From 735ab28040c8f8b03e1a3fe2d65d62fa5b4789d2 Mon Sep 17 00:00:00 2001
From: haby0 <Ha_yub@163.com>
Date: Thu, 18 Mar 2021 18:58:33 +0800
Subject: [PATCH] Update
 java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>
---
 .../Security/CWE/CWE-470/UnsafeReflection.qhelp            | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp
index b458d783bdd..7a792caf229 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp
@@ -3,9 +3,10 @@
 
 <overview>
 <p>
-Dynamically loaded classes could contain malicious code executed by a static class initializer. 
-I.E. you wouldn't even have to instantiate or explicitly invoke methods on such classes to be 
-vulnerable to an attack.
+Allowing users to freely select a class to load can result in invocation of unexpected dangerous code.
+Dynamically loaded classes could contain dangerous code executed by a constructor or
+static class initializer, which means a vulnerability can rairse even without invoking methods 
+on such classes to be vulnerable to an attack.
 </p>
 </overview>