Include suggestions from review

Porcuiney Hairs · Porcuiney Hairs · commit 9fe822f41c2c · 2021-10-22T00:55:01.000+05:30
diff --git a/csharp/ql/src/experimental/CWE-918/RequestForgery.ql b/csharp/ql/src/experimental/CWE-918/RequestForgery.ql
@@ -1,7 +1,6 @@
 /**
- * @name Uncontrolled data used in a WebClient
- * @description The WebClient class allows developers to request resources,
- *              accessing resources influenced by users can allow an attacker to access local files.
+ * @name Uncontrolled data used in network request
+ * @description Sending network requests with user-controlled data allows for request forgery attacks.
  * @kind path-problem
  * @problem.severity error
  * @precision high
@@ -16,5 +15,5 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
 
 from RequestForgeryConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
 where c.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to here and is used in a method of WebClient.",
+select sink.getNode(), source, sink, "$@ flows to here and is used in a server side web request.",
   source.getNode(), "User-provided value"
diff --git a/csharp/ql/src/experimental/CWE-918/RequestForgery.qll b/csharp/ql/src/experimental/CWE-918/RequestForgery.qll
@@ -24,7 +24,7 @@ module RequestForgery {
   abstract private class BarrierGuard extends DataFlow::BarrierGuard { }
 
   /**
-   * A taint-tracking configuration for detecting server side request forgery vulnerabilities.
+   * A data flow configuration for detecting server side request forgery vulnerabilities.
    */
   class RequestForgeryConfiguration extends DataFlow::Configuration {
     RequestForgeryConfiguration() { this = "Server Side Request forgery" }
@@ -148,7 +148,9 @@ module RequestForgery {
    * This guard considers all checks as valid.
    */
   private class StringStartsWithBarrierGuard extends BarrierGuard, MethodCall {
-    StringStartsWithBarrierGuard() { this.getTarget().hasQualifiedName("System.String.StartsWith") }
+    StringStartsWithBarrierGuard() {
+      this.getTarget().hasQualifiedName("System.String", "StartsWith")
+    }
 
     override predicate checks(Expr e, AbstractValue v) {
       // Any check such as the ones shown below
