Docs: add path query example to data flow docs

docs/codeql/codeql-language-guides/analyzing-data-flow-in-go.rst

@@ -224,7 +224,7 @@ The resulting module has an identical signature to the one obtained from ``DataF
 Flow sources
 ~~~~~~~~~~~~
 
-The data flow library contains some predefined flow sources. The class ``RemoteFlowSource`` (defined in ``semmle.code.java.dataflow.FlowSources``) represents data flow sources that may be controlled by a remote user, which is useful for finding security problems.
+The data flow library contains some predefined flow sources. The class ``RemoteFlowSource`` represents data flow sources that may be controlled by a remote user, which is useful for finding security problems.
 
 Examples
 ~~~~~~~~
@@ -312,7 +312,7 @@ Exercise 3
 
    import go
 
-   class GetenvSource extends CallExpr {
+   class GetenvSource extends DataFlow::CallNode {
      GetenvSource() {
        exists(Function m | m = this.getTarget() |
          m.hasQualifiedName("os", "Getenv")
@@ -327,7 +327,7 @@ Exercise 4
 
    import go
 
-   class GetenvSource extends CallExpr {
+   class GetenvSource extends DataFlow::CallNode {
      GetenvSource() {
        exists(Function m | m = this.getTarget() |
          m.hasQualifiedName("os", "Getenv")
@@ -350,7 +350,6 @@ Exercise 4
          sink.asExpr() = call.getArgument(0)
        )
      }
-     }
    }
 
    module GetenvToURLFlow = DataFlow::Global<GetenvToURLConfig>;

docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst

@@ -354,11 +354,50 @@ This data flow configuration tracks data flow from environment variables to open
     select fileOpen, "This call to 'os.open' uses data from $@.",
       environment, "call to 'os.getenv'"
 
+Path Query Example
+~~~~~~~~~~~~~~~~~~
+
+Here is the first example above, converted into a path query:
+
+.. code-block:: ql
+
+    /**
+     * @kind path-problem
+     * @problem.severity warning
+     * @id file-system-access-from-remote-input
+     */
+
+    import python
+    import semmle.python.dataflow.new.DataFlow
+    import semmle.python.dataflow.new.TaintTracking
+    import semmle.python.dataflow.new.RemoteFlowSources
+    import semmle.python.Concepts
+
+    module RemoteToFileConfiguration implements DataFlow::ConfigSig {
+      predicate isSource(DataFlow::Node source) {
+        source instanceof RemoteFlowSource
+      }
+
+      predicate isSink(DataFlow::Node sink) {
+        sink = any(FileSystemAccess fa).getAPathArgument()
+      }
+    }
+
+    module RemoteToFileFlow = TaintTracking::Global<RemoteToFileConfiguration>;
+
+    import RemoteToFileFlow::PathGraph
+
+    from RemoteToFileFlow::PathNode input, RemoteToFileFlow::PathNode fileAccess
+    where RemoteToFileFlow::flowPath(input, fileAccess)
+    select fileAccess.getNode(), input, fileAccess, "This file access uses data from $@.",
+      input, "user-controllable input."
+
+For more information, see ":doc:`Creating path queries <creating-path-queries>`".
 
 Further reading
 ---------------
 
-- `Exploring data flow with path queries  <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/exploring-data-flow-with-path-queries>`__ in the GitHub documentation.
+- `Creating path queries  <https://codeql.github.com/docs/writing-codeql-queries/creating-path-queries/>`__ in the GitHub documentation.
 
 
 .. include:: ../reusables/python-further-reading.rst