Swift: Docs review response: consistent naming

Author: d10c

swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.qhelp

@@ -2,7 +2,7 @@
 <qhelp>
 <overview>
 
-<p>Sensitive information that is stored unencrypted in the defaults database is accessible to an attacker who gains access to that database. For example, the information could be accessed by any process or user in a rooted device, or exposed through another vulnerability.</p>
+<p>Sensitive information that is stored unencrypted in an application preference store, such as the user defaults database or the iCloud-backed ubiquitous key-value store, is accessible to an attacker who gains access to that data store. For example, the information could be accessed by any process or user in a rooted device, by compromised app extensions, or could be exposed through another vulnerability.</p>
 
 </overview>
 <recommendation>
@@ -12,7 +12,7 @@
 </recommendation>
 <example>
 
-<p>The following example shows three cases of storing information using NSUserDefaults. In the 'BAD' case, the data that is stored is sensitive (a credit card number) and is not encrypted.  In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption.</p>
+<p>The following example shows three cases of storing information using UserDefaults. In the 'BAD' case, the data that is stored is sensitive (a credit card number) and is not encrypted.  In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption.</p>
 
 <sample src="CleartextStoragePreferences.swift" />
 
@@ -21,7 +21,10 @@
 
 <li>
   OWASP Top 10:2021:
-  <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">A02:2021 � Cryptographic Failures</a>.
+  <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">A02:2021 &mdash; Cryptographic Failures</a>.
+</li>
+<li>
+Apple Developer Documentation: <a href="https://developer.apple.com/documentation/foundation/userdefaults">UserDefaults</a>, <a href="https://developer.apple.com/documentation/foundation/nsubiquitouskeyvaluestore">NSUbiquitousKeyValueStore</a>
 </li>
 
 </references>

swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql

@@ -1,6 +1,6 @@
 /**
- * @name Cleartext storage of sensitive information in application preferences
- * @description Storing sensitive information in a non-encrypted database can expose it to an attacker.
+ * @name Cleartext storage of sensitive information in an application preference store
+ * @description Storing sensitive information in a non-encrypted store can expose it to an attacker.
  * @kind path-problem
  * @problem.severity warning
  * @security-severity 7.5
@@ -17,13 +17,13 @@ import codeql.swift.dataflow.TaintTracking
 import DataFlow::PathGraph
 
 /**
- * A `DataFlow::Node` of something that gets stored in a preferences store.
+ * A `DataFlow::Node` of something that gets stored in an application preference store.
  */
 abstract class Stored extends DataFlow::Node {
   abstract string getStoreName();
 }
 
-/** The `DataFlow::Node` of an expression that gets written to the defaults database */
+/** The `DataFlow::Node` of an expression that gets written to the user defaults database */
 class UserDefaultsStore extends Stored {
   UserDefaultsStore() {
     exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |
@@ -38,7 +38,7 @@ class UserDefaultsStore extends Stored {
   override string getStoreName() { result = "the user defaults database" }
 }
 
-/** The `DataFlow::Node` of an expression that gets written to iCloud */
+/** The `DataFlow::Node` of an expression that gets written to the iCloud-backed NSUbiquitousKeyValueStore */
 class NSUbiquitousKeyValueStore extends Stored {
   NSUbiquitousKeyValueStore() {
     exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |