Apply suggestions from code review

erik-krogh · asgerf · web-flow · commit 9c294513c7a5 · 2020-05-18T12:18:20.000+02:00
Co-authored-by: Asger F &lt;asgerf@github.com&gt;
diff --git a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.qhelp b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.qhelp
@@ -8,7 +8,7 @@
 		Dynamically constructing a shell command with inputs from exported 
 		functions, may inadvertently change the meaning of the shell command.
 		
-		Clients using the exported function may use inputs that contains
+		Clients using the exported function may use inputs containing
 		characters that the shell interprets in a special way, for instance
 		quotes and spaces.
 
diff --git a/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll
@@ -779,7 +779,7 @@ module TaintTracking {
   class AdHocWhitelistCheckSanitizer extends SanitizerGuardNode, DataFlow::CallNode {
     AdHocWhitelistCheckSanitizer() {
       getCalleeName()
-          .regexpMatch("(?i).*((?<!un)safe|whitelist|valid|allow|(?<!un)auth(?!or\\b)).*") and
+          .regexpMatch("(?i).*((?<!un)safe|whitelist|(?<!in)valid|allow|(?<!un)auth(?!or\\b)).*") and
       getNumArgument() = 1
     }
 
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstruction.qll b/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstruction.qll
@@ -19,7 +19,7 @@ module UnsafeShellCommandConstruction {
    * A taint-tracking configuration for reasoning about shell command constructed from library input vulnerabilities.
    */
   class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "UnsafeLibaryCommandInjection" }
+    Configuration() { this = "UnsafeShellCommandConstruction" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll
@@ -34,7 +34,7 @@ module UnsafeShellCommandConstruction {
 
     /**
      * Gets the node that should be highlighted for this sink.
-     * E.g. for a string concatenation, the sink is one of the leafs and the highlight is the concatenation root.
+     * E.g. for a string concatenation, the sink is one of the leaves and the highlight is the concatenation root.
      */
     abstract DataFlow::Node getHighLight();
   }

Original file line number	Diff line number	Diff line change
`@@ -779,7 +779,7 @@ module TaintTracking {`
`779`	`779`	`class AdHocWhitelistCheckSanitizer extends SanitizerGuardNode, DataFlow::CallNode {`
`780`	`780`	`AdHocWhitelistCheckSanitizer() {`
`781`	`781`	`getCalleeName()`
`782`		`- .regexpMatch("(?i).((?<!un)safe\|whitelist\|valid\|allow\|(?<!un)auth(?!or\\b)).") and`
	`782`	`+ .regexpMatch("(?i).((?<!un)safe\|whitelist\|(?<!in)valid\|allow\|(?<!un)auth(?!or\\b)).") and`
`783`	`783`	`getNumArgument() = 1`
`784`	`784`	`}`
`785`	`785`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ module UnsafeShellCommandConstruction {`
`34`	`34`
`35`	`35`	`/**`
`36`	`36`	`* Gets the node that should be highlighted for this sink.`
`37`		`- * E.g. for a string concatenation, the sink is one of the leafs and the highlight is the concatenation root.`
	`37`	`+ * E.g. for a string concatenation, the sink is one of the leaves and the highlight is the concatenation root.`
`38`	`38`	`*/`
`39`	`39`	`abstract DataFlow::Node getHighLight();`
`40`	`40`	`}`