diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilList.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilList.java
index bffc8c9c22dcf..f8f24ab54616f 100644
--- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilList.java
+++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilList.java
@@ -14,6 +14,7 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.function.Consumer;
 
 class AllowListSanitizerWithJavaUtilList {
 	public static Connection connection;
@@ -51,6 +52,7 @@ public static void main(String[] args) throws IOException, SQLException {
 		var x = new AllowListSanitizerWithJavaUtilList();
 		x.testNonStaticFields(args);
 		testMultipleSources(args);
+		testEscape(args);
 	}
 
 	private static void testStaticFields(String[] args) throws IOException, SQLException {
@@ -229,11 +231,11 @@ private static void testLocal(String[] args) throws IOException, SQLException {
 				ResultSet results = connection.createStatement().executeQuery(query);
 			}
 		}
-		// BAD: an allowlist is used but it may contain a non-compile-time constant element
+		// BAD: an allowlist is used but it contains a non-compile-time constant element
 		{
 			List<String> allowlist = new ArrayList<String>();
 			allowlist.add("allowed1");
-			possiblyMutate(allowlist);
+			addNonConstantStringDirectly(allowlist);
 			if(allowlist.contains(tainted)){
 				String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
 						+ tainted + "' ORDER BY PRICE";
@@ -278,8 +280,27 @@ private static void testMultipleSources(String[] args) throws IOException, SQLEx
 		}
 	}
 
-	private static void possiblyMutate(List<String> list) {
+	private static void testEscape(String[] args) throws IOException, SQLException {
+		String tainted = args[1];
+		boolean b = args[2] == "True";
+		{
+			// BAD: an allowlist is used which contains constant strings
+			List<String> allowlist = new ArrayList<String>();
+			addNonConstantStringViaLambda(e -> allowlist.add(e));
+			if(allowlist.contains(tainted)){ // missing result
+				String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+						+ tainted + "' ORDER BY PRICE";
+				ResultSet results = connection.createStatement().executeQuery(query);
+			}
+		}
+	}
+
+	private static void addNonConstantStringDirectly(List<String> list) {
 		list.add(getNonConstantString());
 	}
 
+	private static void addNonConstantStringViaLambda(Consumer<String> adder) {
+		adder.accept(getNonConstantString());
+	}
+
 }
diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilSet.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilSet.java
index 157e8909f9a43..bb94b57ef512a 100644
--- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilSet.java
+++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilSet.java
@@ -13,6 +13,7 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Set;
+import java.util.function.Consumer;
 
 class AllowListSanitizerWithJavaUtilSet {
 	public static Connection connection;
@@ -50,6 +51,7 @@ public static void main(String[] args) throws IOException, SQLException {
 		var x = new AllowListSanitizerWithJavaUtilSet();
 		x.testNonStaticFields(args);
 		testMultipleSources(args);
+		testEscape(args);
 	}
 
 	private static void testStaticFields(String[] args) throws IOException, SQLException {
@@ -228,11 +230,11 @@ private static void testLocal(String[] args) throws IOException, SQLException {
 				ResultSet results = connection.createStatement().executeQuery(query);
 			}
 		}
-		// BAD: an allowlist is used but it may contain a non-compile-time constant element
+		// BAD: an allowlist is used but it contains a non-compile-time constant element
 		{
 			Set<String> allowlist = new HashSet<String>();
 			allowlist.add("allowed1");
-			possiblyMutate(allowlist);
+			addNonConstantStringDirectly(allowlist);
 			if(allowlist.contains(tainted)){
 				String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
 						+ tainted + "' ORDER BY PRICE";
@@ -277,8 +279,27 @@ private static void testMultipleSources(String[] args) throws IOException, SQLEx
 		}
 	}
 
-	private static void possiblyMutate(Set<String> set) {
+	private static void testEscape(String[] args) throws IOException, SQLException {
+		String tainted = args[1];
+		boolean b = args[2] == "True";
+		{
+			// BAD: an allowlist is used which contains constant strings
+			Set<String> allowlist = new HashSet<String>();
+			addNonConstantStringViaLambda(e -> allowlist.add(e));
+			if(allowlist.contains(tainted)){ // missing result
+				String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+						+ tainted + "' ORDER BY PRICE";
+				ResultSet results = connection.createStatement().executeQuery(query);
+			}
+		}
+	}
+
+	private static void addNonConstantStringDirectly(Set<String> set) {
 		set.add(getNonConstantString());
 	}
 
+	private static void addNonConstantStringViaLambda(Consumer<String> adder) {
+		adder.accept(getNonConstantString());
+	}
+
 }
diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected
index 5a9321debe499..b0becc6f76e8e 100644
--- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected
+++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected
@@ -1,20 +1,20 @@
 #select
-| AllowListSanitizerWithJavaUtilList.java:86:66:86:70 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:86:66:86:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:92:66:92:70 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:92:66:92:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:98:66:98:70 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:98:66:98:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:104:66:104:70 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:104:66:104:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:110:66:110:70 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:110:66:110:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:116:66:116:70 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:116:66:116:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:126:66:126:70 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:126:66:126:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:147:67:147:71 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:147:67:147:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:167:67:167:71 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:167:67:167:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:185:67:185:71 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:185:67:185:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:205:67:205:71 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:205:67:205:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:229:67:229:71 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:229:67:229:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:240:67:240:71 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:240:67:240:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:258:67:258:71 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:258:67:258:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:267:67:267:71 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:267:67:267:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
-| AllowListSanitizerWithJavaUtilList.java:276:67:276:71 | query | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:276:67:276:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:88:66:88:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:88:66:88:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:94:66:94:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:94:66:94:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:100:66:100:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:100:66:100:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:106:66:106:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:106:66:106:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:112:66:112:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:112:66:112:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:118:66:118:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:118:66:118:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:128:66:128:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:128:66:128:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:149:67:149:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:149:67:149:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:169:67:169:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:169:67:169:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:187:67:187:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:187:67:187:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:207:67:207:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:207:67:207:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:231:67:231:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:231:67:231:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:242:67:242:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:242:67:242:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:260:67:260:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:260:67:260:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:269:67:269:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:269:67:269:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
+| AllowListSanitizerWithJavaUtilList.java:278:67:278:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:278:67:278:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
 | AllowListSanitizerWithJavaUtilSet.java:85:66:85:70 | query | AllowListSanitizerWithJavaUtilSet.java:46:26:46:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:85:66:85:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:46:26:46:38 | args | user-provided value |
 | AllowListSanitizerWithJavaUtilSet.java:91:66:91:70 | query | AllowListSanitizerWithJavaUtilSet.java:46:26:46:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:91:66:91:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:46:26:46:38 | args | user-provided value |
 | AllowListSanitizerWithJavaUtilSet.java:97:66:97:70 | query | AllowListSanitizerWithJavaUtilSet.java:46:26:46:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:97:66:97:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:46:26:46:38 | args | user-provided value |
@@ -42,30 +42,30 @@
 | Test.java:209:47:209:68 | queryWithUserTableName | Test.java:227:26:227:38 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
 | Test.java:221:81:221:111 | ... + ... | Test.java:227:26:227:38 | args : String[] | Test.java:221:81:221:111 | ... + ... | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
 edges
-| AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:49:20:49:23 | args : String[] | provenance |  |
-| AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:50:13:50:16 | args : String[] | provenance |  |
-| AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:52:25:52:28 | args : String[] | provenance |  |
-| AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:53:23:53:26 | args : String[] | provenance |  |
-| AllowListSanitizerWithJavaUtilList.java:49:20:49:23 | args : String[] | AllowListSanitizerWithJavaUtilList.java:56:39:56:51 | args : String[] | provenance |  |
-| AllowListSanitizerWithJavaUtilList.java:50:13:50:16 | args : String[] | AllowListSanitizerWithJavaUtilList.java:130:32:130:44 | args : String[] | provenance |  |
-| AllowListSanitizerWithJavaUtilList.java:52:25:52:28 | args : String[] | AllowListSanitizerWithJavaUtilList.java:120:35:120:47 | args : String[] | provenance |  |
-| AllowListSanitizerWithJavaUtilList.java:53:23:53:26 | args : String[] | AllowListSanitizerWithJavaUtilList.java:245:42:245:54 | args : String[] | provenance |  |
-| AllowListSanitizerWithJavaUtilList.java:56:39:56:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:86:66:86:70 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:56:39:56:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:92:66:92:70 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:56:39:56:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:98:66:98:70 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:56:39:56:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:104:66:104:70 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:56:39:56:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:110:66:110:70 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:56:39:56:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:116:66:116:70 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:120:35:120:47 | args : String[] | AllowListSanitizerWithJavaUtilList.java:126:66:126:70 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:130:32:130:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:147:67:147:71 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:130:32:130:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:167:67:167:71 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:130:32:130:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:185:67:185:71 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:130:32:130:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:205:67:205:71 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:130:32:130:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:229:67:229:71 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:130:32:130:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:240:67:240:71 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:245:42:245:54 | args : String[] | AllowListSanitizerWithJavaUtilList.java:258:67:258:71 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:245:42:245:54 | args : String[] | AllowListSanitizerWithJavaUtilList.java:267:67:267:71 | query | provenance | Sink:MaD:6 |
-| AllowListSanitizerWithJavaUtilList.java:245:42:245:54 | args : String[] | AllowListSanitizerWithJavaUtilList.java:276:67:276:71 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:50:20:50:23 | args : String[] | provenance |  |
+| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:51:13:51:16 | args : String[] | provenance |  |
+| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:53:25:53:28 | args : String[] | provenance |  |
+| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:54:23:54:26 | args : String[] | provenance |  |
+| AllowListSanitizerWithJavaUtilList.java:50:20:50:23 | args : String[] | AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | provenance |  |
+| AllowListSanitizerWithJavaUtilList.java:51:13:51:16 | args : String[] | AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | provenance |  |
+| AllowListSanitizerWithJavaUtilList.java:53:25:53:28 | args : String[] | AllowListSanitizerWithJavaUtilList.java:122:35:122:47 | args : String[] | provenance |  |
+| AllowListSanitizerWithJavaUtilList.java:54:23:54:26 | args : String[] | AllowListSanitizerWithJavaUtilList.java:247:42:247:54 | args : String[] | provenance |  |
+| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:88:66:88:70 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:94:66:94:70 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:100:66:100:70 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:106:66:106:70 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:112:66:112:70 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:118:66:118:70 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:122:35:122:47 | args : String[] | AllowListSanitizerWithJavaUtilList.java:128:66:128:70 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:149:67:149:71 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:169:67:169:71 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:187:67:187:71 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:207:67:207:71 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:231:67:231:71 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:242:67:242:71 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:247:42:247:54 | args : String[] | AllowListSanitizerWithJavaUtilList.java:260:67:260:71 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:247:42:247:54 | args : String[] | AllowListSanitizerWithJavaUtilList.java:269:67:269:71 | query | provenance | Sink:MaD:6 |
+| AllowListSanitizerWithJavaUtilList.java:247:42:247:54 | args : String[] | AllowListSanitizerWithJavaUtilList.java:278:67:278:71 | query | provenance | Sink:MaD:6 |
 | AllowListSanitizerWithJavaUtilSet.java:46:26:46:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:48:20:48:23 | args : String[] | provenance |  |
 | AllowListSanitizerWithJavaUtilSet.java:46:26:46:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:49:13:49:16 | args : String[] | provenance |  |
 | AllowListSanitizerWithJavaUtilSet.java:46:26:46:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:51:25:51:28 | args : String[] | provenance |  |
@@ -120,31 +120,31 @@ models
 | 6 | Sink: java.sql; Statement; true; executeQuery; ; ; Argument[0]; sql-injection; manual |
 | 7 | Sink: java.sql; Statement; true; executeUpdate; ; ; Argument[0]; sql-injection; manual |
 nodes
-| AllowListSanitizerWithJavaUtilList.java:47:26:47:38 | args : String[] | semmle.label | args : String[] |
-| AllowListSanitizerWithJavaUtilList.java:49:20:49:23 | args : String[] | semmle.label | args : String[] |
-| AllowListSanitizerWithJavaUtilList.java:50:13:50:16 | args : String[] | semmle.label | args : String[] |
-| AllowListSanitizerWithJavaUtilList.java:52:25:52:28 | args : String[] | semmle.label | args : String[] |
-| AllowListSanitizerWithJavaUtilList.java:53:23:53:26 | args : String[] | semmle.label | args : String[] |
-| AllowListSanitizerWithJavaUtilList.java:56:39:56:51 | args : String[] | semmle.label | args : String[] |
-| AllowListSanitizerWithJavaUtilList.java:86:66:86:70 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:92:66:92:70 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:98:66:98:70 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:104:66:104:70 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:110:66:110:70 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:116:66:116:70 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:120:35:120:47 | args : String[] | semmle.label | args : String[] |
-| AllowListSanitizerWithJavaUtilList.java:126:66:126:70 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:130:32:130:44 | args : String[] | semmle.label | args : String[] |
-| AllowListSanitizerWithJavaUtilList.java:147:67:147:71 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:167:67:167:71 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:185:67:185:71 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:205:67:205:71 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:229:67:229:71 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:240:67:240:71 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:245:42:245:54 | args : String[] | semmle.label | args : String[] |
-| AllowListSanitizerWithJavaUtilList.java:258:67:258:71 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:267:67:267:71 | query | semmle.label | query |
-| AllowListSanitizerWithJavaUtilList.java:276:67:276:71 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | semmle.label | args : String[] |
+| AllowListSanitizerWithJavaUtilList.java:50:20:50:23 | args : String[] | semmle.label | args : String[] |
+| AllowListSanitizerWithJavaUtilList.java:51:13:51:16 | args : String[] | semmle.label | args : String[] |
+| AllowListSanitizerWithJavaUtilList.java:53:25:53:28 | args : String[] | semmle.label | args : String[] |
+| AllowListSanitizerWithJavaUtilList.java:54:23:54:26 | args : String[] | semmle.label | args : String[] |
+| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | semmle.label | args : String[] |
+| AllowListSanitizerWithJavaUtilList.java:88:66:88:70 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:94:66:94:70 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:100:66:100:70 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:106:66:106:70 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:112:66:112:70 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:118:66:118:70 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:122:35:122:47 | args : String[] | semmle.label | args : String[] |
+| AllowListSanitizerWithJavaUtilList.java:128:66:128:70 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | semmle.label | args : String[] |
+| AllowListSanitizerWithJavaUtilList.java:149:67:149:71 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:169:67:169:71 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:187:67:187:71 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:207:67:207:71 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:231:67:231:71 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:242:67:242:71 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:247:42:247:54 | args : String[] | semmle.label | args : String[] |
+| AllowListSanitizerWithJavaUtilList.java:260:67:260:71 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:269:67:269:71 | query | semmle.label | query |
+| AllowListSanitizerWithJavaUtilList.java:278:67:278:71 | query | semmle.label | query |
 | AllowListSanitizerWithJavaUtilSet.java:46:26:46:38 | args : String[] | semmle.label | args : String[] |
 | AllowListSanitizerWithJavaUtilSet.java:48:20:48:23 | args : String[] | semmle.label | args : String[] |
 | AllowListSanitizerWithJavaUtilSet.java:49:13:49:16 | args : String[] | semmle.label | args : String[] |