From 6b28575d0ce2cb8556689806c95c1de9e8150567 Mon Sep 17 00:00:00 2001
From: Sylwia Budzynska <102833689+sylwia-budzynska@users.noreply.github.com>
Date: Thu, 9 Oct 2025 17:30:37 +0000
Subject: [PATCH 1/2] Fix taint tracking query

---
 .../analyzing-data-flow-in-python.rst               | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst
index 4bce178d41f8..ad255ddd8548 100644
--- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst
+++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst
@@ -303,6 +303,11 @@ This query shows a data flow configuration that uses all network input as data s
 
 .. code-block:: ql
 
+    /**
+    * @kind path-problem
+    * @problem.severity warning
+    * @id filesystemacess
+    */
     import python
     import semmle.python.dataflow.new.DataFlow
     import semmle.python.dataflow.new.TaintTracking
@@ -319,11 +324,13 @@ This query shows a data flow configuration that uses all network input as data s
       }
     }
 
+    import RemoteToFileFlow::PathGraph
+
     module RemoteToFileFlow = TaintTracking::Global<RemoteToFileConfiguration>;
 
-    from DataFlow::Node input, DataFlow::Node fileAccess
-    where RemoteToFileFlow::flow(input, fileAccess)
-    select fileAccess, "This file access uses data from $@.",
+    from RemoteToFileFlow::PathNode input, RemoteToFileFlow::PathNode fileAccess
+    where RemoteToFileFlow::flowPath(input, fileAccess)
+    select fileAccess.getNode(), input, fileAccess, "This file access uses data from $@.",
       input, "user-controllable input."
 
 This data flow configuration tracks data flow from environment variables to opening files:

From 039d9cbf2c412048d7611942ee4e30722ee1b14a Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
Date: Fri, 10 Oct 2025 09:27:57 +0100
Subject: [PATCH 2/2] Fix typo

---
 .../codeql-language-guides/analyzing-data-flow-in-python.rst    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst
index ad255ddd8548..4080cb9ce6d2 100644
--- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst
+++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst
@@ -306,7 +306,7 @@ This query shows a data flow configuration that uses all network input as data s
     /**
     * @kind path-problem
     * @problem.severity warning
-    * @id filesystemacess
+    * @id filesystemaccess
     */
     import python
     import semmle.python.dataflow.new.DataFlow