Improve B608 to work with control flow
The previous patterns don't account for tainting within control flow statements. The extra set of ellipses before the taint enable Semgrep to match SQLi introduced within the body of an if branch.
See the following issues for more information:
Edited by James Liu