From f16591dffc4a538a32700c077487fcae8fcf26ca Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 18 Nov 2020 09:18:14 +0100 Subject: [PATCH] C++: Respond to qhelp review comments. --- .../src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.qhelp | 2 +- .../src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.qhelp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.qhelp b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.qhelp index df14d71947b..edadb4b14ec 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.qhelp +++ b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.qhelp @@ -4,7 +4,7 @@

Using unsanitized untrusted data in an external API can cause a variety of security issues. This query reports -external APIs that use untrusted data. The results are not filtered. This makes it possible to audit all examples. +external APIs that use untrusted data. The results are not filtered, so you can audit all examples. The query provides data for security reviews of the application and you can also use it to identify external APIs that should be modeled as either taint steps, or sinks for specific problems.

diff --git a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.qhelp b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.qhelp index df14d71947b..edadb4b14ec 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.qhelp +++ b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.qhelp @@ -4,7 +4,7 @@

Using unsanitized untrusted data in an external API can cause a variety of security issues. This query reports -external APIs that use untrusted data. The results are not filtered. This makes it possible to audit all examples. +external APIs that use untrusted data. The results are not filtered, so you can audit all examples. The query provides data for security reviews of the application and you can also use it to identify external APIs that should be modeled as either taint steps, or sinks for specific problems.