qhelp

JarLob · JarLob · commit 87ea442a7857 · 2021-03-15T18:47:45.000+02:00
diff --git a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.qhelp b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.qhelp
@@ -46,12 +46,13 @@
 
 		<p>
 
-			The following examples use two triggers to handle potentially untrusted
-			pull request in a secure manner:
+			The following example uses two workflows  to handle potentially untrusted
+			pull request in a secure manner. The receive_pr.yml is triggered first:
 
 		</p>
 
 		<sample src="examples/receive_pr.yml" />
+		<p>The comment_pr.yml is triggered after receive_pr.yml completes:</p>
 		<sample src="examples/comment_pr.yml" />
 
 	</example>
diff --git a/javascript/ql/src/experimental/Security/CWE-094/examples/comment_pr.yml b/javascript/ql/src/experimental/Security/CWE-094/examples/comment_pr.yml
@@ -1,4 +1,3 @@
-# comment_pr.yml
 name: Comment on the pull request
 
 # read-write repo token
diff --git a/javascript/ql/src/experimental/Security/CWE-094/examples/receive_pr.yml b/javascript/ql/src/experimental/Security/CWE-094/examples/receive_pr.yml
@@ -1,4 +1,3 @@
-# receive_pr.yml
 name: Receive PR
 
 # read-only repo token

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-# comment_pr.yml`
`2`	`1`	`name: Comment on the pull request`
`3`	`2`
`4`	`3`	`# read-write repo token`