Why can't the CPG generated by the new version of Joern for C# be used for taint analysis?

[wooyune1]

I've been using joern-parse.bat whose version is 4.0.36 to generate CPGs for C# for taint analysis, but today when I tried version 4.0.336, I found that the generated CPG couldn't be used. Why is that?

importCode(inputPath="D:/test/array", projectName="test")
def source = cpg.call.name("Source")
def sink = cpg.call.name("Sink")
sink.reachableByFlows(source).p

Only the cpg generated by the old version can identify a taint path.

I noticed that the CPG file size generated by the new version is significantly smaller than the old version.

Additionally, even with the older version, when I generate the CPG by adding Joern dependencies in Scala, taint analysis still fails (though I can print node information). Why is this? Did I make a mistake in my steps?

  implicit val resolver: ICallResolver = NoResolve
  val tmpDir = "D:\\test\\array"
  val config = Config()
  .withInputPath(tmpDir)

  implicit val cpg: Cpg = new CSharpSrc2Cpg().createCpg(config).get
  implicit val dataFlowContext: EngineContext = EngineContext()
  runDataFlowLayer(cpg)

  val sources = cpg.call("Source").l
  val sinks = cpg.call("Sink").l

  val paths = sinks.reachableByFlows(sources).p
  println(sources.head)
  println(sinks.head)
  println(paths)