github
diff --git a/‎csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
Lines changed: 2 additions & 4 deletions b/‎csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
Lines changed: 2 additions & 4 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected
Lines changed: 0 additions & 24 deletions b/‎csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected
Lines changed: 0 additions & 24 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/fields/K.cs
Lines changed: 1 addition & 1 deletion b/‎csharp/ql/test/library-tests/dataflow/fields/K.cs
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst
Lines changed: 9 additions & 0 deletions b/‎docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst
Lines changed: 9 additions & 0 deletions
diff --git a/‎docs/codeql/conf.py
Lines changed: 1 addition & 1 deletion b/‎docs/codeql/conf.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/ql/lib/change-notes/2024-08-24-ioutil-fix.md
Lines changed: 5 additions & 0 deletions b/‎go/ql/lib/change-notes/2024-08-24-ioutil-fix.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/database.sql.driver.model.yml
Lines changed: 0 additions & 10 deletions b/‎go/ql/lib/ext/database.sql.driver.model.yml
Lines changed: 0 additions & 10 deletions
diff --git a/‎go/ql/lib/ext/database.sql.model.yml
Lines changed: 0 additions & 28 deletions b/‎go/ql/lib/ext/database.sql.model.yml
Lines changed: 0 additions & 28 deletions
diff --git a/‎go/ql/lib/ext/fmt.model.yml
Lines changed: 0 additions & 7 deletions b/‎go/ql/lib/ext/fmt.model.yml
Lines changed: 0 additions & 7 deletions
diff --git a/‎go/ql/lib/ext/github.com.beego.beego.client.orm.model.yml
Lines changed: 0 additions & 42 deletions b/‎go/ql/lib/ext/github.com.beego.beego.client.orm.model.yml
Lines changed: 0 additions & 42 deletions
@@ -2170,11 +2170,9 @@ predicate jumpStep(Node pred, Node succ) {
     f.getAnAssignedValue() = pred.asExpr() and
     succ = TFlowInsensitiveFieldNode(f)
     or
-    exists(FieldOrPropertyRead fr | f.getAnAccess() = fr |
-      fr = pred.(PostUpdateNode).getPreUpdateNode().asExpr() and
-      succ = TFlowInsensitiveFieldNode(f)
-      or
+    exists(FieldOrPropertyRead fr |
       pred = TFlowInsensitiveFieldNode(f) and
+      f.getAnAccess() = fr and
       fr = succ.asExpr() and
       fr.hasNonlocalValue()
     )
 
@@ -1152,16 +1152,6 @@ edges
 | J.cs:125:14:125:14 | access to local variable a : Int32[] [element] : Int32 | J.cs:125:14:125:17 | access to array element : Int32 | provenance |  |
 | J.cs:125:14:125:17 | access to array element : Int32 | J.cs:125:14:125:17 | (...) ... | provenance |  |
 | J.cs:125:14:125:17 | access to array element : Int32 | J.cs:125:14:125:17 | (...) ... | provenance |  |
-| K.cs:7:13:7:13 | access to local variable o : String | K.cs:8:22:8:22 | access to local variable o : String | provenance |  |
-| K.cs:7:13:7:13 | access to local variable o : String | K.cs:8:22:8:22 | access to local variable o : String | provenance |  |
-| K.cs:7:17:7:33 | call to method Source<String> : String | K.cs:7:13:7:13 | access to local variable o : String | provenance |  |
-| K.cs:7:17:7:33 | call to method Source<String> : String | K.cs:7:13:7:13 | access to local variable o : String | provenance |  |
-| K.cs:8:9:8:15 | [post] access to field Strings : String[] [element] : String | K.cs:13:14:13:20 | access to field Strings : String[] [element] : String | provenance |  |
-| K.cs:8:9:8:15 | [post] access to field Strings : String[] [element] : String | K.cs:13:14:13:20 | access to field Strings : String[] [element] : String | provenance |  |
-| K.cs:8:22:8:22 | access to local variable o : String | K.cs:8:9:8:15 | [post] access to field Strings : String[] [element] : String | provenance |  |
-| K.cs:8:22:8:22 | access to local variable o : String | K.cs:8:9:8:15 | [post] access to field Strings : String[] [element] : String | provenance |  |
-| K.cs:13:14:13:20 | access to field Strings : String[] [element] : String | K.cs:13:14:13:23 | access to array element | provenance |  |
-| K.cs:13:14:13:20 | access to field Strings : String[] [element] : String | K.cs:13:14:13:23 | access to array element | provenance |  |
 nodes
 | A.cs:5:13:5:13 | access to local variable c : C | semmle.label | access to local variable c : C |
 | A.cs:5:13:5:13 | access to local variable c : C | semmle.label | access to local variable c : C |
@@ -2403,18 +2393,6 @@ nodes
 | J.cs:125:14:125:17 | (...) ... | semmle.label | (...) ... |
 | J.cs:125:14:125:17 | access to array element : Int32 | semmle.label | access to array element : Int32 |
 | J.cs:125:14:125:17 | access to array element : Int32 | semmle.label | access to array element : Int32 |
-| K.cs:7:13:7:13 | access to local variable o : String | semmle.label | access to local variable o : String |
-| K.cs:7:13:7:13 | access to local variable o : String | semmle.label | access to local variable o : String |
-| K.cs:7:17:7:33 | call to method Source<String> : String | semmle.label | call to method Source<String> : String |
-| K.cs:7:17:7:33 | call to method Source<String> : String | semmle.label | call to method Source<String> : String |
-| K.cs:8:9:8:15 | [post] access to field Strings : String[] [element] : String | semmle.label | [post] access to field Strings : String[] [element] : String |
-| K.cs:8:9:8:15 | [post] access to field Strings : String[] [element] : String | semmle.label | [post] access to field Strings : String[] [element] : String |
-| K.cs:8:22:8:22 | access to local variable o : String | semmle.label | access to local variable o : String |
-| K.cs:8:22:8:22 | access to local variable o : String | semmle.label | access to local variable o : String |
-| K.cs:13:14:13:20 | access to field Strings : String[] [element] : String | semmle.label | access to field Strings : String[] [element] : String |
-| K.cs:13:14:13:20 | access to field Strings : String[] [element] : String | semmle.label | access to field Strings : String[] [element] : String |
-| K.cs:13:14:13:23 | access to array element | semmle.label | access to array element |
-| K.cs:13:14:13:23 | access to array element | semmle.label | access to array element |
 subpaths
 | A.cs:6:24:6:24 | access to local variable c : C | A.cs:147:32:147:32 | c : C | A.cs:149:20:149:27 | object creation of type B : B [field c] : C | A.cs:6:17:6:25 | call to method Make : B [field c] : C |
 | A.cs:6:24:6:24 | access to local variable c : C | A.cs:147:32:147:32 | c : C | A.cs:149:20:149:27 | object creation of type B : B [field c] : C | A.cs:6:17:6:25 | call to method Make : B [field c] : C |
@@ -2670,5 +2648,3 @@ testFailures
 | J.cs:107:14:107:17 | access to property Y | J.cs:105:32:105:48 | call to method Source<Object> : Object | J.cs:107:14:107:17 | access to property Y | $@ | J.cs:105:32:105:48 | call to method Source<Object> : Object | call to method Source<Object> : Object |
 | J.cs:125:14:125:17 | (...) ... | J.cs:119:20:119:34 | call to method Source<Int32> : Int32 | J.cs:125:14:125:17 | (...) ... | $@ | J.cs:119:20:119:34 | call to method Source<Int32> : Int32 | call to method Source<Int32> : Int32 |
 | J.cs:125:14:125:17 | (...) ... | J.cs:119:20:119:34 | call to method Source<Int32> : Int32 | J.cs:125:14:125:17 | (...) ... | $@ | J.cs:119:20:119:34 | call to method Source<Int32> : Int32 | call to method Source<Int32> : Int32 |
-| K.cs:13:14:13:23 | access to array element | K.cs:7:17:7:33 | call to method Source<String> : String | K.cs:13:14:13:23 | access to array element | $@ | K.cs:7:17:7:33 | call to method Source<String> : String | call to method Source<String> : String |
-| K.cs:13:14:13:23 | access to array element | K.cs:7:17:7:33 | call to method Source<String> : String | K.cs:13:14:13:23 | access to array element | $@ | K.cs:7:17:7:33 | call to method Source<String> : String | call to method Source<String> : String |
@@ -10,7 +10,7 @@ private void M1()
 
     private void M2()
     {
-        Sink(Strings[0]); // $ hasValueFlow=1
+        Sink(Strings[0]); // $ MISSING: hasValueFlow=1
     }
 
     public static void Sink(object o) { }
 
@@ -0,0 +1,9 @@
+.. _analyzing-data-flow-in-cpp-new:
+
+:orphan:
+:nosearch:
+
+Analyzing data flow in C and C++
+================================
+
+This article has moved to a new location: https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-cpp/.
@@ -67,7 +67,7 @@ def setup(sphinx):
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
-language = None
+language = 'en'
 
 # If true, `todo` and `todoList` produce output, else they produce nothing.
 todo_include_todos = False
 
@@ -0,0 +1,5 @@
+---
+category: fix
+---
+* Fixed an issue where `io/ioutil.WriteFile`'s non-path arguments incorrectly generated `go/path-injection` alerts when untrusted data was written to a file, or controlled the file's mode.
+
@@ -1,14 +1,4 @@
 extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["database/sql/driver", "Execer", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql/driver", "ExecerContext", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql/driver", "Conn", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql/driver", "ConnPrepareContext", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql/driver", "Queryer", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql/driver", "QueryerContext", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
 
@@ -1,32 +1,4 @@
 extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["database/sql", "Conn", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
 
@@ -1,11 +1,4 @@
 extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["fmt", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["fmt", "", False, "Printf",  "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["fmt", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ private void M1()`
`10`	`10`
`11`	`11`	`private void M2()`
`12`	`12`	`{`
`13`		`- Sink(Strings[0]); // $ hasValueFlow=1`
	`13`	`+ Sink(Strings[0]); // $ MISSING: hasValueFlow=1`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`public static void Sink(object o) { }`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +category: fix
 +---
 +* Fixed an issue where `io/ioutil.WriteFile`'s non-path arguments incorrectly generated `go/path-injection` alerts when untrusted data was written to a file, or controlled the file's mode.
++