Apply suggestions from code review

aschackmull · atorralba · web-flow · commit ba95d46ec373 · 2021-10-26T14:04:13.000+02:00
Co-authored-by: Tony Torralba &lt;atorralba@users.noreply.github.com&gt;
diff --git a/java/change-notes/2021-09-03-android-sensitive-broadcast.md b/java/change-notes/2021-09-03-android-sensitive-broadcast.md
@@ -1,2 +1,2 @@
 lgtm,codescanning
-* The query "Leaking sensitive information through an implicit intent" (`java/android/sensitive-communication`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @luchua-bc.](https://github.com/github/codeql/pull/4512) 
+* The query "Leaking sensitive information through an implicit Intent" (`java/android/sensitive-communication`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @luchua-bc.](https://github.com/github/codeql/pull/4512) 
diff --git a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll
@@ -102,7 +102,7 @@ private predicate isSensitiveBroadcastSink(DataFlow::Node sendBroadcastCallArg)
 }
 
 /**
- * Holds if `arg`  as an argument to a use of a `startActivity` or `startService` method that sends an intent to another application.
+ * Holds if `arg` is an argument in a use of a `startActivity` or `startService` method that sends an Intent to another application.
  */
 private predicate isStartActivityOrServiceSink(DataFlow::Node arg) {
   exists(MethodAccess ma, string name | ma.getMethod().hasName(name) |
@@ -147,7 +147,7 @@ private predicate isCleanIntent(Expr intent) {
 }
 
 /**
- * Taint configuration tracking flow from variables containing sensitive information to broadcast intents.
+ * Taint configuration tracking flow from variables containing sensitive information to broadcast Intents.
  */
 class SensitiveCommunicationConfig extends TaintTracking::Configuration {
   SensitiveCommunicationConfig() { this = "Sensitive Communication Configuration" }
diff --git a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.qhelp b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.qhelp
@@ -2,20 +2,20 @@
 <qhelp>
 
   <overview>
-    <p>When an implicit intent is used with a method such as <code>startActivity</code>, <code>startService</code>, or <code>sendBroadcast</code>, it may be read by other applications on the device.</p>
-    <p>This means that sensitive data in these intents may be leaked.</p>
+    <p>When an implicit Intent is used with a method such as <code>startActivity</code>, <code>startService</code>, or <code>sendBroadcast</code>, it may be read by other applications on the device.</p>
+    <p>This means that sensitive data in these Intents may be leaked.</p>
   </overview>
 
   <recommendation>
     <p> 
-      For <code>sendBroadcast</code> methods, a receiver permission may be specified so that only applications with a certain permission may receive the intent; 
+      For <code>sendBroadcast</code> methods, a receiver permission may be specified so that only applications with a certain permission may receive the Intent; 
       or a <code>LocalBroadcastManager</code> may be used.
-      Otherwise, ensure that intents containing sensitive data have an explicit receiver class set.
+      Otherwise, ensure that Intents containing sensitive data have an explicit receiver class set.
     </p>
   </recommendation>
 
   <example>
-    <p>The following example shows two ways of broadcasting intents. In the 'BAD' case, no "receiver permission" is specified. In the 'GOOD' case, "receiver permission" or "receiver application" is specified.</p>
+    <p>The following example shows two ways of broadcasting Intents. In the 'BAD' case, no "receiver permission" is specified. In the 'GOOD' case, "receiver permission" or "receiver application" is specified.</p>
     <sample src="SensitiveCommunication.java" />
   </example>
 
diff --git a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
@@ -1,6 +1,6 @@
 /**
- * @name Leaking sensitive information through an implicit intent
- * @description An Android application uses implicit intents containing sensitive data
+ * @name Leaking sensitive information through an implicit Intent
+ * @description An Android application uses implicit Intents containing sensitive data
  *              in a way that exposes it to arbitrary applications on the device.
  * @kind path-problem
  * @problem.severity warning

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`lgtm,codescanning`
`2`		-* The query "Leaking sensitive information through an implicit intent" (`java/android/sensitive-communication`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @luchua-bc.](https://github.com/github/codeql/pull/4512)
	`2`	+* The query "Leaking sensitive information through an implicit Intent" (`java/android/sensitive-communication`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @luchua-bc.](https://github.com/github/codeql/pull/4512)