github · shati-patel · Aug 14, 2020 · Aug 11, 2020 · Aug 12, 2020 · Aug 12, 2020
@@ -138,7 +138,7 @@ To decide who should inherit the king's fortune, the villagers carefully read th
 
 *"The heir to the throne is the closest living relative of the king. Any person with a criminal record will not be considered. If there are multiple candidates, the oldest person is the heir."*
 
-As your final challenge, define a predicate ``hasCriminalRecord`` so that ``hasCriminalRecord(p)`` holds if ``p`` is any of the criminals you unmasked earlier (in the :doc:`Find the thief <find-the-thief>` and :doc:`Catch the fire starter <catch-the-fire-starter>` tutorials).
+As your final challenge, define a predicate ``hasCriminalRecord`` so that ``hasCriminalRecord(p)`` holds if ``p`` is any of the criminals you unmasked earlier (in the ":doc:`Find the thief <find-the-thief>`" and ":doc:`Catch the fire starter <catch-the-fire-starter>`" tutorials).
 
 ➤ `See the answer in the query console on LGTM.com <https://lgtm.com/query/1820692755164273290/>`__
 

@@ -6,7 +6,7 @@ You can use data flow analysis to track the flow of potentially malicious or ins
 About data flow
 ---------------
 
-Data flow analysis computes the possible values that a variable can hold at various points in a program, determining how those values propagate through the program, and where they are used. In CodeQL, you can model both local data flow and global data flow. For a more general introduction to modeling data flow, see :doc:`About data flow analysis <../intro-to-data-flow>`.
+Data flow analysis computes the possible values that a variable can hold at various points in a program, determining how those values propagate through the program, and where they are used. In CodeQL, you can model both local data flow and global data flow. For a more general introduction to modeling data flow, see ":doc:`About data flow analysis <../intro-to-data-flow>`."
 
 Local data flow
 ---------------
@@ -390,7 +390,8 @@ Exercise 4
 Further reading
 ---------------
 
-- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
+- "`Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__"
+
 
 .. include:: ../../reusables/cpp-further-reading.rst
 .. include:: ../../reusables/codeql-ref-tools-further-reading.rst
@@ -6,7 +6,7 @@ You can improve the results generated by a CodeQL query by adding conditions to
 Overview
 --------
 
-This topic describes how a C++ query was developed. The example introduces recursive predicates and demonstrates the typical workflow used to refine a query. For a full overview of the topics available for learning to write queries for C/C++ code, see :doc:`CodeQL for C and C++ <ql-for-cpp>`.
+This topic describes how a C++ query was developed. The example introduces recursive predicates and demonstrates the typical workflow used to refine a query. For a full overview of the topics available for learning to write queries for C/C++ code, see ":doc:`CodeQL for C and C++ <ql-for-cpp>`."
 
 Finding every private field and checking for initialization
 -----------------------------------------------------------
@@ -102,7 +102,7 @@ You may also wish to consider methods called by constructors that assign to the
      int m_value;
    };
 
-This case can be excluded by creating a recursive predicate. The recursive predicate is given a function and a field, then checks whether the function assigns to the field. The predicate runs itself on all the functions called by the function that it has been given. By passing the constructor to this predicate, we can check for assignments of a field in all functions called by the constructor, and then do the same for all functions called by those functions all the way down the tree of function calls. For more information, see `Recursion <https://help.semmle.com/QL/ql-handbook/recursion.html>`__ in the QL language reference.
+This case can be excluded by creating a recursive predicate. The recursive predicate is given a function and a field, then checks whether the function assigns to the field. The predicate runs itself on all the functions called by the function that it has been given. By passing the constructor to this predicate, we can check for assignments of a field in all functions called by the constructor, and then do the same for all functions called by those functions all the way down the tree of function calls. For more information, see "`Recursion <https://help.semmle.com/QL/ql-handbook/recursion.html>`__" in the QL language reference.
 
 .. code-block:: ql
 
@@ -126,7 +126,7 @@ This case can be excluded by creating a recursive predicate. The recursive predi
 Refinement 4—simplifying the query
 ----------------------------------
 
-Finally we can simplify the query by using the transitive closure operator. In this final version of the query, ``c.calls*(fun)`` resolves to the set of all functions that are ``c`` itself, are called by ``c``, are called by a function that is called by ``c``, and so on. This eliminates the need to make a new predicate all together. For more information, see `Transitive closures <https://help.semmle.com/QL/ql-handbook/recursion.html#transitive-closures>`__ in the QL language reference.
+Finally we can simplify the query by using the transitive closure operator. In this final version of the query, ``c.calls*(fun)`` resolves to the set of all functions that are ``c`` itself, are called by ``c``, are called by a function that is called by ``c``, and so on. This eliminates the need to make a new predicate all together. For more information, see "`Transitive closures <https://help.semmle.com/QL/ql-handbook/recursion.html#transitive-closures>`__" in the QL language reference.
 
 .. code-block:: ql
 

@@ -8,7 +8,7 @@ About this article
 
 This article describes how data flow analysis is implemented in the CodeQL libraries for C# and includes examples to help you write your own data flow queries.
 The following sections describe how to use the libraries for local data flow, global data flow, and taint tracking.
-For a more general introduction to modeling data flow, see :doc:`About data flow analysis <../intro-to-data-flow>`.
+For a more general introduction to modeling data flow, see ":doc:`About data flow analysis <../intro-to-data-flow>`."
 
 Local data flow
 ---------------
@@ -553,7 +553,8 @@ This can be adapted from the ``SystemUriFlow`` class:
 Further reading
 ---------------
 
-- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
+- "`Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__"
+
 
 .. include:: ../../reusables/csharp-further-reading.rst
 .. include:: ../../reusables/codeql-ref-tools-further-reading.rst
@@ -14,7 +14,7 @@ There is an extensive core library for analyzing CodeQL databases extracted from
 
 Since this is required for all C# queries, it's omitted from code snippets below.
 
-The core library contains all the program elements, including `files <#files>`__, `types <#types>`__, methods, `variables <#variables>`__, `statements <#statements>`__, and `expressions <#expressions>`__. This is sufficient for most queries, however additional libraries can be imported for bespoke functionality such as control flow and data flow. For information about these additional libraries, see :doc:`CodeQL for C# <ql-for-csharp>`. 
+The core library contains all the program elements, including `files <#files>`__, `types <#types>`__, methods, `variables <#variables>`__, `statements <#statements>`__, and `expressions <#expressions>`__. This is sufficient for most queries, however additional libraries can be imported for bespoke functionality such as control flow and data flow. For information about these additional libraries, see ":doc:`CodeQL for C# <ql-for-csharp>`." 
 
 Class hierarchies
 ~~~~~~~~~~~~~~~~~

@@ -502,7 +502,7 @@ taint, you can define a subclass of ``TaintTracking::Configuration``, which work
 data-flow configurations.
 
 A detailed exposition of global data flow and taint tracking is out of scope for this brief
-introduction. For a general overview of data flow and taint tracking, see `About data flow analysis <https://help.semmle.com/QL/learn-ql/intro-to-data-flow.html>`__.
+introduction. For a general overview of data flow and taint tracking, see "`About data flow analysis <https://help.semmle.com/QL/learn-ql/intro-to-data-flow.html>`__."
 
 Advanced libraries
 ------------------

@@ -13,7 +13,7 @@ CodeQL is based on a powerful query language called QL. The following topics hel
 
    Important 
 
-   If you've previously used QL, you may notice slight changes in terms we use to describe some important concepts. For more information, see our note about :doc:`Recent terminology changes <terminology-note>`.
+   If you've previously used QL, you may notice slight changes in terms we use to describe some important concepts. For more information, see our note about ":doc:`Recent terminology changes <terminology-note>`."
 
 .. toctree::
    :maxdepth: 1

@@ -14,17 +14,17 @@ The following sections provide a brief introduction to data flow analysis with C
 
 See the following tutorials for more information about analyzing data flow in specific languages:
 
-- :doc:`Analyzing data flow in C/C++ <cpp/dataflow>`
-- :doc:`Analyzing data flow in C# <csharp/dataflow>`
-- :doc:`Analyzing data flow in Java <java/dataflow>`
-- :doc:`Analyzing data flow in JavaScript/TypeScript <javascript/dataflow>`
-- :doc:`Analyzing data flow and tracking tainted data in Python <python/taint-tracking>`
+- ":doc:`Analyzing data flow in C/C++ <cpp/dataflow>`"
+- ":doc:`Analyzing data flow in C# <csharp/dataflow>`"
+- ":doc:`Analyzing data flow in Java <java/dataflow>`"
+- ":doc:`Analyzing data flow in JavaScript/TypeScript <javascript/dataflow>`"
+- ":doc:`Analyzing data flow and tracking tainted data in Python <python/taint-tracking>`"
 
 .. pull-quote::
 
     Note
 
-    Data flow analysis is used extensively in path queries. To learn more about path queries, see :doc:`Creating path queries <writing-queries/path-queries>`.  
+    Data flow analysis is used extensively in path queries. To learn more about path queries, see ":doc:`Creating path queries <writing-queries/path-queries>`."  
 
 .. _data-flow-graph:
 
@@ -82,4 +82,5 @@ These flow steps are modeled in the taint-tracking library using predicates that
 Further reading
 ***************
 
-- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
+- "`Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__"
+
@@ -157,6 +157,6 @@ To import the CodeQL library for a specific programming language, type ``import
 Further reading
 ---------------
 
--  To find out more about how to write your own queries, try working through the :doc:`QL tutorials <beginner/ql-tutorials>`.
--  For an overview of the other available resources, see :doc:`Learning CodeQL <../index>`.
--  For a more technical description of the underlying language, see the `QL language reference <https://help.semmle.com/QL/ql-handbook>`__.
+-  To find out more about how to write your own queries, try working through the ":doc:`QL tutorials <beginner/ql-tutorials>`."
+-  For an overview of the other available resources, see ":doc:`Learning CodeQL <../index>`."
+-  For a more technical description of the underlying language, see the "`QL language reference <https://help.semmle.com/QL/ql-handbook>`__."
@@ -180,7 +180,7 @@ Finally, we use these classes to find calls to deprecated methods, excluding cal
 
 In our example, this query flags the call to ``A.m`` in ``A.r``, but not the one in ``A.n``.
 
-For more information about the class ``Call``, see :doc:`Navigating the call graph <call-graph>`.
+For more information about the class ``Call``, see ":doc:`Navigating the call graph <call-graph>`."
 
 Improvements
 ~~~~~~~~~~~~

@@ -9,7 +9,7 @@ About this article
 This article describes how data flow analysis is implemented in the CodeQL libraries for Java and includes examples to help you write your own data flow queries.
 The following sections describe how to use the libraries for local data flow, global data flow, and taint tracking.
 
-For a more general introduction to modeling data flow, see :doc:`About data flow analysis <../intro-to-data-flow>`.
+For a more general introduction to modeling data flow, see ":doc:`About data flow analysis <../intro-to-data-flow>`."
 
 Local data flow
 ---------------
@@ -358,7 +358,8 @@ Exercise 4
 Further reading
 ---------------
 
-- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
+- "`Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__"
+
 
 .. include:: ../../reusables/java-further-reading.rst
 .. include:: ../../reusables/codeql-ref-tools-further-reading.rst
@@ -26,7 +26,7 @@ If ``l`` is bigger than 2\ :sup:`31`\ - 1 (the largest positive value of type ``
 
    All primitive numeric types have a maximum value, beyond which they will wrap around to their lowest possible value (called an "overflow"). For ``int``, this maximum value is 2\ :sup:`31`\ - 1. Type ``long`` can accommodate larger values up to a maximum of 2\ :sup:`63`\ - 1. In this example, this means that ``l`` can take on a value that is higher than the maximum for type ``int``; ``i`` will never be able to reach this value, instead overflowing and returning to a low value.
 
-We're going to develop a query that finds code that looks like it might exhibit this kind of behavior. We'll be using several of the standard library classes for representing statements and functions. For a full list, see :doc:`Abstract syntax tree classes for working with Java programs <ast-class-reference>`.
+We're going to develop a query that finds code that looks like it might exhibit this kind of behavior. We'll be using several of the standard library classes for representing statements and functions. For a full list, see ":doc:`Abstract syntax tree classes for working with Java programs <ast-class-reference>`."
 
 Initial query
 -------------

@@ -210,7 +210,7 @@ Class ``Variable`` represents a variable `in the Java sense <https://docs.oracle
 Abstract syntax tree
 --------------------
 
-Classes in this category represent abstract syntax tree (AST) nodes, that is, statements (class ``Stmt``) and expressions (class ``Expr``). For a full list of expression and statement types available in the standard QL library, see :doc:`Abstract syntax tree classes for working with Java programs <ast-class-reference>`.
+Classes in this category represent abstract syntax tree (AST) nodes, that is, statements (class ``Stmt``) and expressions (class ``Expr``). For a full list of expression and statement types available in the standard QL library, see ":doc:`Abstract syntax tree classes for working with Java programs <ast-class-reference>`."
 
 Both ``Expr`` and ``Stmt`` provide member predicates for exploring the abstract syntax tree of a program:
 
@@ -379,7 +379,7 @@ Conversely, ``Callable.getAReference`` returns a ``Call`` that refers to it. So
    where not exists(c.getAReference())
    select c
 
-➤ `See this in the query console on LGTM.com <https://lgtm.com/query/7261739919657747703/>`__. The LGTM.com demo projects all appear to have many methods that are not called directly, but this is unlikely to be the whole story. To explore this area further, see :doc:`Navigating the call graph <call-graph>`.
+➤ `See this in the query console on LGTM.com <https://lgtm.com/query/7261739919657747703/>`__. The LGTM.com demo projects all appear to have many methods that are not called directly, but this is unlikely to be the whole story. To explore this area further, see ":doc:`Navigating the call graph <call-graph>`."
 
 For more information about callables and calls, see the :doc:`article on the call graph <call-graph>`.