Fix qhelp errors and ql-for-ql errors

joefarebrother · joefarebrother · commit 639c42c9e9ea · 2023-01-12T11:44:39.000Z
diff --git a/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.qhelp b/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.qhelp
@@ -13,11 +13,11 @@
   </recommendation>
 
   <example>
-    In the following (bad) example, sensitive data is sent to an untrusted <code>ResultReceiver</code>. 
+    <p>In the following (bad) example, sensitive data is sent to an untrusted <code>ResultReceiver</code>. </p>
     <sample src="SensitiveResultReceiver.java" />
   </example>
 
   <references>
-    <li>Oversecured: <a href=https://oversecured.com/vulnerabilities#Android/Passing_data_to_a_ResultReceiver_under_the_attacker%E2%80%99s_control>Passing data to a ResultReceiver under the attacker's control</a></li>
+    <li>Oversecured: <a href="https://oversecured.com/vulnerabilities#Android/Passing_data_to_a_ResultReceiver_under_the_attacker%E2%80%99s_control">Passing data to a ResultReceiver under the attacker's control</a></li>
   </references>
 </qhelp>
diff --git a/java/ql/test/query-tests/security/CWE-927/SensitiveResultReceiver.ql b/java/ql/test/query-tests/security/CWE-927/SensitiveResultReceiver.ql
@@ -14,8 +14,8 @@ class ResultReceiverTest extends InlineExpectationsTest {
   override string getARelevantTag() { result = "hasSensitiveResultReceiver" }
 
   override predicate hasActualResult(Location loc, string element, string tag, string value) {
-    exists(DataFlow::PathNode src, DataFlow::PathNode sink, DataFlow::Node recSrc |
-      sensitiveResultReceiver(src, sink, recSrc) and
+    exists(DataFlow::PathNode sink |
+      sensitiveResultReceiver(_, sink, _) and
       element = sink.toString() and
       loc = sink.getNode().getLocation() and
       tag = "hasSensitiveResultReceiver" and
