Don't capitalize the term content provider

atorralba · mchammer01 · atorralba · commit 8767d2db230d · 2022-01-20T13:23:52.000+01:00
Co-authored-by: mc &lt;42146119+mchammer01@users.noreply.github.com&gt;
diff --git a/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.qhelp b/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.qhelp
@@ -6,7 +6,7 @@
 <p>When an Android component expects a result from an Activity, <code>startActivityForResult</code> can be used.
 The started Activity can then use <code>setResult</code> to return the appropriate data to the calling component.</p>
 <p>If an Activity obtains the incoming, user-provided Intent and directly returns it via <code>setResult</code>
-without any checks, the application may be unintentionally giving arbitrary access to its Content Providers, even
+without any checks, the application may be unintentionally giving arbitrary access to its content providers, even
 if they are not exported, as long as they are configured with the attribute <code>android:grantUriPermissions="true"</code>. 
 This happens because the attacker adds the appropriate URI permission flags to the provided Intent, which take effect
 once the Intent is reflected back.</p>
diff --git a/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql b/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
@@ -1,7 +1,7 @@
 /**
  * @name Intent URI permission manipulation
- * @description Returning an externally provided Intent via setResult may allow a malicious
- *              application to access arbitrary Content Providers of the vulnerable application.
+ * @description Returning an externally provided Intent via 'setResult' may allow a malicious
+ *              application to access arbitrary content providers of the vulnerable application.
  * @kind path-problem
  * @problem.severity error
  * @security-severity 7.8
@@ -21,4 +21,4 @@ from DataFlow::PathNode source, DataFlow::PathNode sink
 where any(IntentUriPermissionManipulationConf c).hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
   "This Intent can be set with arbitrary flags from $@, " +
-    "and used to give access to internal Content Providers.", source.getNode(), "this user input"
+    "and used to give access to internal content providers.", source.getNode(), "this user input"
diff --git a/java/ql/src/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md b/java/ql/src/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md
@@ -3,4 +3,4 @@ category: newQuery
 ---
 * A new query "Intent URI permission manipulation" (`java/android/intent-uri-permission-manipulation`) has been added.
 This query finds Android components that return unmodified, received Intents to the calling applications, which
-can provide unintended access to internal Content Providers of the victim application.
+can provide unintended access to internal content providers of the victim application.
diff --git a/java/ql/test/library-tests/frameworks/android/content-provider/Safe.java b/java/ql/test/library-tests/frameworks/android/content-provider/Safe.java
@@ -11,7 +11,7 @@
 import android.os.ParcelFileDescriptor;
 import android.os.RemoteException;
 
-// This Content Provider isn't exported, so there shouldn't be any flow
+// This content provider isn't exported, so there shouldn't be any flow
 public class Safe extends ContentProvider {
 
 	void sink(Object o) {}
