Apply suggestions from code review

Co-authored-by: Felicity Chapman <felicitymay@github.com>
2026-04-25 16:55:19 +02:00 · 2021-02-16 16:45:13 -05:00
parent f910fd4719
commit 7929faedc0
2 changed files with 6 additions and 6 deletions
--- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.qhelp
+++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.qhelp
@@ -19,11 +19,11 @@ can occur.</p>
 <recommendation>
 <p>Use JDK methods that specifically protect against this vulnerability:</p>
 <ul>
-    <li><a href="https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempDirectory">java.nio.file.Files#createTempDirectory</a></li>
-    <li><a href="https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempFile">java.nio.file.Files#createTempFile</a></li>
+    <li><a href="https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempDirectory-java.nio.file.Path-java.lang.String-java.nio.file.attribute.FileAttribute...-">java.nio.file.Files#createTempDirectory</a></li>
+    <li><a href="https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempFile-java.nio.file.Path-java.lang.String-java.lang.String-java.nio.file.attribute.FileAttribute...-">java.nio.file.Files#createTempFile</a></li>
 </ul>
 <p>Otherwise, create the file/directory by manually specificfying the expected posix file permissions.
-Eg. <code>PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))</code></p>
+For example: <code>PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))</code></p>
 <ul>
    <li><a href="https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createFile-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-">java.nio.file.Files#createFile</a></li>
    <li><a href="https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createDirectory-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-">java.nio.file.Files#createDirectory</a></li>
@@ -32,7 +32,7 @@ Eg. <code>PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OW
 </recommendation>

 <example>
-<p>In the following example, files and directories are created with file permissions allowing other local users to read their contents.</p>
+<p>In the following example, files and directories are created with file permissions that allow other local users to read their contents.</p>

 <sample src="TempDirUsageVulnerable.java"/>

--- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosureFromMethodCall.ql
+++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosureFromMethodCall.ql
@@ -1,6 +1,6 @@
 /**
- * @name Temporary Directory Local information disclosure
- * @description Detect local information disclosure via the java temporary directory
+ * @name Temporary directory local information disclosure
+ * @description Writing information without explicit permissions to a shared temporary directory may disclose it to other users.
 * @kind problem
 * @problem.severity warning
 * @precision very-high