperand() and
-        read.getPrimaryInstruction().(CallInstruction).getStaticCallTarget().hasName("sink")
+        sink.asExpr() = call.getAnArgument()
       )
     }