Apply suggestions from code review

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2026-05-01 03:35:13 +02:00 · 2021-10-16 10:04:50 +02:00
parent 320a00be31
commit be424704a6
1 changed files with 3 additions and 2 deletions
--- a/python/ql/src/experimental/semmle/python/frameworks/XML.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/XML.qll
@@ -69,8 +69,9 @@ private module XML {
   * ```
   *
   * `this` would be `xml.sax.make_parser()`, `getAnInput()` would return `StringIO(xml_content)`
-   * and `mayBeDangerous()` would succeed since `xml.sax.handler.feature_external_ges` is set to
-   * `False` and so it's vulnerable.
+   * and `mayBeDangerous()` would not hold since `xml.sax.handler.feature_external_ges` is set to
+   * `False` and so is not vulnerable.
+   * see https://docs.python.org/3/library/xml.sax.handler.html#xml.sax.handler.feature_external_ges
   */
  private class XMLSaxParser extends DataFlow::CallCfgNode, XMLParser::Range {
    DataFlow::CallCfgNode attrCall;