diff --git a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst index 8625d637366..06f657d5003 100644 --- a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst +++ b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst @@ -139,29 +139,24 @@ is a barrier guard blocking flow through the use of ``data`` on the right-hand s At this point we know that ``data`` has evaluated to a truthy value, so it cannot be ``null`` anymore. -Implementing this additional condition is easy. We implement a subclass of ``DataFlow::BarrierGuardNode``: +Implementing this additional condition is easy. We implement a predicate with the following signature: .. code-block:: ql - class TruthinessCheck extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { - SsaVariable v; - - TruthinessCheck() { - astNode = v.getAUse() - } - - override predicate blocks(boolean outcome, Expr e) { - outcome = true and - e = astNode - } + private predicate truthinessCheck(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) { + exists(SsaVariable v | + g = v.getAUse() and + node = g and + branch = true + ) } -and then use it to override predicate ``isBarrierGuard`` in our configuration class: +and then use it to override predicate ``isBarrier`` in our configuration class: .. code-block:: ql - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof TruthinessCheck + override predicate isBarrier(DataFlow::Node node) { + node = DataFlow::BarrierGuard::getABarrierNode() } With this change, we now flag the problematic case and don't flag the unproblematic case above.