fix qlhelp and qldoc bugs

2025-12-24 12:46:34 +01:00 · 2023-07-24 17:13:27 +10:00
parent c704158150
commit 6f8ec118df
3 changed files with 13 additions and 5 deletions
--- a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKey.qhelp
+++ b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKey.qhelp
@@ -15,14 +15,22 @@
    </p>
  </recommendation>
  <example>
+    <p>Safe Django SECRET_KEY</p>
    <sample src="examples/example_Django_safe.py" />
-    <sample src="examples/example_Django_snsafe.py" />
+    <p>Unsafe Django SECRET_KEY Example:</p>
+    <sample src="examples/example_Django_unsafe.py" />
+    <p>Safe Flask SECRET_KEY Example:</p>
    <sample src="examples/example_Flask_safe.py" />
    <sample src="examples/example_Flask_unsafe.py" />
+    <p>Unsafe Flask SECRET_KEY Example:</p>
    <sample src="examples/example_Flask_unsafe2.py" />
+    <p>config1.py</p>
    <sample src="examples/config1.py" />
+    <p>config2.py</p>
    <sample src="examples/config2.py" />
+    <p>config3.py</p>
    <sample src="examples/config3.py" />
+    <p>__init__.py</p>
    <sample src="examples/settings/__init__.py" />
  </example>
  <references>
--- a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyDjango.qll
+++ b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyDjango.qll
@@ -14,7 +14,7 @@ module DjangoConstantSecretKeyConfig {
  predicate isSource(DataFlow::Node source) { source instanceof WebAppConstantSecretKeySource }

  /**
-   * A sink like following SECRET_KEY Assignments
+   * Holds if There is a sink like following SECRET_KEY Assignments
   * ```python
   *from django.conf import settings
   *settings.configure(
--- a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyFlask.qll
+++ b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyFlask.qll
@@ -36,7 +36,7 @@ module FlaskConstantSecretKeyConfig {
   *    app.config.update(SECRET_KEY="CHANGEME3")
   *    app.config.from_mapping(SECRET_KEY="CHANGEME4")
   * ```
-   * other Sinks are SECRET_KEY Constants Variables that are defined in seperate files or a class in those files like:
+   * other Sinks are SECRET_KEY Constants Variables that are defined in separate files or a class in those files like:
   * ```python
   *    app.config.from_pyfile("config.py")
   *    app.config.from_object('config.Config')
@@ -84,7 +84,7 @@ module FlaskConstantSecretKeyConfig {
  }

  /**
-   * Assignments like `SECRET_KEY = ConstantValue`
+   * An Assignments like `SECRET_KEY = ConstantValue`
   * and `SECRET_KEY` file must be the Location that is specified in argument of `from_object` or `from_pyfile` methods
   */
  class SecretKeyAssignStmt extends AssignStmt {
@@ -119,7 +119,7 @@ module FlaskConstantSecretKeyConfig {
  }

  /**
-   * A helper predicate that specify where the Flask `SECRET_KEY` variable location is defined.
+   * Holds if there is a helper predicate that specify where the Flask `SECRET_KEY` variable location is defined.
   * In Flask we have config files that specify the location of `SECRET_KEY` variable initialization
   * and the name of these files are determined by
   * `app.config.from_pyfile("configFileName.py")`