Python: Suggestions from reviewer

python/ql/src/experimental/Security-new-dataflow/CWE-022/ChainedConfigs12.qll

@@ -24,8 +24,8 @@ private predicate crossoverNode(DataFlow::Node n) {
  */
 private newtype TCustomPathNode =
   Config1Node(DataFlow::PathNode node1) { not crossoverNode(node1.getNode()) } or
-  Config2Node(DataFlow2::PathNode node1) { not crossoverNode(node1.getNode()) } or
-  CrossoverNode(DataFlow::Node e) { crossoverNode(e) }
+  Config2Node(DataFlow2::PathNode node2) { not crossoverNode(node2.getNode()) } or
+  CrossoverNode(DataFlow::Node node) { crossoverNode(node) }
 
 /**
  * A class representing the set of all the path nodes in either config.

python/ql/src/experimental/Security-new-dataflow/CWE-022/PathInjection.ql

@@ -1,24 +1,4 @@
 /**
- * The query detects cases where a user-controlled path is used in an unsafe manner,
- * meaning it is not both normalized and _afterwards_ checked.
- *
- * It does so by dividing the problematic situation into two cases:
- *  1. The file path is never normalized.
- *     This is easily detected by using normalization as a sanitizer.
- *
- *  2. The file path is normalized at least once, but never checked afterwards.
- *     This is detected by finding the earliest normalization and then ensure that
- *     no checks happen later. Since we start from the earliest normalization,
- *     we know that the absence of checks means that no normalization has a
- *     check after it. (No checks after a second normalization would be ok if
- *     there was a check between the first and the second.)
- *
- * Note that one could make the dual split on whether the file path is ever checked. This does
- * not work as nicely, however, since checking is modelled as a `BarrierGuard` rather than
- * as a `Sanitizer`. That means that only some dataflow paths out of a check will be removed,
- * and so identifying the last check is not possible simply by finding a dataflow path from it
- * to a sink.
- *
  * @name Uncontrolled data used in path expression
  * @description Accessing paths influenced by users can allow an attacker to access unexpected resources.
  * @kind path-problem
@@ -34,6 +14,26 @@
  *       external/cwe/cwe-036
  *       external/cwe/cwe-073
  *       external/cwe/cwe-099
+ *
+ * The query detects cases where a user-controlled path is used in an unsafe manner,
+ * meaning it is not both normalized and _afterwards_ checked.
+ *
+ * It does so by dividing the problematic situation into two cases:
+ *  1. The file path is never normalized.
+ *     This is easily detected by using normalization as a sanitizer.
+ *
+ *  2. The file path is normalized at least once, but never checked afterwards.
+ *     This is detected by finding the earliest normalization and then ensuring that
+ *     no checks happen later. Since we start from the earliest normalization,
+ *     we know that the absence of checks means that no normalization has a
+ *     check after it. (No checks after a second normalization would be ok if
+ *     there was a check between the first and the second.)
+ *
+ * Note that one could make the dual split on whether the file path is ever checked. This does
+ * not work as nicely, however, since checking is modelled as a `BarrierGuard` rather than
+ * as a `Sanitizer`. That means that only some dataflow paths out of a check will be removed,
+ * and so identifying the last check is not possible simply by finding a dataflow path from it
+ * to a sink.
  */
 
 import python

python/ql/src/experimental/semmle/python/Concepts.qll

@@ -86,7 +86,7 @@ module Path {
   /** Provides a class for modeling new path normalization APIs. */
   module PathNormalization {
     /**
-     * A data-flow node that performs path normlization. This is often needed in oder
+     * A data-flow node that performs path normalization. This is often needed in order
      * to safely access paths.
      */
     abstract class Range extends DataFlow::Node { }