Apply suggestions from code review

Co-authored-by: Felicity Chapman <[email protected]>

Author: atorralba

java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.java

@@ -10,7 +10,7 @@ public void onCreate() {
             InputStream is = contentResolver.openInputStream(uri);
             copyToExternalCache(is);
         }
-        // BAD: input Uri is not normalized, and check can be bypassed with ".." characters
+        // BAD: input URI is not normalized, and check can be bypassed with ".." characters
         {
             ContentResolver contentResolver = getContentResolver();
             Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
@@ -20,7 +20,7 @@ public void onCreate() {
             InputStream is = contentResolver.openInputStream(uri);
             copyToExternalCache(is);
         }
-        // GOOD: URI gets properly validated to avoid access to internal files
+        // GOOD: URI is properly validated to block access to internal files
         {
             ContentResolver contentResolver = getContentResolver();
             Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");

java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.qhelp

@@ -30,7 +30,7 @@
 <example>
 <p>
   This example shows two ways of opening a file using a <code>ContentResolver</code>. In the first case, externally-provided
-  data coming from an intent is directly used in the file-reading operation, allowing an attacker to provide a URI
+  data from an intent is used directly in the file-reading operation. This allows an attacker to provide a URI
   of the form <code>/data/data/(vulnerable app package)/(private file)</code> to trick the application into reading it and
   copying it to the external storage. In the second case, the URI is validated before being used, making sure it does not reference
   any internal application files.