Apply suggestions from code review

Co-authored-by: Michael B. Gale <mbg@github.com>
2026-04-26 09:15:12 +02:00 · 2023-08-11 09:54:25 +01:00
parent b7dfa2347c
commit 35a300f894
7 changed files with 11 additions and 11 deletions
--- a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
+++ b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
@@ -258,9 +258,8 @@ private module ConversionWithoutBoundsCheckConfig implements DataFlow::StateConf
 }

 /**
- * Tracks taint flow from an integer obtained from parsing a string flows to a
- * type conversion to a smaller integer type, which could cause unexpected
- * values.
+ * Tracks taint flow from an integer obtained from parsing a string that flows
+ * to a type conversion to a smaller integer type, which could cause data loss.
 */
 module Flow = TaintTracking::GlobalWithState<ConversionWithoutBoundsCheckConfig>;

--- a/go/ql/lib/semmle/go/security/InsecureRandomness.qll
+++ b/go/ql/lib/semmle/go/security/InsecureRandomness.qll
@@ -47,8 +47,8 @@ module InsecureRandomness {
  }

  /**
-   * Tracks taint flow for reasoning about random values that are not
-   * cryptographically secure.
+   * Tracks taint flow from randomly generated values which are not
+   * cryptographically secure to cryptographic applications.
   */
  module Flow = TaintTracking::Global<Config>;
 }
--- a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll
+++ b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll
@@ -104,6 +104,6 @@ module OpenUrlRedirect {
    }
  }

-  /** Tracks taint flow for reasoning about unvalidated URL redirections. */
+  /** Tracks taint flow from unvalidated, untrusted data to URL redirections. */
  module Flow = DataFlow::Global<Config>;
 }
--- a/go/ql/lib/semmle/go/security/ReflectedXss.qll
+++ b/go/ql/lib/semmle/go/security/ReflectedXss.qll
@@ -46,6 +46,6 @@ module ReflectedXss {
    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
  }

-  /** Tracks taint flow for reasoning about XSS. */
+  /** Tracks taint flow from untrusted data to XSS attack vectors. */
  module Flow = TaintTracking::Global<Config>;
 }
--- a/go/ql/lib/semmle/go/security/RequestForgery.qll
+++ b/go/ql/lib/semmle/go/security/RequestForgery.qll
@@ -67,6 +67,6 @@ module RequestForgery {
    }
  }

-  /** Tracks taint flow for reasoning about request forgery. */
+  /** Tracks taint flow from untrusted data to request forgery attack vectors. */
  module Flow = TaintTracking::Global<Config>;
 }
--- a/go/ql/lib/semmle/go/security/StringBreak.qll
+++ b/go/ql/lib/semmle/go/security/StringBreak.qll
@@ -50,8 +50,9 @@ module StringBreak {
  }

  /**
-   * Tracks taint flow for reasoning about unsafe-quoting vulnerabilities,
-   * parameterized with the type of quote being tracked.
+   * Tracks taint flow from untrusted data which may contain single or double
+   * quotes to uses where those quotes need to be escaped. The type of quote
+   * is accessible through the `Sink`.
   */
  module Flow = TaintTracking::GlobalWithState<Config>;
 }
--- a/go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll
+++ b/go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll
@@ -14,7 +14,7 @@ module UnsafeUnzipSymlink {
  import UnsafeUnzipSymlinkCustomizations::UnsafeUnzipSymlink

  /**
-   * DEPRECATED: Use a copy of `EvalSymlinksConfig` and `EvalSymlinksFlow` instead.
+   * DEPRECATED: Use copies of `EvalSymlinksConfig` and `EvalSymlinksFlow` instead.
   *
   * A taint-flow configuration tracking archive header fields flowing to a `path/filepath.EvalSymlinks` call.
   */