From abc9438cd3313c3ded76974ca5a741ab11ec99e3 Mon Sep 17 00:00:00 2001
From: Sauyon Lee <sauyon@github.com>
Date: Thu, 16 Jan 2020 16:11:15 -0800
Subject: [PATCH] Apply suggestions from code review

Co-Authored-By: Max Schaefer <max@semmle.com>
---
 ql/src/Security/CWE-601/BadRedirectCheck.qhelp | 4 ++--
 ql/src/Security/CWE-601/BadRedirectCheck.ql    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ql/src/Security/CWE-601/BadRedirectCheck.qhelp b/ql/src/Security/CWE-601/BadRedirectCheck.qhelp
index 54ca1ca78fa..b6036f4399b 100644
--- a/ql/src/Security/CWE-601/BadRedirectCheck.qhelp
+++ b/ql/src/Security/CWE-601/BadRedirectCheck.qhelp
@@ -14,14 +14,14 @@ also check the second character of redirect URLs.
 
 <recommendation>
 <p>
-Also disallow the patterns <code>//*</code> and <code>/\*</code> when checking redirect URLs.
+Also disallow redirect URLs starting with <code>//</code> or <code>/\</code>.
 </p>
 </recommendation>
 
 <example>
 <p>
 The following function validates a (presumably untrusted) redirect URL <code>redir</code>. If it
-does not begin with <code>/</code>, the harmless placeholder redirect URL, <code>/</code> is
+does not begin with <code>/</code>, the harmless placeholder redirect URL <code>/</code> is
 returned to prevent an open redirect; otherwise <code>redir</code> itself is returned.
 </p>
 <sample src="BadRedirectCheck.go"/>
diff --git a/ql/src/Security/CWE-601/BadRedirectCheck.ql b/ql/src/Security/CWE-601/BadRedirectCheck.ql
index c3365ffba0d..4d464ab8467 100644
--- a/ql/src/Security/CWE-601/BadRedirectCheck.ql
+++ b/ql/src/Security/CWE-601/BadRedirectCheck.ql
@@ -1,7 +1,7 @@
 /**
  * @name Bad redirect check
  * @description A redirect check that checks for a leading slash but not two
- *              leading slashes or a leading slash then backslash is
+ *              leading slashes or a leading slash followed by a backslash is
  *              incomplete.
  * @kind problem
  * @problem.severity warning