QLDoc improvements from code review

atorralba · felicitymay · aschackmull · web-flow · commit bdf0f582a499 · 2021-07-29T16:34:21.000+02:00
Co-authored-by: Felicity Chapman &lt;felicitymay@github.com&gt;
Co-authored-by: Anders Schack-Mulligen &lt;aschackmull@users.noreply.github.com&gt;
diff --git a/java/change-notes/2021-05-06-unsafe-android-access-query.md b/java/change-notes/2021-05-06-unsafe-android-access-query.md
@@ -1,2 +1,2 @@
 lgtm,codescanning
-* The query "Unsafe resource fetching in Android webview" (`java/android/unsafe-android-webview-fetch`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3706).
+* The query "Unsafe resource fetching in Android WebView" (`java/android/unsafe-android-webview-fetch`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3706).
diff --git a/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql b/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
@@ -1,7 +1,7 @@
 /**
- * @name Unsafe resource fetching in Android webview
- * @description JavaScript rendered inside WebViews can access any protected
- *              application file and web resource from any origin
+ * @name Unsafe resource fetching in Android WebView
+ * @description JavaScript rendered inside WebViews can access protected
+ *              application files and web resources from any origin exposing them to attack.
  * @kind path-problem
  * @problem.severity warning
  * @precision medium
@@ -17,5 +17,5 @@ import DataFlow::PathGraph
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, FetchUntrustedResourceConfiguration conf
 where conf.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Unsafe resource fetching in Android webview due to $@.",
+select sink.getNode(), source, sink, "Unsafe resource fetching in Android WebView due to $@.",
   source.getNode(), sink.getNode().(UrlResourceSink).getSinkType()
diff --git a/java/ql/src/semmle/code/java/security/UnsafeAndroidAccess.qll b/java/ql/src/semmle/code/java/security/UnsafeAndroidAccess.qll
@@ -14,15 +14,15 @@ private import semmle.code.java.dataflow.ExternalFlow
  */
 abstract class UrlResourceSink extends DataFlow::Node {
   /**
-   * Returns a description of this vulnerability,
+   * Gets a description of this vulnerability.
    */
   abstract string getSinkType();
 }
 
 /**
- * Cross-origin access enabled resource fetch.
+ * A cross-origin access enabled resource fetch.
  *
- * It requires JavaScript to be enabled too to be considered a valid sink.
+ * Only considered a valid sink when JavaScript is also enabled.
  */
 private class CrossOriginUrlResourceSink extends JavaScriptEnabledUrlResourceSink {
   CrossOriginUrlResourceSink() {
@@ -61,7 +61,7 @@ private class JavaScriptEnabledUrlResourceSink extends UrlResourceSink {
 }
 
 /**
- * Methods allowing any-local-file and cross-origin access in the WebSettings class
+ * A method allowing any-local-file and cross-origin access in the WebSettings class.
  */
 private class CrossOriginAccessMethod extends Method {
   CrossOriginAccessMethod() {
@@ -71,7 +71,7 @@ private class CrossOriginAccessMethod extends Method {
 }
 
 /**
- * `setJavaScriptEnabled` method for the webview
+ * The `setJavaScriptEnabled` method for the webview.
  */
 private class AllowJavaScriptMethod extends Method {
   AllowJavaScriptMethod() {
@@ -81,7 +81,7 @@ private class AllowJavaScriptMethod extends Method {
 }
 
 /**
- * Holds if a call to `v.setJavaScriptEnabled(true)` exists
+ * Holds if a call to `v.setJavaScriptEnabled(true)` exists.
  */
 private predicate isJSEnabled(Variable v) {
   exists(MethodAccess jsa |
diff --git a/java/ql/src/semmle/code/java/security/UnsafeAndroidAccessQuery.qll b/java/ql/src/semmle/code/java/security/UnsafeAndroidAccessQuery.qll
@@ -7,7 +7,7 @@ import semmle.code.java.security.RequestForgery
 import semmle.code.java.security.UnsafeAndroidAccess
 
 /**
- * Taint configuration tracking flow from untrusted inputs to a resource fetching call.
+ * A taint configuration tracking flow from untrusted inputs to a resource fetching call.
  */
 class FetchUntrustedResourceConfiguration extends TaintTracking::Configuration {
   FetchUntrustedResourceConfiguration() { this = "FetchUntrustedResourceConfiguration" }

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`lgtm,codescanning`
`2`		-* The query "Unsafe resource fetching in Android webview" (`java/android/unsafe-android-webview-fetch`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3706).
	`2`	+* The query "Unsafe resource fetching in Android WebView" (`java/android/unsafe-android-webview-fetch`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3706).