Input from Review

2026-04-30 19:26:02 +02:00 · 2020-03-31 18:30:00 +02:00
parent 40c3b5468f
commit 60d5ed9c79
2 changed files with 2 additions and 4 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.qhelp
@@ -23,12 +23,10 @@ is called on the URL, potentially leading to a local file access.</p>
 </example>

 <references>
-<ul>
 <li>Java Platform, Standard Edition 11, API Specification: 
 <a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/net/URL.html">
 Class URL</a>.
 </li>
-</ul>
 <!--  LocalWords:  CWE -->
 </references>

--- a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql
@@ -17,8 +17,8 @@ class URLConstructor extends ClassInstanceExpr {
  Expr stringArg() {
    // Query only in URL's that were constructed by calling the single parameter string constructor.
    this.getConstructor().getNumberOfParameters() = 1 and
-    this.getConstructor().getParameter(0).getType() instanceof TypeString
-    and result = this.getArgument(0)
+    this.getConstructor().getParameter(0).getType() instanceof TypeString and
+    result = this.getArgument(0)
  }
 }