Code reveiw suggestions. correction in changenote + style in example

joefarebrother · yoff · web-flow · commit 8f714c631f3b · 2024-07-24T21:37:12.000+01:00
Co-authored-by: yoff &lt;lerchedahl@gmail.com&gt;
diff --git a/python/ql/src/Security/CWE-614/examples/InsecureCookie.py b/python/ql/src/Security/CWE-614/examples/InsecureCookie.py
@@ -16,5 +16,5 @@ def good2():
 
 @app.route("/bad1")
     resp = make_response()
-    resp.set_cookie("name", value="value", samesite='None') # BAD: the SameSite attribute is set to 'None'; and the 'Secure' and 'HttpOnly' attributes are set to False by default.
+    resp.set_cookie("name", value="value", samesite='None') # BAD: the SameSite attribute is set to 'None' and the 'Secure' and 'HttpOnly' attributes are set to False by default.
     return resp
diff --git a/python/ql/src/change-notes/2024-07-23-insecure-cookie-promotion.md b/python/ql/src/change-notes/2024-07-23-insecure-cookie-promotion.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of securities being set without the `Secure`, `HttpOnly`, or `SameSite` attributes set to secure values.
+* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being set without the `Secure`, `HttpOnly`, or `SameSite` attributes set to secure values.
