From 2e4e5ef48095b97fed9741fe123a9655accce356 Mon Sep 17 00:00:00 2001
From: amammad <77095239+amammad@users.noreply.github.com>
Date: Wed, 11 Oct 2023 12:50:00 +0200
Subject: [PATCH] fix a comment

---
 .../CWE-522-DecompressionBombs/DecompressionBombs.qll  | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ruby/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.qll b/ruby/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.qll
index d51dffe2d90..cda39e14446 100644
--- a/ruby/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.qll
+++ b/ruby/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.qll
@@ -81,16 +81,18 @@ module ZipInputStream {
   /**
    * Gets a node of `Zip::InputStream` member
    *
-   * Note that if you use the lower level Zip::InputStream interface, rubyzip does not check the entry sizes.
+   * Note that if you use the lower level Zip::InputStream interface, rubyZip does not check the entry sizes.
    */
   private API::Node zipInputStream() {
     result = API::getTopLevelMember("Zip").getMember("InputStream")
   }
 
   /**
-   * The return values of following methods
-   * `ZipIO.read`
-   * `ZipEntry.extract`
+   * The methods
+   * `Zip::InputStream.read`
+   * `Zip::InputStream.extract`
+   *
+   * as source of decompression bombs, they need an additional taint step for a dataflow or taint tracking query
    */
   class DecompressionBombSink extends DecompressionBomb::Range {
     DecompressionBombSink() { this = zipInputStream().getMethod(["open", "new"]) }