From e6ae3ffe7a06617e64dabf76cb0c1d709ad67f44 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 18 Oct 2023 14:03:41 +0200 Subject: [PATCH] Update docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst Co-authored-by: Felicity Chapman --- .../codeql-language-guides/advanced-dataflow-scenarios-cpp.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst b/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst index a711ef7feb2..8e3bcab1d7f 100644 --- a/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst +++ b/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst @@ -9,7 +9,7 @@ Advanced dataflow scenarios for C/C++ Data flow for C and C++ distinguishes between the value of a pointer and the value of what the pointer points to. We call this the "indirection" of the pointer. Tracking the pointer and its indirection as separate entities is important for precise dataflow. However, it also means that you need to specify which data flow node to model. If you select the wrong data flow node, then analysis will be flawed. This article discusses several scenarios where it is important to consider whether data flow should be computed on the value of the pointer or its indirection. -For almost all situations we only need to instantiate a dataflow configuration and specify our sources and sinks, and dataflow will handle everything for us. +For almost all situations we only need to instantiate a dataflow configuration and specify our sources and sinks, and the dataflow library will handle everything for us. However, when a write to a field is not visible to CodeQL (for example because it happens in a function whose definition is not in the database) we need to track the qualifier, and tell the dataflow library that it is okay to transfer flow from the qualifier to the field access. This is done by adding an ``isAdditionalFlowStep`` predicate to the dataflow module.