don't mention classes that don't exist in TaintTracking.qll

2025-12-24 04:36:35 +01:00 · 2022-09-19 13:37:06 +02:00
parent a4cd913aea
commit 58851aefd6
1 changed files with 2 additions and 2 deletions
--- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
@@ -984,7 +984,7 @@ module TaintTracking {
   *
   * `<contains>` is one of: `contains`, `has`, `hasOwnProperty`
   *
-   * Note that the `includes` method is covered by `StringInclusionSanitizer`.
+   * Note that the `includes` method is covered by `MembershipTestSanitizer`.
   */
  class WhitelistContainmentCallSanitizer extends AdditionalSanitizerGuardNode,
    DataFlow::MethodCallNode {
@@ -1171,7 +1171,7 @@ module TaintTracking {
  /**
   * A check of form `x.indexOf(y) > 0` or similar, which sanitizes `y` in the "then" branch.
   *
-   * The more typical case of `x.indexOf(y) >= 0` is covered by `StringInclusionSanitizer`.
+   * The more typical case of `x.indexOf(y) >= 0` is covered by `MembershipTestSanitizer`.
   */
  class PositiveIndexOfSanitizer extends AdditionalSanitizerGuardNode, DataFlow::ValueNode {
    MethodCallExpr indexOf;