From 500992c499493ccd50870443a3535a84e3da56d9 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Wed, 9 Oct 2024 15:08:48 +0100
Subject: [PATCH] Update qhelp to explain possible source of FPs

---
 .../Security/CWE-681/IncorrectIntegerConversionQuery.qhelp   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.qhelp b/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.qhelp
index 41e338446edd..946c65febf55 100644
--- a/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.qhelp
+++ b/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.qhelp
@@ -27,6 +27,11 @@ the bit size you specified when parsing the number.
 If this is not possible, then add upper (and lower) bound checks specific to each type and
 bit size (you can find the minimum and maximum value for each type in the <code>math</code> package).
 </p>
+<p>
+Note that CodeQL is only able to identify bounds checks that compare against a constant value. When a variable
+is used in the comparison, CodeQL is unable to determine the value of the variable at runtime and will not
+recognize the bounds check.
+</p>
 </recommendation>
 
 <example>