include suggestions from review.

2026-04-29 18:55:14 +02:00 · 2020-11-19 03:37:00 +05:30
parent 402a320a55
commit ebc6c49555
3 changed files with 8 additions and 10 deletions
--- a/java/ql/src/experimental/CWE-918/RequestForgeryCustomizations.qll
+++ b/java/ql/src/experimental/CWE-918/RequestForgeryCustomizations.qll
@@ -125,8 +125,8 @@ module RequestForgery {
  }

  /**
-   * A URI argument to `org.springframework.http.RequestEntity`s constructor call
-   *   taken as a sink for request forgery vulnerabilities.
+   * An argument to `org.springframework.http.RequestEntity`s constructor call
+   *   which is an URI taken as a sink for request forgery vulnerabilities.
   */
  private class RequestEntityUriArg extends Sink {
    RequestEntityUriArg() {
--- a/java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll
+++ b/java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll
@@ -15,8 +15,8 @@ class ApacheHttpEntityGetContent extends Method {
 }

 /**
- *  Models any class derived from `HttpRequestBase` or the `BasicHttpRequest`
- *  class of the Apache Http Client `org.apache.http` library
+ *  A class that is derived from the `HttpRequestBase` or the `BasicHttpRequest`
+ *  classes of the Apache HTTP Client `org.apache.http` library
 */
 class ApacheHttpRequest extends RefType {
  ApacheHttpRequest() {
--- a/java/ql/src/semmle/code/java/frameworks/Networking.qll
+++ b/java/ql/src/semmle/code/java/frameworks/Networking.qll
@@ -42,7 +42,7 @@ class SocketGetInputStreamMethod extends Method {
  }
 }

-/** Any expresion or call which returns a new URI. */
+/** A function or method call that returns a new `URI`. */
 class UriCreation extends Call {
  UriCreation() {
    this.getCallee().getDeclaringType() instanceof TypeUri and
@@ -61,8 +61,6 @@ class UriCreation extends Call {

 /** An URI constructor expression */
 class UriConstructor extends ClassInstanceExpr, UriCreation {
-  UriConstructor() { this.getConstructor().getDeclaringType().getQualifiedName() = "java.net.URI" }
-
  override Expr getHostArg() {
    // URI(String str)
    result = this.getArgument(0) and this.getNumArgument() = 1
@@ -78,7 +76,7 @@ class UriConstructor extends ClassInstanceExpr, UriCreation {
  }
 }

-/** An URI create call */
+/** A call to the `create` method of the `java.net.URI` class */
 class UriCreate extends Call, UriCreation {
  UriCreate() {
    this.getCallee().getName() = "create" and
@@ -88,9 +86,9 @@ class UriCreate extends Call, UriCreation {
  override Expr getHostArg() { result = this.getArgument(0) }
 }

-/* An URL constructor expression */
+/** An `java.net.URL` constructor expression */
 class UrlConstructor extends ClassInstanceExpr {
-  UrlConstructor() { this.getConstructor().getDeclaringType().getQualifiedName() = "java.net.URL" }
+  UrlConstructor() { this.getConstructor().getDeclaringType() instanceof TypeUrl }

  /** Returns the host of the newly created URI. */
  Expr getHostArg() {