Merge pull request #10641 from github/nickrolfe/a_an

JS/Python/Ruby: s/a HTML/an HTML/
2026-04-28 02:05:14 +02:00 · 2022-09-30 12:17:15 +01:00
parent b66e5c5aee ed74e0aad1
commit ef8ec0878a
16 changed files with 62 additions and 62 deletions
--- a/ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll
@@ -87,7 +87,7 @@ predicate isBadRegexpFilter(HtmlMatchingRegExp regexp, string msg) {
    not regexp.fillsCaptureGroup("<script>", group) and
    msg =
      "This regular expression only parses --> (capture group " + group +
-        ") and not --!> as a HTML comment end tag."
+        ") and not --!> as an HTML comment end tag."
  )
  or
  regexp.matches("<!-- foo -->") and
--- a/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationQuery.qll
@@ -35,7 +35,7 @@ private DangerousPrefixSubstring getADangerousMatchedChar(EmptyReplaceRegExpTerm
  or
  result = t.getAMatchedString()
  or
-  // A substring matched by some character class. This is only used to match the "word" part of a HTML tag (e.g. "iframe" in "<iframe").
+  // A substring matched by some character class. This is only used to match the "word" part of an HTML tag (e.g. "iframe" in "<iframe").
  exists(NfaUtils::CharacterClass cc |
    cc = NfaUtils::getCanonicalCharClass(t) and
    cc.matches(result) and
@@ -101,12 +101,12 @@ private class RepetitionMatcher extends EmptyReplaceRegExpTerm {
 predicate matchesDangerousPrefix(EmptyReplaceRegExpTerm t, string prefix, string kind) {
  prefix = getADangerousMatchedPrefix(t) and
  (
-    kind = "path injection" and
+    kind = "a path injection vulnerability" and
    prefix = ["/..", "../"] and
    // If the regex is matching explicit path components, it is unlikely that it's being used as a sanitizer.
    not t.getSuccessor*().getAMatchedString().regexpMatch("(?is).*[a-z0-9_-].*")
    or
-    kind = "HTML element injection" and
+    kind = "an HTML element injection vulnerability" and
    (
      // comments
      prefix = "<!--" and
@@ -119,7 +119,7 @@ predicate matchesDangerousPrefix(EmptyReplaceRegExpTerm t, string prefix, string
    )
  )
  or
-  kind = "HTML attribute injection" and
+  kind = "an HTML attribute injection vulnerability" and
  prefix =
    [
      // ordinary event handler prefix
@@ -197,6 +197,6 @@ query predicate problems(
 ) {
  exists(string kind |
    isResult(replace, dangerous, prefix, kind) and
-    msg = "This string may still contain $@, which may cause a " + kind + " vulnerability."
+    msg = "This string may still contain $@, which may cause " + kind + "."
  )
 }
--- a/ruby/ql/test/query-tests/security/cwe-116/IncompleteMultiCharacterSanitization/IncompleteMultiCharacterSanitization.ql
+++ b/ruby/ql/test/query-tests/security/cwe-116/IncompleteMultiCharacterSanitization/IncompleteMultiCharacterSanitization.ql
@@ -31,9 +31,9 @@ predicate hasResult(Location location, string element, string value) {

 bindingset[kind]
 string shortKind(string kind) {
-  kind = "HTML element injection" and result = "html"
+  kind = "an HTML element injection vulnerability" and result = "html"
  or
-  kind = "path injection" and result = "path"
+  kind = "a path injection vulnerability" and result = "path"
  or
-  kind = "HTML attribute injection" and result = "attr"
+  kind = "an HTML attribute injection vulnerability" and result = "attr"
 }