Hi@dvec01,

Thanks for your question. It's not completely clear to me what you want your source to be.arguments is accessible through thegetArgumentsVariable predicate of theFunction class. I'm not sure if that helps?

Hi@jketema ,
here is an example that hopefully makes my problem more clear:

constchild_process=require('child_process');classTest{constructor(userInput){this.userInput=userInput;}source(){this.sink();}sink(){child_process.execSync(`${this.userInput}`,{stdio:'inherit'});}}newTest("/usr/bin/id").source();

In the above example the source isthis.userInput, but I need the query to consider the paths that start at thesource method (even if there are no dataflow/ taint steps), that is the sink should be reachable from this method. Is there a way to achieve this using the TaintTracking module?

What is the recommended approach to model accesses to arguments, this or super as tainted
Access toarguments:

DataFlow::FunctionNodetestFunc(){result.getName()="test"}predicateisSource(DataFlow::Nodenode){// using 'arguments' as sourcenode=testFunc().getFunction().getArgumentsVariable().getAnAccess().flow()or// using 'this' as sourcenode=testFunc().getReceiver()}

What’s the best way to write a source predicate for methods with no parameters?

Usingarguments orthis methods above, depending on what contains the tainted data.

Note that there is currently no way to specify a source that is inside of a content, but if you treatthis as a source it should consider all of its properties as tainted.