hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: fix more instances of ql/missing-parameter-qldoc

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-12-20 13:46:15 +01:00
parent 3762ce2c72
commit daed33f5af
14 changed files with 31 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
View File

@@ -72,11 +72,11 @@ pragma[noinline]
Folder getAPackageJsonFolder() { result = any(PackageJson json).getFile().getParentContainer() }
/**
* Gets a reference to `dirname`, the home folder, the current working folder, or the root folder.
* Gets a reference to a directory that has a `package.json` in the same folder, the home folder,
* the current working folder, or the root folder.
* All of these might cause information to be leaked.
*
* For `dirname` that can happen if there is a `package.json` file in the same folder.
* It is assumed that the presence of a `package.json` file means that a `node_modules` folder can also exist.
* For the first case it is assumed that the presence of a `package.json` file means that a `node_modules` folder can also exist.
*
* For the root/home/working folder, they contain so much information that they must leak information somehow (e.g. ssh keys in the `~/.ssh` folder).
*/
@@ -108,7 +108,7 @@ DataFlow::Node getALeakingFolder(string description) {
}
/**
* Gets a data-flow node that represents a path to the private folder `path`.
* Gets a data-flow node that represents the private folder descriped by `description`.
*/
DataFlow::Node getAPrivateFolderPath(string description) {
exists(string path |
@@ -119,7 +119,7 @@ DataFlow::Node getAPrivateFolderPath(string description) {
}
/**
* Gest a call that serves the folder `path` to the public.
* Gest a call that serves the folder descriped by `description` to the public.
*/
DataFlow::CallNode servesAPrivateFolder(string description) {
result = DataFlow::moduleMember(["express", "connect"], "static").getACall() and

2
javascript/ql/src/Security/CWE-384/SessionFixation.ql
View File

@@ -36,7 +36,7 @@ predicate isLoginSetup(Express::RouteSetup setup) {
}
/**
* Holds if `handler` regenerates its session using `req.session.regenerate`.
* Holds if `setup` regenerates its session using `req.session.regenerate`.
*/
pragma[inline]
predicate regeneratesSession(Express::RouteSetup setup) {