From 894b3f2cd4002d8c5cfef20bf6e5eacc1532f193 Mon Sep 17 00:00:00 2001
From: Remco Vermeulen <rvermeulen@users.noreply.github.com>
Date: Mon, 17 Aug 2020 11:40:08 +0200
Subject: [PATCH] Add or change qldocs

---
 java/ql/src/semmle/code/java/security/XSS.qll | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/java/ql/src/semmle/code/java/security/XSS.qll b/java/ql/src/semmle/code/java/security/XSS.qll
index ca83f6c4b88..df1a1606f12 100644
--- a/java/ql/src/semmle/code/java/security/XSS.qll
+++ b/java/ql/src/semmle/code/java/security/XSS.qll
@@ -1,3 +1,5 @@
+/** Provides classes to reason about Cross-site scripting (XSS) vulnerabilities. */
+
 import java
 import semmle.code.java.frameworks.Servlets
 import semmle.code.java.frameworks.android.WebView
@@ -6,12 +8,10 @@ import semmle.code.java.frameworks.spring.SpringHttp
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.TaintTracking2
 
-/*
- * Definitions for XSS sinks
- */
-
+/** A sink that represent a method that outputs data without applying contextual output encoding. */
 abstract class XssSink extends DataFlow::Node { }
 
+/** A sanitizer that neutralizes dangerous characters that can be used to perform a XSS attack. */
 abstract class XssSanitizer extends DataFlow::Node { }
 
 /**
@@ -28,6 +28,7 @@ abstract class XssAdditionalTaintStep extends TaintTracking2::Unit {
   abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
 }
 
+/** A default sink representing methods susceptible to XSS attacks. */
 private class DefaultXssSink extends XssSink {
   DefaultXssSink() {
     exists(HttpServletResponseSendErrorMethod m, MethodAccess ma |
@@ -96,12 +97,14 @@ private class DefaultXssSink extends XssSink {
   }
 }
 
+/** A default sanitizer that considers numeric and boolean typed data safe for writing to output. */
 private class DefaultXSSSanitizer extends XssSanitizer {
   DefaultXSSSanitizer() {
     this.getType() instanceof NumericType or this.getType() instanceof BooleanType
   }
 }
 
+/** A configuration that tracks data from a servlet writer to an output method. */
 private class ServletWriterSourceToWritingMethodFlowConfig extends TaintTracking2::Configuration {
   ServletWriterSourceToWritingMethodFlowConfig() {
     this = "XSS::ServletWriterSourceToWritingMethodFlowConfig"
@@ -116,6 +119,7 @@ private class ServletWriterSourceToWritingMethodFlowConfig extends TaintTracking
   }
 }
 
+/** A class representing methods that can be used to output data. */
 private class WritingMethod extends Method {
   WritingMethod() {
     getDeclaringType().getASupertype*().hasQualifiedName("java.io", _) and
@@ -127,6 +131,7 @@ private class WritingMethod extends Method {
   }
 }
 
+/** A class representing methods that provides access to an output stream or writer. */
 class ServletWriterSource extends MethodAccess {
   ServletWriterSource() {
     this.getMethod() instanceof ServletResponseGetWriterMethod