Chris Smowton

In that case you just have `fieldReadNode.getField().getType() instanceof StringType` and don't use `hasQualifiedName` at all (unless you really know the name is "Birthday" in which case `getName() = "Birthday"`), but...

To find a string literal simply select `any(StringLit sl)`. If you mean searching the code lexically (e.g. finding the exact char sequence "x int, y int"), then no you can't...

Not yaml. We do extract some XML/HTML in a few languages where we have queries that can use information stored in those files, and in Java we extract `.properties` filess.

You mean a read made inside function A? Like `func functonA() { return someStruct.someField; }`? If so then yes, you can use `DataFlow::Node.getRoot()` to find out what function, if any,...

For example, with Go source: ```go package xyz type hasBday struct { birthday string; } func seeThis(b hasBday) string { return b.birthday } func dontSeeThis(b hasBday) string { return b.birthday...

Your problem is that the actual field read doesn't occur in UpdateUserPrivate, it occurs inside GetUserId. The thing you highlight with a box is not a field but rather a...

You can find reads from such local variables using a ReadNode rather than the more specific FieldReadNode. For example: ```ql from DataFlow::ReadNode rn where rn.reads(any(LocalVariable lv | lv.getName() = "getsName"))...

Given we're doing it for StringBreak already and the other sanitisers in LogInjectionCustomizations do check what's being replaced, yes I think we should do likewise and try to check the...

Like the concept, but it doesn't compile: `Expected a predicate with result but found 'ParameterNode.isParameterOf(Callable c, int i)', which is a predicate without result`

Thinking about this further, I don't think the dataflow lib will accept us defining a store step that also transits a function boundary. Instead we should store into a synthetic...