apply suggestions from doc review

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2026-04-30 03:05:15 +02:00 · 2022-01-28 10:46:27 +01:00
parent abd87615ff
commit b5198bdaca
3 changed files with 6 additions and 6 deletions
--- a/javascript/ql/lib/change-notes/2022-01-08-insecure-dependency-resolution.md
+++ b/javascript/ql/lib/change-notes/2022-01-08-insecure-dependency-resolution.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* The `js/http-dependency` query has been added. It detects depedencies that are downloaded using an unencrypted connection.
+* The `js/insecure-dependency` query has been added. It detects depedencies that are downloaded using an unencrypted connection.
--- a/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.qhelp
+++ b/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.qhelp
@@ -6,10 +6,10 @@
 <overview>
 <p>
 Using an insecure protocol like HTTP or FTP to download build dependencies makes the build process vulnerable to a 
-Man in the Middle (MITM) attack.
+man-in-the-middle (MITM) attack.
 </p>
 <p>
-This can allow attackers to inject malicious code into the downloaded dependencies and thereby 
+This can allow attackers to inject malicious code into the downloaded dependencies, and thereby 
 infect the build artifacts and execute arbitrary code on the machine building the artifacts.
 </p>

@@ -46,10 +46,10 @@ The fix is to change the protocol to HTTPS.
  </a>
 </li>
 <li>
-  Wikipedia: <a href="https://en.wikipedia.org/wiki/Supply_chain_attack">Supply chain attack</a>
+  Wikipedia: <a href="https://en.wikipedia.org/wiki/Supply_chain_attack">Supply chain attack.</a>
 </li>
 <li>
-  Wikipedia: <a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">Man-in-the-middle attack</a>
+  Wikipedia: <a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">Man-in-the-middle attack.</a>
 </li>
 </references>
 </qhelp>
--- a/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
+++ b/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
@@ -1,7 +1,7 @@
 /**
 * @name Dependency download using unencrypted communication channel
 * @description Using unencrypted protocols to fetch dependencies can leave an application
- *              open to man in the middle attacks.
+ *              open to man-in-the-middle attacks.
 * @kind problem
 * @problem.severity warning
 * @security-severity 8.1