Reword

2025-12-17 01:03:14 +01:00 · 2025-09-30 13:08:03 +01:00
parent f1239352ce
commit ff4b97bf2d
2 changed files with 4 additions and 4 deletions
--- a/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.qhelp
+++ b/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.qhelp
@@ -61,8 +61,8 @@
      Note this remains true even in Rails version 5 and later: these versions
      automatically run <code>protect_from_forgery with: :exception</code>
      by default, but manually calling <code>protect_from_forgery</code> with
-      no <code>with</code> argument will still downgrade protection to null the
+      no <code>with</code> argument will still downgrade protection to provide an
-      session rather than raise an exception.
+      empty session rather than raise an exception.
    </p>
  </example>
--- a/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.qhelp
+++ b/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.qhelp
@@ -43,10 +43,10 @@
      <code>protect_from_forgery with: :exception</code> can help to avoid this
      by raising an exception on an invalid CSRF token instead.
-      Note that Rails version 5 and later
+      Note that Rails versions 5 and later
      automatically run <code>protect_from_forgery with: :exception</code>
      by default, but manually calling <code>protect_from_forgery</code> with
-      no <code>with</code> argument will downgrade protection to null the
+      no <code>with</code> argument will downgrade protection to provide an empty
      session rather than raise an exception.
    </p>
  </recommendation>