Rust: Tweak some wording.

2026-04-20 22:44:52 +02:00 · 2025-03-06 18:46:37 +00:00
parent e564c41043
commit 952e417d13
2 changed files with 4 additions and 4 deletions
--- a/rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll
@@ -80,7 +80,7 @@ module HardcodedCryptographicValue {
  }

  /**
-   * A sink for hardcoded cryptographic value from model data.
+   * An externally modeled sink for hardcoded cryptographic value vulnerabilities.
   */
  private class ModelsAsDataSinks extends Sink {
    CryptographicValueKind kind;
--- a/rust/ql/src/queries/security/CWE-798/HardcodedCryptographicValue.qhelp
+++ b/rust/ql/src/queries/security/CWE-798/HardcodedCryptographicValue.qhelp
@@ -12,10 +12,10 @@ Hardcoded passwords, keys, initialization vectors and salts should not be used f
    Attackers can easily recover hardcoded values if they have access to the source code or compiled executable.
  </li>
  <li>
-    Some hardcoded values may be easily guessable.
+    Some hardcoded values are easily guessable.
  </li>
  <li>
-    Hardcoded values may leave cryptographic operations vulnerable to dictionary attacks, rainbow tables, and other forms of cryptanalysis.
+    Use of hardcoded values may leave cryptographic operations vulnerable to dictionary attacks, rainbow tables, and other forms of cryptanalysis.
  </li>
 </ul>

@@ -23,7 +23,7 @@ Hardcoded passwords, keys, initialization vectors and salts should not be used f
 <recommendation>

 <p>
-Use randomly generated key material, initialization vectors and salts. Use strong passwords that are not hardcoded in source code.
+Use randomly generated key material, initialization vectors and salts. Use strong passwords that are not hardcoded.
 </p>

 </recommendation>