JS: address more review comments

2026-04-28 02:05:14 +02:00 · 2018-10-10 15:28:42 +02:00
parent c885490c7e
commit e93545d16e
5 changed files with 10 additions and 10 deletions
--- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
+++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
@@ -1,5 +1,5 @@
 /**
- * @name User-controlled data in file
+ * @name User-controlled data written to file
 * @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
 * @kind problem
 * @problem.severity warning
--- a/javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll
@@ -10,7 +10,7 @@ import javascript
 /**
 * A call that performs a request to a URL.
 *
- * Example: An HTTP POST request is client request that sends some
+ * Example: An HTTP POST request is a client request that sends some
 * `data` to a `url`, where both the headers and the body of the request
 * contribute to the `data`.
 */
--- a/javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
@@ -480,7 +480,7 @@ module NodeJSLib {
  }
  
  /**
-   * A read from the file system.
+   * A write to the file system, using a stream.
   */
  private class FileStreamWrite extends FileSystemWriteAccess, DataFlow::CallNode {

--- a/javascript/ql/src/semmle/javascript/security/dataflow/HttpToFileAccess.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/HttpToFileAccess.qll
@@ -1,5 +1,5 @@
 /**
- * Provides a taint tracking configuration for reasoning about user-controlled data in files.
+ * Provides a taint tracking configuration for reasoning about writing user-controlled data to files.
 */
 import javascript
 import semmle.javascript.security.dataflow.RemoteFlowSources
@@ -7,22 +7,22 @@ import semmle.javascript.security.dataflow.RemoteFlowSources
 module HttpToFileAccess {

  /**
-   * A data flow source for user-controlled data in files.
+   * A data flow source for writing user-controlled data to files.
   */
  abstract class Source extends DataFlow::Node { }

  /**
-   * A data flow sink for user-controlled data in files.
+   * A data flow sink for writing user-controlled data to files.
   */
  abstract class Sink extends DataFlow::Node { }

  /**
-   * A sanitizer for user-controlled data in files.
+   * A sanitizer for writing user-controlled data to files.
   */
  abstract class Sanitizer extends DataFlow::Node { }

  /**
-   * A taint tracking configuration for user-controlled data in files.
+   * A taint tracking configuration for writing user-controlled data to files.
   */
  class Configuration extends TaintTracking::Configuration {
    Configuration() {
@@ -43,7 +43,7 @@ module HttpToFileAccess {
    }
  }

-  /** A source of remote user input, considered as a flow source for user-controlled data in files. */
+  /** A source of remote user input, considered as a flow source for writing user-controlled data to files. */
  class RemoteFlowSourceAsSource extends Source {
    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
  }