Apply suggestions from code review (documentation)

Co-authored-by: hubwriter <hubwriter@github.com>
2026-05-01 11:45:14 +02:00 · 2022-04-19 13:38:00 +01:00
parent 6e184f2438
commit 5698638d1f
2 changed files with 3 additions and 3 deletions
--- a/cpp/ql/src/Security/CWE/CWE-611/XXE.qhelp
+++ b/cpp/ql/src/Security/CWE/CWE-611/XXE.qhelp
@@ -4,7 +4,7 @@
 <overview>
 <p>
 Parsing untrusted XML files with a weakly configured XML parser may lead to an
-XML External Entity (XXE) attack. This type of attack uses external entity references
+XML external entity (XXE) attack. This type of attack uses external entity references
 to access arbitrary files on a system, carry out denial-of-service (DoS) attacks, or server-side
 request forgery. Even when the result of parsing is not returned to the user, DoS attacks are still possible
 and out-of-band data retrieval techniques may allow attackers to steal sensitive data.
--- a/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
+++ b/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
@@ -1,5 +1,5 @@
 /**
- * @name External Entity Expansion
+ * @name XML external entity expansion
 * @description Parsing user-controlled XML documents and allowing expansion of
 *              external entity references may lead to disclosure of
 *              confidential data or denial of service.
@@ -208,5 +208,5 @@ class XXEConfiguration extends DataFlow::Configuration {
 from XXEConfiguration conf, DataFlow::PathNode source, DataFlow::PathNode sink
 where conf.hasFlowPath(source, sink)
 select sink, source, sink,
-  "This $@ is not configured to prevent an External Entity Expansion (XXE) attack.", source,
+  "This $@ is not configured to prevent an XML external entity (XXE) attack.", source,
  "XML parser"